Rev 508 | Rev 510 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 508 | Rev 509 | ||
|---|---|---|---|
| Line 140... | Line 140... | ||
| 140 | #ifndef CHAR_BIT |
140 | #ifndef CHAR_BIT |
| 141 | #define CHAR_BIT 8 |
141 | #define CHAR_BIT 8 |
| 142 | #endif |
142 | #endif |
| 143 | 143 | ||
| 144 | uint64_t rol_u64(uint64_t value, uint64_t by) { |
144 | uint64_t rol_u64(uint64_t value, uint64_t by) { |
| 145 | return value << by | value >> (sizeof(uint64_t) * CHAR_BIT - by); |
145 | return value << by | value >> ((uint64_t)sizeof(uint64_t) * CHAR_BIT - by); |
| 146 | } |
146 | } |
| 147 | 147 | ||
| 148 | void rolshift(unsigned char** p, uint64_t* x64, size_t num) { |
148 | void rolshift(unsigned char** p, uint64_t* x64, size_t num) { |
| 149 | size_t i; |
149 | size_t i; |
| 150 | unsigned char* x = *p; |
150 | unsigned char* x = *p; |
| Line 477... | Line 477... | ||
| 477 | } |
477 | } |
| 478 | } |
478 | } |
| 479 | 479 | ||
| 480 | break; |
480 | break; |
| 481 | } |
481 | } |
| - | 482 | case 6: |
|
| 482 | case 6: { |
483 | case 7: { |
| 483 | // Version 6 obfuscation (Filter Foundry 1.7.0.10) |
484 | // Version 6 obfuscation (Filter Foundry 1.7.0.10) |
| - | 485 | // Version 7 obfuscation (Filter Foundry 1.7.0.17) |
|
| 484 | // Not compiler dependent, but individual for each standalone filter |
486 | // Not compiler dependent, but individual for each standalone filter |
| 485 | // It is important that this code works for both x86 and x64 indepdently from the used compiler, |
487 | // It is important that this code works for both x86 and x64 indepdently from the used compiler, |
| 486 | // otherwise, the cross-make x86/x64 won't work! |
488 | // otherwise, the cross-make x86/x64 won't work! |
| 487 | 489 | ||
| 488 | unsigned char* p; |
490 | unsigned char* p; |
| 489 | uint32_t xorseed, checksum; |
491 | uint32_t xorseed, checksum; |
| 490 | uint64_t initial_seed, rolseed; |
492 | uint64_t initial_seed, rolseed; |
| 491 | 493 | ||
| 492 | initial_seed = GetObfuscSeed(); // this value will be manipulated during the building of each individual filter (see make_win.c) |
494 | initial_seed = GetObfuscSeed(); // this value will be manipulated during the building of each individual filter (see make_win.c) |
| 493 | 495 | ||
| 494 | rolseed = initial_seed; |
- | |
| 495 | p = (unsigned char*)pparm; |
496 | if (obfusc_version >= 7) { |
| 496 | rolshift(&p, &rolseed, sizeof(PARM_T)); |
- | |
| 497 | - | ||
| 498 | xorseed = initial_seed & 0xFFFFFFFF; |
- | |
| 499 | p = (unsigned char*)pparm; |
- | |
| 500 | xorshift(&p, &xorseed, sizeof(PARM_T)); |
- | |
| 501 | - | ||
| 502 | checksum = pparm->unknown1; |
- | |
| 503 | - | ||
| 504 | pparm->unknown1 = 0; |
- | |
| 505 | pparm->unknown2 = 0; |
- | |
| 506 | pparm->unknown3 = 0; |
- | |
| 507 | - | ||
| 508 | if (checksum != crc32b((char*)pparm, sizeof(PARM_T))) { |
- | |
| 509 | // Integrity check failed! |
- | |
| 510 | memset(pparm, 0, sizeof(PARM_T)); // invalidate everything |
- | |
| 511 | } |
- | |
| 512 | - | ||
| 513 | break; |
- | |
| 514 | } |
- | |
| 515 | case 7: { |
- | |
| 516 | // Version 7 obfuscation (Filter Foundry 1.7.0.17) |
- | |
| 517 | // Not compiler dependent, but individual for each standalone filter |
- | |
| 518 | // It is important that this code works for both x86 and x64 indepdently from the used compiler, |
- | |
| 519 | // otherwise, the cross-make x86/x64 won't work! |
- | |
| 520 | - | ||
| 521 | unsigned char* p; |
- | |
| 522 | uint32_t xorseed, checksum; |
- | |
| 523 | uint64_t xorseed2; |
- | |
| 524 | uint64_t initial_seed, initial_seed2, rolseed; |
497 | uint64_t xorseed2, initial_seed2; |
| 525 | - | ||
| 526 | initial_seed = GetObfuscSeed(); // this value will be manipulated during the building of each individual filter (see make_win.c) |
- | |
| 527 | initial_seed2 = GetObfuscSeed2(); // this value will be manipulated during the building of each individual filter (see make_win.c) |
498 | initial_seed2 = GetObfuscSeed2(); // this value will be manipulated during the building of each individual filter (see make_win.c) |
| 528 | - | ||
| 529 | // This is the difference between V6 and V7 |
- | |
| 530 | xorseed2 = initial_seed2; |
499 | xorseed2 = initial_seed2; |
| 531 | p = (unsigned char*)pparm; |
500 | p = (unsigned char*)pparm; |
| 532 | xorshift64(&p, &xorseed2, sizeof(PARM_T)); |
501 | xorshift64(&p, &xorseed2, sizeof(PARM_T)); |
| - | 502 | } |
|
| 533 | 503 | ||
| 534 | rolseed = initial_seed; |
504 | rolseed = initial_seed; |
| 535 | p = (unsigned char*)pparm; |
505 | p = (unsigned char*)pparm; |
| 536 | rolshift(&p, &rolseed, sizeof(PARM_T)); |
506 | rolshift(&p, &rolseed, sizeof(PARM_T)); |
| 537 | 507 | ||