
 ____   ___  ____  _____    ____ ___  __  __    ____                  _
|  _ \ / _ \/ ___|| ____|  / ___/ _ \|  \/  |  / ___|_ __ _   _ _ __ | |_
| |_) | | | \___ \|  _|   | |  | | | | |\/| | | |   | '__| | | | '_ \| __|
|  _ <| |_| |___) | |___  | |__| |_| | |  | | | |___| |  | |_| | |_) | |_
|_| \_\\___/|____/|_____|  \____\___/|_|  |_|  \____|_|   \__, | .__/ \__|
                                                          |___/|_|

-----------------------------------------------------------------------------
                           RCC - ROSE COM Crypt
-----------------------------------------------------------------------------
$Header: /home/CVS/asm/rc/rc286.txt,v 1.11 2003/07/31 18:55:06 ralproth Exp $

An other crypter for COM files? No! RCC is (in my eyes) one of the most
advanced COM crypter yet - especially RCC/Mild. Why? Because RCC/Mild
generates VERY short decryptors with a lot of antidebugging features!

RC/Mild was written because I want to have an own _small_ protector for my
small intro files.

Some Highlights
~~~~~~~~~~~~~~~

Both versions
        Encrypts the host - so strong that you can't
                            compress it afterwards!
        Polymorph encrypted decryptor using a mutation engine
        Antidebugger tricks
        Generic unpacker tricks (CUP, UNP, TSUP, UUP...)
        Anti TRON -p 1.20/-u 1.30 unpacker tricks!
        Anti CUP/386 /1-/7 unpacker tricks
        Variable decryptor length
        Fake jump and instructions to fool anti virus programs
        Fake jump to fool CUP 386/3.2, 3.3
        Anti TEU, UPC & Intruder code
        Original entry point data is double encrypted

'Hard'-Module
        More Antidebugger tricks
        Anti load tricks (Anti Intruder/SnapShot code)
        Anti UPC/XPack code

-=[ Decryptor ]=-----------------------------------------------------------

Length (approx.)

1.09
        Mild:   179-240 bytes
        Hard:   680-740 bytes
1.10
        1.09 + 15 bytes

1.11    Mild:  approx 300 bytes
        Hard:  approx 600 bytes

1.12    approx 5-10 bytes shorter than 1.11

1.14++  the programs now print the plain length after crypting the host

1.18    Mild:   378 - 438 bytes

---------------------------------------------------------------------------

Hi Dudes,

try to protect a COM file with RCC-II and THEN try to debug it or hack it!
Well I know it's easy to do a runtime unpacking to ANY COM file.  But I
want you that you check it out with Soft-ICE, AutoHack, Intruder and such
crap. EVERY normal hacker should be able to unpack RC protected files - if
not: Give up and play DOOM instead!  :)

---------------------------------------------------------------------------

History
~~~~~~~

New with 1.08 - there are two versions of RC/286:

 - a smaller one, called mild (decryptor about 400 bytes)
 - a bigger one, called hard (decryptor about 1000 bytes)

New with 1.10:    31-July-96

 - added code to disable 386 hardware break points on exec/write 100h
   works with CUP 386 <eg>
 - Rand0m/Ka0t: Did your unpacker still work?
 - Ghostbuster: Did your unRCC still work? Send me a copy... :-))

New with 1.10b:   01-Aug-96

 - fixed sp=0fffdh bug (THX 2 Ghostbuster)
 - fixed fake 100h routine (THX 2 rand0m/ka0t)

New with 1.11:   25-Oct-96

 - Total rewritten startup code of protected files.
 - Rewritten 100h simulation.
 - Removed anti intruder code, added anti UPC/XPack code

New with 1.12:   02-Jan-97

 - Bugfixes (stack and other things)
 - Additional fake code for generic unpackers like CUP 3.2

New with 1.13:   01-Aug-97

 - Fixed the color routine to work under Windows NT
 - The last 6 months almost every macro I use have changed
 - Added anti TEU and anti CUP 3.3 macros

New with 1.14:   03-May-98

 - uses now the inline memory encryption from HackStop, thus achieving
   a double encryption of some parts.

New with 1.15: 08-Aug-98

 - prints now the plain protector length. Changed some macros.

New with 1.16: 02-May-1999

 - recompiled with the new macros from HackStop and mess. Shorten the
   decryptor. Changed some code parts.

New with 1.17: 13-Sept-1999

 - basically a recompile using updated macros from HackStop. This includes
   a bugfix discovered by Michael Hering!

New with 1.18 - 5 April-2001

 - Recompile using bug fixed Win2000 units. Changed the "brand mark".

New with 1.18.2 - 06 March 2002

 - Some minor fixes, Y2K2 etc.
 
New with 1.18.3 - 14 May 2002

 - Some minor fixes. Fixed TPE false positive.
 
New with 1.19 - 08.July 2002

 - Some minor fixes. Fixed TPE false positive. Rearranged the Mutation Engine.

New with 1.20 - 1. Aug. 2003

 - see history
 

keep on c0ding,

        Ralph


Take a look at ROSEBBS.TXT for my address!
