View Full Version : shiva

January 12th, 2005, 17:23
SHIVA, ELF encryption tool

zipped ppt attached explaining the tool

January 12th, 2005, 18:09
definately a cool tool!

did anyone get it to run? I tried (just quick, no "analysis" with kernel 2.6.x, 2.4.x, on mdk, knoppix, suse and "out of the box" it segfaults

but they say currently they expect many problems with it as it is under development.

I can't wait to get a running copy and play around with it. I potentionally
see weaknesses when one patches (wrapps) ptrace(), is using other kernel modules to load the executable, or implements tracer / debugger which do
not use ptrace(); Also luckily one can patch the /proc modules so ....
we will see...

Next came to my mind that code analysis using intermediate representation is missing a good tool, isn't it? (meaning I do not know one ) At least the obfuscation could be cleaned up by that.

Those are all "approaches" of course, or - some initial thoughts haha

thanks for this link!!


January 13th, 2005, 08:16
some packers crypters

January 16th, 2005, 08:31
cool NOP!

I am not allowed to download those tools in the forum, but googled them. Actually none of them worked on my system maybe I have to use older kernel / libc / ... need time !

for shiva0.95 I have found some very interesting links, it was defeated at least in 3 different ways, as described here:


more details here

There should be 0.96 out, did not find it yet

Shiva was besides others attached by using the IDA code emulation plugin