Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections;
- using System.IO;
- using System.IO.Compression;
- using System.Text;
- using Mono.Cecil;
- using Mono.Cecil.Cil;
- namespace Confuse
- {
- class Program
- {
- private static AssemblyDefinition assembly;
- private static BinaryReader binaryReader;
- private static uint key1;
- private static uint key2;
- private static uint key3;
- private static uint key4;
- private static uint switch1;
- private static uint switch2;
- private static uint switch3;
- private static uint switch4;
- private static uint switch5;
- private static void doConstants(AssemblyDefinition assembly)
- {
- getDecryptionConstants(getConstantMethod());
- getSwitchConstants(getConstantMethod());
- MemoryStream s = new MemoryStream();
- using (DeflateStream str = new DeflateStream(getConstantResourceStream(assembly, getConstantResourceName()), CompressionMode.Decompress))
- {
- byte[] dat = new byte[0x1000];
- int read = str.Read(dat, 0, 0x1000);
- do
- {
- s.Write(dat, 0, read);
- read = str.Read(dat, 0, 0x1000);
- }
- while (read != 0);
- }
- binaryReader = new BinaryReader(s);
- foreach (TypeDefinition type in assembly.MainModule.GetTypes())
- {
- foreach (MethodDefinition method in type.Methods)
- {
- if (method.HasBody && !method.IsConstructor)
- {
- for (int j = 0; j < method.Body.Instructions.Count; j++)
- {
- Console.WriteLine("Operand: " + method.Body.Instructions[j].Operand.ToString());
- if (method.Body.Instructions[j].Operand.Equals(getConstantMethod()))
- {
- if (method.Body.Instructions[j].Previous.Operand != null)
- {
- Instruction i = method.Body.Instructions[j];
- try
- {
- object decrypted = decryptConstant((uint)(int)i.Previous.Operand, method.MetadataToken.ToUInt32());
- Console.WriteLine("Constant Decrypted: " + i.Previous.Operand.ToString() + " > [" + decrypted.ToString() + "]");
- }
- catch (Exception e)
- {
- Console.WriteLine(e.Message);
- }
- }
- }
- }
- }
- //foreach (Instruction i in method.Body.Instructions)
- //{
- //MethodDefinition decMethod = getConstantMethod();
- //if (!i.OpCode.Equals(OpCodes.Call))
- // continue;
- //if (!i.Operand.Equals(decMethod))
- // continue;
- //if (i.Previous.Operand == null && method.MetadataToken == null)
- // continue;
- //string key = i.Previous.Operand.ToString();
- //int meta = (int)method.MetadataToken.ToUInt32();
- //Console.WriteLine(method.Name + " | " + key + " :: " + meta.ToString());
- //ILProcessor ilProc = method.Body.GetILProcessor();
- //object decrypted = decryptConstant((uint)(int)i.Previous.Operand, method.MetadataToken.ToUInt32());
- //Console.WriteLine("Constant Decrypted: " + i.Previous.Operand.ToString() + " > [" + decrypted.ToString() + "]");
- //ilProc.Replace(i.Next, ilProc.Create(OpCodes.Nop));
- //ilProc.Replace(i.Previous, ilProc.Create(OpCodes.Nop));
- //ilProc.Replace(i, ilProc.Create(OpCodes.Ldstr, decrypted.ToString()));
- //}
- //cleanMethod(method);
- }
- }
- }
- private static object decryptConstant(uint key, uint meta)
- {
- object ret = null;
- ret = decryptConstant(key, meta, key1, key2, key3, key4, switch1, switch2, switch3, switch4, switch5);
- return ret;
- }
- private static object decryptConstant(uint key, uint meta, uint key1, uint key2, uint key3, uint key4, uint s1, uint s2, uint s3, uint s4, uint s5)
- {
- object ret = null;
- uint hash = ComputeHash(meta, key4, key1, key2, key3) ^ key;
- if ((int)hash != 0)
- {
- Console.WriteLine("HASH: " + hash);
- binaryReader.BaseStream.Seek((long)hash, SeekOrigin.Begin);
- byte num9 = binaryReader.ReadByte();
- byte[] bytes = binaryReader.ReadBytes(binaryReader.ReadInt32());
- Random random = new Random((int)(key4 ^ hash));
- byte[] buffer3 = new byte[bytes.Length];
- random.NextBytes(buffer3);
- BitArray array = new BitArray(bytes);
- array.Xor(new BitArray(buffer3));
- array.CopyTo(bytes, 0);
- if (num9 == s1)
- {
- ret = BitConverter.ToDouble(bytes, 0);
- }
- else
- {
- if (num9 == s2)
- {
- ret = BitConverter.ToSingle(bytes, 0);
- }
- else
- {
- if (num9 == s3)
- {
- ret = BitConverter.ToInt32(bytes, 0);
- }
- else
- {
- if (num9 == s4)
- {
- ret = BitConverter.ToInt64(bytes, 0);
- }
- else
- {
- if (num9 == s5)
- {
- ret = Encoding.UTF8.GetString(bytes);
- }
- }
- }
- }
- }
- }
- else
- {
- return null;
- }
- return ret;
- }
- private static uint ComputeHash(uint x, uint key, uint init0, uint init1, uint init2)
- {
- uint h = init0 ^ x;
- uint h1 = init1;
- uint h2 = init2;
- for (uint i = 1; i <= 64; i++)
- {
- h = (h & 0x00ff) << 8 | ((h & 0xff00) >> 24);
- uint n = (h & 0xff) % 64;
- if (n >= 0 && n < 16)
- {
- h1 |= (((h & 0x0000ff00) >> 8) & ((h & 0x00ff0000) >> 16)) ^ (~h & 0x00ff);
- h2 ^= (h * i + 1) % 16;
- h += (h1 | h2) ^ key;
- }
- else if (n >= 16 && n < 32)
- {
- h1 ^= ((h & 0x00ff00ff) << 8) ^ (((h & 0x00ffff00) >> 8) | (~h & 0x0000ffff));
- h2 += (h * i) % 32;
- h |= (h1 + ~h2) & key;
- }
- else if (n >= 32 && n < 48)
- {
- h1 += ((h & 0x00ff) | ((h & 0x00ff0000) >> 16)) + (~h & 0x00ff);
- h2 -= ~(h + n) % 48;
- h ^= (h1 % h2) | key;
- }
- else if (n >= 48 && n < 64)
- {
- h1 ^= (((h & 0x00ff0000) >> 16) | ~(h & 0x0000ff)) * (~h & 0x00ff0000);
- h2 += (h ^ i - 1) % n;
- h -= ~(h1 ^ h2) + key;
- }
- }
- return h;
- }
- private static uint getKeyFromOpCode(OpCode op)
- {
- if (op.Equals(OpCodes.Ldc_I4_0))
- return (uint)0;
- if (op.Equals(OpCodes.Ldc_I4_1))
- return (uint)1;
- if (op.Equals(OpCodes.Ldc_I4_2))
- return (uint)2;
- if (op.Equals(OpCodes.Ldc_I4_3))
- return (uint)3;
- if (op.Equals(OpCodes.Ldc_I4_4))
- return (uint)4;
- if (op.Equals(OpCodes.Ldc_I4_5))
- return (uint)5;
- if (op.Equals(OpCodes.Ldc_I4_6))
- return (uint)6;
- if (op.Equals(OpCodes.Ldc_I4_7))
- return (uint)7;
- if (op.Equals(OpCodes.Ldc_I4_8))
- return (uint)8;
- return (uint)0;
- }
- private static void getSwitchConstants(MethodDefinition method)
- {
- uint s1;
- uint s2;
- uint s3;
- uint s4;
- uint s5;
- if (method.Body.Instructions[325].Operand != null)
- {
- s1 = Convert.ToUInt32(method.Body.Instructions[325].Operand.ToString());
- }
- else
- {
- s1 = getKeyFromOpCode(method.Body.Instructions[325].OpCode);
- }
- if (method.Body.Instructions[334].Operand != null)
- {
- s2 = Convert.ToUInt32(method.Body.Instructions[334].Operand.ToString());
- }
- else
- {
- s2 = getKeyFromOpCode(method.Body.Instructions[334].OpCode);
- }
- if (method.Body.Instructions[343].Operand != null)
- {
- s3 = Convert.ToUInt32(method.Body.Instructions[343].Operand.ToString());
- }
- else
- {
- s3 = getKeyFromOpCode(method.Body.Instructions[343].OpCode);
- }
- if (method.Body.Instructions[352].Operand != null)
- {
- s4 = Convert.ToUInt32(method.Body.Instructions[352].Operand.ToString());
- }
- else
- {
- s4 = getKeyFromOpCode(method.Body.Instructions[352].OpCode);
- }
- if (method.Body.Instructions[361].Operand != null)
- {
- s5 = Convert.ToUInt32(method.Body.Instructions[361].Operand.ToString());
- }
- else
- {
- s5 = getKeyFromOpCode(method.Body.Instructions[361].OpCode);
- }
- Console.WriteLine("Switch 1: [" + s1.ToString() + "]");
- Console.WriteLine("Switch 2: [" + s2.ToString() + "]");
- Console.WriteLine("Switch 3: [" + s3.ToString() + "]");
- Console.WriteLine("Switch 4: [" + s4.ToString() + "]");
- Console.WriteLine("Switch 5: [" + s5.ToString() + "]");
- }
- private static void getDecryptionConstants(MethodDefinition method)
- {
- uint k1 = Convert.ToUInt32(method.Body.Instructions[61].Operand.ToString());
- uint k2 = Convert.ToUInt32(method.Body.Instructions[65].Operand.ToString());
- uint k3 = Convert.ToUInt32(method.Body.Instructions[67].Operand.ToString());
- uint k4 = Convert.ToUInt32(method.Body.Instructions[129].Operand.ToString());
- //uint s1 = Convert.ToUInt32(method.Body.Instructions[325].Operand.ToString());
- //uint s2 = Convert.ToUInt32(method.Body.Instructions[334].Operand.ToString());
- //uint s3 = Convert.ToUInt32(method.Body.Instructions[343].Operand.ToString());
- //uint s4 = Convert.ToUInt32(method.Body.Instructions[352].Operand.ToString());
- //uint s5 = Convert.ToUInt32(method.Body.Instructions[361].Operand.ToString());
- key1 = k1;
- key2 = k2;
- key3 = k3;
- key4 = k4;
- //switch1 = s1;
- //switch2 = s2;
- //switch3 = s3;
- //switch4 = s4;
- //switch5 = s5;
- Console.WriteLine("key1: " + k1.ToString());
- Console.WriteLine("key2: " + k2.ToString());
- Console.WriteLine("key3: " + k3.ToString());
- Console.WriteLine("key4: " + k4.ToString());
- //Console.WriteLine("Switch 1: " + s1.ToString());
- //Console.WriteLine("Switch 2: " + s2.ToString());
- //Console.WriteLine("Switch 3: " + s3.ToString());
- //Console.WriteLine("Switch 4: " + s4.ToString());
- //Console.WriteLine("Switch 5: " + s5.ToString());
- }
- private static MemoryStream getConstantResourceStream(AssemblyDefinition assembly, string resName)
- {
- foreach (EmbeddedResource res in assembly.MainModule.Resources)
- {
- if (res.Name.Equals(resName))
- return (MemoryStream)res.GetResourceStream();
- }
- return null;
- }
- private static string getConstantResourceName()
- {
- MethodDefinition method = getConstantMethod();
- return method.Body.Instructions[1].Operand.ToString();
- }
- private static MethodDefinition getConstantMethod()
- {
- try
- {
- foreach (TypeDefinition type in assembly.MainModule.GetTypes())
- {
- if (!type.Name.Equals("<Module>"))
- continue;
- foreach (MethodDefinition method in type.Methods)
- {
- foreach (ParameterDefinition param in method.Parameters)
- {
- if (param.ParameterType.Name.Equals("UInt32"))
- return method;
- }
- }
- }
- }
- catch (Exception e)
- {
- Console.WriteLine(e.Message);
- }
- return null;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement