GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → philippelyp → ProTecT

philippelyp / ProTecT

Licence: GPL-3.0 License
ProTecT is an MS-DOS packer. While this packer is outdated, it uses a number of interesting anti-analysis techniques that are still relevant today.

Programming Languages

assembly
5116 projects
pascal
1382 projects

Labels

encryptionpackertoolx86msdosms-dosturbo-pascalencryption-toolanti-debugginganti-analysisassembly-x86antidebuggingantianalysis

Projects that are alternatives of or similar to ProTecT

jSH
A Javascript scripting engine for DOS
Stars: ✭ 79 (+182.14%)
Mutual labels:  msdos, ms-dos
Al Khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Stars: ✭ 3,573 (+12660.71%)
Mutual labels:  anti-debugging, anti-analysis
pakkero
Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf binary, script, even appimage) and compress it, protect it from tampering and intrusion.
Stars: ✭ 143 (+410.71%)
Mutual labels:  encryption, packer
FutureDOS
A futuristic DOS
Stars: ✭ 46 (+64.29%)
Mutual labels:  x86, assembly-x86
zarch
The Ultimate Script For Arch Linux
Stars: ✭ 49 (+75%)
Mutual labels:  encryption, packer
xjar-maven-plugin
XJar-Maven-Plugin 是对 XJar 的一个Maven Plugin封装,实现可通过Maven命令或绑定在Maven构建的生命周期之中执行,用以更加便捷的方式集成 XJar 。
Stars: ✭ 88 (+214.29%)
Mutual labels:  encryption
encryptlab
🔑 Comprehensive (and free) list of encryption and decryption in Node.js.
Stars: ✭ 80 (+185.71%)
Mutual labels:  encryption-tool
sklad
Android file storage library with encryption and streaming support
Stars: ✭ 26 (-7.14%)
Mutual labels:  encryption
jwt-signature
[READ ONLY] Signature component of the JWT Framework
Stars: ✭ 32 (+14.29%)
Mutual labels:  encryption
anontwi
Anontwi is a tool for OAuth2 applications (such as: GNUSocial, Twitter) that provides different layers of encryption, privacy methods and proxy features.
Stars: ✭ 26 (-7.14%)
Mutual labels:  encryption
wormhole-william-mobile
End-to-end encrypted file transfer for Android. An Android Magic Wormhole client.
Stars: ✭ 57 (+103.57%)
Mutual labels:  encryption
Cobalt
Cobalt is a FreeDOS distribution designed to be light, simple and easy to use.
Stars: ✭ 82 (+192.86%)
Mutual labels:  ms-dos
aliceandbob-desktop
🔐 A free, light and easy to use desktop tool to generate PGP key pairs, encrypt and decrypt messages.
Stars: ✭ 25 (-10.71%)
Mutual labels:  encryption
WD-Decrypte
Western Digital Decryption tools
Stars: ✭ 53 (+89.29%)
Mutual labels:  encryption
envkeygo
EnvKey's official Go client library
Stars: ✭ 36 (+28.57%)
Mutual labels:  encryption
packer.templates
Various packer templates for building basic virtual machine images.
Stars: ✭ 44 (+57.14%)
Mutual labels:  packer
crypto.graphics
crypto.graphics
Stars: ✭ 20 (-28.57%)
Mutual labels:  encryption
Apollo
x86 Kernel Project
Stars: ✭ 22 (-21.43%)
Mutual labels:  x86
cloud-computer
☁️ The Cloud Native Computer
Stars: ✭ 5 (-82.14%)
Mutual labels:  packer
jwt-go
The easiest JWT library to GO
Stars: ✭ 15 (-46.43%)
Mutual labels:  encryption
View All Similar Projects ➔

ProTecT

Copyright 1995-1996 Philippe Paquet

Description

ProTecT is an MS-DOS packer designed to protect executables from analysis.

The protector is written in Turbo Pascal with original comments in French. The stub code and the modules are written in x86 assembly.

It's from 1995! Why should I care?

This packer use a number of interesting techniques that are still relevant today and can be leveraged to defend against analysis:

  • Executing code backward
    • Using the single step mode of the microprocessor, we can adjust the instruction pointer as instructions are executed and run code backward
    • Any analysis tool that also use the single step mode of the microprocessor will interfere with proper execution
    • Decompilers will have a particularly hard time with this technique
  • Return oriented programming
    • If you think that ROP was invented in 2012, think again...
    • A full call-stack is created early on and the rest of the code just returns to the right location
    • This allows the use of functions without a visible code structure
    • A return instruction could be a jump or the end of a function
      • It is impossible to know without knowing the call-stack
    • Decompilers will have a particularly hard time with this technique
  • Pointing the stack to critical code or data while the stack is not being used
    • Any analysis tool that use the stack will destroy critical code or data
  • Using a single buffer to decrypt and execute code
    • This make analysis harder:
      • You never have all the code mapped to its execution location in memory
      • You never have all the code decrypted in memory
  • Calculating decryption keys from debugger detections
    • This allow to decouple the consequence from the point of detection
  • Jumping to instructions hidden inside other instructions
    • This break instruction decoding by the debugger
    • Debugger have improved significantly but, surprisingly, this is still somewhat effective

Test executable

test_u.exe is the unprotected test executable test_p.exe is the protected test executable

Contact

If you have any questions, feel free to contact me at [email protected]

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].