____ ___ ____ _____ ____ ___ __ __ ____ _ | _ \ / _ \/ ___|| ____| / ___/ _ \| \/ | / ___|_ __ _ _ _ __ | |_ | |_) | | | \___ \| _| | | | | | | |\/| | | | | '__| | | | '_ \| __| | _ <| |_| |___) | |___ | |__| |_| | | | | | |___| | | |_| | |_) | |_ |_| \_\\___/|____/|_____| \____\___/|_| |_| \____|_| \__, | .__/ \__| |___/|_| ----------------------------------------------------------------------------- RCC - ROSE COM Crypt ----------------------------------------------------------------------------- $Header: /home/CVS/asm/rc/rc286.txt,v 1.11 2003/07/31 18:55:06 ralproth Exp $ An other crypter for COM files? No! RCC is (in my eyes) one of the most advanced COM crypter yet - especially RCC/Mild. Why? Because RCC/Mild generates VERY short decryptors with a lot of antidebugging features! RC/Mild was written because I want to have an own _small_ protector for my small intro files. Some Highlights ~~~~~~~~~~~~~~~ Both versions Encrypts the host - so strong that you can't compress it afterwards! Polymorph encrypted decryptor using a mutation engine Antidebugger tricks Generic unpacker tricks (CUP, UNP, TSUP, UUP...) Anti TRON -p 1.20/-u 1.30 unpacker tricks! Anti CUP/386 /1-/7 unpacker tricks Variable decryptor length Fake jump and instructions to fool anti virus programs Fake jump to fool CUP 386/3.2, 3.3 Anti TEU, UPC & Intruder code Original entry point data is double encrypted 'Hard'-Module More Antidebugger tricks Anti load tricks (Anti Intruder/SnapShot code) Anti UPC/XPack code -=[ Decryptor ]=----------------------------------------------------------- Length (approx.) 1.09 Mild: 179-240 bytes Hard: 680-740 bytes 1.10 1.09 + 15 bytes 1.11 Mild: approx 300 bytes Hard: approx 600 bytes 1.12 approx 5-10 bytes shorter than 1.11 1.14++ the programs now print the plain length after crypting the host 1.18 Mild: 378 - 438 bytes --------------------------------------------------------------------------- Hi Dudes, try to protect a COM file with RCC-II and THEN try to debug it or hack it! Well I know it's easy to do a runtime unpacking to ANY COM file. But I want you that you check it out with Soft-ICE, AutoHack, Intruder and such crap. EVERY normal hacker should be able to unpack RC protected files - if not: Give up and play DOOM instead! :) --------------------------------------------------------------------------- History ~~~~~~~ New with 1.08 - there are two versions of RC/286: - a smaller one, called mild (decryptor about 400 bytes) - a bigger one, called hard (decryptor about 1000 bytes) New with 1.10: 31-July-96 - added code to disable 386 hardware break points on exec/write 100h works with CUP 386 - Rand0m/Ka0t: Did your unpacker still work? - Ghostbuster: Did your unRCC still work? Send me a copy... :-)) New with 1.10b: 01-Aug-96 - fixed sp=0fffdh bug (THX 2 Ghostbuster) - fixed fake 100h routine (THX 2 rand0m/ka0t) New with 1.11: 25-Oct-96 - Total rewritten startup code of protected files. - Rewritten 100h simulation. - Removed anti intruder code, added anti UPC/XPack code New with 1.12: 02-Jan-97 - Bugfixes (stack and other things) - Additional fake code for generic unpackers like CUP 3.2 New with 1.13: 01-Aug-97 - Fixed the color routine to work under Windows NT - The last 6 months almost every macro I use have changed - Added anti TEU and anti CUP 3.3 macros New with 1.14: 03-May-98 - uses now the inline memory encryption from HackStop, thus achieving a double encryption of some parts. New with 1.15: 08-Aug-98 - prints now the plain protector length. Changed some macros. New with 1.16: 02-May-1999 - recompiled with the new macros from HackStop and mess. Shorten the decryptor. Changed some code parts. New with 1.17: 13-Sept-1999 - basically a recompile using updated macros from HackStop. This includes a bugfix discovered by Michael Hering! New with 1.18 - 5 April-2001 - Recompile using bug fixed Win2000 units. Changed the "brand mark". New with 1.18.2 - 06 March 2002 - Some minor fixes, Y2K2 etc. New with 1.18.3 - 14 May 2002 - Some minor fixes. Fixed TPE false positive. New with 1.19 - 08.July 2002 - Some minor fixes. Fixed TPE false positive. Rearranged the Mutation Engine. New with 1.20 - 1. Aug. 2003 - see history keep on c0ding, Ralph Take a look at ROSEBBS.TXT for my address!