WebSVN – filter_foundry – Blame – /trunk/obfusc.c

Rev	Author	Line No.	Line
292	daniel-mar	1	/*
		2	This file is part of "Filter Foundry", a filter plugin for Adobe Photoshop
		3	Copyright (C) 2003-2009 Toby Thain, toby@telegraphics.com.au
503	daniel-mar	4	Copyright (C) 2018-2022 Daniel Marschall, ViaThinkSoft
292	daniel-mar	5
		6	This program is free software; you can redistribute it and/or modify
		7	it under the terms of the GNU General Public License as published by
		8	the Free Software Foundation; either version 2 of the License, or
		9	(at your option) any later version.
		10
		11	This program is distributed in the hope that it will be useful,
		12	but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	GNU General Public License for more details.
		15
		16	You should have received a copy of the GNU General Public License
		17	along with this program; if not, write to the Free Software
		18	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
		19	*/
		20
		21	#include <stddef.h>
		22	#include <stdint.h>
		23
		24	#include "ff.h"
		25
506	daniel-mar	26	// Random seed for obfuscation "17 05 83 52 2a 97 16 74"
		27	// During the standalone-make process, this value will be changed by manipulating the 8BF file.
		28	// Therefore, the 32/64 bit 8BF files MUST contain the key contiguous and preferrpreferablyibly 4-aligned
		29	// Why do I use GetObfuscSeed?
		30	// 1. Because I prefer the key in side code segment so that it is better hidden than if it was in a data segment.
		31	// 2. Since the code segment is closer to the 8BF file start, the search+replace of the key is faster
		32	// Please also note:
		33	// The 8BF file MUST only contain the seed A SINGLE TIME
		34	// (In the Non-Standalone filter actually 3 times, because we have 2 resourced containing the 32/64 template DLLs)
		35	#if defined(__WATCOMC__)
		36	uint64_t GetObfuscSeed() {
		37	// Due to "volatile", this value will only exist a single time in the binary file.
		38	// This char array will result in contiguous chars in OpenWatcom.
		39	// In MSVC++, the array will be built using several "mov ..." OP codes.
		40	volatile char seed[8] = { '\x17', '\x05', '\x83', '\x52', '\x2a', '\x97', '\x16', '\x74' };
		41	return (uint64_t)seed;
		42	}
		43	#elif defined(_MSC_VER)
		44	#ifdef _WIN64
		45	// Note: For MSVCC 64-bit, neither making the method volatile, nor including a volatile variable did avoid inlining.
		46	// so we use __declspec(noinline)
		47	__declspec(noinline) uint64_t GetObfuscSeed() {
		48	// TODO: Not 4-byte aligned! (both variants)
		49	//volatile uint64_t seed = 0x7416972a52830517ull;
		50	//return seed;
		51	return 0x7416972a52830517ull;
		52	}
		53	#else
		54	__declspec(noinline) uint64_t GetObfuscSeed() {
		55	//volatile int test = 0;
		56	uint64_t* addr = NULL;
		57	__asm {
		58	mov eax, seed // Doesn't work in OpenWatcom
		59	mov addr, eax
		60	jmp end
		61	align 4 // Doesn't work in OpenWatcom
		62	seed:
		63	_emit 0x17 // Doesn't work in OpenWatcom
		64	_emit 0x05
		65	_emit 0x83
		66	_emit 0x52
		67	_emit 0x2A
		68	_emit 0x97
		69	_emit 0x16
		70	_emit 0x74
		71	/*
		72	pop ss
		73	add eax, 0x972a5283
		74	push ss
		75	jz seed
		76	*/
		77	end:
		78	}
		79	return addr == NULL ? 0 : *addr;
		80	}
		81	#endif
		82	#else
		83	// Unfortunately, with this compiler, we the value needs to be in the .data segment...
		84	// Due to "const volatile", this value will only exist a single time in the binary file.
508	daniel-mar	85	const volatile uint64_t obfusc_seed = 0x7416972a52830517ull;
506	daniel-mar	86	uint64_t GetObfuscSeed() {
508	daniel-mar	87	return obfusc_seed;
506	daniel-mar	88	}
		89	#endif
292	daniel-mar	90
508	daniel-mar	91	// Random seed #2 for obfuscation "86 21 1f 3e f1 a2 87 ef"
		92	// Lies in the data segment. Same rules like for the random seed #1.
		93	const volatile uint64_t obfusc_seed2 = 0xef87a2f13e1f2186ull;
		94	#ifdef _MSC_VER
		95	__declspec(noinline)
		96	#endif
		97	uint64_t GetObfuscSeed2() {
		98	// Additional seed for Obfusc V7. It is always in the data segment,
		99	// while obfusc seed 1 is in the code segment (if the compiler allows it)
		100	return obfusc_seed2;
		101	}
		102
292	daniel-mar	103	int rand_msvcc(unsigned int* seed) {
		104	seed = seed * 214013L + 2531011L;
		105	return (seed >> 16) & 0x7fff; / Scale between 0 and RAND_MAX */
		106	}
		107
		108	int rand_openwatcom(unsigned int* seed) {
		109	// https://github.com/open-watcom/open-watcom-v2/blob/master/bld/clib/math/c/rand.c
		110	seed = seed * 1103515245L + 12345L;
		111	return (seed >> 16) & 0x7fff; / Scale between 0 and RAND_MAX */
		112	}
		113
293	daniel-mar	114	void xorshift(unsigned char** p, uint32_t* x32, size_t num) {
292	daniel-mar	115	size_t i;
		116	unsigned char* x = *p;
		117	for (i = 0; i < num; i++) {
		118	// https://de.wikipedia.org/wiki/Xorshift
		119	x32 ^= x32 << 13;
		120	x32 ^= x32 >> 17;
		121	x32 ^= x32 << 5;
		122	x++ ^= x32;
		123	}
		124	*p = x;
		125	}
		126
508	daniel-mar	127	void xorshift64(unsigned char** p, uint64_t* x64, size_t num) {
		128	// https://de.wikipedia.org/wiki/Xorshift
		129	size_t i;
		130	unsigned char* x = *p;
		131	for (i = 0; i < num; i++) {
		132	x64 ^= x64 << 13;
		133	x64 ^= x64 >> 7;
		134	x64 ^= x64 << 17;
		135	x++ ^= x64;
		136	}
		137	*p = x;
		138	}
		139
348	daniel-mar	140	#ifndef CHAR_BIT
		141	#define CHAR_BIT 8
		142	#endif
		143
		144	uint64_t rol_u64(uint64_t value, uint64_t by) {
509	daniel-mar	145	return value << by \| value >> ((uint64_t)sizeof(uint64_t) * CHAR_BIT - by);
348	daniel-mar	146	}
		147
		148	void rolshift(unsigned char** p, uint64_t* x64, size_t num) {
		149	size_t i;
		150	unsigned char* x = *p;
		151	for (i = 0; i < num; i++) {
		152	x++ ^= x64;
		153	x64 = rol_u64(x64, 1);
		154	}
		155	*p = x;
		156	}
		157
311	daniel-mar	158	uint32_t crc32b(char *data, int nLength) {
		159	int i, j, k;
318	daniel-mar	160	uint32_t crc, mask;
		161	char byte;
311	daniel-mar	162
		163	i = 0;
		164	crc = 0xFFFFFFFF;
		165
		166	for(k=0;k<nLength;k++) {
		167	byte = data[k];
		168	crc = crc ^ byte;
		169	for (j = 7; j >= 0; j--) {
318	daniel-mar	170	mask = (-1) * (crc & 1);
311	daniel-mar	171	crc = (crc >> 1) ^ (0xEDB88320 & mask);
		172	}
		173	i++;
		174	}
		175	return ~crc;
		176	}
		177
349	daniel-mar	178	static const uint64_t crc64_tab[256] = {
		179	0x0000000000000000ULL, 0x42F0E1EBA9EA3693ULL, 0x85E1C3D753D46D26ULL,
		180	0xC711223CFA3E5BB5ULL, 0x493366450E42ECDFULL, 0x0BC387AEA7A8DA4CULL,
		181	0xCCD2A5925D9681F9ULL, 0x8E224479F47CB76AULL, 0x9266CC8A1C85D9BEULL,
		182	0xD0962D61B56FEF2DULL, 0x17870F5D4F51B498ULL, 0x5577EEB6E6BB820BULL,
		183	0xDB55AACF12C73561ULL, 0x99A54B24BB2D03F2ULL, 0x5EB4691841135847ULL,
		184	0x1C4488F3E8F96ED4ULL, 0x663D78FF90E185EFULL, 0x24CD9914390BB37CULL,
		185	0xE3DCBB28C335E8C9ULL, 0xA12C5AC36ADFDE5AULL, 0x2F0E1EBA9EA36930ULL,
		186	0x6DFEFF5137495FA3ULL, 0xAAEFDD6DCD770416ULL, 0xE81F3C86649D3285ULL,
		187	0xF45BB4758C645C51ULL, 0xB6AB559E258E6AC2ULL, 0x71BA77A2DFB03177ULL,
		188	0x334A9649765A07E4ULL, 0xBD68D2308226B08EULL, 0xFF9833DB2BCC861DULL,
		189	0x388911E7D1F2DDA8ULL, 0x7A79F00C7818EB3BULL, 0xCC7AF1FF21C30BDEULL,
		190	0x8E8A101488293D4DULL, 0x499B3228721766F8ULL, 0x0B6BD3C3DBFD506BULL,
		191	0x854997BA2F81E701ULL, 0xC7B97651866BD192ULL, 0x00A8546D7C558A27ULL,
		192	0x4258B586D5BFBCB4ULL, 0x5E1C3D753D46D260ULL, 0x1CECDC9E94ACE4F3ULL,
		193	0xDBFDFEA26E92BF46ULL, 0x990D1F49C77889D5ULL, 0x172F5B3033043EBFULL,
		194	0x55DFBADB9AEE082CULL, 0x92CE98E760D05399ULL, 0xD03E790CC93A650AULL,
		195	0xAA478900B1228E31ULL, 0xE8B768EB18C8B8A2ULL, 0x2FA64AD7E2F6E317ULL,
		196	0x6D56AB3C4B1CD584ULL, 0xE374EF45BF6062EEULL, 0xA1840EAE168A547DULL,
		197	0x66952C92ECB40FC8ULL, 0x2465CD79455E395BULL, 0x3821458AADA7578FULL,
		198	0x7AD1A461044D611CULL, 0xBDC0865DFE733AA9ULL, 0xFF3067B657990C3AULL,
		199	0x711223CFA3E5BB50ULL, 0x33E2C2240A0F8DC3ULL, 0xF4F3E018F031D676ULL,
		200	0xB60301F359DBE0E5ULL, 0xDA050215EA6C212FULL, 0x98F5E3FE438617BCULL,
		201	0x5FE4C1C2B9B84C09ULL, 0x1D14202910527A9AULL, 0x93366450E42ECDF0ULL,
		202	0xD1C685BB4DC4FB63ULL, 0x16D7A787B7FAA0D6ULL, 0x5427466C1E109645ULL,
		203	0x4863CE9FF6E9F891ULL, 0x0A932F745F03CE02ULL, 0xCD820D48A53D95B7ULL,
		204	0x8F72ECA30CD7A324ULL, 0x0150A8DAF8AB144EULL, 0x43A04931514122DDULL,
		205	0x84B16B0DAB7F7968ULL, 0xC6418AE602954FFBULL, 0xBC387AEA7A8DA4C0ULL,
		206	0xFEC89B01D3679253ULL, 0x39D9B93D2959C9E6ULL, 0x7B2958D680B3FF75ULL,
		207	0xF50B1CAF74CF481FULL, 0xB7FBFD44DD257E8CULL, 0x70EADF78271B2539ULL,
		208	0x321A3E938EF113AAULL, 0x2E5EB66066087D7EULL, 0x6CAE578BCFE24BEDULL,
		209	0xABBF75B735DC1058ULL, 0xE94F945C9C3626CBULL, 0x676DD025684A91A1ULL,
		210	0x259D31CEC1A0A732ULL, 0xE28C13F23B9EFC87ULL, 0xA07CF2199274CA14ULL,
		211	0x167FF3EACBAF2AF1ULL, 0x548F120162451C62ULL, 0x939E303D987B47D7ULL,
		212	0xD16ED1D631917144ULL, 0x5F4C95AFC5EDC62EULL, 0x1DBC74446C07F0BDULL,
		213	0xDAAD56789639AB08ULL, 0x985DB7933FD39D9BULL, 0x84193F60D72AF34FULL,
		214	0xC6E9DE8B7EC0C5DCULL, 0x01F8FCB784FE9E69ULL, 0x43081D5C2D14A8FAULL,
		215	0xCD2A5925D9681F90ULL, 0x8FDAB8CE70822903ULL, 0x48CB9AF28ABC72B6ULL,
		216	0x0A3B7B1923564425ULL, 0x70428B155B4EAF1EULL, 0x32B26AFEF2A4998DULL,
		217	0xF5A348C2089AC238ULL, 0xB753A929A170F4ABULL, 0x3971ED50550C43C1ULL,
		218	0x7B810CBBFCE67552ULL, 0xBC902E8706D82EE7ULL, 0xFE60CF6CAF321874ULL,
		219	0xE224479F47CB76A0ULL, 0xA0D4A674EE214033ULL, 0x67C58448141F1B86ULL,
		220	0x253565A3BDF52D15ULL, 0xAB1721DA49899A7FULL, 0xE9E7C031E063ACECULL,
		221	0x2EF6E20D1A5DF759ULL, 0x6C0603E6B3B7C1CAULL, 0xF6FAE5C07D3274CDULL,
		222	0xB40A042BD4D8425EULL, 0x731B26172EE619EBULL, 0x31EBC7FC870C2F78ULL,
		223	0xBFC9838573709812ULL, 0xFD39626EDA9AAE81ULL, 0x3A28405220A4F534ULL,
		224	0x78D8A1B9894EC3A7ULL, 0x649C294A61B7AD73ULL, 0x266CC8A1C85D9BE0ULL,
		225	0xE17DEA9D3263C055ULL, 0xA38D0B769B89F6C6ULL, 0x2DAF4F0F6FF541ACULL,
		226	0x6F5FAEE4C61F773FULL, 0xA84E8CD83C212C8AULL, 0xEABE6D3395CB1A19ULL,
		227	0x90C79D3FEDD3F122ULL, 0xD2377CD44439C7B1ULL, 0x15265EE8BE079C04ULL,
		228	0x57D6BF0317EDAA97ULL, 0xD9F4FB7AE3911DFDULL, 0x9B041A914A7B2B6EULL,
		229	0x5C1538ADB04570DBULL, 0x1EE5D94619AF4648ULL, 0x02A151B5F156289CULL,
		230	0x4051B05E58BC1E0FULL, 0x87409262A28245BAULL, 0xC5B073890B687329ULL,
		231	0x4B9237F0FF14C443ULL, 0x0962D61B56FEF2D0ULL, 0xCE73F427ACC0A965ULL,
		232	0x8C8315CC052A9FF6ULL, 0x3A80143F5CF17F13ULL, 0x7870F5D4F51B4980ULL,
		233	0xBF61D7E80F251235ULL, 0xFD913603A6CF24A6ULL, 0x73B3727A52B393CCULL,
		234	0x31439391FB59A55FULL, 0xF652B1AD0167FEEAULL, 0xB4A25046A88DC879ULL,
		235	0xA8E6D8B54074A6ADULL, 0xEA16395EE99E903EULL, 0x2D071B6213A0CB8BULL,
		236	0x6FF7FA89BA4AFD18ULL, 0xE1D5BEF04E364A72ULL, 0xA3255F1BE7DC7CE1ULL,
		237	0x64347D271DE22754ULL, 0x26C49CCCB40811C7ULL, 0x5CBD6CC0CC10FAFCULL,
		238	0x1E4D8D2B65FACC6FULL, 0xD95CAF179FC497DAULL, 0x9BAC4EFC362EA149ULL,
		239	0x158E0A85C2521623ULL, 0x577EEB6E6BB820B0ULL, 0x906FC95291867B05ULL,
		240	0xD29F28B9386C4D96ULL, 0xCEDBA04AD0952342ULL, 0x8C2B41A1797F15D1ULL,
		241	0x4B3A639D83414E64ULL, 0x09CA82762AAB78F7ULL, 0x87E8C60FDED7CF9DULL,
		242	0xC51827E4773DF90EULL, 0x020905D88D03A2BBULL, 0x40F9E43324E99428ULL,
		243	0x2CFFE7D5975E55E2ULL, 0x6E0F063E3EB46371ULL, 0xA91E2402C48A38C4ULL,
		244	0xEBEEC5E96D600E57ULL, 0x65CC8190991CB93DULL, 0x273C607B30F68FAEULL,
		245	0xE02D4247CAC8D41BULL, 0xA2DDA3AC6322E288ULL, 0xBE992B5F8BDB8C5CULL,
		246	0xFC69CAB42231BACFULL, 0x3B78E888D80FE17AULL, 0x7988096371E5D7E9ULL,
		247	0xF7AA4D1A85996083ULL, 0xB55AACF12C735610ULL, 0x724B8ECDD64D0DA5ULL,
		248	0x30BB6F267FA73B36ULL, 0x4AC29F2A07BFD00DULL, 0x08327EC1AE55E69EULL,
		249	0xCF235CFD546BBD2BULL, 0x8DD3BD16FD818BB8ULL, 0x03F1F96F09FD3CD2ULL,
		250	0x41011884A0170A41ULL, 0x86103AB85A2951F4ULL, 0xC4E0DB53F3C36767ULL,
		251	0xD8A453A01B3A09B3ULL, 0x9A54B24BB2D03F20ULL, 0x5D45907748EE6495ULL,
		252	0x1FB5719CE1045206ULL, 0x919735E51578E56CULL, 0xD367D40EBC92D3FFULL,
		253	0x1476F63246AC884AULL, 0x568617D9EF46BED9ULL, 0xE085162AB69D5E3CULL,
		254	0xA275F7C11F7768AFULL, 0x6564D5FDE549331AULL, 0x279434164CA30589ULL,
		255	0xA9B6706FB8DFB2E3ULL, 0xEB46918411358470ULL, 0x2C57B3B8EB0BDFC5ULL,
		256	0x6EA7525342E1E956ULL, 0x72E3DAA0AA188782ULL, 0x30133B4B03F2B111ULL,
		257	0xF7021977F9CCEAA4ULL, 0xB5F2F89C5026DC37ULL, 0x3BD0BCE5A45A6B5DULL,
		258	0x79205D0E0DB05DCEULL, 0xBE317F32F78E067BULL, 0xFCC19ED95E6430E8ULL,
		259	0x86B86ED5267CDBD3ULL, 0xC4488F3E8F96ED40ULL, 0x0359AD0275A8B6F5ULL,
		260	0x41A94CE9DC428066ULL, 0xCF8B0890283E370CULL, 0x8D7BE97B81D4019FULL,
		261	0x4A6ACB477BEA5A2AULL, 0x089A2AACD2006CB9ULL, 0x14DEA25F3AF9026DULL,
		262	0x562E43B4931334FEULL, 0x913F6188692D6F4BULL, 0xD3CF8063C0C759D8ULL,
		263	0x5DEDC41A34BBEEB2ULL, 0x1F1D25F19D51D821ULL, 0xD80C07CD676F8394ULL,
		264	0x9AFCE626CE85B507ULL
		265	};
		266
		267	/*
		268	* ECMA 182 CRC64, taken from https://searchcode.com/file/68313281/lib/crc64.c/
		269	*/
		270	uint64_t crc64(const unsigned char* data, size_t len)
		271	{
		272	uint64_t crc = 0;
		273
		274	while (len--) {
		275	int i = ((int)(crc >> 56) ^ *data++) & 0xFF;
		276	crc = crc64_tab[i] ^ (crc << 8);
		277	}
		278
		279	return crc;
		280	}
		281
352	daniel-mar	282
		283	int obfuscation_version(PARM_T* pparm) {
		284	uint32_t obfusc_info = pparm->unknown2;
		285
507	daniel-mar	286	if (obfusc_info == 0x00000001) { // 01 00 00 00
		287	// Photoshop FilterFactory default initialization of field "unknown2" (no obfuscation)
352	daniel-mar	288	return 0;
		289	}
507	daniel-mar	290	else if (obfusc_info == 0x00000000) { // 00 00 00 00
		291	// Premiere FilterFactory default initialization of field "unknown1" (no obfuscation)
		292	// (Premiere Field "unknown1" has the offset of Photoshop's "unknown2" field)
352	daniel-mar	293	return 0;
		294	}
		295	else if (obfusc_info == 0x90E364A3) { // A3 64 E3 90
		296	// Version 1 obfuscation (Filter Foundry 1.4b8,9,10)
		297	return 1;
		298	}
		299	else if (obfusc_info == 0xE2CFCA34) { // 34 CA CF E2
		300	// Version 2 obfuscation (Filter Foundry 1.7b1)
		301	return 2;
		302	}
		303	else if ((obfusc_info >= 4) && (obfusc_info <= 0xFF)) { // xx 00 00 00
		304	// Version 4 obfuscation (Filter Foundry 1.7.0.7)
		305	// Version 5 obfuscation (Filter Foundry 1.7.0.8)
		306	// Version 6 obfuscation (Filter Foundry 1.7.0.10)
508	daniel-mar	307	// Version 7 obfuscation (Filter Foundry 1.7.0.17)
		308	// Future: Version 8, ... 255
352	daniel-mar	309	return obfusc_info;
		310	}
		311	else {
		312	// Version 3 obfuscation (Filter Foundry 1.7.0.5)
		313	// obfusc_info is the srand() seed and is equal to the time(0) build timestamp
		314	return 3;
		315	}
		316	}
		317
508	daniel-mar	318	void obfusc(PARM_T* pparm, uint64_t* out_initial_seed, uint64_t* out_initial_seed2) {
		319	// Version 7 obfuscation (Introduced in Filter Foundry 1.7.0.17)
292	daniel-mar	320
		321	unsigned char* p;
508	daniel-mar	322	uint64_t initial_seed, initial_seed2, rolseed;
350	daniel-mar	323	uint32_t xorseed;
508	daniel-mar	324	uint64_t xorseed2;
347	daniel-mar	325
292	daniel-mar	326	#ifdef MAC_ENV
347	daniel-mar	327	// Currently, make_mac.c does not implement modifying the executable code (TODO),
		328	// so we will use the default initial_seed!
506	daniel-mar	329	initial_seed = GetObfuscSeed();
508	daniel-mar	330	initial_seed2 = GetObfuscSeed2();
292	daniel-mar	331	#else
347	daniel-mar	332	// Give always the same seed if the parameters are the same. No random values.
		333	// This initial seed will be returned and built into the executable code by make_win.c
508	daniel-mar	334	pparm->unknown1 = 0;
		335	pparm->unknown2 = 0;
		336	pparm->unknown3 = 0;
350	daniel-mar	337	initial_seed = crc64((unsigned char*)pparm, sizeof(PARM_T));
508	daniel-mar	338	pparm->unknown3 = crc32b((char*)pparm, sizeof(PARM_T)); // make sure that the second seed is different
		339	pparm->unknown2 = crc32b((char*)pparm, sizeof(PARM_T)); // make sure that the second seed is different
		340	pparm->unknown1 = crc32b((char*)pparm, sizeof(PARM_T)); // make sure that the second seed is different
		341	initial_seed2 = crc64((unsigned char*)pparm, sizeof(PARM_T));
292	daniel-mar	342	#endif
		343
508	daniel-mar	344	// AFTER unknown1-3 have been set to 0 (again), calculate the checksum!
		345	pparm->unknown1 = 0;
		346	pparm->unknown2 = 0;
		347	pparm->unknown3 = 0;
347	daniel-mar	348	pparm->unknown1 = crc32b((char*)pparm, sizeof(PARM_T));
309	daniel-mar	349
350	daniel-mar	350	xorseed = initial_seed & 0xFFFFFFFF;
292	daniel-mar	351	p = (unsigned char*)pparm;
350	daniel-mar	352	xorshift(&p, &xorseed, sizeof(PARM_T));
292	daniel-mar	353
348	daniel-mar	354	rolseed = initial_seed;
347	daniel-mar	355	p = (unsigned char*)pparm;
348	daniel-mar	356	rolshift(&p, &rolseed, sizeof(PARM_T));
347	daniel-mar	357
508	daniel-mar	358	xorseed2 = initial_seed2;
		359	p = (unsigned char*)pparm;
		360	xorshift64(&p, &xorseed2, sizeof(PARM_T));
347	daniel-mar	361
508	daniel-mar	362	pparm->unknown2 = 7; // obfusc version
		363
		364	*out_initial_seed = initial_seed;
		365	*out_initial_seed2 = initial_seed2;
292	daniel-mar	366	}
		367
		368	void deobfusc(PARM_T* pparm) {
309	daniel-mar	369	uint32_t obfusc_version;
292	daniel-mar	370	size_t size = sizeof(PARM_T);
		371
293	daniel-mar	372	obfusc_version = obfuscation_version(pparm);
292	daniel-mar	373
		374	switch (obfusc_version) {
		375	case 0:
		376	// no obfuscation
		377	return;
		378	case 1: {
		379	// Version 1 obfuscation (Filter Foundry 1.4b8,9,10)
		380	// Filter built with VC++ (official release by Toby Thain)
		381
		382	unsigned char* p;
		383	size_t i;
309	daniel-mar	384	uint32_t seed;
292	daniel-mar	385
		386	seed = 0xdc43df3c;
		387
		388	for (i = size, p = (unsigned char*)pparm; i--;) {
		389	*p++ ^= rand_msvcc(&seed);
		390	}
		391	break;
		392	}
		393	case 2: {
		394	// Version 2 obfuscation (Filter Foundry 1.7b1)
		395	// Compiler independent
		396
		397	unsigned char* p;
		398	size_t i;
309	daniel-mar	399	uint32_t seed;
292	daniel-mar	400
		401	seed = 0x95d4a68f;
		402
		403	for (i = size, p = (unsigned char*)pparm; i--;) {
		404	seed ^= seed << 13;
		405	seed ^= seed >> 17;
		406	seed ^= seed << 5;
		407	*p++ ^= seed;
		408	}
		409	break;
		410	}
		411	case 3: {
		412	// Version 3 obfuscation (Filter Foundry 1.7.0.5)
		413	// NO loading of other implementation supported, but that doesn't matter since
		414	// obfuscation and protection is combined in Filter Factory >= 1.7.0.5.
		415	// Using rand() is more secure, because it differs from compiler to compiler, so
		416	// it is harder to read a protected 8BF plugin.
		417	// Note that rand() in combination with srand() is deterministic, so it is safe
		418	// to use it: https://stackoverflow.com/questions/55438293/does-rand-function-in-c-follows-non-determinstc-algorithm
		419	// Note: 32-Bit FF is built using OpenWatcom (to support Win95), while 64-Bit FF is built using Microsoft Visual C++
		420
		421	unsigned char* p;
		422	size_t i;
309	daniel-mar	423	uint32_t seed;
292	daniel-mar	424	size_t seed_position;
		425
		426	seed = pparm->unknown2;
		427	seed_position = offsetof(PARM_T, unknown2); // = offsetof(PARM_T_PREMIERE, unknown1)
		428
		429	srand(seed);
329	daniel-mar	430
292	daniel-mar	431	p = (unsigned char*)pparm;
351	daniel-mar	432	for (i = 0; i < seed_position; i++) {
		433	p++ ^= (int)(rand() 1.0 / ((double)RAND_MAX + 1) * 256);
		434	}
309	daniel-mar	435	((uint32_t)p) = 0; // here was the seed. Fill it with 0x00000000
507	daniel-mar	436	p += 4; // jump to the next DWORD
351	daniel-mar	437	for (i = 0; i < size - seed_position - 4; i++) {
		438	p++ ^= (int)(rand() 1.0 / ((double)RAND_MAX + 1) * 256);
		439	}
329	daniel-mar	440
292	daniel-mar	441	break;
		442	}
		443	case 4:
		444	case 5: {
		445	// Version 4 obfuscation (Filter Foundry 1.7.0.7)
		446	// Version 5 obfuscation (Filter Foundry 1.7.0.8)
489	daniel-mar	447	// Not compiler dependent, but individual for each standalone filter
292	daniel-mar	448	// It is important that this code works for both x86 and x64 indepdently from the used compiler,
		449	// otherwise, the cross-make x86/x64 won't work!
		450	// Version 5 contains a seed requirement (checksum).
		451
		452	unsigned char* p;
		453	size_t seed_position;
309	daniel-mar	454	uint32_t seed, initial_seed;
292	daniel-mar	455
506	daniel-mar	456	initial_seed = GetObfuscSeed() & 0xFFFFFFFF; // this value will be manipulated during the building of each individual filter (see make_win.c)
309	daniel-mar	457
		458	seed = initial_seed;
292	daniel-mar	459	seed_position = offsetof(PARM_T, unknown2); // = offsetof(PARM_T_PREMIERE, unknown1)
		460
309	daniel-mar	461	if (obfusc_version == 5) {
		462	// make v4 and v5 intentionally incompatible to avoid a downgrade-attack
		463	seed ^= 0xFFFFFFFF;
		464	}
		465
292	daniel-mar	466	p = (unsigned char*)pparm;
293	daniel-mar	467	xorshift(&p, &seed, seed_position);
507	daniel-mar	468	((uint32_t)p) = 0; // here was the version info (4 or 5). Fill it with 0x00000000
		469	p += 4; // jump to the next DWORD
293	daniel-mar	470	xorshift(&p, &seed, size - seed_position - 4);
292	daniel-mar	471
		472	if (obfusc_version == 5) {
318	daniel-mar	473	pparm->unknown2 = 0; // make sure crc32b matches always
347	daniel-mar	474	if (crc32b((char*)pparm, sizeof(PARM_T)) != initial_seed) {
292	daniel-mar	475	// Integrity check failed!
309	daniel-mar	476	memset(pparm, 0, sizeof(PARM_T)); // invalidate everything
292	daniel-mar	477	}
		478	}
		479
		480	break;
		481	}
509	daniel-mar	482	case 6:
		483	case 7: {
347	daniel-mar	484	// Version 6 obfuscation (Filter Foundry 1.7.0.10)
509	daniel-mar	485	// Version 7 obfuscation (Filter Foundry 1.7.0.17)
489	daniel-mar	486	// Not compiler dependent, but individual for each standalone filter
347	daniel-mar	487	// It is important that this code works for both x86 and x64 indepdently from the used compiler,
		488	// otherwise, the cross-make x86/x64 won't work!
		489
		490	unsigned char* p;
350	daniel-mar	491	uint32_t xorseed, checksum;
348	daniel-mar	492	uint64_t initial_seed, rolseed;
503	daniel-mar	493
506	daniel-mar	494	initial_seed = GetObfuscSeed(); // this value will be manipulated during the building of each individual filter (see make_win.c)
347	daniel-mar	495
509	daniel-mar	496	if (obfusc_version >= 7) {
		497	uint64_t xorseed2, initial_seed2;
		498	initial_seed2 = GetObfuscSeed2(); // this value will be manipulated during the building of each individual filter (see make_win.c)
		499	xorseed2 = initial_seed2;
		500	p = (unsigned char*)pparm;
		501	xorshift64(&p, &xorseed2, sizeof(PARM_T));
347	daniel-mar	502	}
		503
508	daniel-mar	504	rolseed = initial_seed;
		505	p = (unsigned char*)pparm;
		506	rolshift(&p, &rolseed, sizeof(PARM_T));
		507
		508	xorseed = initial_seed & 0xFFFFFFFF;
		509	p = (unsigned char*)pparm;
		510	xorshift(&p, &xorseed, sizeof(PARM_T));
		511
		512	checksum = pparm->unknown1;
		513
		514	pparm->unknown1 = 0;
		515	pparm->unknown2 = 0;
		516	pparm->unknown3 = 0;
		517
		518	if (checksum != crc32b((char*)pparm, sizeof(PARM_T))) {
		519	// Integrity check failed!
		520	memset(pparm, 0, sizeof(PARM_T)); // invalidate everything
		521	}
		522
		523	break;
		524	}
292	daniel-mar	525	default: {
		526	// Obfuscation version unexpected!
309	daniel-mar	527	memset(pparm, 0, sizeof(PARM_T)); // invalidate everything
311	daniel-mar	528
		529	// If "return" is present: Calling function will receive an invalid cbSize value, hence showing "incompatible obfuscation"
		530	// If "return" is not present: Then the code below will set a correct cbSize and iProtect flag if obfusc_version>=3, which will raise the error "filter is protected"
		531	return;
292	daniel-mar	532	}
		533	}
		534
309	daniel-mar	535	if ((pparm->cbSize != PARM_SIZE) &&
351	daniel-mar	536	(pparm->cbSize != PARM_SIZE_PREMIERE) &&
309	daniel-mar	537	(pparm->cbSize != PARM_SIG_MAC)) {
		538	memset(pparm, 0, sizeof(PARM_T)); // invalidate everything
		539	}
503	daniel-mar	540
292	daniel-mar	541	if (obfusc_version >= 3) {
489	daniel-mar	542	// Filter Foundry >= 1.7.0.5 combines obfuscation and protection
292	daniel-mar	543	// when a standalone filter is built. Theoretically, you can un-protect a
		544	// plugin, even if it is obfuscated, just by bit-flipping the LSB of byte 0x164.
		545	// Therefore, we enforce that the plugin is protected!
		546	pparm->iProtected = 1;
		547
		548	// Furthermore, if obfuscation 3+ failed (since the seed is individual for each 8BF file),
293	daniel-mar	549	// we still want that load_*.c is able to detect pparm->iProtected instead
		550	// of throwing the error "Incompatible obfuscation".
292	daniel-mar	551	pparm->cbSize = PARM_SIZE;
408	daniel-mar	552	pparm->standalone = 1;
292	daniel-mar	553	}
312	daniel-mar	554
		555	if (obfusc_version >= 1) {
		556	// information was lost due to obfuscation. Make sure it is zero.
		557	pparm->unknown2 = 0;
		558	}
351	daniel-mar	559
		560	if (obfusc_version >= 6) {
		561	// information was lost due to checksum. Make sure it is zero.
		562	pparm->unknown1 = 0;
		563	}
292	daniel-mar	564	}

Subversion Repositories filter_foundry

filter_foundry/trunk/obfusc.c – Rev 509