COMPRESSOR/SCRAMBLER CHARACTERISTICS LIST V1.01 Copyright 1993-1995 by SmileSoft Productions All Rights Reserved. This list outlines the major characteristics of pc scramblers or compressors we got in contact or heard from in the last 2 years. ========================================================================== 9. Removable by TRON universal protected system --------------------+ | 8. Detection/Removeable by TRON -----8-------------------+ | | 7. handels EXE Files ----------------7-------------+ | | | 6. handels COM files ----------------6-----------+ | | | | 5. COMPRESSION ----------------------5---------+ | | | | | 4. Encrypting File ------------------4-------+ | | | | | | 3. RUN-TIME Self Encryption ---------3-----+ | | | | | | | 2. POLYMORHPIC mutation -------------2---+ | | | | | | | | 1. ANTI Debugging Techniques --------1-+ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1 2 3 4 5 6 7 8 9 | | | | | | | | | Program VersIons: V V V V V V V V V ----------------------------------------------------------------------------- Compack 4.4, 4.5 . . . . x x x yes/yes yes Compressor 1.1 x . . x . . x yes/yes yes DeltaPack 0.1 . . ? ? . ? x yes/yes yes DIET 1.00d, 1.02b, 1.10a . . . . x x x yes/yes yes 1.20, 1.44, 1.45f . . . . x x x yes/yes yes EXPACK (MS) 3.60, 3.64, 3.65 . . . . . . x yes/yes yes 4.00, 5.31.009 . . . . . . x yes/yes yes 4.05, 4.06 . . . . . . x yes/yes yes Ice 1.0 . . x x . x . yes/yes yes LZexe 0.90, 0.91 . . . . x . x yes/yes yes Mr.Lite 2.3 . . . . x . . yes/yes yes Mr.Hdkiller Prot. 1.0 . . . x . x . yes/yes yes OPTLink . . . . x ? x yes/yes yes PGMPak 0.13, 0.15 . . . . x x x yes/yes yes PKLITE (PKWARE) 1.00(á), 1.03, 1.05 . . . . x x x yes/yes yes 1.10, 1.12, 1.13 . . . . x x x yes/yes yes PKLITE (PKWARE) 1.14, 1.15, 1.20 x . . . x x x yes/yes yes PROPACKER 2.08 . . . . x ? x yes/yes yes Protect EXE/COM 1.00 . . x x . x x yes/yes yes Protect EXE/COM 2.00, 3.00 x . x x . x x yes/yes yes Protect EXE/COM 4.00 x x x x . x x yes/yes yes Protect EXE/COM 5.00 x x x x . x x yes/yes yes Protect EXE/COM 5.50 x x x x x x x no /no yes TinyProg 1.0, 3.3, 3.6 . . x x x x x yes/yes yes TinyProg 3.8, 3,9 x . x x x x x yes/yes yes SEA-AXE 2.0 . . . . x x x yes/yes yes Stanlite 4.07 x . x x x x x yes/yes ? WWpack 3.02a, 3.03 . . . . x . x yes/yes yes ============================================================================= 1. ANTI-Debugging Techniques There are several hardware system based techniques avaiable at the moment. Their main work is to prevent that a MasterUnprotect like TRON or UNP is able to break through the protection layer. Anti-Debugging instructions mean that a DEBUGGER or TRACER which follows such a program part will never execute the instructions as the CPU would do. As a result a program can shut down an activated debugger, even PROTECTED MODE DEBUGGERS are not fool proof from such techniques. Examples are changing instructions after loading into the prefetch queue or pointing stack into program code. 2. POLYMORHPIC mutation This means a mutation engine is used to make sure that a scrambled program never has the same decrypting instructions. A special engine randomly decides which machine code instructions are used for generating a security envelope. An unpacker cannot search for a single "string" to recognize the program which was used to protect the concerned file. This method was first used in Viruses (Tremor/MTE-Viruses) 3. RUN-TIME Self Encryption Before a Compressor/Scrambler starts to decrypt the original file it decrypts program parts of itself. 4. Encrypting File Processed files get encrypted. There is a big amount of encryption variations today. It ranges from a simple "first try envelope" to complex mathematical algorithms. 5. COMPRESSION Processed files are compressed. 6. handels COM files Program can handle COM files (easy) 7. handels EXE Files Program can handle EXE files (not so ....) SMILESOFT