Rev 507 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 507 | Rev 508 | ||
---|---|---|---|
Line 12... | Line 12... | ||
12 | 12 | ||
13 | ## Implementation |
13 | ## Implementation |
14 | 14 | ||
15 | Defined in **ff.h**, implemented in **obfusc.c**: |
15 | Defined in **ff.h**, implemented in **obfusc.c**: |
16 | 16 | ||
17 | // Implements Obfusc V6. |
17 | // Implements Obfusc V7. |
18 | // Returns a seed that needs to be stored in the executable code. |
18 | // Returns a seed1 and seed2 which need to be stored in the executable code. |
19 | uint64_t obfusc(PARM_T* pparm); |
19 | obfusc(PARM_T* pparm, uint64_t* out_initial_seed, uint64_t* out_initial_seed2); |
20 | 20 | ||
21 | // In V1+V2: Seed is hardcoded |
21 | // In V1+V2: Seed is hardcoded |
22 | // In V3: Seed is in PARM (field "unknown2") |
22 | // In V3: Seed is in PARM (field "unknown2") |
23 | // In V4-V6: Seed is in the program code and will me modified with a binary search+replace |
23 | // In V4-V7: Seed is in the program code and will me modified with a binary search+replace |
24 | void deobfusc(PARM_T* pparm); |
24 | void deobfusc(PARM_T* pparm); |
25 | 25 | ||
- | 26 | ### Obfuscation "Version 7" |
|
- | 27 | ||
- | 28 | Introduced in **Filter Foundry 1.7.0.17** |
|
- | 29 | ||
- | 30 | Now, there are two 64-bit seeds: |
|
- | 31 | ||
- | 32 | Initial seed 1: `0x7416972a52830517` (is in the code segment) |
|
- | 33 | Initial seed 2: `0xEF87A2F13E1F2186` (is in the data segment) |
|
- | 34 | ||
- | 35 | First, XOR-Shift64 using seed 2, then ROL shift, then XOR-Shift32 like in Obfusc V6. |
|
- | 36 | ||
26 | ### Obfuscation "Version 6" |
37 | ### Obfuscation "Version 6" |
27 | 38 | ||
28 | Introduced in **Filter Foundry 1.7.0.10** |
39 | Introduced in **Filter Foundry 1.7.0.10** |
29 | 40 | ||
30 | First, the fields `unknown1`, `unknown2`, aned `unknown3` are set to 0. |
41 | First, the fields `unknown1`, `unknown2`, aned `unknown3` are set to 0. |