Go to most recent revision | Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 267 | daniel-mar | 1 | # Obfuscated filters |
| 2 | |||
| 3 | ## Location |
||
| 4 | |||
| 5 | Obfuscated standalone filters: |
||
| 6 | - Windows resource: RCDATA\16001\0 |
||
| 7 | - MacOS resource: 'DATA' 16001 |
||
| 8 | |||
| 9 | Normal standalone filters: |
||
| 10 | - Windows resource: PARM\16000\0 |
||
| 11 | - MacOS resource: 'PARM' 16000 |
||
| 12 | |||
| 13 | ## Obfuscation "Version 3" |
||
| 14 | |||
| 15 | Introduced in **Filter Foundry 1.7.0.5** [30-Jul-2021] |
||
| 16 | |||
| 17 | It is compiler-dependant, therefore the resource cannot be exchanged between plugins! |
||
| 18 | |||
| 19 | Algorithm: XOR with `rand()`-stream with seed that is stored at position 0x30 |
||
| 20 | (this field is not used in the `PARM` resource). |
||
| 21 | |||
| 22 | ## Obfuscation "Version 2" |
||
| 23 | |||
| 24 | Introduced in **Filter Foundry 1.7b1** [20-Sep-2019] |
||
| 25 | |||
| 26 | It is compiler-independant! |
||
| 27 | |||
| 28 | Algorithm: [XOR-Shift](https://de.wikipedia.org/wiki/Xorshift "XOR-Shift") with hardcoded seed `0x95d4a68f`. |
||
| 29 | |||
| 30 | x32 = 0x95d4a68f; |
||
| 31 | for(i = size, p = pparm; i--;) { |
||
| 32 | x32 ^= x32 << 13; |
||
| 33 | x32 ^= x32 >> 17; |
||
| 34 | x32 ^= x32 << 5; |
||
| 35 | *p++ ^= x32; |
||
| 36 | } |
||
| 37 | |||
| 38 | ## Obfuscation "Version 1" |
||
| 39 | |||
| 40 | Introduced in **Filter Foundry 1.4b8,9,10** |
||
| 41 | |||
| 42 | It is compiler-dependant, therefore the resource cannot be exchanged between plugins! |
||
| 43 | |||
| 44 | Algorithm: XOR with `rand()`-stream with hardcoded seed `0xdc43df3c`. |
||
| 45 | |||
| 46 | srand(0xdc43df3c); |
||
| 47 | for(i = size, p = pparm; i--;) { |
||
| 48 | *p++ ^= rand(); |
||
| 49 | } |