using System; using System.Collections.Generic; using System.Runtime.InteropServices; using System.Text; using System.IO; using System.Linq; namespace BirdyKeygen { public class Crypt32 { static long CRYPT_NEWKEYSET = 0x8; static long CRYPT_DELETEKEYSET = 0x10; static long CRYPT_MACHINE_KEYSET = 0x20; static long CRYPT_SILENT = 0x40; static long CRYPT_DEFAULT_CONTAINER_OPTIONAL = 0x80; static long CRYPT_VERIFYCONTEXT = 0xF0000000; static int PROV_RSA_FULL = 1; [DllImport("advapi32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptAcquireContext( ref IntPtr hProv, string pszContainer, string pszProvider, uint dwProvType, uint dwFlags); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptCreateHash( IntPtr hProv, uint algId, IntPtr hKey, uint dwFlags, ref IntPtr phHash); [DllImport("advapi32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptHashData( IntPtr hHash, byte[] pbData, uint dataLen, uint flags); [DllImport("advapi32.dll", SetLastError = true)] public static extern bool CryptSetKeyParam( IntPtr hKey, int dwParam, ref uint pbData, int dwFlags ); [DllImport("advapi32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptDeriveKey( IntPtr hProv, int Algid, IntPtr hBaseData, int flags, ref IntPtr phKey); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptEncrypt( IntPtr hKey, IntPtr hHash, int Final, uint dwFlags, byte[] pbData, ref uint pdwDataLen, uint dwBufLen); [DllImport("advapi32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CryptDecrypt( IntPtr hKey, IntPtr hHash, int Final, uint dwFlags, byte[] pbData, ref uint pdwDataLen); [DllImport("advapi32.dll", SetLastError = true)] public static extern bool CryptDestroyHash(IntPtr hHash); [DllImport("advapi32.dll", SetLastError = true)] public static extern bool CryptDestroyKey(IntPtr phKey); [DllImport("Advapi32.dll", EntryPoint = "CryptReleaseContext", CharSet = CharSet.Unicode, SetLastError = true)] public static extern bool CryptReleaseContext(IntPtr hProv, Int32 dwFlags /* Reserved. Must be 0. */); } public class ShittyEncryptionManager : IDisposable { private IntPtr phHandle = IntPtr.Zero; private IntPtr phHash = IntPtr.Zero; private IntPtr phKey = IntPtr.Zero; private static byte[] tplShittyKey = new byte[] { 0x73, 0x00, 0x65, 0x00, 0x74, 0x00, 0x75, 0x00, 0x70, 0x00, 0x54, 0x00, 0x50, 0x00, 0x4c, 0x00, 0x70, 0x00, 0x61, 0x00, 0x67, 0x00, 0x65, 0x00, 0x72, 0x00, 0x73, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x63, 0x00, 0x61, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x75, 0x00, 0x6e, 0x00, 0x2e, 0x00, 0x4e, 0x00, 0x45, 0x00, 0x54, 0x00, 0x45, 0x00, 0x72, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x72, 0x00, 0x20, 0x00, 0x25, 0x00, 0x31, 0x00, 0x4f, 0x00, 0x4b, 0x00, 0x5f, 0x00, 0x20, 0x00, 0x2b, 0x00, 0x2d, 0x00, 0x2a, 0x00, 0x2f, 0x00, 0x4d, 0x00, 0x65, 0x00, 0x73, 0x00, 0x73, 0x00, 0x61, 0x00, 0x67, 0x00, 0x65, 0x00, 0x20, 0x00, 0x25, 0x00, 0x31, 0x00, 0x20, 0x00, 0x4e, 0x00, 0x4f, 0x00, 0x45, 0x00, 0x52, 0x00, 0x52, 0x00, 0x4f, 0x00, 0x52, 0x00, 0x20, 0x00, 0x21, 0x00 }; public ShittyEncryptionManager() { if (Crypt32.CryptAcquireContext(ref phHandle, null, null, 0x18, 0) == false) throw new Exception(); if (Crypt32.CryptCreateHash(phHandle, 0x800C, IntPtr.Zero, 0, ref phHash) == false) throw new Exception(); if (Crypt32.CryptHashData(phHash, tplShittyKey, (uint)tplShittyKey.Length, 0) == false) throw new Exception(); if (Crypt32.CryptDeriveKey(phHandle, 0x660E, phHash, 0, ref phKey) == false) throw new Exception(); uint keyParams = 0x01; if (Crypt32.CryptSetKeyParam(phKey, 4, ref keyParams, 0) == false) throw new Exception(); if (Crypt32.CryptDestroyHash(phHash) == false) throw new Exception(); } public byte[] Encrypt(byte[] data) { byte[] paramCopy = data; uint paramCopyLen = (uint)paramCopy.Length; uint paramCopyBufferLen = paramCopyLen; Crypt32.CryptEncrypt(phKey, IntPtr.Zero, 1, 0, paramCopy, ref paramCopyLen, paramCopyBufferLen); return paramCopy.Take((int)paramCopyLen).ToArray(); } public byte[] Decrypt(byte[] data) { byte[] paramCopy = data; uint paramCopyLen = (uint)paramCopy.Length; Crypt32.CryptDecrypt(phKey, IntPtr.Zero, 1, 0, paramCopy, ref paramCopyLen); return paramCopy.Take((int)paramCopyLen).ToArray(); } public void Dispose() { if (Crypt32.CryptDestroyKey(phKey) == false) throw new Exception(); if (Crypt32.CryptReleaseContext(phHandle, 0) == false) throw new Exception(); } } public class TPLLicenseKanker : IDisposable { ShittyEncryptionManager encryptionManager; public TPLLicenseKanker() { encryptionManager = new ShittyEncryptionManager(); } public struct TPLKanker { public string Datafuck; public byte lastFuck; } private string CreateMD5(byte[] inputBytes) { using (System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create()) { byte[] hashBytes = md5.ComputeHash(inputBytes); StringBuilder sb = new StringBuilder(); for (int i = 0; i < hashBytes.Length; i++) { sb.Append(hashBytes[i].ToString("X2")); } return sb.ToString().ToLower(); } } public string ReadLicense(byte[] data) { Console.WriteLine("ReadLicense"); List serials = new List(); string fileText = Encoding.ASCII.GetString(data); if (fileText.StartsWith("BinaryFile") == false) throw new Exception("not a valid file"); string dataHash = fileText.Substring("BinaryFile".Length, 32); Console.WriteLine("License MD5: {0}", dataHash); string dataBase64 = fileText.Split("\n")[1]; Console.WriteLine("License B64: {0}", dataBase64); byte[] encryptedData = System.Convert.FromBase64String(dataBase64); encryptedData = encryptedData.Take(encryptedData.Length).ToArray(); Console.WriteLine("License BIN: {0}", System.BitConverter.ToString(encryptedData).Replace("-", "")); byte[] decryptedData = encryptionManager.Decrypt(encryptedData); Console.WriteLine("Decrypted BIN: {0} UStrLen={1:X2}", System.BitConverter.ToString(decryptedData).Replace("-", ""), UStrLen(decryptedData)); //byte[] weirdKankerData = Program.tpl_DeFuck(decryptedData); //Console.WriteLine("Weird Kanker BIN: {0}", System.BitConverter.ToString(weirdKankerData).Replace("-", "")); byte[] decodedData = TCrypt_Decode(decryptedData); Console.WriteLine("Decoded BIN: {0}", System.BitConverter.ToString(decodedData).Replace("-", "")); string decodedDataMD5 = CreateMD5(decodedData); Console.WriteLine("Decoded MD5: {0}", decodedDataMD5); string decodedText = Encoding.ASCII.GetString(decodedData); Console.WriteLine("Decoded TXT: {0}", decodedText); serials.AddRange(decodedText.Split('*')); return decodedText; } public byte[] WriteLicense(string decodedText) { Console.WriteLine("WriteLicense"); //string decodedText = "EncrLic*" + string.Join('*', serials) + "*"; byte[] decodedData = Encoding.ASCII.GetBytes(decodedText); Console.WriteLine("Decoded BIN: {0}", System.BitConverter.ToString(decodedData).Replace("-", "")); string decodedDataMD5 = CreateMD5(decodedData); Console.WriteLine("Decoded MD5: {0}", decodedDataMD5); byte[] encodedData = TCrypt_Encode(decodedData); Console.WriteLine("Encoded BIN: {0}", System.BitConverter.ToString(encodedData).Replace("-", "")); byte[] encryptedData = encryptionManager.Encrypt(encodedData); StringBuilder stringBuilder = new StringBuilder(); stringBuilder.Append("BinaryFile"); stringBuilder.AppendLine(decodedDataMD5); stringBuilder.Append(Convert.ToBase64String(encryptedData)); return Encoding.ASCII.GetBytes(stringBuilder.ToString()); } private uint UStrLen(byte[] bytes) { return (uint)System.Text.Encoding.Unicode.GetString(bytes).Length; } private byte[] TCrypt_Decode(byte[] decryptedData) { List output = new List(); uint length = UStrLen(decryptedData) - 1; ushort wChar; int i = 0; for (; i < length * 2; i += 2) { wChar = (ushort)(decryptedData[i] | decryptedData[i + 1] << 8); wChar ^= 0x004D07A0 & 0xFFFF; wChar /= 0x4D; //output.Add((byte)((wChar >> 8) & 0xFF)); output.Add((byte)(wChar & 0xFF)); } wChar = (ushort)(decryptedData[i] | decryptedData[i + 1] << 8); wChar ^= 0x004D07A0 & 0xFFFF; wChar /= 0x4D; Console.WriteLine("Special Last Fuckbyte wChar={0:X2} | uint16={1:X4} | &i={2:X2} | &i+1={3:X2}", wChar, (ushort)(decryptedData[i] | decryptedData[i + 1] << 8), decryptedData[i], decryptedData[i + 1]); //Console.WriteLine(BitConverter.ToString(output.ToArray())); //Console.WriteLine(System.Text.Encoding.UTF8.GetString(output.ToArray())); return output.ToArray(); } private byte[] TCrypt_Encode(byte[] decodedData) { List output = new List(); List _lol = new List(); _lol.AddRange(decodedData); _lol.Add((byte)decodedData.Length); ushort wChar; foreach(byte chr in _lol) { wChar = (ushort)chr; //Console.WriteLine("wChar 0 hex={0:X4}", wChar); //.WriteLine("wChar 1 hex={0:X4}", wChar); wChar *= 0x4D; wChar ^= 0x004D07A0 & 0xFFFF; //Console.WriteLine("wChar 2 hex={0:X4}", wChar); output.Add((byte)(wChar & 0xFF)); output.Add((byte)(wChar >> 8 & 0xFF)); } wChar = 0x1337; output.Add((byte)(wChar & 0xFF)); output.Add((byte)(wChar >> 8 & 0xFF)); return output.ToArray(); } public void Dispose() { this.encryptionManager.Dispose(); } } class Program { static void Main2(string[] args) { //var rawText = "EncrLic*20200303598227*BI6TGP162123916*"; var rawText = "EncrLic*BI6133713371337*"; //BI6133713371337 Console.WriteLine("RAWText=({1})>{0}", rawText, rawText.Length); byte[] raw = System.Text.Encoding.ASCII.GetBytes(rawText); Console.WriteLine("RAWBytes=({1})>{0}", BitConverter.ToString(raw), raw.Length); byte[] fucked = tpl_Enfuck2(raw); Console.WriteLine("Fucked=({1})>{0}", BitConverter.ToString(fucked), fucked.Length); if (fucked.Length > 0) { byte[] unfucked = tpl_DeFuck2(fucked); Console.WriteLine("Unfucked=({1})>{0}", BitConverter.ToString(unfucked), unfucked.Length); Console.WriteLine("Unfucked=({1})>{0}", System.Text.Encoding.ASCII.GetString(unfucked), unfucked.Length); } } static void Main(string[] args) { using (TPLLicenseKanker tplLicenseKanker = new TPLLicenseKanker()) { //string newSerials = tplLicenseKanker.ReadLicense(File.ReadAllBytes("210517.TPL_Encr")); //new List { "BI6TGP162123916", "" }; // BI613370CHEETAH // BI6133713371337 // B6133713374200 //File.WriteAllBytes("210517_DUPE.TPL_Encr", tplLicenseKanker.WriteLicense(newSerials)); Console.WriteLine("\n\nReadLic Original 1"); Console.WriteLine(tplLicenseKanker.ReadLicense(File.ReadAllBytes("BirdyWPEuroBOS_250521.TPL_Encr"))); Console.WriteLine("\n\nReadLic Original 2"); Console.WriteLine(tplLicenseKanker.ReadLicense(File.ReadAllBytes("210517.TPL_Encr"))); Console.WriteLine("\n\nReadLic Original 3"); Console.WriteLine(tplLicenseKanker.ReadLicense(File.ReadAllBytes("dirk.TPL_Encr"))); Console.WriteLine("FransenTest\n\n"); Console.WriteLine(tplLicenseKanker.ReadLicense(File.ReadAllBytes("Fransen.TPL_Encr"))); Console.WriteLine("\n\n"); //File.WriteAllBytes("Fransen.TPL_Encr", tplLicenseKanker.WriteLicense("EncrLic*BI6TGP162123916*")); /*Console.WriteLine("ReadLic DUPE"); Console.WriteLine(tplLicenseKanker.ReadLicense(File.ReadAllBytes("210517_DUPE.TPL_Encr")));*/ /* foreach (string serialNumber in tplLicenseKanker.ReadLicense(File.ReadAllBytes("BirdyWPEuroBOS_250521.TPL_Encr"))) { Console.WriteLine("license serial {0}", serialNumber); }*/ } } public void noexec() { ////////////// var data = "8484caecd0ef65740c8dbdd094320aae99dc234c2a2455d056de4f61c7aafc389e9d68866118f19406647f6fa56f1ab26dacaff26efa2d6898841633e4e99bffbec6ec509809ea7de28428169d7911c0b11119a7a1afe980f50111e82a650e2479c06743ba361adf9952d77e7cfc93682b3c90d32dd82fa628d742e5f43a0083362f6df090e5816d9b189ce836daeb8c57bea5c0e69685f566cd86f88d2f9bb2d8073f58c5e0938d3ebcb6478113bf6361e074b637e5e28f542e24547498d7fcdb9e33d9868baea23efe9a0ba427bc555f1156751d40dfc6224cfef61d46c18173ede39efc45f20f574df0fbc2a4e36c2b5a9ac5817fd7b72f32ffaddd1105d65869e3815eaba8afd62f6d345793ae3f"; //var data = "6113b626671aea257c113518671a020b1d09aa081d095108f708d009f708d00985167817f7085108aa08020b1d09aa081d095108f708d009f708d00985167817f7089e177817020b7a147c111d09fb122f11d81d1d098516aa08d0091d09781785169e175108020b7a147c111d09fb122f11d81df708aa08aa08d009aa08d0099e172b175108020b7a147c111d09fb122f11d81df708aa08aa08d009aa08d0097817aa085108020b7a147c111d09fb122f11d81df708aa08aa08d009aa08d0099e172b177817020b7a147c111d09fb122f11d81df708aa08aa08d009aa08d0097817aa080408020b7a1455129e17e41efb12b01f1d099e17aa081d09aa08f70885161d099e17020ba608"; //var data = "8484caecd0ef65740c8dbdd094320aae89db1c21add76f58cde0bd647e1bee2bb116a7a70c7aaffaf89d25d2cc190a37"; uint dataLen = (uint)(data.Length / 2); var byteArray = new byte[dataLen]; StringToByteArrayFastest(data).CopyTo(byteArray, 0); //Console.WriteLine(BitConverter.ToString(byteArray)); /* Console.WriteLine( Crypt32.CryptDecrypt(phKey, IntPtr.Zero, 1, 0, byteArray, ref dataLen) ); Console.WriteLine("Re-Encrypted {0} {1}", dataLenReEncryptB, BitConverter.ToString(reEncryptedPayload)); var decryptedPayload = byteArray; var reEncryptedPayload = byteArray; uint dataLenReEncrypt = (uint)reEncryptedPayload.Length; uint dataLenReEncryptB = dataLenReEncrypt; Crypt32.CryptEncrypt(phKey, IntPtr.Zero, 1, 0, reEncryptedPayload, ref dataLenReEncrypt, dataLenReEncryptB); Console.WriteLine("Re-Encrypted {0} {1}", dataLenReEncryptB, BitConverter.ToString(reEncryptedPayload)); /* //Console.WriteLine("{0} {1}", System.Text.Encoding.ASCII.GetString(decryptedPayload).Length, System.Text.Encoding.Unicode.GetString(decryptedPayload).Length); //byte[] unfuckKanker1 = tpl_DeFuck(decryptedPayload); //byte[] unfuckKanker1 = tpl_DeFuck22(decryptedPayload); if (decryptedPayload.Length > 0) { byte[] unfucked = tpl_DeFuck2(decryptedPayload); Console.WriteLine("Unfucked=({1})>{0}", BitConverter.ToString(unfucked), unfucked.Length); Console.WriteLine("Unfucked=({1})>{0}", System.Text.Encoding.ASCII.GetString(unfucked), unfucked.Length); //byte[] fucked = tpl_Enfuck2(raw); //Console.WriteLine("Fucked=({1})>{0}", BitConverter.ToString(fucked), fucked.Length); } byte[] unfuckKanker2 = tpl_DeFuck22(decryptedPayload); */ Console.ReadLine(); } public static uint UStrLen(byte[] bytes) { return (uint)System.Text.Encoding.Unicode.GetString(bytes).Length; } public static string UStrFromWChar(ushort data) { return System.Text.Encoding.Unicode.GetString(new byte[] { ((byte)((byte)(data << 8) & 0xFF)), (byte)(data & 0xFF) }); } public static byte[] tpl_DeFuck(byte[] bytes) { byte[] mem02E3BD10 = new byte[] { 0x14,0xAA,0x87,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFC,0x09,0x4A,0x00,0x0C,0x0A,0x4A,0x00, 0x7C,0x35,0x02,0x08,0xFC,0xA1,0xFF,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0xA0,0x07,0x4D,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, }; uint imul = 0x00000000; uint ebp_04 = 0x02DF6850; uint ebp_08 = 0x08021A67; uint ebp_0C = 0x02E1EF7C; uint ebp_0E = 0x0802357C; uint ebp_10 = 0x00000000; uint ebp_18 = 0x00000000; uint ebp_14 = 0x00000000; uint ebp_1C = 0x00000000; uint ebp_20 = 0x00000000; uint ebp_24 = 0x00000000; uint ebp_28 = 0x00000000; uint edx = 0x00000000; uint eax = 0x00000000; List ebp08String = new List(); eax = UStrLen(bytes); // @UStrLen Console.WriteLine("eax strlen hex={0:X2} dec={0}", eax); ebp_20 = eax; // mov [ebp-20], eax ebp_14 = 0x00000001; // mov [ebp-14], 00000001 text_47AB2A: // // mov eax, [ebp-0C] edx = ebp_14; // mov edx,[ebp-14] Console.WriteLine("219 edx={0:X8}", edx); eax = (uint)(bytes[edx * 2 - 01] << 8 | bytes[edx * 2 - 02]); // movzx eax,word ptr [eax+edx*2-02] Console.WriteLine("223 eax={0:X8}", eax); eax = eax + ebp_18; // add eax,[ebp-18] Console.WriteLine("225 eax={0:X8}", eax); eax = eax & 0x0000FFFF; // and eax,0000FFFF ebp_18 = eax; // mov [ebp-18],eax eax = ebp_0C; // mov eax,[ebp-0C] edx = ebp_14; // mov edx,[ebp-14] eax = (uint)((eax & 0xFFFF0000) | ( (bytes[(edx * 2) - 01] << 8 | bytes[(edx * 2) - 02]) & 0xFFFF)); // mov ax,[eax+edx*2-02] //Console.WriteLine("eax={0:X8}", eax); edx = ebp_04; // mov edx,[ebp-04] edx = ((uint)0x000000FF & mem02E3BD10[(int)(/*edx +*/ 0x52)]); // movzx edx,byte ptr[edx+52] ////////////////////////////////////////////////////////////////////// //Console.WriteLine("eax={0:X8} edx={1:X8}", eax, edx); imul = (eax & 0xFFFF) * (edx & 0xFFFF); // imul dx edx = (edx & 0xFFFF0000) | (imul >> 16) & 0xFFFF; eax = (eax & 0xFFFF0000) | (imul & 0xFFFF); Console.WriteLine("eax={0:X8} edx={1:X8} imul={2:X12}", eax, edx, imul); ////////////////////////////////////////////////////////////////////// edx = ebp_04; // mov edx,[ebp-04] eax = (eax & 0xFFFF0000) | ((eax & 0xFFFF) ^ (0x004D07A0 & 0xFFFF));// xor ax,[ebp+50] ebp_10 = (ebp_10 & 0xFFFF) | (eax & 0xFFFF) << 16; // mov [ebp-0E],ax Console.WriteLine("eax={0:X8} edx={1:X8}", eax, edx); eax = 0x0019F854; // lea eax,[ebp-24] edx = (edx & 0xFFFF0000) | (ebp_10 >> 16 & 0xFFFF); // mov dx,[ebp-0E] Console.WriteLine("eax={0:X8} edx={1:X8}", eax, edx); ushort unicodeStrFromWChar = (ushort)((edx & 0xFF) << 8 | (edx >> 8 & 0xFF)); // call @UStrFromWChar edx = 0xFFFFFFFF; // pointer of new char lol // mov edx,[ebp-24] eax = ebp_08; // mov eax,[ebp-08] // 08021A67 ebp08String.Add((byte)((unicodeStrFromWChar >> 8) & 0xFF)); // @UStrCat ebp08String.Add((byte)(unicodeStrFromWChar & 0xFF)); eax = ebp_08; // mov eax,[ebp-08] // 08021A67 ebp_14++; // inc [ebp-14] ebp_20--; // dec [ebp-20] if (ebp_20 > 0) goto text_47AB2A; // jne // 47AB6C eax = ebp_08; // mov eax,[ebp-08] if (ebp08String[0] == 0x00) // cmp dword ptr[eax],00 goto text_47ABC2; // je text_47ABC2 Console.WriteLine("loop exit"); eax = ebp_04; // mov eax,[ebp-04] Console.WriteLine("437 eax={0:X8} edx={1:X8}", eax, edx); eax = ((uint)0x000000FF & mem02E3BD10[(int)(/*edx +*/ 0x52)]); // movzx eax,byte ptr[edx+52] Console.WriteLine("439 eax={0:X8} edx={1:X8}", eax, edx); Console.WriteLine("440 ebp_18={0:X8}", ebp_18); ////////////////////////////////////////////////////////////////////// //Console.WriteLine("eax={0:X8} edx={1:X8}", eax, edx); imul = (eax & 0xFFFF) * (ebp_18 & 0xFFFF); // imul byte ptr[eax+52] edx = (edx & 0xFFFF0000) | (imul >> 16) & 0xFFFF; eax = (eax & 0xFFFF0000) | (imul & 0xFFFF); Console.WriteLine("eax={0:X8} edx={1:X8} imul={2:X12}", eax, edx, imul); ////////////////////////////////////////////////////////////////////// edx = ebp_04; // mov edx,[ebp-04] Console.WriteLine("448 eax={0:X8} edx={1:X8}", eax, edx); eax = (eax & 0xFFFF0000) | ((eax & 0xFFFF) ^ (0x004D07A0 & 0xFFFF));// xor ax,[ebp+50] Console.WriteLine("450 eax={0:X8} edx={1:X8}", eax, edx); ebp_0E = (ebp_0E & 0xFFFF) | (eax & 0xFFFF) << 16; // mov [ebp-0E],ax eax = ebp_0E >> 16 & 0xFFFF; // mov ax,[ebp-0E] ebp_1C = (ebp_1C & 0xFFFFFF) | (eax & 0xFFFF) << 16; // mov [ebp-1A],ax eax = 0x0019F854; // lea eax,[ebp-28] edx = (edx & 0xFFFF0000) | (ebp_1C >> 16 & 0xFFFF); // mov dx,[ebp-1A] Console.WriteLine("eax={0:X8} edx={1:X8}", eax, edx); unicodeStrFromWChar = (ushort)((edx & 0xFF) << 8 | (edx >> 8 & 0xFF)); // call @UStrFromWChar Console.WriteLine("{0:X4}", unicodeStrFromWChar); edx = 0xFFFFFFFF; // pointer of new char lol // mov edx,[ebp-28] eax = ebp_08; // mov eax,[ebp-08] // 08021A67 ebp08String.Add((byte)((unicodeStrFromWChar >> 8) & 0xFF)); // @UStrCat ebp08String.Add((byte)(unicodeStrFromWChar & 0xFF)); eax = ebp_08; // mov eax,[ebp-08] // 08021A67 text_47ABC2: eax = 0x00000000; // xor eax,eax // // pop edx // // pop ecx // // pop ecx // // Console.WriteLine(BitConverter.ToString(ebp08String.ToArray())); Console.WriteLine(System.Text.Encoding.UTF8.GetString(ebp08String.ToArray())); return ebp08String.ToArray(); } public static byte[] tpl_Enfuck2(byte[] bytes) { byte[] mem02E3BD10 = new byte[] { 0x14,0xAA,0x87,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFC,0x09,0x4A,0x00,0x0C,0x0A,0x4A,0x00, 0x7C,0x35,0x02,0x08,0xFC,0xA1,0xFF,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0xA0,0x07,0x4D,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, }; List fuckedUp = new List(); foreach(byte chr in bytes) { ushort lol = (ushort)(chr * mem02E3BD10[ 0x52 ]); fuckedUp.Add((byte)(lol >> 8 & 0xFF)); fuckedUp.Add((byte)(lol & 0xFF)); } return fuckedUp.ToArray(); } public static byte[] tpl_DeFuck2(byte[] decryptedData) { List output = new List(); uint length = UStrLen(decryptedData); for (int i=0; i < length*2; i += 2) { ushort wChar = (ushort)(decryptedData[i] | decryptedData[i+1] << 8); wChar ^= 0x004D07A0 & 0xFFFF; wChar /= 0x4D; output.Add((byte)((wChar >> 8) & 0xFF)); output.Add((byte)(wChar & 0xFF)); } Console.WriteLine(BitConverter.ToString(output.ToArray())); Console.WriteLine(System.Text.Encoding.UTF8.GetString(output.ToArray())); return output.ToArray(); } public static byte[] tpl_DeFuck22(byte[] decryp) { byte[] mem02E3BD10 = new byte[] { 0x14,0xAA,0x87,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xFC,0x09,0x4A,0x00,0x0C,0x0A,0x4A,0x00, 0x7C,0x35,0x02,0x08,0xFC,0xA1,0xFF,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0xA0,0x07,0x4D,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, }; uint imul = 0x00000000; uint ebp_04 = 0x0019F878; uint ebp_08 = 0x08021A67; uint ebp_0C = 0x02E1EF7C; uint ebp_0E = 0x0802357C; uint ebp_10 = 0x00000000; uint ebp_18 = 0x00000000; uint ebp_14 = 0x00000000; uint ebp_1C = 0x00000000; uint ebp_20 = 0x00000000; uint ebp_24 = 0x00000000; uint ebp_28 = 0x00000000; uint edx = 0x00000000; uint eax = 0x00000000; uint ecx = 0x00000000; List ebp08String = new List(); eax = UStrLen(decryp); // @UStrLen eax--; // dec eax if (eax == 0) // test eax,eax goto text_47AC91; // jna Console.WriteLine("eax strlen hex={0:X2} dec={0}", eax); ebp_20 = eax; // mov [ebp-20], eax ebp_14 = 0x00000001; // mov [ebp-14], 00000001 text_47AC49: eax = ebp_04; // mov eax,[ebp-04] eax = 0x02E1F13C; // mov eax[eax+40] edx = ebp_14; // mov edx,[ebp-14] //Console.WriteLine("384 eax={0:X8}", eax); eax = eax & 0xFFFF0000 | ((uint) (decryp[edx * 2 - 01] << 8 | decryp[edx * 2 - 02]) & 0xFFFF); // mov ax,[eax+edx*2-02] //Console.WriteLine("387 eax={0:X8}", eax); eax = (eax & 0xFFFF0000) | ((eax & 0xFFFF) ^ (0x004D07A0 & 0xFFFF));// xor ax,[ebp+50] //Console.WriteLine("389 eax={0:X8}", eax); eax = eax & 0xFFFF; // movzx eax,ax Console.WriteLine("453 eax={0:X8}", eax); edx = ebp_04; // mov edx,[ebp-04] edx = ((uint)0x000000FF & mem02E3BD10[(int)(/*edx +*/ 0x52)]); // movzx edx,byte ptr[edx+52] ecx = edx; // mov ecx,edx edx = 0x00; // xor edx,edx Console.WriteLine("prediv eax={0:X8} ecx={1:X8}", eax, ecx); eax = eax / ecx; // div ecx //Console.WriteLine("ebp_0E={0:X8}", ebp_0E); ebp_0E = (ebp_0E & 0xFFFF) | (eax & 0xFFFF) << 16; // mov [ebp-0E],ax //Console.WriteLine("ebp_0E={0:X8}", ebp_0E); //Console.WriteLine("postdiv eax={0:X8} ecx={1:X8} {2}", eax, ecx, System.Text.Encoding.ASCII.GetString(new byte[] { (byte)eax })); eax = 0x0019F854; // lea eax,[ebp-24] edx = (edx & 0xFFFF0000) | (ebp_0E >> 16 & 0xFFFF); // mov dx,[ebp-0E] Console.WriteLine("eax={0:X8} ecx={1:X8}", eax, edx); ushort unicodeStrFromWChar = (ushort)edx; // call @UStrFromWChar edx = 0xFFFFFFFF; // pointer of new char lol // mov edx,[ebp-24] eax = ebp_0C; // mov eax,[ebp-0C] // 08021A67 ebp08String.Add((byte)((unicodeStrFromWChar >> 8) & 0xFF)); // @UStrCat ebp08String.Add((byte)(unicodeStrFromWChar & 0xFF)); eax = ebp_08; // mov eax,[ebp-08] // 08021A67 ebp_14++; // inc [ebp-14] ebp_20--; // dec [ebp-20] if (ebp_20 > 1) goto text_47AC49; // jne /* * eax=14C1 * ecx=4D * */ text_47AC91: eax = ebp_04; // mov eax,[ebp-04] text_47ABC2: eax = 0x00000000; // xor eax,eax // // pop edx // // pop ecx // // pop ecx // // Console.WriteLine(BitConverter.ToString(ebp08String.ToArray())); Console.WriteLine(System.Text.Encoding.UTF8.GetString(ebp08String.ToArray())); return ebp08String.ToArray(); } public static byte[] StringToByteArrayFastest(string hex) { if (hex.Length % 2 == 1) throw new Exception("The binary key cannot have an odd number of digits"); byte[] arr = new byte[hex.Length >> 1]; for (int i = 0; i < hex.Length >> 1; ++i) { arr[i] = (byte)((GetHexVal(hex[i << 1]) << 4) + (GetHexVal(hex[(i << 1) + 1]))); } return arr; } public static int GetHexVal(char hex) { int val = (int)hex; //For uppercase A-F letters: //return val - (val < 58 ? 48 : 55); //For lowercase a-f letters: //return val - (val < 58 ? 48 : 87); //Or the two combined, but a bit slower: return val - (val < 58 ? 48 : (val < 97 ? 55 : 87)); } } }