public TextFileReader(
IReader reader,
IDecrypter decrypter,
ISecurityContext securityContext)
: base(reader, decrypter, securityContext)
{
}
bool readCodeHeader(uint offset)
{
codeHeader.signature = peImage.offsetReadBytes(offset, 16);
codeHeader.decryptionKey = peImage.offsetReadBytes(offset + 0x10, 16);
codeHeader.totalCodeSize = peImage.offsetReadUInt32(offset + 0x20);
codeHeader.numMethods = peImage.offsetReadUInt32(offset + 0x24);
codeHeader.methodDefTableOffset = peImage.offsetReadUInt32(offset + 0x28);
codeHeader.methodDefElemSize = peImage.offsetReadUInt32(offset + 0x2C);
if (Utils.compare(codeHeader.signature, normalSignature))
{
decrypter = new NormalDecrypter(peImage, codeHeader);
}
else if (Utils.compare(codeHeader.signature, proSignature))
{
decrypter = new ProDecrypter(peImage, codeHeader);
}
else
{
return(false);
}
if (codeHeader.totalCodeSize > 0x10000000)
{
return(false);
}
if (codeHeader.numMethods > 512 * 1024)
{
return(false);
}
return(true);
}
public object FromStream(ref BytePacker packer, IDecrypter decrypter)
{
BytePacker p = packer;
if (Compression == Compression.LZ4)
{
byte[] encoded = (byte[])byteArrayConverter.Deserialize(p);
byte[] data = LZ4Pickler.Unpickle(encoded);
if (decrypter != null)
{
data = decrypter.Decrypt(data);
}
p = new BytePacker(data);
}
else if (decrypter != null)
{
try
{
byte[] data = (byte[])encArrayConverter.Deserialize(p);
data = decrypter.Decrypt(data);
p = new BytePacker(data);
}
catch (Exception e)
{
Util.Log("FromStream:" + e.Message);
}
}
return(converter.Deserialize(p));
}
public MonoAlphaSetupViewModel(IDecrypter decrypter, IObservableText encryptedText)
{
this.decrypter = decrypter;
this.encryptedText = encryptedText;
LoadSampleTextCommand = new SimpleDelegateCommand(LoadSampleText);
encryptedText.TextChanged += OnEncryptedTextChanged;
}
void DecryptMethods(uint codeHeaderOffset, MDTable methodDefTable, ICsHeader csHeader, ref DumpedMethods dumpedMethods)
{
var methodInfos = csHeader.GetMethodInfos(codeHeaderOffset);
csHeader.PatchMethodTable(methodDefTable, methodInfos);
dumpedMethods = new DumpedMethods();
decrypter = csHeader.CreateDecrypter();
for (uint rid = 1; rid <= (uint)methodInfos.Count; rid++)
{
var methodInfo = methodInfos[(int)rid - 1];
if (methodInfo.codeOffs == 0)
{
continue;
}
var dm = new DumpedMethod();
peImage.ReadMethodTableRowTo(dm, rid);
var mbHeader = decrypter.Decrypt(methodInfo, out dm.code, out dm.extraSections);
peImage.UpdateMethodHeaderInfo(dm, mbHeader);
dumpedMethods.Add(dm);
}
}
public void Initialize()
{
RuntimeHelpers.RunModuleConstructor(reflectionModule.ModuleHandle);
var reflectionProtectAssembly = GetProtectAssembly();
if (reflectionProtectAssembly == null)
{
throw new ApplicationException("Could not find 'Protect' assembly");
}
reflectionProtectModule = reflectionProtectAssembly.ManifestModule;
moduleProtect = ModuleDefMD.Load(reflectionProtectModule);
protectMainType = FindMainType(moduleProtect);
if (protectMainType == null)
{
throw new ApplicationException("Could not find Protect.MainType");
}
var invokerField = FindInvokerField(module);
/*reflectionProtectMainType =*/ reflectionProtectModule.ResolveType(0x02000000 + (int)protectMainType.Rid);
invokerFieldInfo = reflectionModule.ResolveField(0x04000000 + (int)invokerField.Rid);
decrypter = CreateDecrypter();
if (decrypter == null)
{
throw new ApplicationException("Probably a new version. Could not create a decrypter.");
}
}
public void Find()
{
if (!mainType.Detected)
{
return;
}
switch (mainType.Version)
{
case ObfuscatorVersion.Unknown:
break;
case ObfuscatorVersion.V3:
case ObfuscatorVersion.V4_0:
case ObfuscatorVersion.V4_1:
decrypter = new Decrypter();
break;
case ObfuscatorVersion.V5_0:
decrypter = new DecrypterV5();
break;
default:
throw new ApplicationException("Unknown version");
}
}
public void Initialize()
{
encryptedText = MockRepository.GenerateMock<IObservableText>();
decrypter = MockRepository.GenerateMock<IDecrypter>();
target = new DecryptedText(encryptedText);
target.CurrentDecrypter = decrypter;
}
public byte[] Decrypt(byte[] encryptedData)
{
if (decrypter == null)
{
decrypter = CreateDecrypter(encryptedData);
}
return(decrypter.Decrypt(encryptedData));
}
protected AbstractFileReader(
IReader reader,
IDecrypter decrypter,
ISecurityContext securityContext)
{
_reader = reader;
_securityContext = securityContext;
_decrypter = decrypter;
}
public MockDecrypterViewModel()
{
monoAlphaDecrypter = new MonoAlphaDecrypter();
monoAlphaDecrypterViewModel = new MonoAlphaSetupViewModel(monoAlphaDecrypter, null);
decrypters = new List<IDecrypter>() {
new CaesarShiftDecrypter(),
new XORDecrypter(null, null, null),
monoAlphaDecrypter
};
}
public void Initialize(ISimpleDeobfuscator simpleDeobfuscator)
{
if (resourceDecrypterMethod == null)
{
return;
}
simpleDeobfuscator.Deobfuscate(resourceDecrypterMethod);
encryptedDataResource = FindMethodsDecrypterResource(resourceDecrypterMethod);
if (encryptedDataResource == null)
{
return;
}
var key = ArrayFinder.GetInitializedByteArray(resourceDecrypterMethod, 32);
if (key == null)
{
throw new ApplicationException("Could not find resource decrypter key");
}
var iv = ArrayFinder.GetInitializedByteArray(resourceDecrypterMethod, 16);
if (iv == null)
{
throw new ApplicationException("Could not find resource decrypter IV");
}
if (NeedReverse())
{
Array.Reverse(iv); // DNR 4.5.0.0
}
if (UsesPublicKeyToken())
{
var publicKeyToken = module.Assembly.PublicKeyToken;
if (publicKeyToken != null && publicKeyToken.Data.Length > 0)
{
for (int i = 0; i < 8; i++)
{
iv[i * 2 + 1] = publicKeyToken.Data[i];
}
}
}
var decrypterType = GetDecrypterType(resourceDecrypterMethod, new string[0]);
switch (decrypterType)
{
case DnrDecrypterType.V1: decrypter = new DecrypterV1(iv, key); break;
case DnrDecrypterType.V2: decrypter = new DecrypterV2(iv, key, resourceDecrypterMethod); break;
default: throw new ApplicationException("Unknown decrypter type");
}
}
public GetPaymentByIdHandler(
IMerchantEncryptionKeyGetter encryptionKeys,
IDecrypter decrypter,
IPaymentRecordReader paymentRecordReader,
IMerchantContext merchantContext)
{
_encryptionKeys = encryptionKeys;
_decrypter = decrypter;
_paymentRecordReader = paymentRecordReader;
_merchantContext = merchantContext;
}
public EncryptedResource(ModuleDefMD module, EncryptedResource oldOne)
{
this.module = module;
resourceDecrypterMethod = Lookup(oldOne.resourceDecrypterMethod, "Could not find resource decrypter method");
if (oldOne.encryptedDataResource != null)
{
encryptedDataResource = DotNetUtils.GetResource(module, oldOne.encryptedDataResource.Name.String) as EmbeddedResource;
}
this.decrypter = oldOne.decrypter;
if (encryptedDataResource == null && oldOne.encryptedDataResource != null)
{
throw new ApplicationException("Could not initialize EncryptedResource");
}
}
bool CheckMethodV2(MethodDef method)
{
if (!DeobUtils.HasInteger(method, ' '))
{
return(false);
}
foreach (var calledMethodName in callsMethodsV2)
{
if (!DotNetUtils.CallsMethod(method, calledMethodName))
{
return(false);
}
}
decrypter = new DecrypterV2();
return(true);
}
void initializeDecrypter()
{
switch (getVersion())
{
case EncryptionVersion.V1: decrypter = new Decrypter(this, typeToTypesV1); break;
case EncryptionVersion.V2: decrypter = new Decrypter(this, typeToTypesV2); break;
case EncryptionVersion.V3: decrypter = new Decrypter(this, typeToTypesV3); break;
case EncryptionVersion.V4: decrypter = new Decrypter(this, typeToTypesV4); break;
case EncryptionVersion.Unknown:
default:
throw new ApplicationException("Unknown MC version");
}
}
void OnReliableReceived(IPEndPoint endPoint, short channelId, byte[] data, int size)
{
if (channelId == (short)PreservedChannelId.Beacon)
{
}
else
{
IDataChannel channel;
if (dataChannelMap.TryGetValue(channelId, out channel))
{
BytePacker packer = new BytePacker(data);
IDecrypter decrypter = null;
if (channel.Encryption == Encryption.Rsa)
{
throw new InvalidOperationException("Client cant receive data via RSA channel.");
}
else if (channel.Encryption == Encryption.Aes)
{
decrypter = serverNode.AesDecrypter;
}
if (channel.CheckMode == CheckMode.Sequre || decrypter != null)
{
if (serverNode == null)
{
;
}
if (endPoint.Equals(serverNode.TcpEndPoint))
{
object container = channel.FromStream(ref packer, decrypter);
channel.Received(serverNode, container);
}
}
else
{
object container = channel.FromStream(ref packer, decrypter);
channel.Received(null, container);
}
}
}
}
public object FromStream(ref BytePacker packer, IDecrypter decrypter)
{
if (Compression == Compression.LZ4)
{
byte[] encoded = (byte[])byteArrayConverter.Deserialize(packer);
return(encoded);
}
else
{
int head = packer.Position;
int length = converter.GetDataSize(packer);
byte[] data = new byte[length];
Array.Copy(packer.Buffer, head, data, 0, length);
return(data);
}
}
byte[] Decrypt(IDecrypter decrypter, int type, uint dataOffset, uint encryptedSize, uint realSize)
{
if (realSize == 0)
{
return(null);
}
if (realSize > encryptedSize)
{
throw new ApplicationException("Invalid realSize");
}
var encrypted = ReadData(dataOffset, (int)encryptedSize);
var decrypted = decrypter.Decrypt(type, encrypted);
if (realSize > decrypted.Length)
{
throw new ApplicationException("Invalid decrypted length");
}
Array.Resize(ref decrypted, (int)realSize);
return(decrypted);
}
void OnReliableReceived(IPEndPoint endPoint, short channelId, byte[] data, int size)
{
if (channelId == (short)PreservedChannelId.Beacon)
{
return;
}
else if (channelId == (short)PreservedChannelId.Health)
{
return;
}
else
{
IDataChannel channel;
if (dataChannelMap.TryGetValue(channelId, out channel))
{
BytePacker packer = new BytePacker(data);
ComNode node;
if (nodeTcpMap.TryGetValue(endPoint, out node))
{
IDecrypter decrypter = null;
if (channel.Encryption == Encryption.Rsa)
{
decrypter = rsaDecrypter;
}
else if (channel.Encryption == Encryption.Aes)
{
decrypter = node.AesDecrypter;
}
object container = channel.FromStream(ref packer, decrypter);
channel.Received(node, container);
}
}
}
}
public void Find()
{
foreach (var type in module.GetTypes())
{
var cctor = type.FindStaticConstructor();
if (cctor == null)
{
continue;
}
decrypter = DecrypterV11.Create(cctor);
if (decrypter != null)
{
break;
}
decrypter = DecrypterV21.Create(cctor);
if (decrypter != null)
{
break;
}
}
}
bool CheckMethodV1(MethodDef method)
{
var salt = GetSalt(method);
if (salt == null)
{
return(false);
}
var password = GetPassword(method);
if (string.IsNullOrEmpty(password))
{
return(false);
}
var passwordBytes = new Rfc2898DeriveBytes(password, salt);
var key = passwordBytes.GetBytes(16);
var iv = passwordBytes.GetBytes(8);
decrypter = new DecrypterV1(key, iv);
return(true);
}
void decryptMethods(uint codeHeaderOffset, MetadataType methodDefTable, ICsHeader csHeader, ref DumpedMethods dumpedMethods)
{
var methodInfos = csHeader.getMethodInfos(codeHeaderOffset);
csHeader.patchMethodDefTable(methodDefTable, methodInfos);
dumpedMethods = new DumpedMethods();
uint offset = methodDefTable.fileOffset;
decrypter = csHeader.createDecrypter();
for (int i = 0; i < methodInfos.Count; i++, offset += methodDefTable.totalSize)
{
var methodInfo = methodInfos[i];
if (methodInfo.codeOffs == 0)
{
continue;
}
var dm = new DumpedMethod();
dm.token = 0x06000001 + (uint)i;
dm.mdImplFlags = peImage.offsetReadUInt16(offset + (uint)methodDefTable.fields[1].offset);
dm.mdFlags = peImage.offsetReadUInt16(offset + (uint)methodDefTable.fields[2].offset);
dm.mdName = peImage.offsetRead(offset + (uint)methodDefTable.fields[3].offset, methodDefTable.fields[3].size);
dm.mdSignature = peImage.offsetRead(offset + (uint)methodDefTable.fields[4].offset, methodDefTable.fields[4].size);
dm.mdParamList = peImage.offsetRead(offset + (uint)methodDefTable.fields[5].offset, methodDefTable.fields[5].size);
var mbHeader = decrypter.decrypt(methodInfo, out dm.code, out dm.extraSections);
dm.mhFlags = mbHeader.flags;
dm.mhMaxStack = mbHeader.maxStack;
dm.mhCodeSize = (uint)dm.code.Length;
dm.mhLocalVarSigTok = mbHeader.localVarSigTok;
dumpedMethods.add(dm);
}
}
public byte[] decrypt(byte[] encryptedData)
{
if (decrypter == null)
decrypter = createDecrypter(encryptedData);
return decrypter.decrypt(encryptedData);
}
public void find()
{
if (!mainType.Detected)
return;
switch (mainType.Version) {
case ObfuscatorVersion.Unknown:
break;
case ObfuscatorVersion.V3:
case ObfuscatorVersion.V4_0:
case ObfuscatorVersion.V4_1:
decrypter = new Decrypter();
break;
case ObfuscatorVersion.V5_0:
decrypter = new DecrypterV5();
break;
default:
throw new ApplicationException("Unknown version");
}
}
bool CheckMethodV2(MethodDef method) {
if (!DeobUtils.HasInteger(method, ' '))
return false;
foreach (var calledMethodName in callsMethodsV2) {
if (!DotNetUtils.CallsMethod(method, calledMethodName))
return false;
}
decrypter = new DecrypterV2();
return true;
}
bool CheckMethodV1(MethodDef method) {
var salt = GetSalt(method);
if (salt == null)
return false;
var password = GetPassword(method);
if (string.IsNullOrEmpty(password))
return false;
var passwordBytes = new PasswordDeriveBytes(password, salt);
var key = passwordBytes.GetBytes(16);
var iv = passwordBytes.GetBytes(8);
decrypter = new DecrypterV1(key, iv);
return true;
}
bool checkResourceV105(IBinaryReader reader)
{
decrypter = DecrypterV105.create(reader);
return decrypter != null;
}
bool InitializeInfos2(IDecrypter decrypter)
{
int numMethods = ReadInt32(0) ^ ReadInt32(4);
if (numMethods < 0)
{
throw new ApplicationException("Invalid number of encrypted methods");
}
xorKey = (uint)numMethods;
int numEncryptedDataInfos = ((int)structSize - 0xC) / ENCRYPTED_DATA_INFO_SIZE;
var encryptedDataInfos = new byte[numEncryptedDataInfos][];
uint offset = 8;
infos.Clear();
for (int i = 0; i < numMethods; i++, offset += structSize)
{
uint methodBodyRva = ReadEncryptedUInt32(offset);
uint totalSize = ReadEncryptedUInt32(offset + 4);
/*uint methodInstructionRva =*/ ReadEncryptedUInt32(offset + 8);
// Read the method body header and method body (instrs + exception handlers).
// The method body header is always in the first one. The instrs + ex handlers
// are always in the last 4, and evenly divided (each byte[] is totalLen / 4).
// The 2nd one is for the exceptions (or padding), but it may be null.
uint offset2 = offset + 0xC;
int exOffset = 0;
for (int j = 0; j < encryptedDataInfos.Length; j++, offset2 += ENCRYPTED_DATA_INFO_SIZE)
{
// readByte(offset2); <-- index
int encryptionType = ReadEncryptedInt16(offset2 + 1);
uint dataOffset = ReadEncryptedUInt32(offset2 + 3);
uint encryptedSize = ReadEncryptedUInt32(offset2 + 7);
uint realSize = ReadEncryptedUInt32(offset2 + 11);
if (j >= 3 && dataOffset == xorKey && encryptedSize == xorKey)
{
encryptedDataInfos[j] = null;
continue;
}
if (j == 1)
{
exOffset = ReadEncryptedInt32(offset2 + 15);
}
if (j == 1 && exOffset == 0)
{
encryptedDataInfos[j] = null;
}
else
{
encryptedDataInfos[j] = Decrypt(decrypter, encryptionType, dataOffset, encryptedSize, realSize);
}
}
var decryptedData = new byte[totalSize];
int copyOffset = 0;
copyOffset = CopyData(decryptedData, encryptedDataInfos[0], copyOffset);
for (int j = 2; j < encryptedDataInfos.Length; j++)
{
copyOffset = CopyData(decryptedData, encryptedDataInfos[j], copyOffset);
}
CopyData(decryptedData, encryptedDataInfos[1], exOffset); // Exceptions or padding
if (!MethodBodyParser.Verify(decryptedData))
{
throw new InvalidMethodBody();
}
var info = new DecryptedMethodInfo(methodBodyRva, decryptedData);
infos[info.bodyRva] = info;
}
return(true);
}
bool CheckResourceV106(IBinaryReader reader)
{
decrypter = DecrypterV106.Create(reader);
return(decrypter != null);
}
bool readCodeHeader(uint offset)
{
codeHeader.signature = peImage.offsetReadBytes(offset, 16);
codeHeader.decryptionKey = peImage.offsetReadBytes(offset + 0x10, 16);
codeHeader.totalCodeSize = peImage.offsetReadUInt32(offset + 0x20);
codeHeader.numMethods = peImage.offsetReadUInt32(offset + 0x24);
codeHeader.methodDefTableOffset = peImage.offsetReadUInt32(offset + 0x28);
codeHeader.methodDefElemSize = peImage.offsetReadUInt32(offset + 0x2C);
if (Utils.compare(codeHeader.signature, normalSignature))
decrypter = new NormalDecrypter(peImage, codeHeader);
else if (Utils.compare(codeHeader.signature, proSignature))
decrypter = new ProDecrypter(peImage, codeHeader);
else
return false;
if (codeHeader.totalCodeSize > 0x10000000)
return false;
if (codeHeader.numMethods > 512*1024)
return false;
return true;
}
bool checkResourceV105(IBinaryReader reader)
{
decrypter = DecrypterV105.create(reader);
return(decrypter != null);
}
void DecryptMethods(uint codeHeaderOffset, MDTable methodDefTable, ICsHeader csHeader, ref DumpedMethods dumpedMethods) {
var methodInfos = csHeader.GetMethodInfos(codeHeaderOffset);
csHeader.PatchMethodTable(methodDefTable, methodInfos);
dumpedMethods = new DumpedMethods();
decrypter = csHeader.CreateDecrypter();
for (uint rid = 1; rid <= (uint)methodInfos.Count; rid++) {
var methodInfo = methodInfos[(int)rid - 1];
if (methodInfo.codeOffs == 0)
continue;
var dm = new DumpedMethod();
peImage.ReadMethodTableRowTo(dm, rid);
var mbHeader = decrypter.Decrypt(methodInfo, out dm.code, out dm.extraSections);
peImage.UpdateMethodHeaderInfo(dm, mbHeader);
dumpedMethods.Add(dm);
}
}
public Library(IDecrypter decrypter, IAuthenticate authenticator)
{
_decrypter = decrypter;
_authenticator = authenticator;
}
public void Initialize() {
RuntimeHelpers.RunModuleConstructor(reflectionModule.ModuleHandle);
var reflectionProtectAssembly = GetProtectAssembly();
if (reflectionProtectAssembly == null)
throw new ApplicationException("Could not find 'Protect' assembly");
reflectionProtectModule = reflectionProtectAssembly.ManifestModule;
moduleProtect = ModuleDefMD.Load(reflectionProtectModule);
protectMainType = FindMainType(moduleProtect);
if (protectMainType == null)
throw new ApplicationException("Could not find Protect.MainType");
var invokerField = FindInvokerField(module);
reflectionProtectMainType = reflectionProtectModule.ResolveType(0x02000000 + (int)protectMainType.Rid);
invokerFieldInfo = reflectionModule.ResolveField(0x04000000 + (int)invokerField.Rid);
decrypter = CreateDecrypter();
if (decrypter == null)
throw new ApplicationException("Probably a new version. Could not create a decrypter.");
}
void OnUnreliableReceived(IPEndPoint endPoint, byte[] data, int size)
{
int head = 0;
while (head < size)
{
BytePacker packer = new BytePacker(data);
short datasize = packer.ReadShort();
#if DISABLE_CHANNEL_VARINT
short channelId = packer.ReadShort();
#else
int s = 0;
short channelId = VarintBitConverter.ToShort(packer, out s);
#endif
IDataChannel channel;
if (dataChannelMap.TryGetValue(channelId, out channel))
{
if (channelId == (short)PreservedChannelId.Beacon)
{
}
else if (channelId == (short)PreservedChannelId.UdpNotify)
{
IssueIdData idData = (IssueIdData)channel.FromStream(ref packer);
try
{
userNodeMapLock.AcquireReaderLock(1000);
ComNode n;
if (userNodeMap.TryGetValue(idData.Id, out n))
{
//Util.Log("UdpUserName:" + userName);
ComSnowballNode node = (ComSnowballNode)n;
if (node.UdpEndPoint == null && node.AesDecrypter != null)
{
byte[] decrypted = node.AesDecrypter.Decrypt(idData.encryptionData);
if (decrypted.SequenceEqual(Global.UdpRawData))
{
node.UdpEndPoint = endPoint;
if (nodeUdpMap.ContainsKey(endPoint))
{
nodeUdpMap.Remove(endPoint);
}
nodeUdpMap.Add(endPoint, node);
SendInternal(node, (short)PreservedChannelId.UdpNotifyAck, endPoint.Port);
byte[] key = GenerateTmpKey();
node.TmpKey = key;
SendInternal(node, (short)PreservedChannelId.Health, key);
node.IsConnected = true;
if (OnConnected != null)
{
OnConnected(node);
}
}
}
}
}
finally
{
userNodeMapLock.ReleaseReaderLock();
}
}
else
{
if (channel.CheckMode == CheckMode.Sequre || channel.Encryption == Encryption.Aes)
{
ComNode node;
if (nodeUdpMap.TryGetValue(endPoint, out node))
{
IDecrypter decrypter = null;
if (channel.Encryption == Encryption.Rsa)
{
decrypter = rsaDecrypter;
}
else if (channel.Encryption == Encryption.Aes)
{
decrypter = node.AesDecrypter;
}
object container = channel.FromStream(ref packer, decrypter);
channel.Received(node, container);
}
}
else
{
IDecrypter decrypter = null;
if (channel.Encryption == Encryption.Rsa)
{
decrypter = rsaDecrypter;
}
object container = channel.FromStream(ref packer, decrypter);
channel.Received(null, container);
}
}
}
head += datasize + 4;
}
}
bool CheckResourceV106(ref DataReader reader)
{
decrypter = DecrypterV106.Create(ref reader);
return(decrypter != null);
}
bool CheckResourceV106(IBinaryReader reader) {
decrypter = DecrypterV106.Create(reader);
return decrypter != null;
}
void initializeDecrypter()
{
switch (getVersion()) {
case EncryptionVersion.V1:
decrypter = new DecrypterV1(this);
break;
case EncryptionVersion.V2:
decrypter = new DecrypterV2(this);
break;
case EncryptionVersion.V3:
decrypter = new DecrypterV3(this);
break;
case EncryptionVersion.Unknown:
default:
throw new ApplicationException("Unknown MC version");
}
}
public void Find() {
foreach (var type in module.GetTypes()) {
var cctor = type.FindStaticConstructor();
if (cctor == null)
continue;
decrypter = DecrypterV11.Create(cctor);
if (decrypter != null)
break;
decrypter = DecrypterV21.Create(cctor);
if (decrypter != null)
break;
}
}
void OnUnreliableReceived(IPEndPoint endPoint, byte[] data, int size)
{
int head = 0;
while (head < size)
{
BytePacker packer = new BytePacker(data);
short datasize = packer.ReadShort();
#if DISABLE_CHANNEL_VARINT
short channelId = packer.ReadShort();
#else
int s = 0;
short channelId = VarintBitConverter.ToShort(packer, out s);
#endif
if (channelId == (short)PreservedChannelId.Beacon)
{
if (acceptBeacon && !isConnecting && !IsTcpConnected)
{
string beaconData = (string)DataSerializer.Deserialize <string>(packer);
if (BeaconAccept(beaconData))
{
Connect(endPoint.Address.ToString());
}
}
}
else
{
IDataChannel channel;
if (dataChannelMap.TryGetValue(channelId, out channel))
{
if (channelId == (short)PreservedChannelId.Health)
{
if (serverNode == null)
{
break;
}
if (serverNode.UdpEndPoint == null && serverNode.TcpEndPoint.Address.Equals(endPoint.Address))
{
serverNode.UdpEndPoint = endPoint;
}
}
if (channel.CheckMode == CheckMode.Sequre)
{
IDecrypter decrypter = null;
if (channel.Encryption == Encryption.Rsa)
{
throw new InvalidOperationException("Client cant receive data via RSA channel.");
}
else if (channel.Encryption == Encryption.Aes)
{
decrypter = serverNode.AesDecrypter;
}
if (serverNode == null)
{
break;
}
if (endPoint.Address.Equals(serverNode.UdpEndPoint.Address))
{
object container = channel.FromStream(ref packer, decrypter);
channel.Received(serverNode, container);
}
}
else
{
IDecrypter decrypter = null;
if (channel.Encryption == Encryption.Rsa)
{
throw new InvalidOperationException("Client cant receive data via RSA channel.");
}
else if (channel.Encryption == Encryption.Aes)
{
decrypter = serverNode.AesDecrypter;
}
object container = channel.FromStream(ref packer, decrypter);
channel.Received(serverNode, container);
}
}
}
head += datasize + 4;
}
}
private void SetCorrespondingViewModel(IDecrypter decryptionAlgorithm)
{
var decryptionAlgorithmIndex = Decrypters.FindIndex(x => x == decryptionAlgorithm);
CurrentDecrypterViewModel = DecrypterViewModels[decryptionAlgorithmIndex];
}
public DecryptionDecorator(IFileReader fileReader, IDecrypter decrypter)
{
this.fileReader = fileReader ?? throw new ArgumentNullException("fileReader");
this.decrypter = decrypter ?? throw new ArgumentNullException("decrypter");
}
byte[] Decrypt(IDecrypter decrypter, int type, uint dataOffset, uint encryptedSize, uint realSize) {
if (realSize == 0)
return null;
if (realSize > encryptedSize)
throw new ApplicationException("Invalid realSize");
var encrypted = ReadData(dataOffset, (int)encryptedSize);
var decrypted = decrypter.Decrypt(type, encrypted);
if (realSize > decrypted.Length)
throw new ApplicationException("Invalid decrypted length");
Array.Resize(ref decrypted, (int)realSize);
return decrypted;
}
private void Form1_Load(object sender, EventArgs e)
{
encrypter = new MyEncrypter();
decrypter = new MyDecrypter();
}
bool InitializeInfos2(IDecrypter decrypter) {
int numMethods = ReadInt32(0) ^ ReadInt32(4);
if (numMethods < 0)
throw new ApplicationException("Invalid number of encrypted methods");
xorKey = (uint)numMethods;
int numEncryptedDataInfos = ((int)structSize - 0xC) / ENCRYPTED_DATA_INFO_SIZE;
var encryptedDataInfos = new byte[numEncryptedDataInfos][];
uint offset = 8;
infos.Clear();
for (int i = 0; i < numMethods; i++, offset += structSize) {
uint methodBodyRva = ReadEncryptedUInt32(offset);
uint totalSize = ReadEncryptedUInt32(offset + 4);
uint methodInstructionRva = ReadEncryptedUInt32(offset + 8);
// Read the method body header and method body (instrs + exception handlers).
// The method body header is always in the first one. The instrs + ex handlers
// are always in the last 4, and evenly divided (each byte[] is totalLen / 4).
// The 2nd one is for the exceptions (or padding), but it may be null.
uint offset2 = offset + 0xC;
int exOffset = 0;
for (int j = 0; j < encryptedDataInfos.Length; j++, offset2 += ENCRYPTED_DATA_INFO_SIZE) {
// readByte(offset2); <-- index
int encryptionType = ReadEncryptedInt16(offset2 + 1);
uint dataOffset = ReadEncryptedUInt32(offset2 + 3);
uint encryptedSize = ReadEncryptedUInt32(offset2 + 7);
uint realSize = ReadEncryptedUInt32(offset2 + 11);
if (j >= 3 && dataOffset == xorKey && encryptedSize == xorKey) {
encryptedDataInfos[j] = null;
continue;
}
if (j == 1)
exOffset = ReadEncryptedInt32(offset2 + 15);
if (j == 1 && exOffset == 0)
encryptedDataInfos[j] = null;
else
encryptedDataInfos[j] = Decrypt(decrypter, encryptionType, dataOffset, encryptedSize, realSize);
}
var decryptedData = new byte[totalSize];
int copyOffset = 0;
copyOffset = CopyData(decryptedData, encryptedDataInfos[0], copyOffset);
for (int j = 2; j < encryptedDataInfos.Length; j++)
copyOffset = CopyData(decryptedData, encryptedDataInfos[j], copyOffset);
CopyData(decryptedData, encryptedDataInfos[1], exOffset); // Exceptions or padding
if (!MethodBodyParser.Verify(decryptedData))
throw new InvalidMethodBody();
var info = new DecryptedMethodInfo(methodBodyRva, decryptedData);
infos[info.bodyRva] = info;
}
return true;
}
void decryptMethods(uint codeHeaderOffset, MetadataType methodDefTable, ICsHeader csHeader, ref DumpedMethods dumpedMethods)
{
var methodInfos = csHeader.getMethodInfos(codeHeaderOffset);
csHeader.patchMethodDefTable(methodDefTable, methodInfos);
dumpedMethods = new DumpedMethods();
uint offset = methodDefTable.fileOffset;
decrypter = csHeader.createDecrypter();
for (int i = 0; i < methodInfos.Count; i++, offset += methodDefTable.totalSize) {
var methodInfo = methodInfos[i];
if (methodInfo.codeOffs == 0)
continue;
var dm = new DumpedMethod();
dm.token = 0x06000001 + (uint)i;
dm.mdImplFlags = peImage.offsetReadUInt16(offset + (uint)methodDefTable.fields[1].offset);
dm.mdFlags = peImage.offsetReadUInt16(offset + (uint)methodDefTable.fields[2].offset);
dm.mdName = peImage.offsetRead(offset + (uint)methodDefTable.fields[3].offset, methodDefTable.fields[3].size);
dm.mdSignature = peImage.offsetRead(offset + (uint)methodDefTable.fields[4].offset, methodDefTable.fields[4].size);
dm.mdParamList = peImage.offsetRead(offset + (uint)methodDefTable.fields[5].offset, methodDefTable.fields[5].size);
var mbHeader = decrypter.decrypt(methodInfo, out dm.code, out dm.extraSections);
dm.mhFlags = mbHeader.flags;
dm.mhMaxStack = mbHeader.maxStack;
dm.mhCodeSize = (uint)dm.code.Length;
dm.mhLocalVarSigTok = mbHeader.localVarSigTok;
dumpedMethods.add(dm);
}
}
void initializeDecrypter()
{
switch (getVersion()) {
case EncryptionVersion.V1: decrypter = new Decrypter(this, typeToTypesV1); break;
case EncryptionVersion.V2: decrypter = new Decrypter(this, typeToTypesV2); break;
case EncryptionVersion.V3: decrypter = new Decrypter(this, typeToTypesV3); break;
case EncryptionVersion.V4: decrypter = new Decrypter(this, typeToTypesV4); break;
case EncryptionVersion.Unknown:
default:
throw new ApplicationException("Unknown MC version");
}
}
public DecrypterService(IReader <BaseModel> baseReader, IReader <List <ValuesModel> > valuesReader, IDecrypter decrypter)
{
this.BaseReader = baseReader;
this.ValuesReader = valuesReader;
this.Decrypter = decrypter;
}