Metamorphic Code Examples
I understand the concept of Polymorphic and Metamorphic code but I recently read the Wikipedia page on both (for what ever reason I hadn\'t done this previously!). Now I r
-
Publically available metamorphic code samples are limited by several factors:
1) Expertise: Metamorphic coding is an extremely advanced technique in computer programming. The number of programmers capable of coding coherent and clean metamorphic code suitable for sampling is a very small number.
2) Financial Incentives: Metamorphic coding has limited use in commercial application. Because of this the number of programmers who have sufficient skill to create metamorphic code have no professional exposure/incentive to create/learn metamorphic coding techniques.
3) Legitamicy: Metamorphic coding has large applications in potent virus creation. Hence any responsible professional who created metamorphic code would have ethical issues freely distributing samples as an ametuer hacker may be able to use the code to enhance a malicious attack. Conversely, any hacker who was competent enough to create metamorphic code would have no incentive to advertise his skill, should one of his attacks be uncovered as he would then be on a very short list of suspects based on competency.
4) Secrecy: Lastly, and probably the most realist reason metamorphic code is so difficult to find is because any programmer who demonstrates competency in metamorphic programming, and is not apprehended by authorities for cyber crimes, is likely to be recruited by a government security agency, private security firm, or anti-virus company and the programmer's subsequent research/knowledge is then subject to a non-disclosure agreement to maintain a competitive edge.
Why only
C/C++examples?You mention finding only
C/C++code examples of poly/metamorphic programming and inferred that only languages close to the hardware can be poly/metamorphic. This is true for the strictest definitions of poly/metamorphic code. Interpreted languages can have poly/metamorphic behavior but rely on a statically complied interpreter to execute, hence a large portion of the 'run-time signature' is not mutable. Only compiled low level languages offer the computational flexibility to have a highly mutable 'run time signature.'Here is some 'polymorphic' PHP code I wrote. PHP being an interpreted language and not a compiled language makes true polymorphism impossible.
PHP Code:
/dev/null"); //executes augmented file exit(0); //exits exit child process } } function augmentStr($inArr) { if (mt_rand(0,6) < 5) { //determines mutability /*$startIndex & $endIndex define mutable parts of file line as Xs * system("echo XXXXX ... XXXXX\\n"); * 01234567890123 -7654321 */ $startIndex = 13; $endIndex = count($inArr)-7; $targetIndex = mt_rand($startIndex,$endIndex); //choose mutable index $inArr[$targetIndex] = getSafeChar(mt_rand(0,62)); //mutate index $inArr = augmentStr($inArr); //recurse } return $inArr; } function getSafeChar($inNum) { //cannot use escaped characters $outChar; //must be a standard PHP char if ($inNum >= 0 && $inNum <= 9 ) { $outChar = chr($inNum + 48); } else if ($inNum >= 10 && $inNum <= 35) { $outChar = chr($inNum + 55); } else if ($inNum >= 36 && $inNum <= 61) { $outChar = chr($inNum + 61); } else if ($inNum == 62) { $outChar = " "; } else { $outChar = " "; } return $outChar; } ?>WARNING: Creates a zombie process, know how to kill a zombie process before running code
Information Finding Techniques:
This article contains more specific information then Wikipedia. This article does not, however, contain true source code. If you would like my advice, though it is highly unlikely that would will find sample source code, you may be able to find sufficient academic documentation to create your own metamorphic code. Consider this to start (google scholar):
When reading academic articles/papers be sure to look at the sources at the end of the document as these sources my also have valuable information.
Best of luck in your quest for knowledge!
加载中...
- 热议问题