Phrozen SLAE32 Certification - Papers

Assignment Goals (SLAE-1530)

  • Create a custom crypter like the one shown in the "crypters" video

  • Free to use any existing encryption schema

  • Can use any programming language

What is the purpose of a Crypter

A crypter is very close to encoders. It is a tiny application designed to encrypt a payload and decrypt the payload at runtime.

The payload is encrypted and embedded inside a host program often called a stub, when the stub is executed, it will decrypt the encrypted payload and redirect execution flow at decrypted payload address. Sometimes execution flow is not redirected but instead a new thread or a new process is created to host the payload execution.

Conversely to encoders, crypters uses complexes encryptions schema (RC4, AES, Blowfish, Camelia etc...) to keep the payload obfuscated. Each time a stub is generated, the encrypted payload will look completely different, it is a good solution to beat signature based detection systems.

Because of their complexity, crypters are often coded with higher level language such as C/C++, Delphi, .NET etc..

Read more...