built a PE packer where every packed file has a different instruction set – custom VM with randomized opcodes, single C++ file (Want suggestions for future updates past v4)

TinyLoad v3 — Windows PE packer, just updated.

replaced the old rolling XOR with a proper VM layer. custom 20-opcode interpreter baked into the stub. every time you pack something the opcode table gets randomly shuffled so every output binary decrypts itself using a different instruction set.

the idea is that an analyst can't just pattern-match on the decryption loop — they have to reverse the interpreter before they can even start on the payload. still beatable obviously but it's a completely different class of effort vs XOR.

compresses with custom LZ77 first then VM encrypts on top. payload runs directly in RAM via manual PE mapping, never touches disk.

one .cpp file, no dependencies.

https://github.com/iamsopotatoe-coder/TinyLoad

what would you add to make it harder to reverse?

submitted by /u/GuiltyAd2976
[link] [comments]

from hacking: security in practice https://ift.tt/Toj7V4b

TechScrapHeart

Search This Blog

built a PE packer where every packed file has a different instruction set – custom VM with randomized opcodes, single C++ file (Want suggestions for future updates past v4)

Comments

Post a Comment