public static byte[] GetKeyDataFromExe(string filename)
{
using (var exe = new ExeFile.ResourceAccessor(filename))
{
var tform = exe.GetResource("TFORM1", "#10");
if (null == tform || !tform.AsciiEqual(0, "TPF0"))
{
return(null);
}
using (var input = new BinMemoryStream(tform))
{
var deserializer = new DelphiDeserializer(input);
var form = deserializer.Deserialize();
var image = form.Contents.FirstOrDefault(n => n.Name == "IconKeyImage");
if (null == image)
{
return(null);
}
var icon = image.Props["Picture.Data"] as byte[];
if (null == icon || icon.Length < 0x106 || !icon.AsciiEqual(0, "\x05TIcon"))
{
return(null);
}
return(new CowArray <byte> (icon, 6, 0x100).ToArray());
}
}
}
/// <summary>
/// Look for 'key.fkey' file within nearby directories specified by KeyLocations.
/// </summary>
static byte[] FindKeyFile(ArcView arc_file)
{
// QLIE archives with key could be opened at the physical file system level only
if (VFS.IsVirtual)
{
return(null);
}
var dir_name = Path.GetDirectoryName(arc_file.Name);
foreach (var path in KeyLocations)
{
var name = Path.Combine(dir_name, path, "key.fkey");
if (File.Exists(name))
{
Trace.WriteLine("reading key from " + name, "[QLIE]");
return(File.ReadAllBytes(name));
}
}
var pattern = VFS.CombinePath(dir_name, @"..\*.exe");
foreach (var exe_file in VFS.GetFiles(pattern))
{
using (var exe = new ExeFile.ResourceAccessor(exe_file.Name))
{
var reskey = exe.GetResource("RESKEY", "#10");
if (reskey != null)
{
return(reskey);
}
}
}
return(null);
}
/// <summary>
/// Parse certain executable resources for encryption passphrase.
/// Returns null if no passphrase found.
/// </summary>
public static string GetPassFromExe(string filename)
{
using (var exe = new ExeFile.ResourceAccessor(filename))
{
var code = exe.GetResource("DATA", "V_CODE2");
if (null == code || code.Length < 8)
{
return(null);
}
var key = exe.GetResource("KEY", "KEY_CODE");
if (null != key)
{
for (int i = 0; i < key.Length; ++i)
{
key[i] ^= 0xCD;
}
}
else
{
key = Encoding.ASCII.GetBytes("windmill");
}
var blowfish = new Blowfish(key);
blowfish.Decipher(code, code.Length / 8 * 8);
int length = Array.IndexOf <byte> (code, 0);
if (-1 == length)
{
length = code.Length;
}
return(Encodings.cp932.GetString(code, 0, length));
}
}
byte[] QueryKey(string arc_name)
{
if (VFS.IsVirtual)
{
return(null);
}
var dir = VFS.GetDirectoryName(arc_name);
var parent_dir = Directory.GetParent(dir).FullName;
var exe_files = VFS.GetFiles(VFS.CombinePath(parent_dir, "*.exe")).Concat(VFS.GetFiles(VFS.CombinePath(dir, "*.exe")));
foreach (var exe_entry in exe_files)
{
try
{
using (var exe = new ExeFile.ResourceAccessor(exe_entry.Name))
{
var code = exe.GetResource("CIPHERCODE", "CODE");
if (null == code)
{
continue;
}
if (20 == code.Length)
{
code = new CowArray <byte> (code, 4, 16).ToArray();
}
return(code);
}
}
catch { /* ignore errors */ }
}
return(null);
}
string ExtractNoaPassword(string arc_name)
{
if (VFS.IsVirtual)
{
return(null);
}
var dir = VFS.GetDirectoryName(arc_name);
var noa_name = Path.GetFileName(arc_name);
var parent_dir = Directory.GetParent(dir).FullName;
var exe_files = VFS.GetFiles(VFS.CombinePath(parent_dir, "*.exe")).Concat(VFS.GetFiles(VFS.CombinePath(dir, "*.exe")));
foreach (var exe_entry in exe_files)
{
try
{
using (var exe = new ExeFile.ResourceAccessor(exe_entry.Name))
{
var cotomi = exe.GetResource("IDR_COTOMI", "#10");
if (null == cotomi)
{
continue;
}
using (var res = new MemoryStream(cotomi))
using (var input = new ErisaNemesisStream(res))
{
var xml = new XmlDocument();
xml.Load(input);
var password = XmlFindArchiveKey(xml, noa_name);
if (password != null)
{
Trace.WriteLine(string.Format("{0}: found password \"{1}\"", noa_name, password), "[NOA]");
return(password);
}
}
}
}
catch { /* ignore errors */ }
}
return(null);
}
