https://github.com/pelock/simple-polymorphic-engine-spe32

Simple Polymorphic Engine (SPE32) is a simple polymorphic engine for encrypting code and data. It is an amateur project that can be used to demonstrate what polymorphic engines are.
https://github.com/pelock/simple-polymorphic-engine-spe32

assembler decryption encryption junk-instructions malware malware-analysis masm masm32 polymorphic-engine polymorphic-engines reverse-engineering shellcode virus win32asm

Last synced: about 7 hours ago
JSON representation

Simple Polymorphic Engine (SPE32) is a simple polymorphic engine for encrypting code and data. It is an amateur project that can be used to demonstrate what polymorphic engines are.

• Host: GitHub
• URL: https://github.com/pelock/simple-polymorphic-engine-spe32
• Owner: PELock
• Created: 2019-10-21T21:40:04.000Z (almost 5 years ago)
• Default Branch: master
• Last Pushed: 2023-03-11T14:35:58.000Z (over 1 year ago)
• Last Synced: 2024-09-24T22:55:30.507Z (about 12 hours ago)
• Topics: assembler, decryption, encryption, junk-instructions, malware, malware-analysis, masm, masm32, polymorphic-engine, polymorphic-engines, reverse-engineering, shellcode, virus, win32asm
• Language: Assembly
• Homepage: https://www.pelock.com/products/poly-polymorphic-engine
• Size: 8.79 KB
• Stars: 127
• Watchers: 6
• Forks: 34
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Simple Polymorphic Engine — SPE32

**Simple Polymorphic Engine (SPE32)** is a simple polymorphic engine

for encrypting code and data.

SPE32 allows you to encrypt any data and generate a **unique**

decryption code for this data. The encryption algorithm uses

randomly selected instructions and encryption keys.

The generated decryption code will be different each time.

## Polymorphic decryption code as viewed in x86dbg debugger

![Polymorphic code in x86dbg debugger](https://www.pelock.com/img/en/products/simple-polymorphic-engine/simple-polymorphic-engine-spe32-poly-engine-x86dbg-debugger-1.png)

## Another polymorphic code mutation, this time with junk instructions

![Polymorphic code in x86dbg debugger with junk instructions](https://www.pelock.com/img/en/products/simple-polymorphic-engine/simple-polymorphic-engine-spe32-poly-engine-x86dbg-debugger-junk-code-2.png)

## SPE32 features and status

The SPE32 engine is an amateur project that can be used to demonstrate what

polymorphic engines are. I wrote it some time ago, but I thought

it would be a good idea to make it public.

The entire code was written in a **32-bit assembler** for the [MASM compiler](http://www.masm32.com/).

Features:

* entire code is position independent (delta offset is used to access data)

* XOR, ADD, SUB used for encryption

* junk opcodes generation - ADD,ADC,SUB,SBB,ROL,ROR,RCR,RCL,SHL,SHR,NOT,NEG,DEC,INC

I don't provide technical support for SPE32, use it at your own risk.

## Fully fledged commercial polymorphic engine

If you are looking for professional solution take a look at our **Poly Polymorphic Engine**.

* https://www.pelock.com/products/poly-polymorphic-engine

Poly Polymorphic Engine is the **only commercial polymorphic engine** available on the market.

It's a highly specialized cryptographic solution which is used in anti-cracking software

protection systems and anti-reverse engineering systems. Due to the complicated nature of

their code, polymorphic engines aren't publicly available, and creating one requires

highly specialized knowledge in low level assembly programming and reverse engineering

as well as an extensive testing process.

![Poly Polymorphic Engine](https://www.pelock.com/img/en/products/poly-polymorphic-engine/poly-polymorphic-engine.svg)

Bartosz Wójcik

* Visit my site at — https://www.pelock.com

* Twitter — https://twitter.com/PELock

* GitHub — https://github.com/PELock