Exemple #1
0
        byte[] Encrypt(byte[] asm, int key0)
        {
            RijndaelManaged rijn = ObfuscationHelper.CreateRijndael();

            int dictionary = 1 << 23;

            Int32 posStateBits   = 2;
            Int32 litContextBits = 3; // for normal files
            // UInt32 litContextBits = 0; // for 32-bit data
            Int32 litPosBits = 0;
            // UInt32 litPosBits = 2; // for 32-bit data
            Int32  algorithm    = 2;
            Int32  numFastBytes = 128;
            string mf           = "bt4";

            SevenZip.CoderPropID[] propIDs =
            {
                SevenZip.CoderPropID.DictionarySize,
                SevenZip.CoderPropID.PosStateBits,
                SevenZip.CoderPropID.LitContextBits,
                SevenZip.CoderPropID.LitPosBits,
                SevenZip.CoderPropID.Algorithm,
                SevenZip.CoderPropID.NumFastBytes,
                SevenZip.CoderPropID.MatchFinder,
                SevenZip.CoderPropID.EndMarker
            };
            object[] properties =
            {
                (int)dictionary,
                (int)posStateBits,
                (int)litContextBits,
                (int)litPosBits,
                (int)algorithm,
                (int)numFastBytes,
                mf,
                false
            };

            MemoryStream final   = new MemoryStream();
            var          encoder = new SevenZip.Compression.LZMA.Encoder();

            encoder.SetCoderProperties(propIDs, properties);
            encoder.WriteCoderProperties(final);
            Int64 fileSize;

            fileSize = asm.Length;
            for (int i = 0; i < 8; i++)
            {
                final.WriteByte((Byte)(fileSize >> (8 * i)));
            }
            encoder.Code(new MemoryStream(asm), final, -1, -1, null);

            var dat = new MemoryStream();

            using (var x = new CryptoStream(dat, rijn.CreateEncryptor(), CryptoStreamMode.Write))
            {
                x.Write(BitConverter.GetBytes(asm.Length), 0, 4);
                x.Write(final.ToArray(), 0, (int)final.Length);
            }

            byte[] key = rijn.Key;
            for (int j = 0; j < key.Length; j += 4)
            {
                key[j + 0] ^= (byte)((key0 & 0x000000ff) + 51 >> 0);
                key[j + 1] ^= (byte)((key0 & 0x0000ff00) - 51 >> 8);
                key[j + 2] ^= (byte)((key0 & 0x00ff0000) + 51 >> 16);
                key[j + 3] ^= (byte)((key0 & 0xff000000) - 51 >> 24);
            }
            MemoryStream str = new MemoryStream();

            using (BinaryWriter wtr = new BinaryWriter(str))
            {
                byte[] b = dat.ToArray();
                wtr.Write(b.Length);
                wtr.Write(b);
                wtr.Write(rijn.IV.Length);
                wtr.Write(rijn.IV);
                wtr.Write(key.Length);
                wtr.Write(key);
            }
            return(str.ToArray());
        }
Exemple #2
0
        public override string[] Pack(ConfuserParameter crParam, PackerParameter param)
        {
            ModuleDefinition originMain = param.Assemblies.Single(_ => _.IsMain).Assembly.MainModule;
            int originIndex             = Array.IndexOf(param.Modules, originMain);
            var asm = AssemblyDefinition.CreateAssembly(originMain.Assembly.Name, modName, new ModuleParameters()
            {
                Architecture = originMain.Architecture, Kind = oKind, Runtime = originMain.Runtime
            });
            ModuleDefinition mod = asm.MainModule;

            mod.Attributes |= (originMain.Attributes & ModuleAttributes.Required32Bit); // added -- christallire - to prevent BadImageFormatException, Stub assembly need to set ModuleAttribute.Required32Bit if oringinMain has one.
            hash            = new ByteBuffer(SHA1Managed.Create().ComputeHash(param.PEs[originIndex]));

            int key0 = Random.Next(0, 0xff);
            int key1 = Random.Next(0, 0xff);
            int key2 = Random.Next(0, 0xff);

            Database.AddEntry("Compressor", "Key0", key0);
            Database.AddEntry("Compressor", "Key1", key1);
            Database.AddEntry("Compressor", "Key2", key2);


            ulong e = 0x47;
            ulong p = (ulong)Random.Next(0x1000, 0x10000);

            while (!isPrime(p) || (p - 1) % e == 0)
            {
                p = (ulong)Random.Next(0x1000, 0x10000);
            }
            ulong q = (ulong)Random.Next(0x1000, 0x10000);

            while (!isPrime(q) || (q - 1) % e == 0)
            {
                q = (ulong)Random.Next(0x1000, 0x10000);
            }
            ulong n  = p * q;
            ulong n_ = (p - 1) * (q - 1);
            ulong d  = modInv(e, n_);

            Database.AddEntry("Compressor", "p", p);
            Database.AddEntry("Compressor", "q", q);
            Database.AddEntry("Compressor", "n", n);
            Database.AddEntry("Compressor", "d", d);


            EmbeddedResource res = new EmbeddedResource(ObfuscationHelper.GetRandomName(), ManifestResourceAttributes.Private, Encrypt(param.PEs[originIndex], key0));

            mod.Resources.Add(res);
            for (int i = 1; i < param.Modules.Length; i++)
            {
                if (param.Modules[i].IsMain)
                {
                    mod.Resources.Add(new EmbeddedResource(GetNewName(param.Modules[i].Assembly.Name.FullName, key2), ManifestResourceAttributes.Private, Encrypt(param.PEs[i], key0)));
                }
                else
                {
                    mod.Resources.Add(new EmbeddedResource(GetNewName(param.Modules[i].Name, key2), ManifestResourceAttributes.Private, Encrypt(param.PEs[i], key1)));  //TODO: Support for multi-module asssembly
                }
            }
            AssemblyDefinition ldrC = AssemblyDefinition.ReadAssembly(typeof(Iid).Assembly.Location);
            ldrC.MainModule.ReadSymbols();
            TypeDefinition t = CecilHelper.Inject(mod, ldrC.MainModule.GetType("CompressShell"));

            Mutator mutator = new Mutator();
            mutator.IntKeys = new int[]
            {
                key0,
                key1,
                key2
            };
            mutator.LongKeys = new long[]
            {
                (long)modPow(entryPoint, d, n),
                (long)n
            };
            mutator.StringKeys = new string[] { res.Name };
            mutator.Mutate(Random, t, mod);


            t.Namespace       = "";
            t.DeclaringType   = null;
            t.IsNestedPrivate = false;
            t.IsNotPublic     = true;
            mod.Types.Add(t);

            //MethodDefinition cctor = new MethodDefinition(".cctor", MethodAttributes.Private | MethodAttributes.HideBySig |
            //                                                MethodAttributes.SpecialName | MethodAttributes.RTSpecialName |
            //                                                MethodAttributes.Static, mod.TypeSystem.Void);
            //mod.GetType("<Module>").Methods.Add(cctor);
            //MethodBody bdy = cctor.Body = new MethodBody(cctor);
            //ILProcessor psr = bdy.GetILProcessor();
            //psr.Emit(OpCodes.Call, mod.Import(typeof(AppDomain).GetProperty("CurrentDomain").GetGetMethod()));
            //psr.Emit(OpCodes.Ldnull);
            //psr.Emit(OpCodes.Ldftn, t.Methods.FirstOrDefault(mtd => mtd.Name == "DecryptAsm"));
            //psr.Emit(OpCodes.Newobj, mod.Import(typeof(ResolveEventHandler).GetConstructor(new Type[] { typeof(object), typeof(IntPtr) })));
            //psr.Emit(OpCodes.Callvirt, mod.Import(typeof(AppDomain).GetEvent("AssemblyResolve").GetAddMethod()));
            //psr.Emit(OpCodes.Ret);

            MethodDefinition main = t.Methods.FirstOrDefault(mtd => mtd.Name == "Main");
            mod.EntryPoint = main;

            return(ProtectStub(asm));
        }