Rev 282 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 282 | Rev 292 | ||
---|---|---|---|
Line 10... | Line 10... | ||
10 | - Windows resource: PARM\16000\0 |
10 | - Windows resource: PARM\16000\0 |
11 | - MacOS resource: 'PARM' 16000 |
11 | - MacOS resource: 'PARM' 16000 |
12 | 12 | ||
13 | ## Implementation |
13 | ## Implementation |
14 | 14 | ||
15 | Defined in **ff.h**, implemented in **make.c**: |
15 | Defined in **ff.h**, implemented in **obfusc.c**: |
16 | 16 | ||
17 | // Only implements V4. Gets a random seed from the calling function. |
17 | // Only implements V5. Returns a seed that needs to be stored in the executable code. |
18 | void obfusc(PARM_T* pparm, unsigned int seed); |
18 | unsigned int obfusc(PARM_T* pparm); |
19 | 19 | ||
20 | // In V1+V2: Seed is hardcoded |
20 | // In V1+V2: Seed is hardcoded |
21 | // In V3: Seed is in PARM |
21 | // In V3: Seed is in PARM (field "unknown2") |
22 | // In V4: Seed is in the program code and will me modified with a binary search+replace |
22 | // In V4+V5: Seed is in the program code and will me modified with a binary search+replace |
23 | void deobfusc(PARM_T* pparm); |
23 | void deobfusc(PARM_T* pparm); |
24 | 24 | ||
- | 25 | ### Obfuscation "Version 5" |
|
- | 26 | ||
- | 27 | Introduced in **Filter Foundry 1.7.0.8** |
|
- | 28 | ||
- | 29 | Obfuscation version 5 is the same as version 4, but there is a constraint |
|
- | 30 | that the seed must be equal to the hash of the deobfuscated PARM. |
|
- | 31 | This is done to check the integrity of the deobfuscation. |
|
- | 32 | ||
25 | ### Obfuscation "Version 4" |
33 | ### Obfuscation "Version 4" |
26 | 34 | ||
27 | Introduced in **Filter Foundry 1.7.0.7** [08-Aug-2021] |
35 | Introduced in **Filter Foundry 1.7.0.7** |
28 | 36 | ||
29 | It is not compiler-dependant, but different between every standalone filter. |
37 | It is not compiler-dependant, but different between every standalone filter. |
30 | 38 | ||
31 | Windows version: |
39 | Windows version: |
32 | The binary code of the 8BF file will be manipulated during building |
40 | The binary code of the 8BF file will be manipulated during building |
Line 43... | Line 51... | ||
43 | 51 | ||
44 | The DWORD value "0x00000004" will be stored at position 0x30 (this field is not used in the `PARM` resource). |
52 | The DWORD value "0x00000004" will be stored at position 0x30 (this field is not used in the `PARM` resource). |
45 | 53 | ||
46 | ### Obfuscation "Version 3" |
54 | ### Obfuscation "Version 3" |
47 | 55 | ||
48 | Introduced in **Filter Foundry 1.7.0.5** [30-Jul-2021] |
56 | Introduced in **Filter Foundry 1.7.0.5** |
49 | 57 | ||
50 | It is compiler-dependant, therefore the resource cannot be exchanged between plugins! |
58 | It is compiler-dependant, therefore the resource cannot be exchanged between plugins! |
51 | 59 | ||
52 | Algorithm: XOR with a modified `rand()`-stream with seed that is stored at position 0x30 |
60 | Algorithm: XOR with a modified `rand()`-stream with seed that is stored at position 0x30 |
53 | (this field is not used in the `PARM` resource). |
61 | (this field is not used in the `PARM` resource). |
Line 66... | Line 74... | ||
66 | return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */ |
74 | return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */ |
67 | } |
75 | } |
68 | 76 | ||
69 | ### Obfuscation "Version 2" |
77 | ### Obfuscation "Version 2" |
70 | 78 | ||
71 | Introduced in **Filter Foundry 1.7b1** [20-Sep-2019] |
79 | Introduced in **Filter Foundry 1.7b1** |
72 | 80 | ||
73 | It is compiler-independant! |
81 | It is compiler-independant! |
74 | 82 | ||
75 | Algorithm: [XOR-Shift](https://de.wikipedia.org/wiki/Xorshift "XOR-Shift") with hardcoded seed `0x95d4a68f`. |
83 | Algorithm: [XOR-Shift](https://de.wikipedia.org/wiki/Xorshift "XOR-Shift") with hardcoded seed `0x95d4a68f`. |
76 | 84 |