Ŀ
۲ -=-=-= CyberRax Programming =-=-=- ۳ 


                                 presents

                                                    
                                                
                                            

                          LaMe CoM eNCRyPToR      
                                               
                                  ver. 1.2
                                        
                                


Ŀ
 Introduction  


 It's been a looooong time (ok, just some 6 months) but now it's ready:
 LaMe CoM eNCRyPToR 1.2. Including several improvements and one bug fix.
 Should be a little bit harder to crack this time (atleast I hope so  :)

Ŀ
 A little closer  


 For everyone who doesn't know: LCCrypt is a scrambler for the COM format.
 This program does nothing else than encrypt the given file and attach some
 code which decrypts the COM in memory. Why should you do something like this?
 Maybe you want to hide the text strings in your program (so nobody could
 change them) or render dissemblers useless. Or maybe you're a beginner and
 don't want anyone to see your (still) bad programming-style.

Ŀ
 Usage 


 Simple: LCCRYPT file.com [switches]

 file.com - file to be encrypted. The dot and the extension HAVE to
            be included
 Swithes are optional and they can be:
  /S - uses SMALL decryptor model, which has no anti-debugger/tracer/emulator
       code but is only 21 bytes long (!)
  /H - HUGE model, the most secure protection LCCrypt 1.2 can offer
  /V - verbose mode
  /D - don't keep backup

 If there are no parameters then the helpscreen is shown. If there is filename
 but no switches then LARGE decryptor model is used. Without /D the original
 file will be saved in file.bak
         
Ŀ
 Technical stuff 


 SMALL model has no anti-lamer code at all, but some debuggers and
 unpackers still get kicked (their own fault).
 LARGE model has some old tricks (which still defeat some unpackers) and an
 anti-TbScan-routine (so no flags will be triggered) that can fool some
 unpackers.
 HUGE model has the same anti-TbScan-routine. Besides that it has a general
 trick against all debuggers/unpackers (at this moment I know only 2 debuggers
 which are not affected by it), a general trick against unpackers and some
 anti-dumping-code. And ofcourse a couple of those old (from the beginning of
 90s) tricks.

Ŀ
 Registering 


 I'm one of those guys who like to have their name everywhere, so I built a
 'register'-option into LCCrypt. It only exists by HUGE model (at this moment).
 With this option you can add your name into the crypted file (nothing special,
 you can do it VERY easily by yourself). How to do that? Well, you have to
 find that out by yourself. Or you can always ask me. You'll find my e-mail
 address below.

Ŀ
 System requirements  


 MS-DOS 2.0 (or any compatible)
 8086 (atleast that's what the compiler says)
 ca. 60kB memory (actually less, but...)
 HUGE model needs max. 200kB RAM

Ŀ
 Advantages  


 Greet-ware (this means when you use this protector on your programs or you
   write an unpacker for it you must greet me in the documentation or code,
   so basically this scrambler is freeware)
 It has the smallest decryptor in the world (21 bytes!!!)
 Quite fast
 Small size
 Some uniqe (I think) ADT
 Can be registered
 One of those FEW still-being-developed scramblers out there which runs on a
    8086 (haven't tested, so it's teorethical)

Ŀ
 Disadvantages  


 The size of encrypted file must be atleast 3 bytes
 The size must not be greater than 65000 bytes
 No EXE support
 No mutation engine
 Quite high memory requirements by HUGE model
 Not the best
 Makes files bigger  :(

Ŀ
 Tested  


 Files encrypted with LCCrypt 1.2 have worked fine on following configurations:

   Cyrix 486DLC/40MHz, Win95/MS-DOS 7.0 (mine)
   AMD 486DX/100MHz, MS-DOS 6.22 (overclocked, mine)
   Intel 486DX4/100MHz, Win95 (REM's)
   AMD 586/133MHz, Win98 (Marqs')
   Intel Celeron/300MHz, Win98 (A-Joo's)
   Intel Celeron/466MHz, Win98 (EVeRT's)
   Intel Celeron/500MHz, Win98 (Slayer's)

 Encrypted files failed to run under FreeDOS beta 4 (that's because FreeDOS
 ain't 100% compatible with MS-DOS yet)

 If anyone has run LCCrypted files successfully (or not) on other
 configurations then let me know.

Ŀ
 Unpacking 


 Check the file UNPACK.TXT to see against what unpackers/debuggers LCCrypt
 1.2 has been tested.
 
Ŀ
 Technical about LCCRYPT.COM 


 Written in SPHINX C-- and compiled with 0.203
 Norton Commander Editor (NCedit, NOT Norton Editor) was mainly used for
   writing
 TR and TD were used for debugging
 HIEW was used for examining the code
 Lot of material from HelpPC, Tech Help! and Interrupt List was used
 Source's size is 32969 bytes (it's fully commented, that's why)
 It has 1685 lines
 Executable is packed with aPACK 0.98 with -x switch (so it should run on XTs)
 A HUGE amount of coffee, food and electrisity was spent during the coding

Ŀ
 History 


 Version 1.00 released on 25th of December, 1999

    * Initial release
    * Had a simple XOR encryption with some anti-debugger/tracer-code in the
      decryptor (the anti-hacking-code has remained EXACTLY the same)
    * Only one of my unprotectors, ROSE's unCOM, defeated the protection

 Version 1.1 released on 28th of December, 1999

    * Added double encryption to beat unCOM (and I defeated it, hihihi)
      It's even better: unCOM thinks now there is no protection at all!
    * Decreased the size of decryptor by 4 bytes
    * Recoded the encryption process, now it's being done in memory
      This way I got rid of the delay by crypting bigger files and there's 
      fewer writings into the file thus making the program faster
    * Added JMPS support (this means that the jump command by files smaller
      than 128 bytes will take 2 bytes instead of 3, also the 3rd byte won't
      be recovered, saving so 4 bytes by the decryptor)
    * Added the message of file being closed

 Version 1.11 released on 29th of December, 1999

    * Added the opportunity to use the SMALL decryptor model which
      creates a max. 24 bytes decryptor.
    * Added the check if the file is really a COM (actually if it's not an
      EXE)
    * Now LCCrypt won't crypt files larger that 65000 bytes
    * At the scrambling process there aren't as much text output anymore.
    * Now it's not possible that the encryption key is 0 or the 2 keys
      are the same
    * Added the 'file is an EXE/too big' messages

 Version 1.12 released on 2nd of January, 2000

    * Added a second decryptor (19 bytes) to large model that unscrambles
      the real decryptor (credit for that goes to HackStop's decryptor)
      This beats TbScan's heuristic scanning (no more false alarms about
      LCCrypted files being infected!)
    * Now a backup is created (this was mainly against TbFile which accused
      this protector to act like a virus)
    * Some changes in the output of LCCrypt
    * Removed attribute-wiping because it's not needed anymore.

 Version 1.2 released on 2nd of June, 2000

    * Added HUGE decryptor model with the experimental REx-trick
    * Changed structure of SMALL and LARGE decryptor model
    * Shortened the SMALL model to 21 bytes
    * Added the check if file is too small
    * Added /D and /V switch
    * Removed the showing of key-values
    * Changed the inner structure of program
    * Re-add attribute wiping
    * Removed JMPS support
    * Fixed one AD trick which sometimes made the file crash even if no
      debugger was loaded
    * Cut off most of the output
    * 'Register' option on HUGE model
    * Removed 286-code so LCCrypt should run on 8086s
    * LCCRYPT.COM is now packed with aPACK
    
Ŀ
 Future 


 After 1.12 I was quite tired of this program, but as Valmii wrote an unpacker
 for it I decided to release atleast one other version. By the coding process
 I found that I'm still interested in this scrambler. So, there will probably
 be another release some day. There should be (again probably):

   + code optimization
   + JMPS support again (is there anyone who still writes programs shorter
     than 130 bytes?)
   + MORE anti-debugger/tracer/emulator/dissembler-code
   + a new kind of mutation engine
   + using register-text as part of decryption

Ŀ
 Greets 


 Today's greets fly to:

 Valmii^tKD                 -  author of UnLCCrypt, for our contest and
                               'forcing' me to write a new version. Wishing
                               you the best, dude
 Peter Cellik               -  C-- still ROCKS
 Jibz                       -  aPACK is AWESOME (also thanks for the
                               greet-ware idea)
 Liu TaoTao                 -  you've probably heard it before, but TR IS
                               THE BEST
 Sen                        -  I don't know what I would have done without
                               HIEW
 Michael Hering             -  FileInfo beats the rest
 Alexandr Gazko             -  HIEW has hard times because of QVIEW
 Pablo Carboni              -  X-tract's C00L, besides that, the format
                               of this text file is borrowed from you
 EVeRT, REM, A-Joo, Slayer  -  for letting me test LCCrypt on their PCs
 Marqs                      -  for used computer time, for lending me his
                               Eminen CD and for the iNet access
 Vsevolod V. Volkov         -  VC is THE one...
 Ralf Brown                 -  all one would need is IntList
 ACM                        -  for lending me some of his CDs
 David Jurgens              -  HelpPC, well, what could I say...
 MiKE The Hacker            -  for being so pessimistic  :)
 KUTT and A-Yee             -  for their interest
 Dan Rollins                -  Tech Help! was VERY helpfull
 Sudden Discharge Crew      -  I just love your site
 All EXE List members       -  the chosen ones  :)
 Everyone who's writing
  scramblers/debuggers/
  dumpers/unpackers/on-line
  compressors/dissemblers   -  keep up the good work guys!

Ŀ
 Validating 


 To check if all files in this archive are OK store my public PGP key into
 your public-key-file (PGPK -a CYBERRAX.SIG), validate CRCHECK.TXT (PGP -v
 CRCHECK.TXT) and then execute ROSE SWE's CrCheck.

Ŀ
 Closing 


 So, we have come to the end. If you have any suggestions or bugreports or
 you want to know how to get your name into the crypted file than feel free
 to mail me at
                          cyberrax@yahoo.com

 
 Oh yeah, forgive me my not so good english...



                                  CyberRax
                              the Hacking One
                                     of
                     -=-=-= CyberRax Programming =-=-=-

                             "just some x dude"

                June 2nd, 2000, Tootsi, Paernu County, Estonia
