/// <summary> /// Parse certain executable resources for encryption passphrase. /// Returns null if no passphrase found. /// </summary> public static string GetPassFromExe(string filename) { using (var exe = new ExeFile.ResourceAccessor(filename)) { var code = exe.GetResource("DATA", "V_CODE2"); if (null == code || code.Length < 8) { return(null); } var key = exe.GetResource("KEY", "KEY_CODE"); if (null != key) { for (int i = 0; i < key.Length; ++i) { key[i] ^= 0xCD; } } else { key = Encoding.ASCII.GetBytes("windmill"); } var blowfish = new Blowfish(key); blowfish.Decipher(code, code.Length / 8 * 8); int length = Array.IndexOf <byte> (code, 0); if (-1 == length) { length = code.Length; } return(Encodings.cp932.GetString(code, 0, length)); } }
public static byte[] GetKeyDataFromExe(string filename) { using (var exe = new ExeFile.ResourceAccessor(filename)) { var tform = exe.GetResource("TFORM1", "#10"); if (null == tform || !tform.AsciiEqual(0, "TPF0")) { return(null); } using (var input = new BinMemoryStream(tform)) { var deserializer = new DelphiDeserializer(input); var form = deserializer.Deserialize(); var image = form.Contents.FirstOrDefault(n => n.Name == "IconKeyImage"); if (null == image) { return(null); } var icon = image.Props["Picture.Data"] as byte[]; if (null == icon || icon.Length < 0x106 || !icon.AsciiEqual(0, "\x05TIcon")) { return(null); } return(new CowArray <byte> (icon, 6, 0x100).ToArray()); } } }
/// <summary> /// Look for 'key.fkey' file within nearby directories specified by KeyLocations. /// </summary> static byte[] FindKeyFile(ArcView arc_file) { // QLIE archives with key could be opened at the physical file system level only if (VFS.IsVirtual) { return(null); } var dir_name = Path.GetDirectoryName(arc_file.Name); foreach (var path in KeyLocations) { var name = Path.Combine(dir_name, path, "key.fkey"); if (File.Exists(name)) { Trace.WriteLine("reading key from " + name, "[QLIE]"); return(File.ReadAllBytes(name)); } } var pattern = VFS.CombinePath(dir_name, @"..\*.exe"); foreach (var exe_file in VFS.GetFiles(pattern)) { using (var exe = new ExeFile.ResourceAccessor(exe_file.Name)) { var reskey = exe.GetResource("RESKEY", "#10"); if (reskey != null) { return(reskey); } } } return(null); }
byte[] QueryKey(string arc_name) { if (VFS.IsVirtual) { return(null); } var dir = VFS.GetDirectoryName(arc_name); var parent_dir = Directory.GetParent(dir).FullName; var exe_files = VFS.GetFiles(VFS.CombinePath(parent_dir, "*.exe")).Concat(VFS.GetFiles(VFS.CombinePath(dir, "*.exe"))); foreach (var exe_entry in exe_files) { try { using (var exe = new ExeFile.ResourceAccessor(exe_entry.Name)) { var code = exe.GetResource("CIPHERCODE", "CODE"); if (null == code) { continue; } if (20 == code.Length) { code = new CowArray <byte> (code, 4, 16).ToArray(); } return(code); } } catch { /* ignore errors */ } } return(null); }
string ExtractNoaPassword(string arc_name) { if (VFS.IsVirtual) { return(null); } var dir = VFS.GetDirectoryName(arc_name); var noa_name = Path.GetFileName(arc_name); var parent_dir = Directory.GetParent(dir).FullName; var exe_files = VFS.GetFiles(VFS.CombinePath(parent_dir, "*.exe")).Concat(VFS.GetFiles(VFS.CombinePath(dir, "*.exe"))); foreach (var exe_entry in exe_files) { try { using (var exe = new ExeFile.ResourceAccessor(exe_entry.Name)) { var cotomi = exe.GetResource("IDR_COTOMI", "#10"); if (null == cotomi) { continue; } using (var res = new MemoryStream(cotomi)) using (var input = new ErisaNemesisStream(res)) { var xml = new XmlDocument(); xml.Load(input); var password = XmlFindArchiveKey(xml, noa_name); if (password != null) { Trace.WriteLine(string.Format("{0}: found password \"{1}\"", noa_name, password), "[NOA]"); return(password); } } } } catch { /* ignore errors */ } } return(null); }