Sign by xXx - xXx Rulez

hexing files (undedectable)  

these are the steps.!!


1. Encryptors/Compressors:

You would anticipate this should be the easiest way to UD (Undetect) a Trojan...but alas, it is not. The botheration is artlessly this, best bodies use the aforementioned Trojans and Packers so generally that Anti-Virus software knows appealing abundant all the signatures. They either use Ardamax Keylogger, Optix Pro, Beast, ProRat etc. for Trojans. For Packers they use UPX, PECompress, AsPack, Mophine etc. Again, none of these combinations assignment because all the signatures accept been flagged. The best way this advantage will assignment is to acquisition bottom accepted Packers and Trojans to assignment with.

Try a Google chase for Executable Packers. Get a few that you accept not heard of afore or that accept a appropriate rating. If it is not freeware, I am abiding there will be a Crack for it. For Trojans, three acceptable assets are VXChaos, LeetUpload or VX Heaven. Bethink to aces the ones that are not able-bodied accepted and try to mix and bout those Trojans and Packers.

2. Byte Adders:

This address allows you to add clutter bytes to your Trojan as to abash Anti-Virus software. It does this by affective the cipher about central the executable as the bytes are actuality added. This agency that the signature will not be in the abode the Anti-Virus expects it to be. A acceptable apparatus for this would be StealthTools v2.0 by Gobo.

3. Hex Editing:

This is abundant added complicated and takes a lot added convenance to get right. The abstraction actuality is to acquisition the signature that Anti-Virus software has flagged central of your Trojan and change it by abacus a altered byte, or alteration the Offset to one of its added equivalents.

The three things you will charge actuality is a Book Splitter, Hex Editor and a Anti-Virus Offset Finder. The Book Splitter will cut your executable into abate files (preferably 1 byte per file). You afresh use your Hex Editor on the book that holds the signature and change that signature. Or, you can accumulate the book complete and use your AV Offset Finder to acquisition the Offsets automatically and aloof change the signatures begin with your Hex Editor.

Step One: Abode your Trojan Server in a folder.

Step Two: Breach your Server with your Book Splitter into 1 byte per file. This may accomplish a lot of files in your binder (depending on how ample the Server is), but it is account it because you will apperceive that alone one or two of those files has the signature that is flagged and all the blow are clean.

Step Three: Browse your binder with your Anti-Virus software and accomplish agenda of which files it says are infected. Those will be the ones you edit.

Step Four: Accessible up anniversary adulterated book with your Hex Editor and change the Offset. There is no fool affidavit way of accomplishing this, you will accept to experiment. Since this will be a 1 byte file, there will not be abundant you charge to change. Aloof change one appearance or byte at a time and afresh save your progress. Re-scan to see if it worked. If it did not, go aback and try again.

Step Five: Once you feel that you accept begin all signatures and afflicted them, Rejoin your files with your Book Splitter and analysis your Server to see if it works. Bethink that too abundant Editing will accomplish your Server abortive so be careful.

(Optional) Step Six: Another acceptable way is to use a Anti-Virus Offset Finder that will acquisition the actual Offset automatically so you do not accept to chase for them or breach your Server. Get AV Devil 2.1 to acquisition the Offsets (password is: to0l-base).

You accept to bethink that altered AV software use altered signatures, so browse with as abounding as you can.

4. Source:

The actual best way to accomplish an ephemeral Trojan has consistently been to accomplish your own. I apperceive it may assume like a alarming assignment to do, but it could be simpler afresh you think. Actuality I will accord a few options on how to do this. The acumen why you would appetite to accomplish your own Trojan is the actuality that anniversary time it is compiled, it is accustomed a new signature. Alteration aloof a distinct cord in the Antecedent cipher can accomplish it undetectable.

Option 1: Chargeless Trojan Antecedent Code.

Finding chargeless Trojan antecedent cipher is not hard. Again, activity to places like VXChaos or Planet Antecedent Cipher can crop a deluge of absolutely acceptable and bottom accepted Trojan code. Aces what Programming Accent you like and attending for examples. Not abundant needs to be afflicted to makes these undetectable. A simple recompile will sometimes do the trick.

Option 2: Decompiling.

Some may alarm this "Stealing" antecedent code. I like to alarm it "Borrowing". The aboriginal affair you charge to apperceive is what accent your Trojan is in. Lets say your Trojan was Optix Pro, your programming accent would be Delphi. A acceptable Delphi Decompiler would be DeDe. Decompile Optix Pro with DeDe afresh recompile it with a Delphi compiler and viola! Aloof change a few strings about aural the antecedent and you should accept a ephemeral Optix Pro.

Another way would be to accessible your Trojan with a Debugger or Disassembler. Copy bottomward the ASM cipher and afresh recompile it in a ASM compiler. That maybe a bit added tricky, but the abstraction is the same. Try to catechumen the executable into authentic ASM as best you can. There are abounding chargeless Debuggers/Disassemblers, Google for them.

A chat of warning, if you do acquisition your own way of authoritative a Trojan undetectable, DO NOT acknowledge it. You will acquisition your Trojan detected in a actual abbreviate bulk of time. What I accept accomplished actuality are aloof the basics of Trojan UDing. It will be up to you to use this ability and accomplish it work. Also, DO NOT use any online virus scans to see if your Trojan has been detected. Your signature will be captured and beatific to AV companies.

Well I achievement this tutorial helped you out in some baby way. Aloof one of the examples aloft could accomplish an ephemeral Trojan, or you may charge to mix and bout them. Try what you can, don't be abashed to experiment, and acceptable luck!


VXChaos:
http://vxchaos.official.ws/


LeetUpload:
http://www.leetupload.com

VX Heaven:
http://vx.netlux.org

StealthTools v2.0:
http://www.hackerscenter.com/ (search for them)

AV Devil 2.1:
http://www.leetupload.com/dbindex2/index...il%202.rar

Planet Source Code:
http://www.planet-source-code.com/

DeDe:
http://www.woodmann.com/crackz/Tools.htm

This entry was posted on 2:08 PM and is filed under , , . You can leave a response and follow any responses to this entry through the Subscribe to: Post Comments (Atom) .

0 comments

Label Cloud

Blogumulus by Roy Tanck and Amanda Fazani

Your Ad Here