Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
992Proxy
  • 0

Locked vb6 crypter on chinese windows

MasterVb6

Asked by INACTIVE MasterVb6 ,

 Share

Question

MasterVb6 Aspiring Hacker

INACTIVE MasterVb6

Posted
Posted

Hello, i found that vb6 crypters doesn't work on chinese windows when there's split function with delimiter, for it to work we need to avoid delimiter. I was tried to modify simple source code of vb6 to make it work on chinese windows but so far failed. I saw some crypters with resource  method but i cant figure out how its work. I Share the source code and if its possible someone to give me advice or modify.

This is the hidden content, please


 

Link to comment
Share on other sites
  • Answers 16
  • Created
  • Last Reply

Top Posters For This Question

Popular Days

Top Posters For This Question

Popular Days

Popular Posts

MasterVb6
MasterVb6

Hello, i found that vb6 crypters doesn't work on chinese windows when there's split function with delimiter, for it to work we need to avoid delimiter. I was tried to modify simple source code of vb6

dEEpEst
dEEpEst

In Chinese Windows, the problem with the Split function might be related to the way it handles characters. One possible solution is to avoid using the Split function and delimiters altogether. You can

MasterVb6
MasterVb6

Deepest thank you for the answer, i dont know why i missed to read it yesterday,

16 answers to this question

Recommended Posts

  • 0
dEEpEst Hacker

ADMINdEEpEst

Posted
Posted

I think the problem comes from something like that.

This is the hidden content, please

If you want to use a Unicode delimiter, you need to convert the delimiter to a binary representation that can be safely included in the .exe file. One way to do this is to use a combination of StrConv and ChrW functions to create a Unicode delimiter. Here's an example of how to create a Unicode delimiter:

This is the hidden content, please

Now you can use the UnicodeDelimiter variable as a delimiter in your code. Modify the builder code to include the UnicodeDelimiter:

This is the hidden content, please

Next, you need to modify the stub code to split the content using the Unicode delimiter. You can use the InStr function to find the position of the delimiter in the binary data, and then extract the encrypted content using the Mid function:

This is the hidden content, please

Replace the Split method in the stub code with the new code that uses the InStr and Mid functions to extract the encrypted content.

By using a Unicode delimiter, you can reduce the chances of delimiter-related issues with Chinese Windows or other non-ANSI character sets.

Link to comment
Share on other sites
  • 0
MasterVb6 Aspiring Hacker

INACTIVE MasterVb6

Posted
  • Author
Posted

Deepest, than you for the answer, unfortunately I don't have the required rank to see the hidden content. I finnaly found time today to modify the stub code to work in Chinese WIndows. There's another problem, the output file comes very detectables.
 

This is the hidden content, please

As you can see there's no even need to use encryption function to work. So i tried to modify the code like this with encryption.
 

This is the hidden content, please

So here i declare variable for the RC4 encryption function, but again as you can see, there's no sense to use like that, cuz the variable its not used when i call the runpe at all. I need to add the bytes there. So when i try to put "CCC" it doesn't work. Do you have any idea how to modify to crypt the rat, im using this RC4 Encryption function.
 

This is the hidden content, please

And here is how the compiled stub and rat comes.

This is the hidden content, please

Link to comment
Share on other sites
  • 0
dEEpEst Hacker

ADMINdEEpEst

Posted
Posted
hace 22 horas, MasterVb6 dijo:

Deepest, than you for the answer, unfortunately I don't have the required rank to see the hidden content. I finnaly found time today to modify the stub code to work in Chinese WIndows. There's another problem, the output file comes very detectables.
 

This is the hidden content, please

As you can see there's no even need to use encryption function to work. So i tried to modify the code like this with encryption.
 

This is the hidden content, please

So here i declare variable for the RC4 encryption function, but again as you can see, there's no sense to use like that, cuz the variable its not used when i call the runpe at all. I need to add the bytes there. So when i try to put "CCC" it doesn't work. Do you have any idea how to modify to crypt the rat, im using this RC4 Encryption function.
 

This is the hidden content, please

And here is how the compiled stub and rat comes.

This is the hidden content, please

You are not assigning the loaded resource to the CCCC variable before decrypting it. You should fix the code like this:

This is the hidden content, please
Link to comment
Share on other sites
  • 0
MasterVb6 Aspiring Hacker

INACTIVE MasterVb6

Posted
  • Author
Posted (edited)
On 4/7/2023 at 9:06 PM, dEEpEst said:

I think the problem comes from something like that.

This is the hidden content, please

If you want to use a Unicode delimiter, you need to convert the delimiter to a binary representation that can be safely included in the .exe file. One way to do this is to use a combination of StrConv and ChrW functions to create a Unicode delimiter. Here's an example of how to create a Unicode delimiter:

This is the hidden content, please

Now you can use the UnicodeDelimiter variable as a delimiter in your code. Modify the builder code to include the UnicodeDelimiter:

This is the hidden content, please

Next, you need to modify the stub code to split the content using the Unicode delimiter. You can use the InStr function to find the position of the delimiter in the binary data, and then extract the encrypted content using the Mid function:

This is the hidden content, please

Replace the Split method in the stub code with the new code that uses the InStr and Mid functions to extract the encrypted content.

By using a Unicode delimiter, you can reduce the chances of delimiter-related issues with Chinese Windows or other non-ANSI character sets.

Depest, thank you for the answer, can you confirm if the code below is correct? If so, im still faicing problems when i run the crypted file in Chinese windows, im getting "WerFault.exe" 
The delimiter in the builder is exactly as you said. 

 

This is the hidden content, please

 

Edited by MasterVb6
Hidden content
Link to comment
Share on other sites
  • 0
MasterVb6 Aspiring Hacker

INACTIVE MasterVb6

Posted
  • Author
Posted
11 hours ago, dEEpEst said:
This is the hidden content, please

Thank you for the answers Deepest, unfortunately neither method works. The method with the resources that u sent, and the method with unicode delimiter, im still getting "WerFault.exe"

I did simple test with  the unicode delimiter, in Engish Windows, and i got this. As you can see only  "|" displayed normally. So i try to use  only "|" in the delimiter, but it still doesn't work. I tried to convert "VbUnicode" and it still the same. The method with the resources is more weird even. I got the same error "Werfault.exe" but execpt that, i got the same detections about 15. even though it doesn't work should atleast the detections should be less, since the file should be crypted. Any ideas?

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to question listing


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.