byte[] DecryptResource_v18_r75367_normal(byte[] encrypted)
{
var key = GetSigKey();
var decrypted = ConfuserUtils.Decrypt(BitConverter.ToUInt32(key, 12) * (uint)key0, encrypted);
return(Decompress(DeobUtils.AesDecrypt(decrypted, key, DeobUtils.Md5Sum(key))));
}
byte[] DecryptAndDecompress(byte[] encrypted, byte[] key)
{
byte[] iv = DeobUtils.Md5Sum(key);
try {
return(Decompress(DeobUtils.AesDecrypt(encrypted, key, iv)));
}
catch {
return(DeobUtils.AesDecrypt(Decompress(encrypted), key, iv));
}
}
byte[] DecryptMethodsData_v14_r57884(MyPEImage peImage, bool hasStrongNameInfo)
{
var reader = peImage.Reader;
reader.Position = 0;
var md5SumData = reader.ReadBytes((int)peImage.OptionalHeader.CheckSum ^ (int)key0);
int csOffs = (int)peImage.OptionalHeader.StartOffset + 0x40;
Array.Clear(md5SumData, csOffs, 4);
/*var md5Sum =*/ DeobUtils.Md5Sum(md5SumData);
ulong checkSum = reader.ReadUInt64() ^ lkey0;
if (hasStrongNameInfo)
{
int sn = reader.ReadInt32();
int snLen = reader.ReadInt32();
if (sn != 0)
{
if (peImage.RvaToOffset((uint)peImage.Cor20Header.StrongNameSignature.VirtualAddress) != sn ||
peImage.Cor20Header.StrongNameSignature.Size != snLen)
{
throw new ApplicationException("Invalid sn and snLen");
}
Array.Clear(md5SumData, sn, snLen);
}
}
if (checkSum != CalcChecksum(md5SumData))
{
throw new ApplicationException("Invalid checksum. File has been modified.");
}
var iv = reader.ReadBytes(reader.ReadInt32() ^ (int)key2);
var encrypted = reader.ReadBytes(reader.ReadInt32() ^ (int)key3);
var decrypted = Decrypt(encrypted, iv, md5SumData);
if (BitConverter.ToInt16(decrypted, 0) != 0x6FD6)
{
throw new ApplicationException("Invalid magic");
}
return(decrypted);
}
protected static ulong CalcChecksum(byte[] data)
{
var sum = DeobUtils.Md5Sum(data);
return(BitConverter.ToUInt64(sum, 0) ^ BitConverter.ToUInt64(sum, 8));
}