|
|
|
|
using System;
|
|
|
|
|
using System.Collections.Generic;
|
|
|
|
|
using System.Runtime.InteropServices;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
using System.Text;
|
|
|
|
|
using System.IO;
|
|
|
|
|
using System.Linq;
|
|
|
|
|
|
|
|
|
|
namespace BirdyKeygen {
|
|
|
|
|
public class Crypt32 {
|
|
|
|
|
static long CRYPT_NEWKEYSET = 0x8;
|
|
|
|
|
|
|
|
|
|
static long CRYPT_DELETEKEYSET = 0x10;
|
|
|
|
|
|
|
|
|
|
static long CRYPT_MACHINE_KEYSET = 0x20;
|
|
|
|
|
|
|
|
|
|
static long CRYPT_SILENT = 0x40;
|
|
|
|
|
|
|
|
|
|
static long CRYPT_DEFAULT_CONTAINER_OPTIONAL = 0x80;
|
|
|
|
|
|
|
|
|
|
static long CRYPT_VERIFYCONTEXT = 0xF0000000;
|
|
|
|
|
|
|
|
|
|
static int PROV_RSA_FULL = 1;
|
|
|
|
|
[DllImport("advapi32.dll", SetLastError = true)]
|
|
|
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
|
|
|
public static extern bool CryptAcquireContext(
|
|
|
|
|
ref IntPtr hProv,
|
|
|
|
|
string pszContainer,
|
|
|
|
|
string pszProvider,
|
|
|
|
|
uint dwProvType,
|
|
|
|
|
uint dwFlags);
|
|
|
|
|
|
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
|
|
|
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
|
|
|
public static extern bool CryptCreateHash(
|
|
|
|
|
IntPtr hProv,
|
|
|
|
|
uint algId,
|
|
|
|
|
IntPtr hKey,
|
|
|
|
|
uint dwFlags,
|
|
|
|
|
ref IntPtr phHash);
|
|
|
|
|
|
|
|
|
|
[DllImport("advapi32.dll", SetLastError = true)]
|
|
|
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
|
|
|
public static extern bool CryptHashData(
|
|
|
|
|
IntPtr hHash,
|
|
|
|
|
byte[] pbData,
|
|
|
|
|
uint dataLen,
|
|
|
|
|
uint flags);
|
|
|
|
|
|
|
|
|
|
[DllImport("advapi32.dll", SetLastError = true)]
|
|
|
|
|
public static extern bool CryptSetKeyParam(
|
|
|
|
|
IntPtr hKey,
|
|
|
|
|
int dwParam,
|
|
|
|
|
ref uint pbData,
|
|
|
|
|
int dwFlags
|
|
|
|
|
);
|
|
|
|
|
[DllImport("advapi32.dll", SetLastError = true)]
|
|
|
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
|
|
|
public static extern bool CryptDeriveKey(
|
|
|
|
|
IntPtr hProv,
|
|
|
|
|
int Algid,
|
|
|
|
|
IntPtr hBaseData,
|
|
|
|
|
int flags,
|
|
|
|
|
ref IntPtr phKey);
|
|
|
|
|
|
|
|
|
|
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
|
|
|
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
|
|
|
public static extern bool CryptEncrypt(
|
|
|
|
|
IntPtr hKey,
|
|
|
|
|
IntPtr hHash,
|
|
|
|
|
int Final,
|
|
|
|
|
uint dwFlags,
|
|
|
|
|
byte[] pbData,
|
|
|
|
|
ref uint pdwDataLen,
|
|
|
|
|
uint dwBufLen);
|
|
|
|
|
|
|
|
|
|
[DllImport("advapi32.dll", SetLastError = true)]
|
|
|
|
|
[return: MarshalAs(UnmanagedType.Bool)]
|
|
|
|
|
public static extern bool CryptDecrypt(
|
|
|
|
|
IntPtr hKey,
|
|
|
|
|
IntPtr hHash,
|
|
|
|
|
int Final,
|
|
|
|
|
uint dwFlags,
|
|
|
|
|
byte[] pbData,
|
|
|
|
|
ref uint pdwDataLen);
|
|
|
|
|
|
|
|
|
|
[DllImport("advapi32.dll", SetLastError = true)]
|
|
|
|
|
public static extern bool CryptDestroyHash(IntPtr hHash);
|
|
|
|
|
|
|
|
|
|
[DllImport("advapi32.dll", SetLastError = true)]
|
|
|
|
|
public static extern bool CryptDestroyKey(IntPtr phKey);
|
|
|
|
|
[DllImport("Advapi32.dll", EntryPoint = "CryptReleaseContext", CharSet = CharSet.Unicode, SetLastError = true)]
|
|
|
|
|
public static extern bool CryptReleaseContext(IntPtr hProv, Int32 dwFlags /* Reserved. Must be 0. */);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
public class ShittyEncryptionManager : IDisposable {
|
|
|
|
|
private IntPtr phHandle = IntPtr.Zero;
|
|
|
|
|
private IntPtr phHash = IntPtr.Zero;
|
|
|
|
|
private IntPtr phKey = IntPtr.Zero;
|
|
|
|
|
private static byte[] tplShittyKey = new byte[] {
|
|
|
|
|
0x73, 0x00, 0x65, 0x00, 0x74, 0x00, 0x75, 0x00, 0x70, 0x00, 0x54, 0x00, 0x50, 0x00, 0x4c, 0x00,
|
|
|
|
|
0x70, 0x00, 0x61, 0x00, 0x67, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x6c, 0x00, 0x65, 0x00,
|
|
|
|
|
0x63, 0x00, 0x61, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x75, 0x00, 0x6e, 0x00,
|
|
|
|
|
0x2e, 0x00, 0x4e, 0x00, 0x45, 0x00, 0x54, 0x00, 0x45, 0x00, 0x72, 0x00, 0x72, 0x00, 0x6f, 0x00,
|
|
|
|
|
0x72, 0x00, 0x20, 0x00, 0x25, 0x00, 0x31, 0x00, 0x4f, 0x00, 0x4b, 0x00, 0x5f, 0x00, 0x20, 0x00,
|
|
|
|
|
0x2b, 0x00, 0x2d, 0x00, 0x2a, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x65, 0x00, 0x73, 0x00, 0x73, 0x00,
|
|
|
|
|
0x61, 0x00, 0x67, 0x00, 0x65, 0x00, 0x20, 0x00, 0x25, 0x00, 0x31, 0x00, 0x20, 0x00, 0x4e, 0x00,
|
|
|
|
|
0x4f, 0x00, 0x45, 0x00, 0x52, 0x00, 0x52, 0x00, 0x4f, 0x00, 0x52, 0x00, 0x20, 0x00, 0x21, 0x00
|
|
|
|
|
};
|
|
|
|
|
public ShittyEncryptionManager() {
|
|
|
|
|
if (Crypt32.CryptAcquireContext(ref phHandle, null, null, 0x18, 0) == false) throw new Exception();
|
|
|
|
|
if (Crypt32.CryptCreateHash(phHandle, 0x800C, IntPtr.Zero, 0, ref phHash) == false) throw new Exception();
|
|
|
|
|
if (Crypt32.CryptHashData(phHash, tplShittyKey, (uint)tplShittyKey.Length, 0) == false) throw new Exception();
|
|
|
|
|
if (Crypt32.CryptDeriveKey(phHandle, 0x660E, phHash, 0, ref phKey) == false) throw new Exception();
|
|
|
|
|
uint keyParams = 0x01;
|
|
|
|
|
if (Crypt32.CryptSetKeyParam(phKey, 4, ref keyParams, 0) == false) throw new Exception();
|
|
|
|
|
if (Crypt32.CryptDestroyHash(phHash) == false) throw new Exception();
|
|
|
|
|
}
|
|
|
|
|
public byte[] Encrypt(byte[] data) {
|
|
|
|
|
byte[] paramCopy = data;
|
|
|
|
|
uint paramCopyLen = (uint)paramCopy.Length;
|
|
|
|
|
uint paramCopyBufferLen = paramCopyLen;
|
|
|
|
|
Crypt32.CryptEncrypt(phKey, IntPtr.Zero, 1, 0, paramCopy, ref paramCopyLen, paramCopyBufferLen);
|
|
|
|
|
return paramCopy.Take((int)paramCopyLen).ToArray();
|
|
|
|
|
}
|
|
|
|
|
public byte[] Decrypt(byte[] data) {
|
|
|
|
|
byte[] paramCopy = data;
|
|
|
|
|
uint paramCopyLen = (uint)paramCopy.Length;
|
|
|
|
|
Crypt32.CryptDecrypt(phKey, IntPtr.Zero, 1, 0, paramCopy, ref paramCopyLen);
|
|
|
|
|
return paramCopy.Take((int)paramCopyLen).ToArray();
|
|
|
|
|
}
|
|
|
|
|
public void Dispose() {
|
|
|
|
|
if (Crypt32.CryptDestroyKey(phKey) == false) throw new Exception();
|
|
|
|
|
if (Crypt32.CryptReleaseContext(phHandle, 0) == false) throw new Exception();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
public class TPLLicenseKanker : IDisposable {
|
|
|
|
|
ShittyEncryptionManager encryptionManager;
|
|
|
|
|
public TPLLicenseKanker() {
|
|
|
|
|
encryptionManager = new ShittyEncryptionManager();
|
|
|
|
|
}
|
|
|
|
|
public struct TPLKanker {
|
|
|
|
|
public string Datafuck;
|
|
|
|
|
public byte lastFuck;
|
|
|
|
|
}
|
|
|
|
|
private string CreateMD5(byte[] inputBytes) {
|
|
|
|
|
using (System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create()) {
|
|
|
|
|
byte[] hashBytes = md5.ComputeHash(inputBytes);
|
|
|
|
|
StringBuilder sb = new StringBuilder();
|
|
|
|
|
for (int i = 0; i < hashBytes.Length; i++) {
|
|
|
|
|
sb.Append(hashBytes[i].ToString("X2"));
|
|
|
|
|
}
|
|
|
|
|
return sb.ToString().ToLower();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
public string ReadLicense(byte[] data) {
|
|
|
|
|
Console.WriteLine("ReadLicense");
|
|
|
|
|
List<string> serials = new List<string>();
|
|
|
|
|
string fileText = Encoding.ASCII.GetString(data);
|
|
|
|
|
if (fileText.StartsWith("BinaryFile") == false) throw new Exception("not a valid file");
|
|
|
|
|
string dataHash = fileText.Substring("BinaryFile".Length, 32);
|
|
|
|
|
Console.WriteLine("License MD5: {0}", dataHash);
|
|
|
|
|
string dataBase64 = fileText.Split("\n")[1];
|
|
|
|
|
Console.WriteLine("License B64: {0}", dataBase64);
|
|
|
|
|
byte[] encryptedData = System.Convert.FromBase64String(dataBase64);
|
|
|
|
|
encryptedData = encryptedData.Take(encryptedData.Length).ToArray();
|
|
|
|
|
Console.WriteLine("License BIN: {0}", System.BitConverter.ToString(encryptedData).Replace("-", ""));
|
|
|
|
|
byte[] decryptedData = encryptionManager.Decrypt(encryptedData);
|
|
|
|
|
Console.WriteLine("Decrypted BIN: {0} UStrLen={1:X2}", System.BitConverter.ToString(decryptedData).Replace("-", ""), UStrLen(decryptedData));
|
|
|
|
|
//byte[] weirdKankerData = Program.tpl_DeFuck(decryptedData);
|
|
|
|
|
//Console.WriteLine("Weird Kanker BIN: {0}", System.BitConverter.ToString(weirdKankerData).Replace("-", ""));
|
|
|
|
|
|
|
|
|
|
byte[] decodedData = TCrypt_Decode(decryptedData);
|
|
|
|
|
Console.WriteLine("Decoded BIN: {0}", System.BitConverter.ToString(decodedData).Replace("-", ""));
|
|
|
|
|
string decodedDataMD5 = CreateMD5(decodedData);
|
|
|
|
|
Console.WriteLine("Decoded MD5: {0}", decodedDataMD5);
|
|
|
|
|
string decodedText = Encoding.ASCII.GetString(decodedData);
|
|
|
|
|
Console.WriteLine("Decoded TXT: {0}", decodedText);
|
|
|
|
|
serials.AddRange(decodedText.Split('*'));
|
|
|
|
|
return decodedText;
|
|
|
|
|
}
|
|
|
|
|
public byte[] WriteLicense(string decodedText) {
|
|
|
|
|
Console.WriteLine("WriteLicense");
|
|
|
|
|
//string decodedText = "EncrLic*" + string.Join('*', serials) + "*";
|
|
|
|
|
byte[] decodedData = Encoding.ASCII.GetBytes(decodedText);
|
|
|
|
|
|
|
|
|
|
Console.WriteLine("Decoded BIN: {0}", System.BitConverter.ToString(decodedData).Replace("-", ""));
|
|
|
|
|
string decodedDataMD5 = CreateMD5(decodedData);
|
|
|
|
|
Console.WriteLine("Decoded MD5: {0}", decodedDataMD5);
|
|
|
|
|
byte[] encodedData = TCrypt_Encode(decodedData);
|
|
|
|
|
Console.WriteLine("Encoded BIN: {0}", System.BitConverter.ToString(encodedData).Replace("-", ""));
|
|
|
|
|
byte[] encryptedData = encryptionManager.Encrypt(encodedData);
|
|
|
|
|
|
|
|
|
|
StringBuilder stringBuilder = new StringBuilder();
|
|
|
|
|
stringBuilder.Append("BinaryFile");
|
|
|
|
|
stringBuilder.AppendLine(decodedDataMD5);
|
|
|
|
|
stringBuilder.Append(Convert.ToBase64String(encryptedData));
|
|
|
|
|
return Encoding.ASCII.GetBytes(stringBuilder.ToString());
|
|
|
|
|
}
|
|
|
|
|
private uint UStrLen(byte[] bytes) {
|
|
|
|
|
return (uint)System.Text.Encoding.Unicode.GetString(bytes).Length;
|
|
|
|
|
}
|
|
|
|
|
private byte[] TCrypt_Decode(byte[] decryptedData) {
|
|
|
|
|
List<byte> output = new List<byte>();
|
|
|
|
|
uint length = UStrLen(decryptedData) - 1;
|
|
|
|
|
ushort wChar;
|
|
|
|
|
int i = 0;
|
|
|
|
|
for (; i < length * 2; i += 2) {
|
|
|
|
|
wChar = (ushort)(decryptedData[i] | decryptedData[i + 1] << 8);
|
|
|
|
|
wChar ^= 0x004D07A0 & 0xFFFF;
|
|
|
|
|
wChar /= 0x4D;
|
|
|
|
|
//output.Add((byte)((wChar >> 8) & 0xFF));
|
|
|
|
|
output.Add((byte)(wChar & 0xFF));
|
|
|
|
|
}
|
|
|
|
|
wChar = (ushort)(decryptedData[i] | decryptedData[i + 1] << 8);
|
|
|
|
|
wChar ^= 0x004D07A0 & 0xFFFF;
|
|
|
|
|
wChar /= 0x4D;
|
|
|
|
|
Console.WriteLine("Special Last Fuckbyte wChar={0:X2} | uint16={1:X4} | &i={2:X2} | &i+1={3:X2}", wChar, (ushort)(decryptedData[i] | decryptedData[i + 1] << 8), decryptedData[i], decryptedData[i + 1]);
|
|
|
|
|
//Console.WriteLine(BitConverter.ToString(output.ToArray()));
|
|
|
|
|
//Console.WriteLine(System.Text.Encoding.UTF8.GetString(output.ToArray()));
|
|
|
|
|
return output.ToArray();
|
|
|
|
|
}
|
|
|
|
|
private byte[] TCrypt_Encode(byte[] decodedData) {
|
|
|
|
|
List<byte> output = new List<byte>();
|
|
|
|
|
List<byte> _lol = new List<byte>();
|
|
|
|
|
_lol.AddRange(decodedData);
|
|
|
|
|
_lol.Add((byte)decodedData.Length);
|
|
|
|
|
ushort wChar;
|
|
|
|
|
foreach(byte chr in _lol) {
|
|
|
|
|
wChar = (ushort)chr;
|
|
|
|
|
//Console.WriteLine("wChar 0 hex={0:X4}", wChar);
|
|
|
|
|
//.WriteLine("wChar 1 hex={0:X4}", wChar);
|
|
|
|
|
wChar *= 0x4D;
|
|
|
|
|
wChar ^= 0x004D07A0 & 0xFFFF;
|
|
|
|
|
//Console.WriteLine("wChar 2 hex={0:X4}", wChar);
|
|
|
|
|
output.Add((byte)(wChar & 0xFF));
|
|
|
|
|
output.Add((byte)(wChar >> 8 & 0xFF));
|
|
|
|
|
}
|
|
|
|
|
wChar = 0x1337;
|
|
|
|
|
output.Add((byte)(wChar & 0xFF));
|
|
|
|
|
output.Add((byte)(wChar >> 8 & 0xFF));
|
|
|
|
|
return output.ToArray();
|
|
|
|
|
}
|
|
|
|
|
public void Dispose() {
|
|
|
|
|
this.encryptionManager.Dispose();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
class Program {
|
|
|
|
|
static void Main2(string[] args) {
|
|
|
|
|
//var rawText = "EncrLic*20200303598227*BI6TGP162123916*";
|
|
|
|
|
var rawText = "EncrLic*BI6133713371337*";
|
|
|
|
|
//BI6133713371337
|
|
|
|
|
Console.WriteLine("RAWText=({1})>{0}", rawText, rawText.Length);
|
|
|
|
|
|
|
|
|
|
byte[] raw = System.Text.Encoding.ASCII.GetBytes(rawText);
|
|
|
|
|
Console.WriteLine("RAWBytes=({1})>{0}", BitConverter.ToString(raw), raw.Length);
|
|
|
|
|
|
|
|
|
|
byte[] fucked = tpl_Enfuck2(raw);
|
|
|
|
|
Console.WriteLine("Fucked=({1})>{0}", BitConverter.ToString(fucked), fucked.Length);
|
|
|
|
|
|
|
|
|
|
if (fucked.Length > 0) {
|
|
|
|
|
byte[] unfucked = tpl_DeFuck2(fucked);
|
|
|
|
|
Console.WriteLine("Unfucked=({1})>{0}", BitConverter.ToString(unfucked), unfucked.Length);
|
|
|
|
|
Console.WriteLine("Unfucked=({1})>{0}", System.Text.Encoding.ASCII.GetString(unfucked), unfucked.Length);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
static void Main(string[] args) {
|
|
|
|
|
using (TPLLicenseKanker tplLicenseKanker = new TPLLicenseKanker()) {
|
|
|
|
|
//string newSerials = tplLicenseKanker.ReadLicense(File.ReadAllBytes("210517.TPL_Encr"));
|
|
|
|
|
//new List<string> { "BI6TGP162123916", "" }; // BI613370CHEETAH // BI6133713371337 // B6133713374200
|
|
|
|
|
//File.WriteAllBytes("210517_DUPE.TPL_Encr", tplLicenseKanker.WriteLicense(newSerials));
|
|
|
|
|
Console.WriteLine("\n\nReadLic Original 1");
|
|
|
|
|
Console.WriteLine(tplLicenseKanker.ReadLicense(File.ReadAllBytes("BirdyWPEuroBOS_250521.TPL_Encr")));
|
|
|
|
|
Console.WriteLine("\n\nReadLic Original 2");
|
|
|
|
|
Console.WriteLine(tplLicenseKanker.ReadLicense(File.ReadAllBytes("210517.TPL_Encr")));
|
|
|
|
|
Console.WriteLine("\n\nReadLic Original 3");
|
|
|
|
|
Console.WriteLine(tplLicenseKanker.ReadLicense(File.ReadAllBytes("dirk.TPL_Encr")));
|
|
|
|
|
Console.WriteLine("FransenTest\n\n");
|
|
|
|
|
Console.WriteLine(tplLicenseKanker.ReadLicense(File.ReadAllBytes("Fransen.TPL_Encr")));
|
|
|
|
|
Console.WriteLine("\n\n");
|
|
|
|
|
//File.WriteAllBytes("Fransen.TPL_Encr", tplLicenseKanker.WriteLicense("EncrLic*BI6TGP162123916*"));
|
|
|
|
|
/*Console.WriteLine("ReadLic DUPE");
|
|
|
|
|
Console.WriteLine(tplLicenseKanker.ReadLicense(File.ReadAllBytes("210517_DUPE.TPL_Encr")));*/
|
|
|
|
|
/*
|
|
|
|
|
foreach (string serialNumber in tplLicenseKanker.ReadLicense(File.ReadAllBytes("BirdyWPEuroBOS_250521.TPL_Encr"))) {
|
|
|
|
|
Console.WriteLine("license serial {0}", serialNumber);
|
|
|
|
|
}*/
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
public void noexec() {
|
|
|
|
|
//////////////
|
|
|
|
|
var data = "8484caecd0ef65740c8dbdd094320aae99dc234c2a2455d056de4f61c7aafc389e9d68866118f19406647f6fa56f1ab26dacaff26efa2d6898841633e4e99bffbec6ec509809ea7de28428169d7911c0b11119a7a1afe980f50111e82a650e2479c06743ba361adf9952d77e7cfc93682b3c90d32dd82fa628d742e5f43a0083362f6df090e5816d9b189ce836daeb8c57bea5c0e69685f566cd86f88d2f9bb2d8073f58c5e0938d3ebcb6478113bf6361e074b637e5e28f542e24547498d7fcdb9e33d9868baea23efe9a0ba427bc555f1156751d40dfc6224cfef61d46c18173ede39efc45f20f574df0fbc2a4e36c2b5a9ac5817fd7b72f32ffaddd1105d65869e3815eaba8afd62f6d345793ae3f";
|
|
|
|
|
//var data = "6113b626671aea257c113518671a020b1d09aa081d095108f708d009f708d00985167817f7085108aa08020b1d09aa081d095108f708d009f708d00985167817f7089e177817020b7a147c111d09fb122f11d81d1d098516aa08d0091d09781785169e175108020b7a147c111d09fb122f11d81df708aa08aa08d009aa08d0099e172b175108020b7a147c111d09fb122f11d81df708aa08aa08d009aa08d0097817aa085108020b7a147c111d09fb122f11d81df708aa08aa08d009aa08d0099e172b177817020b7a147c111d09fb122f11d81df708aa08aa08d009aa08d0097817aa080408020b7a1455129e17e41efb12b01f1d099e17aa081d09aa08f70885161d099e17020ba608";
|
|
|
|
|
//var data = "8484caecd0ef65740c8dbdd094320aae89db1c21add76f58cde0bd647e1bee2bb116a7a70c7aaffaf89d25d2cc190a37";
|
|
|
|
|
uint dataLen = (uint)(data.Length / 2);
|
|
|
|
|
var byteArray = new byte[dataLen];
|
|
|
|
|
StringToByteArrayFastest(data).CopyTo(byteArray, 0);
|
|
|
|
|
//Console.WriteLine(BitConverter.ToString(byteArray));
|
|
|
|
|
/*
|
|
|
|
|
Console.WriteLine(
|
|
|
|
|
Crypt32.CryptDecrypt(phKey, IntPtr.Zero, 1, 0, byteArray, ref dataLen)
|
|
|
|
|
);
|
|
|
|
|
Console.WriteLine("Re-Encrypted {0} {1}", dataLenReEncryptB, BitConverter.ToString(reEncryptedPayload));
|
|
|
|
|
var decryptedPayload = byteArray;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
var reEncryptedPayload = byteArray;
|
|
|
|
|
uint dataLenReEncrypt = (uint)reEncryptedPayload.Length;
|
|
|
|
|
uint dataLenReEncryptB = dataLenReEncrypt;
|
|
|
|
|
Crypt32.CryptEncrypt(phKey, IntPtr.Zero, 1, 0, reEncryptedPayload, ref dataLenReEncrypt, dataLenReEncryptB);
|
|
|
|
|
Console.WriteLine("Re-Encrypted {0} {1}", dataLenReEncryptB, BitConverter.ToString(reEncryptedPayload));
|
|
|
|
|
/*
|
|
|
|
|
//Console.WriteLine("{0} {1}", System.Text.Encoding.ASCII.GetString(decryptedPayload).Length, System.Text.Encoding.Unicode.GetString(decryptedPayload).Length);
|
|
|
|
|
//byte[] unfuckKanker1 = tpl_DeFuck(decryptedPayload);
|
|
|
|
|
//byte[] unfuckKanker1 = tpl_DeFuck22(decryptedPayload);
|
|
|
|
|
if (decryptedPayload.Length > 0) {
|
|
|
|
|
byte[] unfucked = tpl_DeFuck2(decryptedPayload);
|
|
|
|
|
Console.WriteLine("Unfucked=({1})>{0}", BitConverter.ToString(unfucked), unfucked.Length);
|
|
|
|
|
Console.WriteLine("Unfucked=({1})>{0}", System.Text.Encoding.ASCII.GetString(unfucked), unfucked.Length);
|
|
|
|
|
//byte[] fucked = tpl_Enfuck2(raw);
|
|
|
|
|
//Console.WriteLine("Fucked=({1})>{0}", BitConverter.ToString(fucked), fucked.Length);
|
|
|
|
|
}
|
|
|
|
|
byte[] unfuckKanker2 = tpl_DeFuck22(decryptedPayload);
|
|
|
|
|
*/
|
|
|
|
|
Console.ReadLine();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static uint UStrLen(byte[] bytes) {
|
|
|
|
|
return (uint)System.Text.Encoding.Unicode.GetString(bytes).Length;
|
|
|
|
|
}
|
|
|
|
|
public static string UStrFromWChar(ushort data) {
|
|
|
|
|
return System.Text.Encoding.Unicode.GetString(new byte[] { ((byte)((byte)(data << 8) & 0xFF)), (byte)(data & 0xFF) });
|
|
|
|
|
}
|
|
|
|
|
public static byte[] tpl_DeFuck(byte[] bytes) {
|
|
|
|
|
byte[] mem02E3BD10 = new byte[] {
|
|
|
|
|
0x14,0xAA,0x87,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFC,0x09,0x4A,0x00,0x0C,0x0A,0x4A,0x00,
|
|
|
|
|
0x7C,0x35,0x02,0x08,0xFC,0xA1,0xFF,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0xA0,0x07,0x4D,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
};
|
|
|
|
|
uint imul = 0x00000000;
|
|
|
|
|
|
|
|
|
|
uint ebp_04 = 0x02DF6850;
|
|
|
|
|
uint ebp_08 = 0x08021A67;
|
|
|
|
|
uint ebp_0C = 0x02E1EF7C;
|
|
|
|
|
uint ebp_0E = 0x0802357C;
|
|
|
|
|
uint ebp_10 = 0x00000000;
|
|
|
|
|
uint ebp_18 = 0x00000000;
|
|
|
|
|
uint ebp_14 = 0x00000000;
|
|
|
|
|
uint ebp_1C = 0x00000000;
|
|
|
|
|
uint ebp_20 = 0x00000000;
|
|
|
|
|
uint ebp_24 = 0x00000000;
|
|
|
|
|
uint ebp_28 = 0x00000000;
|
|
|
|
|
|
|
|
|
|
uint edx = 0x00000000;
|
|
|
|
|
uint eax = 0x00000000;
|
|
|
|
|
List<byte> ebp08String = new List<byte>();
|
|
|
|
|
|
|
|
|
|
eax = UStrLen(bytes); // @UStrLen
|
|
|
|
|
Console.WriteLine("eax strlen hex={0:X2} dec={0}", eax);
|
|
|
|
|
ebp_20 = eax; // mov [ebp-20], eax
|
|
|
|
|
ebp_14 = 0x00000001; // mov [ebp-14], 00000001
|
|
|
|
|
text_47AB2A:
|
|
|
|
|
// // mov eax, [ebp-0C]
|
|
|
|
|
edx = ebp_14; // mov edx,[ebp-14]
|
|
|
|
|
Console.WriteLine("219 edx={0:X8}", edx);
|
|
|
|
|
eax = (uint)(bytes[edx * 2 - 01] << 8 | bytes[edx * 2 - 02]); // movzx eax,word ptr [eax+edx*2-02]
|
|
|
|
|
Console.WriteLine("223 eax={0:X8}", eax);
|
|
|
|
|
eax = eax + ebp_18; // add eax,[ebp-18]
|
|
|
|
|
Console.WriteLine("225 eax={0:X8}", eax);
|
|
|
|
|
eax = eax & 0x0000FFFF; // and eax,0000FFFF
|
|
|
|
|
ebp_18 = eax; // mov [ebp-18],eax
|
|
|
|
|
eax = ebp_0C; // mov eax,[ebp-0C]
|
|
|
|
|
edx = ebp_14; // mov edx,[ebp-14]
|
|
|
|
|
eax = (uint)((eax & 0xFFFF0000) | (
|
|
|
|
|
(bytes[(edx * 2) - 01] << 8 |
|
|
|
|
|
bytes[(edx * 2) - 02]) & 0xFFFF)); // mov ax,[eax+edx*2-02]
|
|
|
|
|
//Console.WriteLine("eax={0:X8}", eax);
|
|
|
|
|
edx = ebp_04; // mov edx,[ebp-04]
|
|
|
|
|
edx = ((uint)0x000000FF & mem02E3BD10[(int)(/*edx +*/ 0x52)]); // movzx edx,byte ptr[edx+52]
|
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
|
//Console.WriteLine("eax={0:X8} edx={1:X8}", eax, edx);
|
|
|
|
|
imul = (eax & 0xFFFF) * (edx & 0xFFFF); // imul dx
|
|
|
|
|
edx = (edx & 0xFFFF0000) | (imul >> 16) & 0xFFFF;
|
|
|
|
|
eax = (eax & 0xFFFF0000) | (imul & 0xFFFF);
|
|
|
|
|
Console.WriteLine("eax={0:X8} edx={1:X8} imul={2:X12}", eax, edx, imul);
|
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
|
edx = ebp_04; // mov edx,[ebp-04]
|
|
|
|
|
eax = (eax & 0xFFFF0000) | ((eax & 0xFFFF) ^ (0x004D07A0 & 0xFFFF));// xor ax,[ebp+50]
|
|
|
|
|
ebp_10 = (ebp_10 & 0xFFFF) | (eax & 0xFFFF) << 16; // mov [ebp-0E],ax
|
|
|
|
|
Console.WriteLine("eax={0:X8} edx={1:X8}", eax, edx);
|
|
|
|
|
eax = 0x0019F854; // lea eax,[ebp-24]
|
|
|
|
|
edx = (edx & 0xFFFF0000) | (ebp_10 >> 16 & 0xFFFF); // mov dx,[ebp-0E]
|
|
|
|
|
Console.WriteLine("eax={0:X8} edx={1:X8}", eax, edx);
|
|
|
|
|
ushort unicodeStrFromWChar =
|
|
|
|
|
(ushort)((edx & 0xFF) << 8 | (edx >> 8 & 0xFF)); // call @UStrFromWChar
|
|
|
|
|
edx = 0xFFFFFFFF; // pointer of new char lol // mov edx,[ebp-24]
|
|
|
|
|
eax = ebp_08; // mov eax,[ebp-08] // 08021A67
|
|
|
|
|
ebp08String.Add((byte)((unicodeStrFromWChar >> 8) & 0xFF)); // @UStrCat
|
|
|
|
|
ebp08String.Add((byte)(unicodeStrFromWChar & 0xFF));
|
|
|
|
|
eax = ebp_08; // mov eax,[ebp-08] // 08021A67
|
|
|
|
|
ebp_14++; // inc [ebp-14]
|
|
|
|
|
ebp_20--; // dec [ebp-20]
|
|
|
|
|
if (ebp_20 > 0) goto text_47AB2A; // jne
|
|
|
|
|
// 47AB6C
|
|
|
|
|
eax = ebp_08; // mov eax,[ebp-08]
|
|
|
|
|
if (ebp08String[0] == 0x00) // cmp dword ptr[eax],00
|
|
|
|
|
goto text_47ABC2; // je text_47ABC2
|
|
|
|
|
Console.WriteLine("loop exit");
|
|
|
|
|
eax = ebp_04; // mov eax,[ebp-04]
|
|
|
|
|
Console.WriteLine("437 eax={0:X8} edx={1:X8}", eax, edx);
|
|
|
|
|
eax = ((uint)0x000000FF & mem02E3BD10[(int)(/*edx +*/ 0x52)]); // movzx eax,byte ptr[edx+52]
|
|
|
|
|
Console.WriteLine("439 eax={0:X8} edx={1:X8}", eax, edx);
|
|
|
|
|
Console.WriteLine("440 ebp_18={0:X8}", ebp_18);
|
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
|
//Console.WriteLine("eax={0:X8} edx={1:X8}", eax, edx);
|
|
|
|
|
imul = (eax & 0xFFFF) * (ebp_18 & 0xFFFF); // imul byte ptr[eax+52]
|
|
|
|
|
edx = (edx & 0xFFFF0000) | (imul >> 16) & 0xFFFF;
|
|
|
|
|
eax = (eax & 0xFFFF0000) | (imul & 0xFFFF);
|
|
|
|
|
Console.WriteLine("eax={0:X8} edx={1:X8} imul={2:X12}", eax, edx, imul);
|
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
|
edx = ebp_04; // mov edx,[ebp-04]
|
|
|
|
|
Console.WriteLine("448 eax={0:X8} edx={1:X8}", eax, edx);
|
|
|
|
|
eax = (eax & 0xFFFF0000) | ((eax & 0xFFFF) ^ (0x004D07A0 & 0xFFFF));// xor ax,[ebp+50]
|
|
|
|
|
Console.WriteLine("450 eax={0:X8} edx={1:X8}", eax, edx);
|
|
|
|
|
ebp_0E = (ebp_0E & 0xFFFF) | (eax & 0xFFFF) << 16; // mov [ebp-0E],ax
|
|
|
|
|
eax = ebp_0E >> 16 & 0xFFFF; // mov ax,[ebp-0E]
|
|
|
|
|
ebp_1C = (ebp_1C & 0xFFFFFF) | (eax & 0xFFFF) << 16; // mov [ebp-1A],ax
|
|
|
|
|
eax = 0x0019F854; // lea eax,[ebp-28]
|
|
|
|
|
edx = (edx & 0xFFFF0000) | (ebp_1C >> 16 & 0xFFFF); // mov dx,[ebp-1A]
|
|
|
|
|
Console.WriteLine("eax={0:X8} edx={1:X8}", eax, edx);
|
|
|
|
|
unicodeStrFromWChar =
|
|
|
|
|
(ushort)((edx & 0xFF) << 8 | (edx >> 8 & 0xFF)); // call @UStrFromWChar
|
|
|
|
|
Console.WriteLine("{0:X4}", unicodeStrFromWChar);
|
|
|
|
|
edx = 0xFFFFFFFF; // pointer of new char lol // mov edx,[ebp-28]
|
|
|
|
|
eax = ebp_08; // mov eax,[ebp-08] // 08021A67
|
|
|
|
|
ebp08String.Add((byte)((unicodeStrFromWChar >> 8) & 0xFF)); // @UStrCat
|
|
|
|
|
ebp08String.Add((byte)(unicodeStrFromWChar & 0xFF));
|
|
|
|
|
eax = ebp_08; // mov eax,[ebp-08] // 08021A67
|
|
|
|
|
text_47ABC2:
|
|
|
|
|
eax = 0x00000000; // xor eax,eax
|
|
|
|
|
// // pop edx
|
|
|
|
|
// // pop ecx
|
|
|
|
|
// // pop ecx
|
|
|
|
|
// //
|
|
|
|
|
Console.WriteLine(BitConverter.ToString(ebp08String.ToArray()));
|
|
|
|
|
Console.WriteLine(System.Text.Encoding.UTF8.GetString(ebp08String.ToArray()));
|
|
|
|
|
return ebp08String.ToArray();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static byte[] tpl_Enfuck2(byte[] bytes) {
|
|
|
|
|
byte[] mem02E3BD10 = new byte[] {
|
|
|
|
|
0x14,0xAA,0x87,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFC,0x09,0x4A,0x00,0x0C,0x0A,0x4A,0x00,
|
|
|
|
|
0x7C,0x35,0x02,0x08,0xFC,0xA1,0xFF,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0xA0,0x07,0x4D,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
};
|
|
|
|
|
List<byte> fuckedUp = new List<byte>();
|
|
|
|
|
foreach(byte chr in bytes) {
|
|
|
|
|
ushort lol = (ushort)(chr * mem02E3BD10[ 0x52 ]);
|
|
|
|
|
|
|
|
|
|
fuckedUp.Add((byte)(lol >> 8 & 0xFF));
|
|
|
|
|
fuckedUp.Add((byte)(lol & 0xFF));
|
|
|
|
|
}
|
|
|
|
|
return fuckedUp.ToArray();
|
|
|
|
|
}
|
|
|
|
|
public static byte[] tpl_DeFuck2(byte[] decryptedData) {
|
|
|
|
|
List<byte> output = new List<byte>();
|
|
|
|
|
uint length = UStrLen(decryptedData);
|
|
|
|
|
for (int i=0; i < length*2; i += 2) {
|
|
|
|
|
ushort wChar = (ushort)(decryptedData[i] | decryptedData[i+1] << 8);
|
|
|
|
|
wChar ^= 0x004D07A0 & 0xFFFF;
|
|
|
|
|
wChar /= 0x4D;
|
|
|
|
|
output.Add((byte)((wChar >> 8) & 0xFF));
|
|
|
|
|
output.Add((byte)(wChar & 0xFF));
|
|
|
|
|
}
|
|
|
|
|
Console.WriteLine(BitConverter.ToString(output.ToArray()));
|
|
|
|
|
Console.WriteLine(System.Text.Encoding.UTF8.GetString(output.ToArray()));
|
|
|
|
|
return output.ToArray();
|
|
|
|
|
}
|
|
|
|
|
public static byte[] tpl_DeFuck22(byte[] decryp) {
|
|
|
|
|
byte[] mem02E3BD10 = new byte[] {
|
|
|
|
|
0x14,0xAA,0x87,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFC,0x09,0x4A,0x00,0x0C,0x0A,0x4A,0x00,
|
|
|
|
|
0x7C,0x35,0x02,0x08,0xFC,0xA1,0xFF,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0xA0,0x07,0x4D,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
|
|
|
|
|
};
|
|
|
|
|
uint imul = 0x00000000;
|
|
|
|
|
|
|
|
|
|
uint ebp_04 = 0x0019F878;
|
|
|
|
|
uint ebp_08 = 0x08021A67;
|
|
|
|
|
uint ebp_0C = 0x02E1EF7C;
|
|
|
|
|
uint ebp_0E = 0x0802357C;
|
|
|
|
|
uint ebp_10 = 0x00000000;
|
|
|
|
|
uint ebp_18 = 0x00000000;
|
|
|
|
|
uint ebp_14 = 0x00000000;
|
|
|
|
|
uint ebp_1C = 0x00000000;
|
|
|
|
|
uint ebp_20 = 0x00000000;
|
|
|
|
|
uint ebp_24 = 0x00000000;
|
|
|
|
|
uint ebp_28 = 0x00000000;
|
|
|
|
|
|
|
|
|
|
uint edx = 0x00000000;
|
|
|
|
|
uint eax = 0x00000000;
|
|
|
|
|
uint ecx = 0x00000000;
|
|
|
|
|
List<byte> ebp08String = new List<byte>();
|
|
|
|
|
|
|
|
|
|
eax = UStrLen(decryp); // @UStrLen
|
|
|
|
|
eax--; // dec eax
|
|
|
|
|
if (eax == 0) // test eax,eax
|
|
|
|
|
goto text_47AC91; // jna
|
|
|
|
|
Console.WriteLine("eax strlen hex={0:X2} dec={0}", eax);
|
|
|
|
|
ebp_20 = eax; // mov [ebp-20], eax
|
|
|
|
|
ebp_14 = 0x00000001; // mov [ebp-14], 00000001
|
|
|
|
|
text_47AC49:
|
|
|
|
|
eax = ebp_04; // mov eax,[ebp-04]
|
|
|
|
|
eax = 0x02E1F13C; // mov eax[eax+40]
|
|
|
|
|
edx = ebp_14; // mov edx,[ebp-14]
|
|
|
|
|
//Console.WriteLine("384 eax={0:X8}", eax);
|
|
|
|
|
eax = eax & 0xFFFF0000 | ((uint)
|
|
|
|
|
(decryp[edx * 2 - 01] << 8 | decryp[edx * 2 - 02]) & 0xFFFF); // mov ax,[eax+edx*2-02]
|
|
|
|
|
//Console.WriteLine("387 eax={0:X8}", eax);
|
|
|
|
|
eax = (eax & 0xFFFF0000) | ((eax & 0xFFFF) ^ (0x004D07A0 & 0xFFFF));// xor ax,[ebp+50]
|
|
|
|
|
//Console.WriteLine("389 eax={0:X8}", eax);
|
|
|
|
|
eax = eax & 0xFFFF; // movzx eax,ax
|
|
|
|
|
Console.WriteLine("453 eax={0:X8}", eax);
|
|
|
|
|
edx = ebp_04; // mov edx,[ebp-04]
|
|
|
|
|
edx = ((uint)0x000000FF & mem02E3BD10[(int)(/*edx +*/ 0x52)]); // movzx edx,byte ptr[edx+52]
|
|
|
|
|
ecx = edx; // mov ecx,edx
|
|
|
|
|
edx = 0x00; // xor edx,edx
|
|
|
|
|
Console.WriteLine("prediv eax={0:X8} ecx={1:X8}", eax, ecx);
|
|
|
|
|
eax = eax / ecx; // div ecx
|
|
|
|
|
//Console.WriteLine("ebp_0E={0:X8}", ebp_0E);
|
|
|
|
|
ebp_0E = (ebp_0E & 0xFFFF) | (eax & 0xFFFF) << 16; // mov [ebp-0E],ax
|
|
|
|
|
//Console.WriteLine("ebp_0E={0:X8}", ebp_0E);
|
|
|
|
|
|
|
|
|
|
//Console.WriteLine("postdiv eax={0:X8} ecx={1:X8} {2}", eax, ecx, System.Text.Encoding.ASCII.GetString(new byte[] { (byte)eax }));
|
|
|
|
|
eax = 0x0019F854; // lea eax,[ebp-24]
|
|
|
|
|
edx = (edx & 0xFFFF0000) | (ebp_0E >> 16 & 0xFFFF); // mov dx,[ebp-0E]
|
|
|
|
|
Console.WriteLine("eax={0:X8} ecx={1:X8}", eax, edx);
|
|
|
|
|
ushort unicodeStrFromWChar = (ushort)edx; // call @UStrFromWChar
|
|
|
|
|
edx = 0xFFFFFFFF; // pointer of new char lol // mov edx,[ebp-24]
|
|
|
|
|
eax = ebp_0C; // mov eax,[ebp-0C] // 08021A67
|
|
|
|
|
ebp08String.Add((byte)((unicodeStrFromWChar >> 8) & 0xFF)); // @UStrCat
|
|
|
|
|
ebp08String.Add((byte)(unicodeStrFromWChar & 0xFF));
|
|
|
|
|
eax = ebp_08; // mov eax,[ebp-08] // 08021A67
|
|
|
|
|
ebp_14++; // inc [ebp-14]
|
|
|
|
|
ebp_20--; // dec [ebp-20]
|
|
|
|
|
if (ebp_20 > 1) goto text_47AC49; // jne
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* eax=14C1
|
|
|
|
|
* ecx=4D
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
text_47AC91:
|
|
|
|
|
eax = ebp_04; // mov eax,[ebp-04]
|
|
|
|
|
|
|
|
|
|
text_47ABC2:
|
|
|
|
|
eax = 0x00000000; // xor eax,eax
|
|
|
|
|
// // pop edx
|
|
|
|
|
// // pop ecx
|
|
|
|
|
// // pop ecx
|
|
|
|
|
// //
|
|
|
|
|
Console.WriteLine(BitConverter.ToString(ebp08String.ToArray()));
|
|
|
|
|
Console.WriteLine(System.Text.Encoding.UTF8.GetString(ebp08String.ToArray()));
|
|
|
|
|
return ebp08String.ToArray();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static byte[] StringToByteArrayFastest(string hex) {
|
|
|
|
|
if (hex.Length % 2 == 1)
|
|
|
|
|
throw new Exception("The binary key cannot have an odd number of digits");
|
|
|
|
|
|
|
|
|
|
byte[] arr = new byte[hex.Length >> 1];
|
|
|
|
|
|
|
|
|
|
for (int i = 0; i < hex.Length >> 1; ++i) {
|
|
|
|
|
arr[i] = (byte)((GetHexVal(hex[i << 1]) << 4) + (GetHexVal(hex[(i << 1) + 1])));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return arr;
|
|
|
|
|
}
|
|
|
|
|
public static int GetHexVal(char hex) {
|
|
|
|
|
int val = (int)hex;
|
|
|
|
|
//For uppercase A-F letters:
|
|
|
|
|
//return val - (val < 58 ? 48 : 55);
|
|
|
|
|
//For lowercase a-f letters:
|
|
|
|
|
//return val - (val < 58 ? 48 : 87);
|
|
|
|
|
//Or the two combined, but a bit slower:
|
|
|
|
|
return val - (val < 58 ? 48 : (val < 97 ? 55 : 87));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|