| 85,6 → 85,25 |
|---|
| } |
| } |
| |
| uint32_t crc32b(char *data, int nLength) { |
| int i, j, k; |
| unsigned int byte, crc, mask; |
| |
| i = 0; |
| crc = 0xFFFFFFFF; |
| |
| for(k=0;k<nLength;k++) { |
| byte = data[k]; |
| crc = crc ^ byte; |
| for (j = 7; j >= 0; j--) { |
| mask = -(crc & 1); |
| crc = (crc >> 1) ^ (0xEDB88320 & mask); |
| } |
| i++; |
| } |
| return ~crc; |
| } |
| |
| uint32_t obfusc(PARM_T* pparm) { |
| // Windows: Version 5 obfuscation (Introduced in Filter Foundry 1.7.0.8) |
| // Macintosh: Version 4 obfuscation (Introduced in Filter Foundry 1.7.0.7) |
| 101,7 → 120,7 |
|---|
| obfusc_version = 4; |
| #else |
| // In obfuscation version 5, the seed is also the checksum. It will be verified at deobfusc()! |
| initial_seed = (uint32_t)get_parm_hash(pparm); |
| initial_seed = crc32b(pparm,sizeof(PARM_T)); |
| obfusc_version = 5; |
| #endif |
| |
| 221,7 → 240,7 |
|---|
| xorshift(&p, &seed, size - seed_position - 4); |
| |
| if (obfusc_version == 5) { |
| if ((uint32_t)get_parm_hash(pparm) != initial_seed) { |
| if (crc32b(pparm,sizeof(PARM_T)) != initial_seed) { |
| // Integrity check failed! |
| memset(pparm, 0, sizeof(PARM_T)); // invalidate everything |
| } |
| 232,6 → 251,10 |
|---|
| default: { |
| // Obfuscation version unexpected! |
| memset(pparm, 0, sizeof(PARM_T)); // invalidate everything |
| |
| // If "return" is present: Calling function will receive an invalid cbSize value, hence showing "incompatible obfuscation" |
| // If "return" is not present: Then the code below will set a correct cbSize and iProtect flag if obfusc_version>=3, which will raise the error "filter is protected" |
| return; |
| } |
| } |
| |