Subversion Repositories filter_foundry

Rev

Rev 270 | Rev 272 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 270 Rev 271
Line 465... Line 465...
465 
        *seed = *seed * 214013L + 2531011L;
 465 
        *seed = *seed * 214013L + 2531011L;
466 
        return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */
 466 
        return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */
467 
}
 467 
}
468 
 
 468 
 
469 
int rand_openwatcom(unsigned int* seed) {
 469 
int rand_openwatcom(unsigned int* seed) {
- 
 
 470 
        // https://github.com/open-watcom/open-watcom-v2/blob/master/bld/clib/math/c/rand.c
470 
        *seed = *seed * 1103515245L + 12345L;
 471 
        *seed = *seed * 1103515245L + 12345L;
471 
        return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */
 472 
        return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */
472 
}
 473 
}
473 
 
 474 
 
474 
void obfusc(unsigned char* pparm, size_t size, size_t seed_position) {
 475 
void obfusc(PARM_T* pparm) {
475 
        unsigned char* p;
 476 
        unsigned char* p;
476 
        size_t i;
 477 
        size_t i;
477 
        unsigned int seed;
 478 
        unsigned int seed;
- 
 
 479 
        size_t size, seed_position;
- 
 
 480 
 
- 
 
 481 
        seed_position = offsetof(PARM_T, unknown2);
- 
 
 482 
        size = sizeof(PARM_T);
478 
 
 483 
 
479 
        // Version 3 obfuscation
 484 
        // Version 3 obfuscation
480 
        // Filter Foundry >= 1.7.0.5
 485 
        // Filter Foundry >= 1.7.0.5
481 
 
 486 
 
482 
        do {
 487 
        do {
483 
                seed = (unsigned int)time(0);
 488 
                seed = (unsigned int)time(0);
484 
        } while ((seed == 0x90E364A3/*V1*/) || (seed == 0xE2CFCA34/*V2*/));
 489 
        } while ((seed == 0x90E364A3/*V1*/) || (seed == 0xE2CFCA34/*V2*/));
485 
        srand(seed);
 490 
        srand(seed);
486 
 
 491 
 
487 
        p = pparm;
 492 
        p = (unsigned char*)pparm;
488 
        for (i = 0; i < seed_position; i++) *p++ ^= randInRange(0,255);
 493 
        for (i = 0; i < seed_position; i++) *p++ ^= randInRange(0,255);
489 
        *((unsigned int*)p) = seed; // seed is placed at this position. data will lost! (in deobfusc, it will be set to 0x00000000)
 494 
        *((unsigned int*)p) = seed; // seed is placed at this position. data will lost! (in deobfusc, it will be set to 0x00000000)
490 
        p += 4;
 495 
        p += 4;
491 
        for (i = 0; i < size - seed_position - 4; i++) *p++ ^= randInRange(0, 255);
 496 
        for (i = 0; i < size - seed_position - 4; i++) *p++ ^= randInRange(0, 255);
492 
}
 497 
}
493 
 
 498 
 
494 
void deobfusc(unsigned char* pparm, size_t size, size_t seed_position) {
 499 
void deobfusc(PARM_T* pparm) {
495 
        unsigned char* p;
 500 
        unsigned char* p;
496 
        size_t i;
 501 
        size_t i;
497 
        unsigned int seed;
 502 
        unsigned int seed;
- 
 
 503 
        size_t size, seed_position;
- 
 
 504 
 
- 
 
 505 
        seed_position = offsetof(PARM_T, unknown2); // offsetof(PARM_T_PREMIERE, unknown1)
- 
 
 506 
        size = sizeof(PARM_T);
498 
 
 507 
 
499 
        seed = *((unsigned int*)(pparm + seed_position));
 508 
        seed = pparm->unknown2;
500 
 
 509 
 
501 
        if (seed == 0x90E364A3) { // A3 64 E3 90
 510 
        if (seed == 0x90E364A3) { // A3 64 E3 90
502 
                // Version 1 obfuscation, filter built with VC++ (official release by Toby Thain)
 511 
                // Version 1 obfuscation, filter built with VC++ (official release by Toby Thain)
503 
                // Filter Foundry FF >= 1.4b8,9,10
 512 
                // Filter Foundry FF >= 1.4b8,9,10
504 
                seed = 0xdc43df3c;
 513 
                seed = 0xdc43df3c;
505 
                for (i = size, p = pparm; i--;) {
 514 
                for (i = size, p = (unsigned char*)pparm; i--;) {
506 
                        *p++ ^= rand_msvcc(&seed);
 515 
                        *p++ ^= rand_msvcc(&seed) & 0xFF;
507 
                }
 516 
                }
508 
        }
 517 
        }
509 
        else if (seed == 0xE2CFCA34) { // 34 CA CF E2
 518 
        else if (seed == 0xE2CFCA34) { // 34 CA CF E2
510 
                // Version 2 obfuscation, compiler independent
 519 
                // Version 2 obfuscation, compiler independent
511 
                // Filter Foundry >= 1.7b1
 520 
                // Filter Foundry >= 1.7b1
512 
                unsigned int x32 = 0x95d4a68f;
 521 
                unsigned int x32 = 0x95d4a68f;
513 
                for (i = size, p = pparm; i--;) {
 522 
                for (i = size, p = (unsigned char*)pparm; i--;) {
514 
                        x32 ^= x32 << 13;
 523 
                        x32 ^= x32 << 13;
515 
                        x32 ^= x32 >> 17;
 524 
                        x32 ^= x32 >> 17;
516 
                        x32 ^= x32 << 5;
 525 
                        x32 ^= x32 << 5;
517 
                        *p++ ^= x32;
 526 
                        *p++ ^= x32;
518 
                }
 527 
                }
Line 521... Line 530...
521 
                // Version 3 obfuscation
 530 
                // Version 3 obfuscation
522 
                // Filter Foundry >= 1.7.0.5
 531 
                // Filter Foundry >= 1.7.0.5
523 
                // NO loading of other implementation supported, but that doesn't matter since Obfuscation+Protection is combined in FF >= 1.7.0.5
 532 
                // NO loading of other implementation supported, but that doesn't matter since Obfuscation+Protection is combined in FF >= 1.7.0.5
524 
                // Note: 32-Bit FF is built using OpenWatcom (to support Win95), while 64-Bit FF is built using Microsoft Visual C++
 533 
                // Note: 32-Bit FF is built using OpenWatcom (to support Win95), while 64-Bit FF is built using Microsoft Visual C++
525 
                srand(seed);
 534 
                srand(seed);
526 
                p = pparm;
 535 
                p = (unsigned char*)pparm;
527 
                for (i = 0; i < seed_position; i++) *p++ ^= randInRange(0, 255);
 536 
                for (i = 0; i < seed_position; i++) *p++ ^= randInRange(0, 255);
528 
                *((unsigned int*)p) = 0; // here was the seed. Fill it with 0x00000000
 537 
                *((unsigned int*)p) = 0; // here was the seed. Fill it with 0x00000000
529 
                p += 4;
 538 
                p += 4;
530 
                for (i = 0; i < size - seed_position - 4; i++) *p++ ^= randInRange(0, 255);
 539 
                for (i = 0; i < size - seed_position - 4; i++) *p++ ^= randInRange(0, 255);
- 
 
 540 
 
- 
 
 541 
                // Filter Foundry >= 1.7.0.5 builds combines obfuscation and protection
- 
 
 542 
                // when a standalone filter is built. Theoretically, you can un-protect a
- 
 
 543 
                // plugin, even if it is obfuscated, just by bit-flipping the LSB of byte 0x164.
- 
 
 544 
                // Therefore, we enforce that the plugin is protected!
- 
 
 545 
                // Note: We don't need to check PARM_T_PREMIERE, because only PARM_T
- 
 
 546 
                //       can be obfuscated by FilterFoundry.
- 
 
 547 
                pparm->iProtected = 1;
531 
        }
 548 
        }
532 
}
 549 
}