comment	 *

    ---------------------------------------------------
     Simple RDA (RANDOM DECRYPTION ALGORITHM) example
    ---------------------------------------------------
         by Piotr Bania <bania.piotr@gmail.com>
	      http://www.piotrbania.com
		 All rights reserved!



  Disclaimer
  ----------

   Author takes no responsibility for any actions with provided 
   informations or codes. The copyright for any material created by the 
   author is reserved. Any duplication of codes or texts provided here 
   in electronic or printed publications is not permitted without the 
   author's agreement. 


  Info
  ----

   Following code is very simple example for so called RDA (random decryption
   algorithm). Encoder/decoder use some exclusive or encryption together with
   transposition (order) encryption (here it is word swaping). Also the xoring
   encoding is made backwards, not forwards like in common cases. The code is 
   encrypted with draw (randomly generated) word value, as the name shows 
   "random decryption algorithm" the decoding method don't know what the 
   original word key was. It simply brute forces (generates keys) and tries
   to decode the encoded procedure, if the decoded procedure checksum is the
   same as original procedure one then the key is correct and the procedure
   was uncoded properly. I tried to play with SEH frames here, however totaly
   randomized code (encrypted) and then runned  gives you no sure that stack
   space will not be destroyed while doing decoding tests - so i have used crc.
   Like i said following example is pretty simple, more advanced algorithm
   can be found in Fighter family viruses (more or less explained in 
   "Fighter talk" by Igor Daniloff on Virus Bulletin, Dec 1997) or in "Random 
   Decoding Algorithm demo" by darkman presented in 29a zine. Here comes my
   >low security model<, w00f



	
						Down…
						The paint is peelin’
						Now…
						When the chips are down
						Down…
						You gotta lose all feelin
						Now…
						Your head goes round n’ round
   

*



include 	my_macro.inc

		call	rda_makecrc
		mov	dword ptr [super_crc],eax
	
		call	rda_encode
		call	rda_decode
		
		jmp	exit
	
		


rda_encode:	call	random_setup
		mov	byte ptr [rda_dec],0

rda_get_key:	mov	eax,12345678h
		call	random_eax
		test	ax,ax
		jz	rda_get_key

		xchg	bx,ax

		mov	ecx,rda_loader_size/4
		lea	esi,rda_loader
		mov	edi,esi

		push	edi
		push	ecx
		mov	eax,2
		mul	ecx
		xchg	ecx,eax
		add	edi,rda_loader_size


rda_xor_l:	xor	word ptr [edi],bx
		sub	edi,2
		loop	rda_xor_l
		cmp	byte ptr [rda_dec],0
		je	rda_xor_c
		ret		

rda_xor_c:
		pop	ecx
		pop	edi

rda_swapgo:
		lodsw
		mov	dx,ax	
		lodsw
		stosw
		mov	ax,dx
		stosw
		loop	rda_swapgo

		ret


rda_decode:	lea	edi,rda_loader_mirror
		lea	esi,rda_loader
		mov	ecx,rda_loader_size
		rep	movsb

		mov	byte ptr [rda_dec],1

		
rda_decode_l:	call	rda_restore

		mov	bx,word ptr [rda_de_key]	
		mov	ecx,rda_loader_size/4
		lea	esi,rda_loader
		mov	edi,esi
		call	rda_swapgo

		lea	edi,rda_loader
		add	edi,rda_loader_size
		mov	ecx,rda_loader_size/2
		call	rda_xor_l
	
		call	rda_makecrc
		cmp	eax,dword ptr [super_crc]
		jne	rda_decode_n
		jmp	rda_loader
		
rda_decode_n:
		inc	word ptr [rda_de_key]
		jmp	rda_decode_l


rda_restore:	lea	esi,rda_loader_mirror
		lea	edi,rda_loader
		mov	ecx,rda_loader_size
		rep	movsb
		ret
	



; some sample bad crc caluclator
rda_makecrc:	pushad
		lea	esi,rda_loader
		mov	ecx,(rda_loader_size/4)-2
		xor	edx,edx
		xor	ebx,ebx
		xor	eax,eax

rda_calc:	lodsw
		add	ebx,eax
		lodsw
		add	ebx,eax
		bswap	ebx
		xor	eax,eax
		mov	al,bh
		xor	bh,bh
		bswap	ebx
		add	edx,ebx
		add	edx,eax
		loop		rda_calc			
		mov	[esp+PUSHA_STRUCT._EAX],edx
		popad
		ret


exit:
		push 0
		@callx ExitProcess



rda_loader_mirror		db	rda_loader_size		dup (0)
temp_key			dw	0
rda_de_key			dw	0		
rda_dec				db	0
super_crc			dd	0

Random_Seed			dd 	0

		
rda_loader:
		nop
		nop
		inc	ecx
		nop
		nop
		rseh
		pushad
		push 	MB_ICONINFORMATION
		@pushsz "RDA example By Piotr Bania <bania.piotr@gmail.com>"
		@pushsz	"hi i was just encoded and decoded :)"
		push	0
		@callx  MessageBoxA
		popad
		jmp	exit
rda_loader_size	=$-offset rda_loader
		db	4 dup (0)		; 4 byte pad





; original pseudo random number generator by t-2000 - modified a bit by me


random_setup			proc

		@callx GetTickCount
		mov Random_Seed,eax
		ret

random_setup			endp


random_eax			proc

                PUSH    ECX
                PUSH    EDX
                PUSH    EAX
		db      0Fh, 31h	       ; RDTSC
                MOV     ECX, Random_Seed  
                ADD     EAX, ECX  
                ROL     ECX, 1 
                ADD     ECX, 666h
                MOV     Random_Seed, ECX
                PUSH    32
                POP     ECX
CRC_Bit:        SHR     EAX, 1      
                JNC     Loop_CRC_Bit
                XOR     EAX, 0EDB88320h
Loop_CRC_Bit:   LOOP    CRC_Bit 
                POP     ECX     
                XOR     EDX, EDX 
                DIV     ECX
                XCHG    EDX, EAX                
                OR      EAX, EAX                
                POP     EDX
                POP     ECX
                RETN

random_eax			  endp 



PUSHA_STRUCT 			STRUCT 
		_EDI     DWORD ?
		_ESI     DWORD ?
		_EBP     DWORD ?
		_ESP     DWORD ?
		_EBX     DWORD ?
		_EDX     DWORD ?
		_ECX     DWORD ?
		_EAX     DWORD ?
PUSHA_STRUCT 			ENDS









end start