int[] Decrypt(int[] data)
{
var memStream = new MemoryStream();
var writer = new BinaryWriter(memStream);
foreach (var value in data)
{
writer.Write(value);
}
byte[] decrypted;
try {
decrypted = DeobUtils.AesDecrypt(memStream.ToArray(), decryptMethod.Key, decryptMethod.Iv);
}
catch {
return(null);
}
if (decrypted.Length / 4 * 4 != decrypted.Length)
{
return(null);
}
var newData = new int[decrypted.Length / 4];
for (int i = 0; i < newData.Length; i++)
{
newData[i] = BitConverter.ToInt32(decrypted, i * 4);
}
return(newData);
}
public string Decrypt(MethodDef method, int offset)
{
var info = GetDecrypterInfo(method);
if (info.key == null)
{
int length = BitConverter.ToInt32(decryptedData, offset);
return(Encoding.Unicode.GetString(decryptedData, offset + 4, length));
}
else
{
byte[] encryptedStringData;
if (stringDecrypterVersion == StringDecrypterVersion.VER_37)
{
int fileOffset = BitConverter.ToInt32(decryptedData, offset);
int length = BitConverter.ToInt32(fileData, fileOffset);
encryptedStringData = new byte[length];
Array.Copy(fileData, fileOffset + 4, encryptedStringData, 0, length);
}
else if (stringDecrypterVersion == StringDecrypterVersion.VER_38)
{
uint rva = BitConverter.ToUInt32(decryptedData, offset);
int length = peImage.ReadInt32(rva);
encryptedStringData = peImage.ReadBytes(rva + 4, length);
}
else
{
throw new ApplicationException("Unknown string decrypter version");
}
return(Encoding.Unicode.GetString(DeobUtils.AesDecrypt(encryptedStringData, info.key, info.iv)));
}
}
byte[] DecryptResource_v18_r75367_normal(byte[] encrypted)
{
var key = GetSigKey();
var decrypted = ConfuserUtils.Decrypt(BitConverter.ToUInt32(key, 12) * (uint)key0, encrypted);
return(Decompress(DeobUtils.AesDecrypt(decrypted, key, DeobUtils.Md5Sum(key))));
}
byte[] Decrypt_v17_r75076(byte[] data)
{
var reader = new BinaryReader(new MemoryStream(data));
data = Decrypt_v15_r60785(reader, out var key, out var iv);
return(SevenZipDecompress(DeobUtils.AesDecrypt(data, key, iv)));
}
byte[] Decrypt_v17_r73404(byte[] data)
{
var reader = new BinaryReader(new MemoryStream(data));
data = Decrypt_v15_r60785(reader, out var key, out var iv);
reader = new BinaryReader(new MemoryStream(DeobUtils.Inflate(DeobUtils.AesDecrypt(data, key, iv), true)));
return(reader.ReadBytes(reader.ReadInt32()));
}
static byte[] Decrypt(PasswordInfo password, byte[] data)
{
const int iterations = 2;
const int numBits = 0x100;
var key = new Rfc2898DeriveBytes(password.passphrase, Encoding.UTF8.GetBytes(password.salt), iterations).GetBytes(numBits / 8);
return(DeobUtils.AesDecrypt(data, key, Encoding.UTF8.GetBytes(password.iv)));
}
public byte[] Decrypt()
{
if (encryptedDataResource == null || key == null || iv == null)
{
throw new ApplicationException("Can't decrypt resource");
}
return(DeobUtils.AesDecrypt(encryptedDataResource.GetResourceData(), key, iv));
}
byte[] DecryptAndDecompress(byte[] encrypted, byte[] key)
{
byte[] iv = DeobUtils.Md5Sum(key);
try {
return(Decompress(DeobUtils.AesDecrypt(encrypted, key, iv)));
}
catch {
return(DeobUtils.AesDecrypt(Decompress(encrypted), key, iv));
}
}
UnpackedFile UnpackEmbeddedFile(MyPEImage peImage, int index, ApplicationModeDecrypter decrypter)
{
uint offset = 0;
for (int i = 0; i < index + 1; i++)
{
offset += sizes[i];
}
string filename = Win32Path.GetFileName(filenames[index]);
var data = peImage.OffsetReadBytes(offset, (int)sizes[index + 1]);
data = DeobUtils.AesDecrypt(data, decrypter.AssemblyKey, decrypter.AssemblyIv);
data = Decompress(data);
return(new UnpackedFile(filename, data));
}
protected byte[] Decrypt(byte[] encrypted, byte[] iv, byte[] streamsBuffer)
{
var decrypted = DeobUtils.AesDecrypt(encrypted, DeobUtils.Sha256Sum(streamsBuffer), iv);
var sha = SHA512.Create();
var hash = sha.ComputeHash(streamsBuffer);
for (int i = 0; i < decrypted.Length; i += 64)
{
int j;
for (j = 0; j < 64 && i + j < decrypted.Length; j++)
{
decrypted[i + j] ^= (byte)(hash[j] ^ key6);
}
hash = sha.ComputeHash(decrypted, i, j);
}
return(decrypted);
}
public byte[] Decrypt(EmbeddedResource resource)
{
return(DeobUtils.AesDecrypt(resource.GetResourceData(), key, iv));
}
byte[] Decrypt(byte[] encrypted)
{
var keyGenerator = new PasswordDeriveBytes(resourcePassword, Encoding.ASCII.GetBytes(resourceSalt));
return(DeobUtils.Inflate(DeobUtils.AesDecrypt(encrypted, keyGenerator.GetBytes(32), keyGenerator.GetBytes(16)), false));
}
static byte[] Decrypt2(byte[] data)
{
return(DeobUtils.AesDecrypt(data, key2, iv2));
}
static byte[] Decrypt1(byte[] data)
{
return(DeobUtils.AesDecrypt(data, key1, iv1));
}