Rev 507 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 507 | Rev 508 | ||
|---|---|---|---|
| Line 12... | Line 12... | ||
| 12 | 12 | ||
| 13 | ## Implementation |
13 | ## Implementation |
| 14 | 14 | ||
| 15 | Defined in **ff.h**, implemented in **obfusc.c**: |
15 | Defined in **ff.h**, implemented in **obfusc.c**: |
| 16 | 16 | ||
| 17 | // Implements Obfusc V6. |
17 | // Implements Obfusc V7. |
| 18 | // Returns a seed that needs to be stored in the executable code. |
18 | // Returns a seed1 and seed2 which need to be stored in the executable code. |
| 19 | uint64_t obfusc(PARM_T* pparm); |
19 | obfusc(PARM_T* pparm, uint64_t* out_initial_seed, uint64_t* out_initial_seed2); |
| 20 | 20 | ||
| 21 | // In V1+V2: Seed is hardcoded |
21 | // In V1+V2: Seed is hardcoded |
| 22 | // In V3: Seed is in PARM (field "unknown2") |
22 | // In V3: Seed is in PARM (field "unknown2") |
| 23 | // In V4-V6: Seed is in the program code and will me modified with a binary search+replace |
23 | // In V4-V7: Seed is in the program code and will me modified with a binary search+replace |
| 24 | void deobfusc(PARM_T* pparm); |
24 | void deobfusc(PARM_T* pparm); |
| 25 | 25 | ||
| - | 26 | ### Obfuscation "Version 7" |
|
| - | 27 | ||
| - | 28 | Introduced in **Filter Foundry 1.7.0.17** |
|
| - | 29 | ||
| - | 30 | Now, there are two 64-bit seeds: |
|
| - | 31 | ||
| - | 32 | Initial seed 1: `0x7416972a52830517` (is in the code segment) |
|
| - | 33 | Initial seed 2: `0xEF87A2F13E1F2186` (is in the data segment) |
|
| - | 34 | ||
| - | 35 | First, XOR-Shift64 using seed 2, then ROL shift, then XOR-Shift32 like in Obfusc V6. |
|
| - | 36 | ||
| 26 | ### Obfuscation "Version 6" |
37 | ### Obfuscation "Version 6" |
| 27 | 38 | ||
| 28 | Introduced in **Filter Foundry 1.7.0.10** |
39 | Introduced in **Filter Foundry 1.7.0.10** |
| 29 | 40 | ||
| 30 | First, the fields `unknown1`, `unknown2`, aned `unknown3` are set to 0. |
41 | First, the fields `unknown1`, `unknown2`, aned `unknown3` are set to 0. |