public static bool Phase1() { EmbeddedResource targetRes = null; foreach (var res in AsmDef.MainModule.Resources) { try { // ReSharper disable ReturnValueOfPureMethodIsNotUsed Convert.FromBase64String(res.Name); // ReSharper restore ReturnValueOfPureMethodIsNotUsed targetRes = res as EmbeddedResource; } catch { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Could not locate compressed resource!" }; return(false); } } PhaseParam = targetRes.Name; Logger.VSLog(string.Format("Located compressed resource at {0}...", PhaseParam)); return(true); }
public static bool Phase2() { var resName = PhaseParam; var resReader = new ResourceReader(AsmDef.FindResource(res => res.Name == "app.resources").GetResourceStream()); var en = resReader.GetEnumerator(); byte[] resData = null; while (en.MoveNext()) { if (en.Key.ToString() == resName) { resData = en.Value as byte[]; } } if (resData == null) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Could not read resource data!" }; } PhaseParam = resData; return(true); }
public static bool Phase1() { EmbeddedResource targetRes = null; foreach (var res in AsmDef.MainModule.Resources) { try { // ReSharper disable ReturnValueOfPureMethodIsNotUsed Convert.FromBase64String(res.Name); // ReSharper restore ReturnValueOfPureMethodIsNotUsed targetRes = res as EmbeddedResource; } catch { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Could not locate compressed resource!" }; return false; } } PhaseParam = targetRes.Name; Logger.VSLog(string.Format("Located compressed resource at {0}...", PhaseParam)); return true; }
public static bool Phase2() { var orig = PhaseParam; var inStream = new MemoryStream(); var stream2 = new FileStream(Globals.DeobContext.InPath, FileMode.Open, FileAccess.Read) { Position = orig }; byte[] buffer = new byte[stream2.Length - orig]; stream2.Read(buffer, 0, Convert.ToInt32(buffer.Length)); inStream.Write(buffer, 0, buffer.Length); inStream.Seek(0L, SeekOrigin.Begin); if (buffer.Length == 0) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Data buffer is empty!" }; return(false); } Logger.VSLog(string.Format("Created memorystream ({0} bytes)...", buffer.Length)); PhaseParam = inStream; return(true); }
public static bool Phase1() { MethodDefinition cctor = null; var targetType = AsmDef.MainModule.Types.FirstOrDefault(t => IsBadType(t, out cctor)); if (targetType == null || cctor == null) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Minor, Message = "No string encryption?" }; EmergencyCancel = true; return(true); } MarkMember(targetType); Logger.VSLog("Located bad type at " + targetType.Name); _staticKey = (cctor.Body.Instructions.FirstOrDefault(op => op.OpCode == OpCodes.Ldtoken).Operand as FieldReference).Resolve().InitialValue; if (_staticKey == null || _staticKey.Length == 0) { ThrowPhaseError("Could not find static key!", 0, true); return(true); } PhaseParam = targetType; return(true); }
public static bool Phase2() { var resName = PhaseParam; var resReader = new ResourceReader(AsmDef.FindResource(res => res.Name == "app.resources").GetResourceStream()); var en = resReader.GetEnumerator(); byte[] resData = null; while (en.MoveNext()) { if (en.Key.ToString() == resName) resData = en.Value as byte[]; } if(resData == null) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Could not read resource data!" }; } PhaseParam = resData; return true; }
public static bool Phase1() { var orig = AsmDef.EntryPoint.DeclaringType.GetStaticConstructor(); if (orig == null) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Could not find orig field!" }; return(false); } PhaseParam = (int)orig.Body.Instructions.First(instr => instr.OpCode == OpCodes.Ldc_I4).Operand; Logger.VSLog(string.Format("Found orig field initializing value; {0}...", PhaseParam)); return(true); }
public static bool Phase2() { var finalData = Decompress(PhaseParam); if(finalData.Length == 0) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Could not decompress buffer!" }; return false; } Logger.VSLog(string.Format("Decompressed data, raw size: {0} bytes...", finalData.Length)); File.WriteAllBytes(Globals.DeobContext.OutPath, finalData); return true; }
public static bool Phase1() { var orig = AsmDef.EntryPoint.DeclaringType.GetStaticConstructor(); if (orig == null) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Could not find orig field!" }; return false; } PhaseParam = (int) orig.Body.Instructions.First(instr => instr.OpCode == OpCodes.Ldc_I4).Operand; Logger.VSLog(string.Format("Found orig field initializing value; {0}...", PhaseParam)); return true; }
public static bool Phase2() { var finalData = Decompress(PhaseParam); if (finalData.Length == 0) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Could not decompress buffer!" }; return(false); } Logger.VSLog(string.Format("Decompressed data, raw size: {0} bytes...", finalData.Length)); File.WriteAllBytes(Globals.DeobContext.OutPath, finalData); return(true); }
public static bool Phase1() { var target = AsmDef.EntryPoint; target = target.Body.Instructions.FirstOfOpCode((op => op == OpCodes.Call), 3).Operand as MethodDefinition; PhaseParam = target.Body.Instructions.FirstOfOpCode(OpCodes.Ldstr).Operand as string; if (PhaseParam == null || PhaseParam == "") { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Could not locate compressed resource!" }; return(false); } Logger.VSLog(string.Format("Found compressed resource: {0}...", PhaseParam)); return(true); }
public static bool Phase1() { var target = AsmDef.EntryPoint; target = target.Body.Instructions.FirstOfOpCode((op => op == OpCodes.Call), 3).Operand as MethodDefinition; PhaseParam = target.Body.Instructions.FirstOfOpCode(OpCodes.Ldstr).Operand as string; if(PhaseParam == null || PhaseParam == "") { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Could not locate compressed resource!" }; return false; } Logger.VSLog(string.Format("Found compressed resource: {0}...", PhaseParam)); return true; }
public static bool Phase1() { var target = AsmDef.FindMethod(mDef => mDef.Name == "lf"); _offset = (int)Convert.ChangeType(target.Body.Instructions.First(instr => instr.IsLdcI4WOperand()).Operand, typeof(Int32)); PhaseParam = lf(Globals.DeobContext.InPath); if(PhaseParam.Length == 0) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Failed to retrieve data!" }; return false; } Logger.VSLog("Retrieved compressed data..."); return true; }
public static bool Phase1() { var target = AsmDef.FindMethod(mDef => mDef.Name == "lf"); _offset = (int)Convert.ChangeType(target.Body.Instructions.First(instr => instr.IsLdcI4WOperand()).Operand, typeof(Int32)); PhaseParam = lf(Globals.DeobContext.InPath); if (PhaseParam.Length == 0) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Failed to retrieve data!" }; return(false); } Logger.VSLog("Retrieved compressed data..."); return(true); }
public static bool Phase2() { var blockList = PhaseParam as Dictionary<MethodDefinition, List<ILBlock>>; var finalList = new Dictionary<MethodDefinition, List<Instruction>>(); foreach (var entry in blockList) { var blocks = entry.Value; var mDef = entry.Key; var cleanBody = new List<Instruction>(); var tmpBlock = blocks.Find(block => block.StartIndex == 0); Instruction instr; while (tmpBlock.NextBlock != null) { //mDef.Body.SimplifyMacros(); instr = mDef.Body.Instructions[tmpBlock.StartIndex]; while (mDef.Body.Instructions.IndexOf(instr.Next) <= tmpBlock.EndIndex) { cleanBody.Add(instr); instr = instr.Next; if (instr == null) break; if(cleanBody.Count >= 10000) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Minor, Message = "Internal block error!" }; return false; } } tmpBlock = tmpBlock.NextBlock; } instr = mDef.Body.Instructions[tmpBlock.StartIndex]; while (mDef.Body.Instructions.IndexOf(instr.Next) <= tmpBlock.EndIndex) { cleanBody.Add(instr); instr = instr.Next; if (instr == null) break; } if (cleanBody[cleanBody.Count -1].OpCode != OpCodes.Ret) cleanBody.Add(mDef.Body.GetILProcessor().Create(OpCodes.Ret)); CleanJumps(ref cleanBody); finalList.Add(mDef, cleanBody); } blockList.Clear(); PhaseParam = finalList; return true; }
public void DecryptEntry(ref DecryptionContext entry) { var rEntry = entry as RummageContext; if (rEntry.Key == 0) { ThrowPhaseError("Failed to decrypt string!", 0, false); } var str = ""; using (var fs = new FileStream(Globals.DeobContext.InPath, FileMode.Open, FileAccess.Read)) { using (var br = new BinaryReader(fs)) { if (rEntry.Key == 61 + 1) { rEntry.Key = 62; } uint[] numArray = null; uint[] numArray2 = null; fs.Seek((rEntry.Key * 4) - _offset, SeekOrigin.End); byte[] outData = null; var x = 0; while (x < (numArray ?? new uint[1337]).Length) { uint num = 0; try { num = br.ReadUInt32(); } catch (EndOfStreamException e) { break; } catch { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Minor, Message = "Message author!" }; continue; } var num2 = br.ReadUInt32(); var num3 = 3337565984; var tmp = numArray2; for (var i = 32; i > 0; i--) { num2 -= (((num << 4) ^ (num >> 5)) + num) ^ (num3 + _decMod[(int)((IntPtr)((num3 >> 11) & 3))]); num3 -= 2654435769; num -= (((num2 << 4) ^ (num2 >> 5)) + num2) ^ (num3 + _decMod[(int)((IntPtr)(num3 & 3))]); } uint[] numArray4; if (tmp == null) { outData = new byte[num]; numArray4 = numArray = new uint[num + 11 / 8 * 2 - 1]; } else { numArray[x - 1] = num; numArray4 = numArray; } numArray4[x] = num2; x += 2; if (x < numArray.Length) { numArray2 = numArray4; } Buffer.BlockCopy(numArray4, 0, outData, 0, outData.Length); str = Encoding.UTF8.GetString(outData); } } } rEntry.PlainText = str; }
public static bool Phase2() { var blockList = PhaseParam as Dictionary <MethodDefinition, List <ILBlock> >; var finalList = new Dictionary <MethodDefinition, List <Instruction> >(); foreach (var entry in blockList) { var blocks = entry.Value; var mDef = entry.Key; var cleanBody = new List <Instruction>(); var tmpBlock = blocks.Find(block => block.StartIndex == 0); Instruction instr; while (tmpBlock.NextBlock != null) { //mDef.Body.SimplifyMacros(); instr = mDef.Body.Instructions[tmpBlock.StartIndex]; while (mDef.Body.Instructions.IndexOf(instr.Next) <= tmpBlock.EndIndex) { cleanBody.Add(instr); instr = instr.Next; if (instr == null) { break; } if (cleanBody.Count >= 10000) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Minor, Message = "Internal block error!" }; return(false); } } tmpBlock = tmpBlock.NextBlock; } instr = mDef.Body.Instructions[tmpBlock.StartIndex]; while (mDef.Body.Instructions.IndexOf(instr.Next) <= tmpBlock.EndIndex) { cleanBody.Add(instr); instr = instr.Next; if (instr == null) { break; } } if (cleanBody[cleanBody.Count - 1].OpCode != OpCodes.Ret) { cleanBody.Add(mDef.Body.GetILProcessor().Create(OpCodes.Ret)); } CleanJumps(ref cleanBody); finalList.Add(mDef, cleanBody); } blockList.Clear(); PhaseParam = finalList; return(true); }
public static bool Phase2() { var orig = PhaseParam; var inStream = new MemoryStream(); var stream2 = new FileStream(Globals.DeobContext.InPath, FileMode.Open, FileAccess.Read) { Position = orig }; byte[] buffer = new byte[stream2.Length - orig]; stream2.Read(buffer, 0, Convert.ToInt32(buffer.Length)); inStream.Write(buffer, 0, buffer.Length); inStream.Seek(0L, SeekOrigin.Begin); if (buffer.Length == 0) { PhaseError = new PhaseError { Level = PhaseError.ErrorLevel.Critical, Message = "Data buffer is empty!" }; return false; } Logger.VSLog(string.Format("Created memorystream ({0} bytes)...", buffer.Length)); PhaseParam = inStream; return true; }