WebSVN – filter_foundry – Blame – /trunk/obfusc.c

Rev	Author	Line No.	Line
292	daniel-mar	1	/*
		2	This file is part of "Filter Foundry", a filter plugin for Adobe Photoshop
		3	Copyright (C) 2003-2009 Toby Thain, toby@telegraphics.com.au
503	daniel-mar	4	Copyright (C) 2018-2022 Daniel Marschall, ViaThinkSoft
292	daniel-mar	5
		6	This program is free software; you can redistribute it and/or modify
		7	it under the terms of the GNU General Public License as published by
		8	the Free Software Foundation; either version 2 of the License, or
		9	(at your option) any later version.
		10
		11	This program is distributed in the hope that it will be useful,
		12	but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	GNU General Public License for more details.
		15
		16	You should have received a copy of the GNU General Public License
		17	along with this program; if not, write to the Free Software
		18	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
		19	*/
		20
		21	#include <stddef.h>
		22	#include <stdint.h>
		23
		24	#include "ff.h"
		25
506	daniel-mar	26	// Random seed for obfuscation "17 05 83 52 2a 97 16 74"
		27	// During the standalone-make process, this value will be changed by manipulating the 8BF file.
		28	// Therefore, the 32/64 bit 8BF files MUST contain the key contiguous and preferrpreferablyibly 4-aligned
		29	// Why do I use GetObfuscSeed?
		30	// 1. Because I prefer the key in side code segment so that it is better hidden than if it was in a data segment.
		31	// 2. Since the code segment is closer to the 8BF file start, the search+replace of the key is faster
		32	// Please also note:
		33	// The 8BF file MUST only contain the seed A SINGLE TIME
		34	// (In the Non-Standalone filter actually 3 times, because we have 2 resourced containing the 32/64 template DLLs)
		35	#if defined(__WATCOMC__)
		36	uint64_t GetObfuscSeed() {
		37	// Due to "volatile", this value will only exist a single time in the binary file.
		38	// This char array will result in contiguous chars in OpenWatcom.
		39	// In MSVC++, the array will be built using several "mov ..." OP codes.
		40	volatile char seed[8] = { '\x17', '\x05', '\x83', '\x52', '\x2a', '\x97', '\x16', '\x74' };
		41	return (uint64_t)seed;
		42	}
		43	#elif defined(_MSC_VER)
		44	#ifdef _WIN64
		45	// Note: For MSVCC 64-bit, neither making the method volatile, nor including a volatile variable did avoid inlining.
		46	// so we use __declspec(noinline)
		47	__declspec(noinline) uint64_t GetObfuscSeed() {
		48	// TODO: Not 4-byte aligned! (both variants)
		49	//volatile uint64_t seed = 0x7416972a52830517ull;
		50	//return seed;
		51	return 0x7416972a52830517ull;
		52	}
		53	#else
		54	__declspec(noinline) uint64_t GetObfuscSeed() {
		55	//volatile int test = 0;
		56	uint64_t* addr = NULL;
		57	__asm {
		58	mov eax, seed // Doesn't work in OpenWatcom
		59	mov addr, eax
		60	jmp end
		61	align 4 // Doesn't work in OpenWatcom
		62	seed:
		63	_emit 0x17 // Doesn't work in OpenWatcom
		64	_emit 0x05
		65	_emit 0x83
		66	_emit 0x52
		67	_emit 0x2A
		68	_emit 0x97
		69	_emit 0x16
		70	_emit 0x74
		71	/*
		72	pop ss
		73	add eax, 0x972a5283
		74	push ss
		75	jz seed
		76	*/
		77	end:
		78	}
		79	return addr == NULL ? 0 : *addr;
		80	}
		81	#endif
		82	#else
		83	// Unfortunately, with this compiler, we the value needs to be in the .data segment...
		84	// Due to "const volatile", this value will only exist a single time in the binary file.
508	daniel-mar	85	const volatile uint64_t obfusc_seed = 0x7416972a52830517ull;
506	daniel-mar	86	uint64_t GetObfuscSeed() {
508	daniel-mar	87	return obfusc_seed;
506	daniel-mar	88	}
		89	#endif
292	daniel-mar	90
508	daniel-mar	91	// Random seed #2 for obfuscation "86 21 1f 3e f1 a2 87 ef"
		92	// Lies in the data segment. Same rules like for the random seed #1.
		93	const volatile uint64_t obfusc_seed2 = 0xef87a2f13e1f2186ull;
		94	#ifdef _MSC_VER
		95	__declspec(noinline)
		96	#endif
		97	uint64_t GetObfuscSeed2() {
		98	// Additional seed for Obfusc V7. It is always in the data segment,
		99	// while obfusc seed 1 is in the code segment (if the compiler allows it)
		100	return obfusc_seed2;
		101	}
510	daniel-mar	102
		103	#ifdef WIN_ENV
		104	Boolean obfusc_seed_replace(FSSpec* dst, uint64_t search1, uint64_t search2, uint64_t replace1, uint64_t replace2, int maxamount1, int maxamount2) {
		105	uint64_t srecord = 0;
		106	int found1 = 0, found2 = 0;
		107	Boolean done = false;
		108	FILEREF fptr;
		109	FILECOUNT cnt;
		110
		111	if (FSpOpenDF(dst, fsRdWrPerm, &fptr) != noErr) return -1;
		112
		113	cnt = sizeof(srecord);
		114	while (FSRead(fptr, &cnt, &srecord) == noErr)
		115	{
		116	if (cnt != sizeof(srecord)) break; // EOF reached
		117	if (srecord == search1) {
		118	srecord = replace1;
		119	SetFPos(fptr, fsFromMark, -1 * (long)sizeof(srecord));
		120	cnt = (int)sizeof(srecord);
		121	FSWrite(fptr, &cnt, &srecord);
		122	SetFPos(fptr, fsFromStart, 0); // important for fseek
		123	found1++;
		124	done = (found1 == maxamount1) && (found2 == maxamount2);
		125	if (done) break;
		126	}
		127	else if (srecord == search2) {
		128	srecord = replace2;
		129	SetFPos(fptr, fsFromMark, -1 * (long)sizeof(srecord));
		130	cnt = (int)sizeof(srecord);
		131	FSWrite(fptr, &cnt, &srecord);
		132	SetFPos(fptr, fsFromStart, 0); // important for fseek
		133	found2++;
		134	done = (found1 == maxamount1) && (found2 == maxamount2);
		135	if (done) break;
		136	}
		137	else {
		138	SetFPos(fptr, fsFromMark, -1 * (long)(sizeof(srecord) - 1));
		139	}
		140	}
		141	FSClose(fptr);
		142
		143	return done;
		144	}
		145	#endif
508	daniel-mar	146
292	daniel-mar	147	int rand_msvcc(unsigned int* seed) {
		148	seed = seed * 214013L + 2531011L;
		149	return (seed >> 16) & 0x7fff; / Scale between 0 and RAND_MAX */
		150	}
		151
		152	int rand_openwatcom(unsigned int* seed) {
		153	// https://github.com/open-watcom/open-watcom-v2/blob/master/bld/clib/math/c/rand.c
		154	seed = seed * 1103515245L + 12345L;
		155	return (seed >> 16) & 0x7fff; / Scale between 0 and RAND_MAX */
		156	}
		157
293	daniel-mar	158	void xorshift(unsigned char** p, uint32_t* x32, size_t num) {
292	daniel-mar	159	size_t i;
		160	unsigned char* x = *p;
		161	for (i = 0; i < num; i++) {
		162	// https://de.wikipedia.org/wiki/Xorshift
		163	x32 ^= x32 << 13;
		164	x32 ^= x32 >> 17;
		165	x32 ^= x32 << 5;
		166	x++ ^= x32;
		167	}
		168	*p = x;
		169	}
		170
508	daniel-mar	171	void xorshift64(unsigned char** p, uint64_t* x64, size_t num) {
		172	// https://de.wikipedia.org/wiki/Xorshift
		173	size_t i;
		174	unsigned char* x = *p;
		175	for (i = 0; i < num; i++) {
		176	x64 ^= x64 << 13;
		177	x64 ^= x64 >> 7;
		178	x64 ^= x64 << 17;
		179	x++ ^= x64;
		180	}
		181	*p = x;
		182	}
		183
348	daniel-mar	184	#ifndef CHAR_BIT
		185	#define CHAR_BIT 8
		186	#endif
		187
		188	uint64_t rol_u64(uint64_t value, uint64_t by) {
509	daniel-mar	189	return value << by \| value >> ((uint64_t)sizeof(uint64_t) * CHAR_BIT - by);
348	daniel-mar	190	}
		191
		192	void rolshift(unsigned char** p, uint64_t* x64, size_t num) {
		193	size_t i;
		194	unsigned char* x = *p;
		195	for (i = 0; i < num; i++) {
		196	x++ ^= x64;
		197	x64 = rol_u64(x64, 1);
		198	}
		199	*p = x;
		200	}
		201
311	daniel-mar	202	uint32_t crc32b(char *data, int nLength) {
		203	int i, j, k;
318	daniel-mar	204	uint32_t crc, mask;
		205	char byte;
311	daniel-mar	206
		207	i = 0;
		208	crc = 0xFFFFFFFF;
		209
		210	for(k=0;k<nLength;k++) {
		211	byte = data[k];
		212	crc = crc ^ byte;
		213	for (j = 7; j >= 0; j--) {
318	daniel-mar	214	mask = (-1) * (crc & 1);
311	daniel-mar	215	crc = (crc >> 1) ^ (0xEDB88320 & mask);
		216	}
		217	i++;
		218	}
		219	return ~crc;
		220	}
		221
349	daniel-mar	222	static const uint64_t crc64_tab[256] = {
		223	0x0000000000000000ULL, 0x42F0E1EBA9EA3693ULL, 0x85E1C3D753D46D26ULL,
		224	0xC711223CFA3E5BB5ULL, 0x493366450E42ECDFULL, 0x0BC387AEA7A8DA4CULL,
		225	0xCCD2A5925D9681F9ULL, 0x8E224479F47CB76AULL, 0x9266CC8A1C85D9BEULL,
		226	0xD0962D61B56FEF2DULL, 0x17870F5D4F51B498ULL, 0x5577EEB6E6BB820BULL,
		227	0xDB55AACF12C73561ULL, 0x99A54B24BB2D03F2ULL, 0x5EB4691841135847ULL,
		228	0x1C4488F3E8F96ED4ULL, 0x663D78FF90E185EFULL, 0x24CD9914390BB37CULL,
		229	0xE3DCBB28C335E8C9ULL, 0xA12C5AC36ADFDE5AULL, 0x2F0E1EBA9EA36930ULL,
		230	0x6DFEFF5137495FA3ULL, 0xAAEFDD6DCD770416ULL, 0xE81F3C86649D3285ULL,
		231	0xF45BB4758C645C51ULL, 0xB6AB559E258E6AC2ULL, 0x71BA77A2DFB03177ULL,
		232	0x334A9649765A07E4ULL, 0xBD68D2308226B08EULL, 0xFF9833DB2BCC861DULL,
		233	0x388911E7D1F2DDA8ULL, 0x7A79F00C7818EB3BULL, 0xCC7AF1FF21C30BDEULL,
		234	0x8E8A101488293D4DULL, 0x499B3228721766F8ULL, 0x0B6BD3C3DBFD506BULL,
		235	0x854997BA2F81E701ULL, 0xC7B97651866BD192ULL, 0x00A8546D7C558A27ULL,
		236	0x4258B586D5BFBCB4ULL, 0x5E1C3D753D46D260ULL, 0x1CECDC9E94ACE4F3ULL,
		237	0xDBFDFEA26E92BF46ULL, 0x990D1F49C77889D5ULL, 0x172F5B3033043EBFULL,
		238	0x55DFBADB9AEE082CULL, 0x92CE98E760D05399ULL, 0xD03E790CC93A650AULL,
		239	0xAA478900B1228E31ULL, 0xE8B768EB18C8B8A2ULL, 0x2FA64AD7E2F6E317ULL,
		240	0x6D56AB3C4B1CD584ULL, 0xE374EF45BF6062EEULL, 0xA1840EAE168A547DULL,
		241	0x66952C92ECB40FC8ULL, 0x2465CD79455E395BULL, 0x3821458AADA7578FULL,
		242	0x7AD1A461044D611CULL, 0xBDC0865DFE733AA9ULL, 0xFF3067B657990C3AULL,
		243	0x711223CFA3E5BB50ULL, 0x33E2C2240A0F8DC3ULL, 0xF4F3E018F031D676ULL,
		244	0xB60301F359DBE0E5ULL, 0xDA050215EA6C212FULL, 0x98F5E3FE438617BCULL,
		245	0x5FE4C1C2B9B84C09ULL, 0x1D14202910527A9AULL, 0x93366450E42ECDF0ULL,
		246	0xD1C685BB4DC4FB63ULL, 0x16D7A787B7FAA0D6ULL, 0x5427466C1E109645ULL,
		247	0x4863CE9FF6E9F891ULL, 0x0A932F745F03CE02ULL, 0xCD820D48A53D95B7ULL,
		248	0x8F72ECA30CD7A324ULL, 0x0150A8DAF8AB144EULL, 0x43A04931514122DDULL,
		249	0x84B16B0DAB7F7968ULL, 0xC6418AE602954FFBULL, 0xBC387AEA7A8DA4C0ULL,
		250	0xFEC89B01D3679253ULL, 0x39D9B93D2959C9E6ULL, 0x7B2958D680B3FF75ULL,
		251	0xF50B1CAF74CF481FULL, 0xB7FBFD44DD257E8CULL, 0x70EADF78271B2539ULL,
		252	0x321A3E938EF113AAULL, 0x2E5EB66066087D7EULL, 0x6CAE578BCFE24BEDULL,
		253	0xABBF75B735DC1058ULL, 0xE94F945C9C3626CBULL, 0x676DD025684A91A1ULL,
		254	0x259D31CEC1A0A732ULL, 0xE28C13F23B9EFC87ULL, 0xA07CF2199274CA14ULL,
		255	0x167FF3EACBAF2AF1ULL, 0x548F120162451C62ULL, 0x939E303D987B47D7ULL,
		256	0xD16ED1D631917144ULL, 0x5F4C95AFC5EDC62EULL, 0x1DBC74446C07F0BDULL,
		257	0xDAAD56789639AB08ULL, 0x985DB7933FD39D9BULL, 0x84193F60D72AF34FULL,
		258	0xC6E9DE8B7EC0C5DCULL, 0x01F8FCB784FE9E69ULL, 0x43081D5C2D14A8FAULL,
		259	0xCD2A5925D9681F90ULL, 0x8FDAB8CE70822903ULL, 0x48CB9AF28ABC72B6ULL,
		260	0x0A3B7B1923564425ULL, 0x70428B155B4EAF1EULL, 0x32B26AFEF2A4998DULL,
		261	0xF5A348C2089AC238ULL, 0xB753A929A170F4ABULL, 0x3971ED50550C43C1ULL,
		262	0x7B810CBBFCE67552ULL, 0xBC902E8706D82EE7ULL, 0xFE60CF6CAF321874ULL,
		263	0xE224479F47CB76A0ULL, 0xA0D4A674EE214033ULL, 0x67C58448141F1B86ULL,
		264	0x253565A3BDF52D15ULL, 0xAB1721DA49899A7FULL, 0xE9E7C031E063ACECULL,
		265	0x2EF6E20D1A5DF759ULL, 0x6C0603E6B3B7C1CAULL, 0xF6FAE5C07D3274CDULL,
		266	0xB40A042BD4D8425EULL, 0x731B26172EE619EBULL, 0x31EBC7FC870C2F78ULL,
		267	0xBFC9838573709812ULL, 0xFD39626EDA9AAE81ULL, 0x3A28405220A4F534ULL,
		268	0x78D8A1B9894EC3A7ULL, 0x649C294A61B7AD73ULL, 0x266CC8A1C85D9BE0ULL,
		269	0xE17DEA9D3263C055ULL, 0xA38D0B769B89F6C6ULL, 0x2DAF4F0F6FF541ACULL,
		270	0x6F5FAEE4C61F773FULL, 0xA84E8CD83C212C8AULL, 0xEABE6D3395CB1A19ULL,
		271	0x90C79D3FEDD3F122ULL, 0xD2377CD44439C7B1ULL, 0x15265EE8BE079C04ULL,
		272	0x57D6BF0317EDAA97ULL, 0xD9F4FB7AE3911DFDULL, 0x9B041A914A7B2B6EULL,
		273	0x5C1538ADB04570DBULL, 0x1EE5D94619AF4648ULL, 0x02A151B5F156289CULL,
		274	0x4051B05E58BC1E0FULL, 0x87409262A28245BAULL, 0xC5B073890B687329ULL,
		275	0x4B9237F0FF14C443ULL, 0x0962D61B56FEF2D0ULL, 0xCE73F427ACC0A965ULL,
		276	0x8C8315CC052A9FF6ULL, 0x3A80143F5CF17F13ULL, 0x7870F5D4F51B4980ULL,
		277	0xBF61D7E80F251235ULL, 0xFD913603A6CF24A6ULL, 0x73B3727A52B393CCULL,
		278	0x31439391FB59A55FULL, 0xF652B1AD0167FEEAULL, 0xB4A25046A88DC879ULL,
		279	0xA8E6D8B54074A6ADULL, 0xEA16395EE99E903EULL, 0x2D071B6213A0CB8BULL,
		280	0x6FF7FA89BA4AFD18ULL, 0xE1D5BEF04E364A72ULL, 0xA3255F1BE7DC7CE1ULL,
		281	0x64347D271DE22754ULL, 0x26C49CCCB40811C7ULL, 0x5CBD6CC0CC10FAFCULL,
		282	0x1E4D8D2B65FACC6FULL, 0xD95CAF179FC497DAULL, 0x9BAC4EFC362EA149ULL,
		283	0x158E0A85C2521623ULL, 0x577EEB6E6BB820B0ULL, 0x906FC95291867B05ULL,
		284	0xD29F28B9386C4D96ULL, 0xCEDBA04AD0952342ULL, 0x8C2B41A1797F15D1ULL,
		285	0x4B3A639D83414E64ULL, 0x09CA82762AAB78F7ULL, 0x87E8C60FDED7CF9DULL,
		286	0xC51827E4773DF90EULL, 0x020905D88D03A2BBULL, 0x40F9E43324E99428ULL,
		287	0x2CFFE7D5975E55E2ULL, 0x6E0F063E3EB46371ULL, 0xA91E2402C48A38C4ULL,
		288	0xEBEEC5E96D600E57ULL, 0x65CC8190991CB93DULL, 0x273C607B30F68FAEULL,
		289	0xE02D4247CAC8D41BULL, 0xA2DDA3AC6322E288ULL, 0xBE992B5F8BDB8C5CULL,
		290	0xFC69CAB42231BACFULL, 0x3B78E888D80FE17AULL, 0x7988096371E5D7E9ULL,
		291	0xF7AA4D1A85996083ULL, 0xB55AACF12C735610ULL, 0x724B8ECDD64D0DA5ULL,
		292	0x30BB6F267FA73B36ULL, 0x4AC29F2A07BFD00DULL, 0x08327EC1AE55E69EULL,
		293	0xCF235CFD546BBD2BULL, 0x8DD3BD16FD818BB8ULL, 0x03F1F96F09FD3CD2ULL,
		294	0x41011884A0170A41ULL, 0x86103AB85A2951F4ULL, 0xC4E0DB53F3C36767ULL,
		295	0xD8A453A01B3A09B3ULL, 0x9A54B24BB2D03F20ULL, 0x5D45907748EE6495ULL,
		296	0x1FB5719CE1045206ULL, 0x919735E51578E56CULL, 0xD367D40EBC92D3FFULL,
		297	0x1476F63246AC884AULL, 0x568617D9EF46BED9ULL, 0xE085162AB69D5E3CULL,
		298	0xA275F7C11F7768AFULL, 0x6564D5FDE549331AULL, 0x279434164CA30589ULL,
		299	0xA9B6706FB8DFB2E3ULL, 0xEB46918411358470ULL, 0x2C57B3B8EB0BDFC5ULL,
		300	0x6EA7525342E1E956ULL, 0x72E3DAA0AA188782ULL, 0x30133B4B03F2B111ULL,
		301	0xF7021977F9CCEAA4ULL, 0xB5F2F89C5026DC37ULL, 0x3BD0BCE5A45A6B5DULL,
		302	0x79205D0E0DB05DCEULL, 0xBE317F32F78E067BULL, 0xFCC19ED95E6430E8ULL,
		303	0x86B86ED5267CDBD3ULL, 0xC4488F3E8F96ED40ULL, 0x0359AD0275A8B6F5ULL,
		304	0x41A94CE9DC428066ULL, 0xCF8B0890283E370CULL, 0x8D7BE97B81D4019FULL,
		305	0x4A6ACB477BEA5A2AULL, 0x089A2AACD2006CB9ULL, 0x14DEA25F3AF9026DULL,
		306	0x562E43B4931334FEULL, 0x913F6188692D6F4BULL, 0xD3CF8063C0C759D8ULL,
		307	0x5DEDC41A34BBEEB2ULL, 0x1F1D25F19D51D821ULL, 0xD80C07CD676F8394ULL,
		308	0x9AFCE626CE85B507ULL
		309	};
		310
		311	/*
		312	* ECMA 182 CRC64, taken from https://searchcode.com/file/68313281/lib/crc64.c/
		313	*/
		314	uint64_t crc64(const unsigned char* data, size_t len)
		315	{
		316	uint64_t crc = 0;
		317
		318	while (len--) {
		319	int i = ((int)(crc >> 56) ^ *data++) & 0xFF;
		320	crc = crc64_tab[i] ^ (crc << 8);
		321	}
		322
		323	return crc;
		324	}
		325
352	daniel-mar	326
		327	int obfuscation_version(PARM_T* pparm) {
		328	uint32_t obfusc_info = pparm->unknown2;
		329
507	daniel-mar	330	if (obfusc_info == 0x00000001) { // 01 00 00 00
		331	// Photoshop FilterFactory default initialization of field "unknown2" (no obfuscation)
352	daniel-mar	332	return 0;
		333	}
507	daniel-mar	334	else if (obfusc_info == 0x00000000) { // 00 00 00 00
		335	// Premiere FilterFactory default initialization of field "unknown1" (no obfuscation)
		336	// (Premiere Field "unknown1" has the offset of Photoshop's "unknown2" field)
352	daniel-mar	337	return 0;
		338	}
		339	else if (obfusc_info == 0x90E364A3) { // A3 64 E3 90
		340	// Version 1 obfuscation (Filter Foundry 1.4b8,9,10)
		341	return 1;
		342	}
		343	else if (obfusc_info == 0xE2CFCA34) { // 34 CA CF E2
		344	// Version 2 obfuscation (Filter Foundry 1.7b1)
		345	return 2;
		346	}
		347	else if ((obfusc_info >= 4) && (obfusc_info <= 0xFF)) { // xx 00 00 00
		348	// Version 4 obfuscation (Filter Foundry 1.7.0.7)
		349	// Version 5 obfuscation (Filter Foundry 1.7.0.8)
		350	// Version 6 obfuscation (Filter Foundry 1.7.0.10)
508	daniel-mar	351	// Version 7 obfuscation (Filter Foundry 1.7.0.17)
		352	// Future: Version 8, ... 255
352	daniel-mar	353	return obfusc_info;
		354	}
		355	else {
		356	// Version 3 obfuscation (Filter Foundry 1.7.0.5)
		357	// obfusc_info is the srand() seed and is equal to the time(0) build timestamp
		358	return 3;
		359	}
		360	}
		361
508	daniel-mar	362	void obfusc(PARM_T* pparm, uint64_t* out_initial_seed, uint64_t* out_initial_seed2) {
		363	// Version 7 obfuscation (Introduced in Filter Foundry 1.7.0.17)
292	daniel-mar	364
		365	unsigned char* p;
508	daniel-mar	366	uint64_t initial_seed, initial_seed2, rolseed;
350	daniel-mar	367	uint32_t xorseed;
508	daniel-mar	368	uint64_t xorseed2;
510	daniel-mar	369	size_t size = sizeof(PARM_T);
		370	int rand_iters, i, j;
347	daniel-mar	371
292	daniel-mar	372	#ifdef MAC_ENV
347	daniel-mar	373	// Currently, make_mac.c does not implement modifying the executable code (TODO),
		374	// so we will use the default initial_seed!
506	daniel-mar	375	initial_seed = GetObfuscSeed();
508	daniel-mar	376	initial_seed2 = GetObfuscSeed2();
292	daniel-mar	377	#else
347	daniel-mar	378	// Give always the same seed if the parameters are the same. No random values.
		379	// This initial seed will be returned and built into the executable code by make_win.c
508	daniel-mar	380	pparm->unknown1 = 0;
		381	pparm->unknown2 = 0;
		382	pparm->unknown3 = 0;
350	daniel-mar	383	initial_seed = crc64((unsigned char*)pparm, sizeof(PARM_T));
508	daniel-mar	384	pparm->unknown3 = crc32b((char*)pparm, sizeof(PARM_T)); // make sure that the second seed is different
		385	pparm->unknown2 = crc32b((char*)pparm, sizeof(PARM_T)); // make sure that the second seed is different
		386	pparm->unknown1 = crc32b((char*)pparm, sizeof(PARM_T)); // make sure that the second seed is different
		387	initial_seed2 = crc64((unsigned char*)pparm, sizeof(PARM_T));
292	daniel-mar	388	#endif
		389
508	daniel-mar	390	// AFTER unknown1-3 have been set to 0 (again), calculate the checksum!
		391	pparm->unknown1 = 0;
		392	pparm->unknown2 = 0;
		393	pparm->unknown3 = 0;
347	daniel-mar	394	pparm->unknown1 = crc32b((char*)pparm, sizeof(PARM_T));
309	daniel-mar	395
350	daniel-mar	396	xorseed = initial_seed & 0xFFFFFFFF;
292	daniel-mar	397	p = (unsigned char*)pparm;
350	daniel-mar	398	xorshift(&p, &xorseed, sizeof(PARM_T));
292	daniel-mar	399
348	daniel-mar	400	rolseed = initial_seed;
347	daniel-mar	401	p = (unsigned char*)pparm;
348	daniel-mar	402	rolshift(&p, &rolseed, sizeof(PARM_T));
347	daniel-mar	403
510	daniel-mar	404	rand_iters = 0xFFF - (initial_seed & 0xFF) + (initial_seed2 & 0xFF);
		405	if (rand_iters < 0) rand_iters = 0;
		406	for (j = rand_iters; j >= 0; j--) {
		407	uint32_t rand_seed = (initial_seed + initial_seed2 + j) & 0xFFFFFFFF;
		408	p = (unsigned char*)pparm;
		409	for (i = 0; i < 10; i++) {
		410	rand_msvcc(&rand_seed);
		411	}
		412	for (i = 0; i < (int)size; i++) {
		413	p++ ^= (int)(rand_msvcc(&rand_seed) 1.0 / ((double)RAND_MAX + 1) * 256);
		414	}
		415	}
		416
508	daniel-mar	417	xorseed2 = initial_seed2;
		418	p = (unsigned char*)pparm;
		419	xorshift64(&p, &xorseed2, sizeof(PARM_T));
347	daniel-mar	420
508	daniel-mar	421	pparm->unknown2 = 7; // obfusc version
		422
		423	*out_initial_seed = initial_seed;
		424	*out_initial_seed2 = initial_seed2;
292	daniel-mar	425	}
		426
		427	void deobfusc(PARM_T* pparm) {
309	daniel-mar	428	uint32_t obfusc_version;
292	daniel-mar	429	size_t size = sizeof(PARM_T);
		430
293	daniel-mar	431	obfusc_version = obfuscation_version(pparm);
292	daniel-mar	432
		433	switch (obfusc_version) {
		434	case 0:
		435	// no obfuscation
		436	return;
		437	case 1: {
		438	// Version 1 obfuscation (Filter Foundry 1.4b8,9,10)
		439	// Filter built with VC++ (official release by Toby Thain)
		440
		441	unsigned char* p;
		442	size_t i;
309	daniel-mar	443	uint32_t seed;
292	daniel-mar	444
		445	seed = 0xdc43df3c;
		446
		447	for (i = size, p = (unsigned char*)pparm; i--;) {
		448	*p++ ^= rand_msvcc(&seed);
		449	}
		450	break;
		451	}
		452	case 2: {
		453	// Version 2 obfuscation (Filter Foundry 1.7b1)
		454	// Compiler independent
		455
		456	unsigned char* p;
		457	size_t i;
309	daniel-mar	458	uint32_t seed;
292	daniel-mar	459
		460	seed = 0x95d4a68f;
		461
		462	for (i = size, p = (unsigned char*)pparm; i--;) {
		463	seed ^= seed << 13;
		464	seed ^= seed >> 17;
		465	seed ^= seed << 5;
		466	*p++ ^= seed;
		467	}
		468	break;
		469	}
		470	case 3: {
		471	// Version 3 obfuscation (Filter Foundry 1.7.0.5)
		472	// NO loading of other implementation supported, but that doesn't matter since
		473	// obfuscation and protection is combined in Filter Factory >= 1.7.0.5.
		474	// Using rand() is more secure, because it differs from compiler to compiler, so
		475	// it is harder to read a protected 8BF plugin.
		476	// Note that rand() in combination with srand() is deterministic, so it is safe
		477	// to use it: https://stackoverflow.com/questions/55438293/does-rand-function-in-c-follows-non-determinstc-algorithm
		478	// Note: 32-Bit FF is built using OpenWatcom (to support Win95), while 64-Bit FF is built using Microsoft Visual C++
		479
		480	unsigned char* p;
		481	size_t i;
309	daniel-mar	482	uint32_t seed;
292	daniel-mar	483	size_t seed_position;
		484
		485	seed = pparm->unknown2;
		486	seed_position = offsetof(PARM_T, unknown2); // = offsetof(PARM_T_PREMIERE, unknown1)
		487
		488	srand(seed);
329	daniel-mar	489
292	daniel-mar	490	p = (unsigned char*)pparm;
351	daniel-mar	491	for (i = 0; i < seed_position; i++) {
		492	p++ ^= (int)(rand() 1.0 / ((double)RAND_MAX + 1) * 256);
		493	}
309	daniel-mar	494	((uint32_t)p) = 0; // here was the seed. Fill it with 0x00000000
507	daniel-mar	495	p += 4; // jump to the next DWORD
351	daniel-mar	496	for (i = 0; i < size - seed_position - 4; i++) {
		497	p++ ^= (int)(rand() 1.0 / ((double)RAND_MAX + 1) * 256);
		498	}
329	daniel-mar	499
292	daniel-mar	500	break;
		501	}
		502	case 4:
		503	case 5: {
		504	// Version 4 obfuscation (Filter Foundry 1.7.0.7)
		505	// Version 5 obfuscation (Filter Foundry 1.7.0.8)
489	daniel-mar	506	// Not compiler dependent, but individual for each standalone filter
292	daniel-mar	507	// It is important that this code works for both x86 and x64 indepdently from the used compiler,
		508	// otherwise, the cross-make x86/x64 won't work!
		509	// Version 5 contains a seed requirement (checksum).
		510
		511	unsigned char* p;
		512	size_t seed_position;
309	daniel-mar	513	uint32_t seed, initial_seed;
292	daniel-mar	514
506	daniel-mar	515	initial_seed = GetObfuscSeed() & 0xFFFFFFFF; // this value will be manipulated during the building of each individual filter (see make_win.c)
309	daniel-mar	516
		517	seed = initial_seed;
292	daniel-mar	518	seed_position = offsetof(PARM_T, unknown2); // = offsetof(PARM_T_PREMIERE, unknown1)
		519
309	daniel-mar	520	if (obfusc_version == 5) {
		521	// make v4 and v5 intentionally incompatible to avoid a downgrade-attack
		522	seed ^= 0xFFFFFFFF;
		523	}
		524
292	daniel-mar	525	p = (unsigned char*)pparm;
293	daniel-mar	526	xorshift(&p, &seed, seed_position);
507	daniel-mar	527	((uint32_t)p) = 0; // here was the version info (4 or 5). Fill it with 0x00000000
		528	p += 4; // jump to the next DWORD
293	daniel-mar	529	xorshift(&p, &seed, size - seed_position - 4);
292	daniel-mar	530
		531	if (obfusc_version == 5) {
318	daniel-mar	532	pparm->unknown2 = 0; // make sure crc32b matches always
347	daniel-mar	533	if (crc32b((char*)pparm, sizeof(PARM_T)) != initial_seed) {
292	daniel-mar	534	// Integrity check failed!
309	daniel-mar	535	memset(pparm, 0, sizeof(PARM_T)); // invalidate everything
292	daniel-mar	536	}
		537	}
		538
		539	break;
		540	}
509	daniel-mar	541	case 6:
		542	case 7: {
347	daniel-mar	543	// Version 6 obfuscation (Filter Foundry 1.7.0.10)
509	daniel-mar	544	// Version 7 obfuscation (Filter Foundry 1.7.0.17)
489	daniel-mar	545	// Not compiler dependent, but individual for each standalone filter
347	daniel-mar	546	// It is important that this code works for both x86 and x64 indepdently from the used compiler,
		547	// otherwise, the cross-make x86/x64 won't work!
		548
		549	unsigned char* p;
350	daniel-mar	550	uint32_t xorseed, checksum;
348	daniel-mar	551	uint64_t initial_seed, rolseed;
503	daniel-mar	552
506	daniel-mar	553	initial_seed = GetObfuscSeed(); // this value will be manipulated during the building of each individual filter (see make_win.c)
347	daniel-mar	554
509	daniel-mar	555	if (obfusc_version >= 7) {
		556	uint64_t xorseed2, initial_seed2;
510	daniel-mar	557	int rand_iters, i, j;
		558
509	daniel-mar	559	initial_seed2 = GetObfuscSeed2(); // this value will be manipulated during the building of each individual filter (see make_win.c)
		560	xorseed2 = initial_seed2;
		561	p = (unsigned char*)pparm;
		562	xorshift64(&p, &xorseed2, sizeof(PARM_T));
510	daniel-mar	563
		564	rand_iters = 0xFFF - (initial_seed & 0xFF) + (initial_seed2 & 0xFF);
		565	if (rand_iters < 0) rand_iters = 0;
		566	for (j = 0; j <= rand_iters; j++) {
		567	uint32_t rand_seed = (initial_seed + initial_seed2 + j) & 0xFFFFFFFF;
		568	p = (unsigned char*)pparm;
		569	for (i = 0; i < 10; i++) {
		570	rand_msvcc(&rand_seed);
		571	}
		572	for (i = 0; i < (int)size; i++) {
		573	p++ ^= (int)(rand_msvcc(&rand_seed) 1.0 / ((double)RAND_MAX + 1) * 256);
		574	}
		575	}
347	daniel-mar	576	}
		577
508	daniel-mar	578	rolseed = initial_seed;
		579	p = (unsigned char*)pparm;
		580	rolshift(&p, &rolseed, sizeof(PARM_T));
		581
		582	xorseed = initial_seed & 0xFFFFFFFF;
		583	p = (unsigned char*)pparm;
		584	xorshift(&p, &xorseed, sizeof(PARM_T));
		585
		586	checksum = pparm->unknown1;
		587
		588	pparm->unknown1 = 0;
		589	pparm->unknown2 = 0;
		590	pparm->unknown3 = 0;
		591
		592	if (checksum != crc32b((char*)pparm, sizeof(PARM_T))) {
		593	// Integrity check failed!
		594	memset(pparm, 0, sizeof(PARM_T)); // invalidate everything
		595	}
		596
		597	break;
		598	}
292	daniel-mar	599	default: {
		600	// Obfuscation version unexpected!
309	daniel-mar	601	memset(pparm, 0, sizeof(PARM_T)); // invalidate everything
311	daniel-mar	602
		603	// If "return" is present: Calling function will receive an invalid cbSize value, hence showing "incompatible obfuscation"
		604	// If "return" is not present: Then the code below will set a correct cbSize and iProtect flag if obfusc_version>=3, which will raise the error "filter is protected"
		605	return;
292	daniel-mar	606	}
		607	}
		608
309	daniel-mar	609	if ((pparm->cbSize != PARM_SIZE) &&
351	daniel-mar	610	(pparm->cbSize != PARM_SIZE_PREMIERE) &&
309	daniel-mar	611	(pparm->cbSize != PARM_SIG_MAC)) {
		612	memset(pparm, 0, sizeof(PARM_T)); // invalidate everything
		613	}
503	daniel-mar	614
292	daniel-mar	615	if (obfusc_version >= 3) {
489	daniel-mar	616	// Filter Foundry >= 1.7.0.5 combines obfuscation and protection
292	daniel-mar	617	// when a standalone filter is built. Theoretically, you can un-protect a
		618	// plugin, even if it is obfuscated, just by bit-flipping the LSB of byte 0x164.
		619	// Therefore, we enforce that the plugin is protected!
		620	pparm->iProtected = 1;
		621
		622	// Furthermore, if obfuscation 3+ failed (since the seed is individual for each 8BF file),
293	daniel-mar	623	// we still want that load_*.c is able to detect pparm->iProtected instead
		624	// of throwing the error "Incompatible obfuscation".
292	daniel-mar	625	pparm->cbSize = PARM_SIZE;
408	daniel-mar	626	pparm->standalone = 1;
292	daniel-mar	627	}
312	daniel-mar	628
		629	if (obfusc_version >= 1) {
		630	// information was lost due to obfuscation. Make sure it is zero.
		631	pparm->unknown2 = 0;
		632	}
351	daniel-mar	633
		634	if (obfusc_version >= 6) {
		635	// information was lost due to checksum. Make sure it is zero.
		636	pparm->unknown1 = 0;
		637	}
292	daniel-mar	638	}

Subversion Repositories filter_foundry

filter_foundry/trunk/obfusc.c – Rev 514