DOS Protectors Review
----
Writer    : EddyHawk
Fix       : Stonehead
Date      : ##-02-2K
Warranter : Alien
Protector
 Source   : http://www.suddendischarge.com
            http://www.egroups.com/list/exelist
            http://www.cracking.home.ml.org
Info
 Source   : protectors documentation
            authors comment
            exelist members comment
            unpacked protectors executable :)
            self experiment
----
Legend: prot     = protect/protection
        protor   = protector
        proted x = executable (to be) protected
        muteng   = mutation engine
        AD       = anti debugging tricks
        exec, x  = covers EXE & COM
        adv      = advantages
        disadv   = disadvantages
        temp     = temporary
        ?        = based on doubtful information
----
Next:
-Author personal comment?
-Rating like security against debugging, against auto/specific unpacker, 
 against compatibility, etc
---
-FFSE (Final Fantasy Security Envelope) or FSE
 Author: Zenix Yang or Yang Shiuh-Phong (Taiwan)
 Tahun: 1994, 1997-1999
 Type: EXE protor
 Adv:
  best protection
  muteng
  resists most popular unpackers: TEU V1.82, CUP386 V3.4, ICEUNP V0.31
  freeware version available
 Disadv:
  add copyright + overlay to proted x (but can be removed)
  must be the last protor (mostly the only protor)
  since author house was crashed by earthquake, he may not continue FSE
   again. please pray for his fortune
 Note:
  V0.55S doesn't disable TP7 EXEC
         is V0.6C unpackable
         add 6083-6454b to proted x 
         hangs on real mode on my computer
  V0.6+  can't be run at all on my computer (real or V86 mode)
  V0.76  is now run on V86 mode on 486DX-S
         add 7905-8030b to proted x
         proted x is slow
         disables TP7 EXEC
  V0.77  was planned to run on realmode on 486DX-S
  uses
   Zenix V-Code Engine II (polymorphic)
   PSP Faker/Shifter?
   AdFlt2a (anti debugging)
   generic AD tricks

-UPStop (UnPackStop) V0.97
 Author: Szabo Laszlo or Szaszi (Hungary)
 Year: 199?-1999
 Type: EXE protor (COM converted to EXE), 386+
 Adv:
  very good protection
  check file size (disable-able)
  generic dump preventer
  multiple encryption layer
  muteng
  resists most popular unpackers: TEU V1.82, CUP386 V3.4, ICEUNP V0.31
  freeware version available
 Disadv:
  add 5465-5588b or 5945-6043b (option /p) to proted x
  multiple protection is unallowed
  V0.95 is hang on Pentium. But some tricks is removed from V0.96
   therefore it may run on Pentium now
  V0.96/0.97: proted x is slow
  disables TP7 EXEC
  can't protect RAR Archiver V2.06 (doesn't run)
   Szaszi: it will be fixed
  Vladimir G.'s DeUPS97 unpackable

-JMCE (JauMing CryptExe) V0.7r
 Author: JauMing Tseng or Kevin Tseng (Taiwan)
 Year: 1994, 1997-2000
 Type: EXE protor, 286+
 Adv:
  good protection
  proted x is fast
  compatibility
  shows slime if someone attempts to unpack proted x
  V0.7n: add 3160-3162b to proted x
  V0.7o: anti TR V2.52
  V0.7p: anti UNJMCE
  V0.7q: anti BlastWave V2.5
  V0.7r: better anti TR V2.52
  resists most popular unpackers: TEU V1.82, CUP386 V3.4, ICEUNP V0.31
  anyware
 Disadv:
  multiple protection (remove 'Ex' & 'encr' signature first) causes hang
  Christoph Gabler's UNJMCE upackable

-AdFlt2A (Anti Debugging Filters V2A)
 Author: EliCZ
 Year: 1998
 Type: COM protor, 386+?
 Adv:
  very good protection
  PSP Shifter
   PM, VCPI, DPMI tricks?
  add 1488-1489 byte (w/o reg. key) to proted x
  proted x can show the owner [ option :o) ]
  freeware
 Disadv:
  no longer updated?
 Note:
  EXE2COM-ed TP 7.0 program is TEU V1.82 unpackable

-PCG (PC Guard) V3.20 PRO DEMO
 Author: Blagoje Ceklic (Yugoslavia)
 Year: 1994-1999
 Type: EXE protor, 386+?
 Adv:
  still updated
  2 type of protection
   LOADER (crypt image,destroy header,clean memory)
   ENVELOPE (user-selectable encryption layers)
  3 protection modes
   NOIC/AUTO/CODE
   check debugger/lock position
  3 demo mode
   TIME/DATE/EXE
  specific unpacker unavailable?
  only FI V2.06a can identify as PCG V3.05
  GUI
 Disadv:
  add at least 6Kb to proted x (1 layer)
  commercial (proted x shows message, recipient name & delay)
  must specify recipient name
  sets keyboard to slowest rate
  proted x is slow
  complicated proting procedure

-EXELock 666 V1.05
 Author: ST!LLS0N
 Year: 1997-1998
 Type: EXE protor, 386+
 Adv:
  add 2471-2476b to proted x
  freeware
 Disadv:
  non-encrypting
  no longer updated
  TEU V1.82 -! -m:4 unpackable
 Note:
  uses screen off

-ProtEXE V3.11
 Author: Tom Torfs
 Year: 199?-1997
 Type: EXE protor
 Adv:
  various kind of protection
 Disadv:
  no longer updated?
  complicated proting procedure
  proted x hangs on many cases?
  shareware

-$pirit V1.5
 Author: Night $pirit
 Year: 1995?-1996
 Type: exec protor, max <= 57000b
 Adv:
  muteng
   proted EXE can't be fully detected if 'N$' signature is removed
  multiple protection is allowed if 'N$' signature is removed
  add 558-950b (COM) 710-1084b (EXE) to proted x
 Disadv:
  weak protection
  no longer updated
  CUP386 V3.4 /3 unpackable
  TEU V1.82 -! -g (EXE) unpackable
 Note:
  uses $UPD ($pirit Universal Polymorphic Device) V2.1

-SS (SuckStop) V1.11r
 Author: Ka0t^N0PS
 Latest known version: V1.18 (according to ROSE)
 Year: 1996/1997
 Type: EXE protor
 Adv:
  add ?b to proted x
  password (/p, optional)
  muteng
 Disadv:
  no longer updated
  older source code is released
  Win9x incompatible
  weak protection
  can't protect > 64 Kb
  CUP386 V3.4 /7  unpackable
  proted x sets keyboard to slowest rate

-ALEC V1.6.386.pro
 Author: rANDOM/UCF
 Year: 1996-1997
 Type: EXE protor
 Adv:
  password (/p, optional)
  add 3500+ byte to proted x
 Disadv:
  no longer updated
  weak protection
  proted x sets keyboard to slowest reate
 Note:
  uses screen off

-IluCrypt V4.019
 Author: iLUVATAR or Christian Schwarz
 Year: 1999?
 Type:
 Adv:
  still updated
 Disadv:
  min 486+fpu
  can't run on my computer
 Note:
  successor of CSCrypt Pro

-CSCrypt Pro V3.30
 Author: Christian Schwarz
 Year: 1996 or 1997?
 Type: ?
 Adv: ?
 Disadv:
  hang on my computer

-C-Crypt V1.02
 Author: De'FeinD/uCT
 Year: 1998
 Type: exec protor
 Adv:
  fucks all known debugger/unpacker/tracer?
 Disadv:
  hang on my computer

-Gardian Angel V1.0
 Author: Stefan Verkoyen
 Year: 1995
 Type: exec protor?
 Adv:
  GUI
  antiload, antidump, 386 tricks
 Disadv:
  no longer updated
  shareware
  weak protection
  Win'9x incompatible

-MESS V1.31
 Author: Stonehead^TPiNC
 Year: 1997-1999
 Type: EXE protor (COM converted to EXE), 386+
 Language: MASM V6.13
 Adv:
  Good protection
  muteng (option /M for fully polymorphic for COM file)
  proted x can show registration info (option //)
  user-selectable encryption layer(s) (/L<n>)
  anti-TEU trick (option /T)
  add 2484-2717b (9 layers) to proted x
  free for non-commercial use
  run on Cyrix & Linux's DOSEMU
  still updated?
 Disadv:
  commercial use is prohibited
  disables TP7 EXEC
  source code is released
  half TEU V1.82 unpackable
  ICEUNP V0.33 unpackable?
 Note:
  MESS is branch of SCRAM!
       is inspired by Gardian Angle
  Uses SHAME (StoneHead's Adjusted Mutation Engine) which is based from
   Darkman/VLAD diassembly of Wild W0rker's Small Polymorphic Engine

-HS (HackStop) V1.19 build 217
 Authors: ROSE aka Ralph Roth & Stonehead
 Year: 1994-1999
 Latest known version: V1.19 build 223
 Type: exec protor, 8086+, 80386+, COM: ~ < 61000b, EXE: 64 -?b
 Language: MASM V6.0 & V6.13
 Adv:
  add 3456b (COM) or 3838b (EXE) to proted x
  Good protection
  still updated
  semi? muteng
  Add user name/message to proted x
  nebelbombs
  resists CUP386 V3.4 & TEU V1.82
 Disadv:
  ICEUNP V0.31 unpackable
  Christoph Gabler's ICEUNP V0.32 unpackable?
  Too famous (hacked all the time)
  Shareware
 Note:
  V1.18 build  70 adds 3316b (COM) or 3388b (EXE)
  V1.19 build 206 adds 3426b (COM) or 3743-3757b (EXE) to proted x
  HackStop < V1.19 build 206 are non-encrypting protectors
  Started from V3.02a, WWPACK is protected with HackStop
  WWPACK V3.05b5 protected with HackStop V1.11a

-LSTOP (LamerStop) V1.0b
 Author: Stefan Esser or ANAKiN
 Type: EXE protor?
 Disadv:
  weak protection

-CS (CrackStop) V1.03b
 Author: Stefan Esser or ANAKiN
 Year: 1997-1998
 Type: EXE protor, 8086+
 Language: TASM V3.5
 Adv:
  Add registered name/message to proted x
 Disadv:
  no longer updated
  proted x turns off-on numlock if it's on
  weak protection
  can't handle relocation items (but RelPack is included)
  can't encrypt image with relocation items
  TEU V1.82 unpackable
  CSR V1.2 unpackable
 Note:
  has similar interface with HackStop

-DarkStop/No Lamer V1.0
 Author: Dark Destroyer
 Year: < 1998 ?
 Adv:
  exec protor
 Disadv:
  no longer updated
  weak protection
  appending/non-encrypting protector
  TEU V1.82 unpackable
 Note:
  has similar interface with HackStop
  EddyHawk & StoneHead: HackStop V1.13 rip

-MASK V2.3
 Author: Jose M. L. Lopes (Portugal)
 Latest known version: V2.4
 Year: 1994-1995
 Type: COM protor (EXE converted to COM), 8088+, COM: 6b-62Kb
 Adv:
  envelope checksum
  multiple complex encryption
  anti-set-breakpoint
  adds only 700 byte
  multi-debugger fucker
  the author plans to release V2.5
 Disadv:
  shareware
  weak protection
  Cyrix + Windows incompatible (SMI instruction)
  multiple protection unallowed
  incompatible with Game Wizard (Pro), even if it unloaded
   (hey, I only want to cheat, not debug!)
  TR V2.52 unpackable (Christoph Gabler's Script)
  TEU V1.82 unpackable

-XoReR V2.1
 Author: dR.No
 Year: ?
 Type: ? protor
 Adv:
 Disadv:
  no longer updated?
 Note:
  Pentium incompatible?

-TRAP V1.25
 Author: Christopher Gabler (Germany)
 Year: 1997-1999
 Type: exec protor (COM: 4-61000b, EXE: 32b-0.5Mb)
 Adv:
  good protection
  muteng
  resists most popular unpackers
  CRC used as decryption value
  proted x is fast
  freeware
  still updated
 Disadv:
  proted COM never run 
  DeTrap V1.5 unpackable
 Note:
  V1.24  is now compatible to 486DX4-S
         adds 3946-4120b to proted x
  V1.25  has relocation handler
  V1.26b anti DeTrap V1.5?
         COM converted to EXE
         proted x is 486DX4-S incompatible

-ICE V1.00, COP V1.3, CRYPTCOM
 Author: Keith P. Graham, Jack A. Orman, NoWhere Man
 Year: 1988, 1988, 1992
 Type: COM protor
 Disadv:
  no longer updated
  Lame protection (crypt only)
  ICE & CRYPTCOM is UNP unpackable, COP is CUP /1 unpackable
 Note:
  The oldest protectors I know

-PROTECT! EXE/COM V6.0
 Author: Jeremy Lilley (USA)
 Year: 1993-1996
 Type: exec protor
 Adv:
  needs only 1.8k more memory
  very good muteng
  serial check
  compatibility
  password (optional)
  CRC check
 Disadv:
  weak protection
  no longer updated
  the program itself can't run on V86 on my computer
  ICEUNP V0.31 unpackable
  CUP386 V3.4 /3 unpackable
 Note:
  The most famous protector before HackStop. Many people use (CM), unpack
  (UX) and enhance (Ciphator) it. Becasue every version of PROTECT! can be
  unpacked easily, JL never releases newer PROTECT than V0.6! (giving up?)

-SECURE V0.19
 Author: Piotr Warezak (Poland)
 Latest known version: V0.29
 Year: 1996-1997?
 Type: EXE protor
 Language: Borland Pascal V7.0
 Adv:
  add 1800-1925b to proted x
  double encryption
  anti-generic-unpacker
  can add comment to proted x (max 1024b)
  proted x can check 286/386 protector and/or check DOS version
 Disadv:
  multiple protection is unallowed
  no longer updated?
  experimental, non-public
  shareware?
  TEU V1.82 slow unpackable

-EXEGUARD V1.3
 Author: Ivanov Vadim
 Year: 1996-1997
 Type: EXE protor, 8086+
 Language: Borland Pascal V7.0 + TASM V4.0
 Adv:
  add 849-858b to proted x
  freeware
 Disadv:
  no longer updated?
  non-encrypting
  TEU 1.82 unpackable

-PCRYPT (Program CRYPTor) V3.51
 Author: MERLiN/DTG
 Year: 1995-1997
 Type: exec protor, 386+
 Adv:
  muteng
  32 bit code
  free keyfile
  clears proted x after its running
  resists many unpackers
  proted x can show message before running
  add message to proted x?
 Disadv:
  no longer updated?
  source code is released
  can't run on V86 on my computer, proted x does nothing on real mode
 Note:
  uses MPME (MERLiN's Polymorphic Mutation Engine)

-DS-CRP (Dark Stalker's CRyPt) V1.31
 Author: Dark Stalker/UCF
 Year: 1996-1997
 Type: COM protor
 Adv:
  3/4 size of MD5 checksum
 Disadv:
  no longer updated
  sometimes hang
  Source code is released

-fds-cp V0.4a
 Author: fds0ft
 Year: 1997
 Type: COM protor
 Adv:
  add 1192b to proted x
  semi-random encryption keys
  checksum check on encrypted image
 Disadv:
  no longer updated
  proted x must < 50,000b
  ENTPACK 14-04-1998 (FOTO) unpackable?
 Note:
  uses screen off 2x

-jmt-cp V0.5a
 Author: fds0ft & JauMing Tseng
 Year: ?
 Type: COM protor
 Adv:
  ?
 Disadv:
  no longer updated
  buggy?
 Note:
  JauMing Tseng: it's a quick hack of fds-cp V0.4a

-Ciphator Pro V4.60
 Author: mARQUIS/UCF
 Year: 1995-1997
 Type: EXE protor
 Adv:
  Nebelbombs
 Disadv:
  no longer updated
  non-encrypting
  TEU V1.82 unpackable
 Note:
  uses screen off

-Inbuild Encryption V1.0
 Author: Christopher Gabler
 Year: 1998
 Type: Assembly COM protor
 Adv:
  self-encryption (anti generic unpacker)
 Disadv:
  source code is released
  use first 15 byte of proted x
  program must be assembly & rewritten
  DUMPCOM V 3.55 PRO unpackable

-KShell (King Shell) V1.21
 Author: The Double-Star Computer, Inc.
 Year: 1996
 Type: EXE protor
 Adv:
  password (optional)
 Disadv:
  no longer updated
  add overlay?

-RCC II/286 (ROSE's COM Crypt II/286) V1.17
 Author: ROSE aka Ralph Roth
 Year: 1995-1999
 Type: COM protor
 Adv:
  Mild & Hard version
  add about 376b (mild) or 544b (hard) to proted x
  freeware
  fake jump
  mutated decryptor
  entry point is double-encrypted
  anti debug & unpack tricks
  still updated
 Disadv:
  ?
 Note:
  V1.02 is experiment for HS-MutEng (HackStop Mutation Engine)
        encryption borrowed from Witch virus

-RC386 or RC 386 (ROSE's COM Crypt 386) V0.51
 Author: ROSE
 Year: ?
 Type: COM protor
 Disadv:
  always hang on V86 on my computer

-RSCC or RSCC II (ROSE's Super COM-Crypt/286) V1.04.02
 Author: ROSE aka Ralph Roth
 Year: 1999
 Type: COM protor, 286+?
 Language: MASM V6.XX
 Adv:
  add 126b to proted x
  freeware
  muteng (fully polymorphic)
  still updated
 Disadv:
  muteng is buggy
 Note:
  based on RCC V1.14
  muteng is inspired by Uruguay virus family
  is experiment for HS-MutEng (HackStop Mutation Engine)

-REC (ROSE's EXE File Cryptor) V0.32
 Author: ROSE aka Ralph Roth
 Year: 1994-1997
 Latest known version: V0.40.5 (1999)
 Type : EXE protor
 Adv:
  still updated
 Disadv:
  only included for registered user of HackStop
  TEU V1.82 unpackable
 Note:
  used together with RCC to protect HackStop (the program itself)

-REC/Small or RECSmall (ROSE's EXE Cryptor/Small) V1.05
 Author: ROSE aka Ralph Roth
 Year: 1997-1999
 Type: EXE protor
 Adv:
  add 83b to proted x (smallest)
  freeware
  still updated
 Disadv:
  can't protect EXE with relocations
  generic unpacker unpackable (ex: CUP386 V3.4 /3, TEU V1.82)

-RECAV or REC/AV or REC/Small/AV (ROSE's EXE Cryptor + Anti Virus) V1.03
 Author: ROSE aka Ralph Roth
 Year: 1999
 Type: EXE protor
 Adv:
  anti-virus
  add 436b to proted x
  freeware
  still updated
 Disadv:
  can't protect EXE with relocations
  unRECAV unpackable (included)
  TEU V1.82 unpackable

-SECURE V2.1b
 Author: G.M. McKay (Australia)
 Year: 1995
 Type: exec protor, 8088+?, 1b-600Kb
 Adv:
  add 530-680b to proted x
  GUI
  checksum
  user-random encryption
  fail options (print own message/print user message/hang/reboot)
  filesize check (optional, add extra 100b)
  multiple encryption is allowed
  resists? CUP386 V3.4 /3 & ICEUNP V0.31
 Disadv:
  no longer updated
  shareware (proted x shows message)
  slow protecting
  complicating proting procedure
  TEU V1.82 or UPC V1.11 unpackable

-CRYPTEXE V1.04
 Author: The DoP (Doors of Perception) aka Christian Bradiceanu
 Year: 1994?
 Type: EXE protor?
 Adv:
  add 536-541b to proted x
 Disadv:
  no longer updated
  TEU V1.82 unpackable
 Note:
  Its relocation handler used? in FFSE

-AEP V1.00
 Author: Ke-Jiah Hann
 Year: 1996?
 Type: exec protor
 Adv:
  add 1320 (COM) or 1384 (EXE) to proted x
 Disadv:
  no longer updated?
  TEU V1.82 unpackable
  its own regged version unpackable
 Note:
  uses screen off
  Protect! EXE/COM V0.55 rip?

-SCRAM! V0.8a1
 Author: bushwoelie/ACP
 Year: 1996
 Type: COM protor
 Adv:
 Disadv:
  no longer updated
  slow down keyboard rate
  CUP386 V3.4 /7 unpackable

-RCRYPT (ROSE Crypt) V0.91
 Author: ROSE aka Ralph Roth
 Year: 1994?
 Type: COM protor?
 Adv:
  resists CrkCOM V1.92 & DUMPCOM V3.55 pro
 Disadv:
  no longer updated?
  CUP386 V3.4 /1 unpackable

-SCRYPT V0.4 / V1.4
 Author: darkgrey/DTG
 Year: 1998?
 Type: COM protor
 Adv:
  resists CUP386 V3.4 /1 and /3
 Disadv:
  no longer updated?

-LP (LockProg) V0.5a
 Author: Myrlochar/Kryst/TPD/PDL
 Year:
 Type: COM protor
 Adv:
  resists TEU V1.82?
 Disadv:
  no longer updated?
  CUP386 V3.4 /3 unpackable

-CRYPT V1.21
 Author: Eclipse/Light Show
 Year: 1994
 Type: EXE protor
 Adv:
  add 1029b to proted x
  anti Soft-ICE?
 Disadv:

-CRYPT V1.7
 Author: Dismember aka Alex Lemenkov
 Latest known version: 2.0
 Year: 1995?
 Type: exec protor
 Adv:
  add 165b (COM) or 436b (EXE) to proted x
 Disadv:
  COM is DUMPCOM V3.55 PRO unpackable
  EXE is CUP386 V3.4 /3 or TEU V1.82 unpackable

-EXEManager V3.3
 Author: Solar Designer
 Year: 1995
 Type: EXE protor
 Adv:
  ?
 Disadv:
  non-encrypting?
  hang on my computer

-Aluwain V8.09
 Author: Tequilla?
 Year: ?
 Type: EXE protor
 Adv:
  add 817b to proted x
 Note:
  V8.03 by Cracker X?

-BinLock V1.0
 Author: Hit-BBS Programmers Crew
 Year: 1994
 Type: COM protor
 Adv:
  resists several popular unpackers: 
   TEU V1.82/CUP386 V3.4/ICEUNP V0.31/DUMPCOM V3.55 PRO
 Disadv:
  very low compatibility
  ROSE's unCOM V1.21 unpackable
 Note:
  Christoph Gabler: uses dangerous trick
  StoneHead       : CG is right, it's useless

-CeXeC (CrypteXeC) V1.01
 Author: Gabor Keve
 Year: ?
 Type: EXE protor
 Adv: ?
 Disadv: ?
 Note:
  write temp decrypted file to disk

-DCREXE V2.0
 Author: LuCe?
 Year: 1997?
 Note:
  write temp decrypted file to disk?

-CryEXE V4.0
 Author: Iosco ..
 Note:
  write temp decrypted file to disk
  StoneHead: Iosco doesn't have time to code it better

-SnoopStop V1.15
 Author: Trill
 Disadv:
  never run on any computer? :)

-EFP V1.23
 Author: Alexei Bulushev
 Disadv:
  add 30.000b! to proted x

-MSCC (Mad Scientist's Com Crypter) V1.0
 Author: Mad Scientist
 Type: COM protor?
 Disadv:
  no longer updated?

-Khrome Crypt V0.3
 Author: Teraphy
 Type: COM protor?

-EXELock V1.00
 Author: JON Software
 Type: EXE protor?

-CRYPACK V3.0
 Author: Yakuza aka George Stark
 Type: EXE protor?
 Disadv:
  CUP386 V3.4 /3
  hang if proted x has relocations

-BITLOK V3.1
 Author: Yellow Rose?
 Disadv:
  add overlay?
 Note:
  used to protect Realix's HWInfo?

-BUNNY'S V4.1
 Disadv:
  non-English? (dunno how to use it)

-HDKProt (Mr.HDKiLLer Protection) V1.?
 Note:
  V1.1a: rip? by eMX

-EXECODE V1.0
 Author: Balazs Schneider

-SDW V1.79
 Author: Manticore

Apr '99
May '99
June '99
Upd Nov '99
Upd Feb 2K
