## Encyclopedia > Polymorphic code

Article Content

# Polymorphic code

In computer science (or more often, in computer underground terms) polymorphic code is code that mutates while keeping the original algorithm intact.

This is often used by computer viruses and shellcode to keep their de/en-cryption-engines from being detected by anti virus software[?] and intrusion-detection system.

An algorithm that uses, for example, the variables A and B but not the variable C could stay intact even if you added lots of codes that changed the content in the variable C.

The original algorithm:

```
Start:
GOTO Decryption_Code
Encrypted:
...
lots of encrypted code!!!
...
Decryption_Code:
*A = Encrypted
Loop:
B = *A
B = B XOR CryptoKey
*A = B
A = A + 1
GOTO Loop IF NOT A = (Decryption_Code - Encrypted)
GOTO Encrypted
CryptoKey:
some_random_number
```

The same algorithm, but with lots of unnessisary C-altering codes..

```
Start:
GOTO Decryption_Code
Encrypted:
...
lots of encrypted code!!!
...
Decryption_Code:
C = C + 1
*A = Encrypted
Loop:
B = *A
C = 3214 * A
B = B XOR CryptoKey
*A = B
C = 1
C = A + B
A = A + 1
GOTO Loop IF NOT A = (Decryption_Code - Encrypted)
C = C^2
GOTO Encrypted
CryptoKey:
some_random_number
```

The code inside "Encrypted" could then search the code between Decryption_Code and CryptoKey[?] and remove all the code that alters the variable C. Before the next time the encryption engine is used, it could input new unnecessary codes that alters C.

```
Start:
GOTO Decryption_Code
```
```
Encrypted:
...
(when this part is decrypted, it will contain the following...)
...
Then remove all the C-Codes between Decryption_engine and CryptoKey
And input new unnessisary C-Codes at other locations in the algorithm
Change the code beneth "Change_this" to RETURN_TO_SYSTEM
...
Do_whatever_this_code_is_suposed_to_do
...
Goto Decryption_Code
```
```
Decryption_Code:
C = C + 1
*A = Encrypted
Loop:
B = *A
C = 3214 * A
B = B XOR CryptoKey
*A = B
C = 1
C = A + B
A = A + 1
GOTO Loop IF NOT A = (Decryption_Code - Encrypted)
C = C^2
Change_this:
GOTO Encrypted
CryptoKey:
some_random_number
```

The code above will decrypt the code inside "Encrypted" with a mutated crypto-engine. Then it will transfer control to the decrypted code inside "Encrypted". The code in there will remove all the codes that alters C. Then it will input new codes that alters C at other (random) locations in the crypto-algorithm. The change of "GOTO Encrypted" to "RETURN_TO_SYSTEM" will make it possible to re-use the old encryption engine (as XOR works in both ways.) then it will do something (like spreading to other files in the case of a virus) and at last, it will return to the Decryption_Code.

If the code is trying to replicate itself (in the case of a computer worm or computer virus) it will need to encrypt the code inside "Encrypted" before it sends it away.

All Wikipedia text is available under the terms of the GNU Free Documentation License

Search Encyclopedia
 Search over one million articles, find something about almost anything!

Featured Article
 Islandia, New York ... is \$69,519, and the median income for a family is \$69,615. Males have a median income of \$46,083 versus \$34,261 for females. The per capita income for the village is ...