Rev 282 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 282 | Rev 292 | ||
|---|---|---|---|
| Line 10... | Line 10... | ||
| 10 | - Windows resource: PARM\16000\0 |
10 | - Windows resource: PARM\16000\0 |
| 11 | - MacOS resource: 'PARM' 16000 |
11 | - MacOS resource: 'PARM' 16000 |
| 12 | 12 | ||
| 13 | ## Implementation |
13 | ## Implementation |
| 14 | 14 | ||
| 15 | Defined in **ff.h**, implemented in **make.c**: |
15 | Defined in **ff.h**, implemented in **obfusc.c**: |
| 16 | 16 | ||
| 17 | // Only implements V4. Gets a random seed from the calling function. |
17 | // Only implements V5. Returns a seed that needs to be stored in the executable code. |
| 18 | void obfusc(PARM_T* pparm, unsigned int seed); |
18 | unsigned int obfusc(PARM_T* pparm); |
| 19 | 19 | ||
| 20 | // In V1+V2: Seed is hardcoded |
20 | // In V1+V2: Seed is hardcoded |
| 21 | // In V3: Seed is in PARM |
21 | // In V3: Seed is in PARM (field "unknown2") |
| 22 | // In V4: Seed is in the program code and will me modified with a binary search+replace |
22 | // In V4+V5: Seed is in the program code and will me modified with a binary search+replace |
| 23 | void deobfusc(PARM_T* pparm); |
23 | void deobfusc(PARM_T* pparm); |
| 24 | 24 | ||
| - | 25 | ### Obfuscation "Version 5" |
|
| - | 26 | ||
| - | 27 | Introduced in **Filter Foundry 1.7.0.8** |
|
| - | 28 | ||
| - | 29 | Obfuscation version 5 is the same as version 4, but there is a constraint |
|
| - | 30 | that the seed must be equal to the hash of the deobfuscated PARM. |
|
| - | 31 | This is done to check the integrity of the deobfuscation. |
|
| - | 32 | ||
| 25 | ### Obfuscation "Version 4" |
33 | ### Obfuscation "Version 4" |
| 26 | 34 | ||
| 27 | Introduced in **Filter Foundry 1.7.0.7** [08-Aug-2021] |
35 | Introduced in **Filter Foundry 1.7.0.7** |
| 28 | 36 | ||
| 29 | It is not compiler-dependant, but different between every standalone filter. |
37 | It is not compiler-dependant, but different between every standalone filter. |
| 30 | 38 | ||
| 31 | Windows version: |
39 | Windows version: |
| 32 | The binary code of the 8BF file will be manipulated during building |
40 | The binary code of the 8BF file will be manipulated during building |
| Line 43... | Line 51... | ||
| 43 | 51 | ||
| 44 | The DWORD value "0x00000004" will be stored at position 0x30 (this field is not used in the `PARM` resource). |
52 | The DWORD value "0x00000004" will be stored at position 0x30 (this field is not used in the `PARM` resource). |
| 45 | 53 | ||
| 46 | ### Obfuscation "Version 3" |
54 | ### Obfuscation "Version 3" |
| 47 | 55 | ||
| 48 | Introduced in **Filter Foundry 1.7.0.5** [30-Jul-2021] |
56 | Introduced in **Filter Foundry 1.7.0.5** |
| 49 | 57 | ||
| 50 | It is compiler-dependant, therefore the resource cannot be exchanged between plugins! |
58 | It is compiler-dependant, therefore the resource cannot be exchanged between plugins! |
| 51 | 59 | ||
| 52 | Algorithm: XOR with a modified `rand()`-stream with seed that is stored at position 0x30 |
60 | Algorithm: XOR with a modified `rand()`-stream with seed that is stored at position 0x30 |
| 53 | (this field is not used in the `PARM` resource). |
61 | (this field is not used in the `PARM` resource). |
| Line 66... | Line 74... | ||
| 66 | return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */ |
74 | return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */ |
| 67 | } |
75 | } |
| 68 | 76 | ||
| 69 | ### Obfuscation "Version 2" |
77 | ### Obfuscation "Version 2" |
| 70 | 78 | ||
| 71 | Introduced in **Filter Foundry 1.7b1** [20-Sep-2019] |
79 | Introduced in **Filter Foundry 1.7b1** |
| 72 | 80 | ||
| 73 | It is compiler-independant! |
81 | It is compiler-independant! |
| 74 | 82 | ||
| 75 | Algorithm: [XOR-Shift](https://de.wikipedia.org/wiki/Xorshift "XOR-Shift") with hardcoded seed `0x95d4a68f`. |
83 | Algorithm: [XOR-Shift](https://de.wikipedia.org/wiki/Xorshift "XOR-Shift") with hardcoded seed `0x95d4a68f`. |
| 76 | 84 | ||