Linux.Grip (rel2) Source Code

	This is both encrypted and obfuscated virus for Linux, it's
	based of my old Linux.Tahorg virus (kernel part was omitted
	for simplicity) and the following:

	disassembler engines (which to use is specified in Makefile)		- LDE32 engine by Z0mbie		- RBLDE engine by roy g biv		- MLDE32 engine by uNdErX		- Catchy engine by sars
	infect.asm/virus.asm	- modified parts of Linux.Tahorg
	bfi.bin			- my BrainFuck interpreter
	xtea*			- XTEA encryption by Farshid Mossaiby
	mk_key.asm		-

	generate 16 random bytes of key and the BF program which after
	execution leaves these key on the tape, random is stolen from
	TZ#1 by Z0mbie, seed is initialized by:

		(time(NULL) ^ getpid() ^ RDTSC.HI ^ RDTSC.LO)

	sqrt is classical:

	int sqrt(int x) {
		register int r;
		x = (x + 1) >> 1;
		for (r = 0; x > r; x -= r++)

	which i found on some site, sorry forgot the URL.

	each byte of key (n) decomposed to multiplicands (x, y) and
	reminder (t), so the product of x * y is the closest number
	to the n:

	x = y = sqrt(n);
	while ((t = (x * y)) < n)
	t -= n;
	assert((x * y - t) == n);

	when, we produce program to multiply factors we got:

#define S(c)	*code++ = c;
#define M(c,n)	for (i = 0; i < n; i++)	S(c)
	M('+', x)
	M('+', y)

	and add the reminder:

	if (t < 0) {
		t = -t;
		cmd = '+';
	} else {
		cmd = '-';
	M(cmd, t);

	the resulting program is quite simple. surely, we may produce much
	more sophisticated bf program, but all this shit was done only to
	play with the old idea about using interpreters inside the virus,
	to obfuscate it's code or the encryption key like indeed is in my
	case. the bf program pigtailed on virus is not encoded (though it
	can be done effectively since BF has only 8 instructions, 3 bits
	per instruction, see bfmerge.c from BF distribution on my page).
	as i said, the virus lacks optimizations and many features, a sort
	of a "test".