Rev 270 | Rev 272 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 270 | Rev 271 | ||
---|---|---|---|
Line 465... | Line 465... | ||
465 | *seed = *seed * 214013L + 2531011L; |
465 | *seed = *seed * 214013L + 2531011L; |
466 | return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */ |
466 | return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */ |
467 | } |
467 | } |
468 | 468 | ||
469 | int rand_openwatcom(unsigned int* seed) { |
469 | int rand_openwatcom(unsigned int* seed) { |
- | 470 | // https://github.com/open-watcom/open-watcom-v2/blob/master/bld/clib/math/c/rand.c |
|
470 | *seed = *seed * 1103515245L + 12345L; |
471 | *seed = *seed * 1103515245L + 12345L; |
471 | return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */ |
472 | return (*seed >> 16) & 0x7fff; /* Scale between 0 and RAND_MAX */ |
472 | } |
473 | } |
473 | 474 | ||
474 | void obfusc(unsigned char* pparm, size_t size, size_t seed_position) { |
475 | void obfusc(PARM_T* pparm) { |
475 | unsigned char* p; |
476 | unsigned char* p; |
476 | size_t i; |
477 | size_t i; |
477 | unsigned int seed; |
478 | unsigned int seed; |
- | 479 | size_t size, seed_position; |
|
- | 480 | ||
- | 481 | seed_position = offsetof(PARM_T, unknown2); |
|
- | 482 | size = sizeof(PARM_T); |
|
478 | 483 | ||
479 | // Version 3 obfuscation |
484 | // Version 3 obfuscation |
480 | // Filter Foundry >= 1.7.0.5 |
485 | // Filter Foundry >= 1.7.0.5 |
481 | 486 | ||
482 | do { |
487 | do { |
483 | seed = (unsigned int)time(0); |
488 | seed = (unsigned int)time(0); |
484 | } while ((seed == 0x90E364A3/*V1*/) || (seed == 0xE2CFCA34/*V2*/)); |
489 | } while ((seed == 0x90E364A3/*V1*/) || (seed == 0xE2CFCA34/*V2*/)); |
485 | srand(seed); |
490 | srand(seed); |
486 | 491 | ||
487 | p = pparm; |
492 | p = (unsigned char*)pparm; |
488 | for (i = 0; i < seed_position; i++) *p++ ^= randInRange(0,255); |
493 | for (i = 0; i < seed_position; i++) *p++ ^= randInRange(0,255); |
489 | *((unsigned int*)p) = seed; // seed is placed at this position. data will lost! (in deobfusc, it will be set to 0x00000000) |
494 | *((unsigned int*)p) = seed; // seed is placed at this position. data will lost! (in deobfusc, it will be set to 0x00000000) |
490 | p += 4; |
495 | p += 4; |
491 | for (i = 0; i < size - seed_position - 4; i++) *p++ ^= randInRange(0, 255); |
496 | for (i = 0; i < size - seed_position - 4; i++) *p++ ^= randInRange(0, 255); |
492 | } |
497 | } |
493 | 498 | ||
494 | void deobfusc(unsigned char* pparm, size_t size, size_t seed_position) { |
499 | void deobfusc(PARM_T* pparm) { |
495 | unsigned char* p; |
500 | unsigned char* p; |
496 | size_t i; |
501 | size_t i; |
497 | unsigned int seed; |
502 | unsigned int seed; |
- | 503 | size_t size, seed_position; |
|
- | 504 | ||
- | 505 | seed_position = offsetof(PARM_T, unknown2); // offsetof(PARM_T_PREMIERE, unknown1) |
|
- | 506 | size = sizeof(PARM_T); |
|
498 | 507 | ||
499 | seed = *((unsigned int*)(pparm + seed_position)); |
508 | seed = pparm->unknown2; |
500 | 509 | ||
501 | if (seed == 0x90E364A3) { // A3 64 E3 90 |
510 | if (seed == 0x90E364A3) { // A3 64 E3 90 |
502 | // Version 1 obfuscation, filter built with VC++ (official release by Toby Thain) |
511 | // Version 1 obfuscation, filter built with VC++ (official release by Toby Thain) |
503 | // Filter Foundry FF >= 1.4b8,9,10 |
512 | // Filter Foundry FF >= 1.4b8,9,10 |
504 | seed = 0xdc43df3c; |
513 | seed = 0xdc43df3c; |
505 | for (i = size, p = pparm; i--;) { |
514 | for (i = size, p = (unsigned char*)pparm; i--;) { |
506 | *p++ ^= rand_msvcc(&seed); |
515 | *p++ ^= rand_msvcc(&seed) & 0xFF; |
507 | } |
516 | } |
508 | } |
517 | } |
509 | else if (seed == 0xE2CFCA34) { // 34 CA CF E2 |
518 | else if (seed == 0xE2CFCA34) { // 34 CA CF E2 |
510 | // Version 2 obfuscation, compiler independent |
519 | // Version 2 obfuscation, compiler independent |
511 | // Filter Foundry >= 1.7b1 |
520 | // Filter Foundry >= 1.7b1 |
512 | unsigned int x32 = 0x95d4a68f; |
521 | unsigned int x32 = 0x95d4a68f; |
513 | for (i = size, p = pparm; i--;) { |
522 | for (i = size, p = (unsigned char*)pparm; i--;) { |
514 | x32 ^= x32 << 13; |
523 | x32 ^= x32 << 13; |
515 | x32 ^= x32 >> 17; |
524 | x32 ^= x32 >> 17; |
516 | x32 ^= x32 << 5; |
525 | x32 ^= x32 << 5; |
517 | *p++ ^= x32; |
526 | *p++ ^= x32; |
518 | } |
527 | } |
Line 521... | Line 530... | ||
521 | // Version 3 obfuscation |
530 | // Version 3 obfuscation |
522 | // Filter Foundry >= 1.7.0.5 |
531 | // Filter Foundry >= 1.7.0.5 |
523 | // NO loading of other implementation supported, but that doesn't matter since Obfuscation+Protection is combined in FF >= 1.7.0.5 |
532 | // NO loading of other implementation supported, but that doesn't matter since Obfuscation+Protection is combined in FF >= 1.7.0.5 |
524 | // Note: 32-Bit FF is built using OpenWatcom (to support Win95), while 64-Bit FF is built using Microsoft Visual C++ |
533 | // Note: 32-Bit FF is built using OpenWatcom (to support Win95), while 64-Bit FF is built using Microsoft Visual C++ |
525 | srand(seed); |
534 | srand(seed); |
526 | p = pparm; |
535 | p = (unsigned char*)pparm; |
527 | for (i = 0; i < seed_position; i++) *p++ ^= randInRange(0, 255); |
536 | for (i = 0; i < seed_position; i++) *p++ ^= randInRange(0, 255); |
528 | *((unsigned int*)p) = 0; // here was the seed. Fill it with 0x00000000 |
537 | *((unsigned int*)p) = 0; // here was the seed. Fill it with 0x00000000 |
529 | p += 4; |
538 | p += 4; |
530 | for (i = 0; i < size - seed_position - 4; i++) *p++ ^= randInRange(0, 255); |
539 | for (i = 0; i < size - seed_position - 4; i++) *p++ ^= randInRange(0, 255); |
- | 540 | ||
- | 541 | // Filter Foundry >= 1.7.0.5 builds combines obfuscation and protection |
|
- | 542 | // when a standalone filter is built. Theoretically, you can un-protect a |
|
- | 543 | // plugin, even if it is obfuscated, just by bit-flipping the LSB of byte 0x164. |
|
- | 544 | // Therefore, we enforce that the plugin is protected! |
|
- | 545 | // Note: We don't need to check PARM_T_PREMIERE, because only PARM_T |
|
- | 546 | // can be obfuscated by FilterFoundry. |
|
- | 547 | pparm->iProtected = 1; |
|
531 | } |
548 | } |
532 | } |
549 | } |