2012-02-12 21:28:53 +08:00
|
|
|
|
/*
|
2014-03-12 05:15:43 +08:00
|
|
|
|
Copyright (C) 2011-2014 de4dot@gmail.com
|
2012-02-12 21:28:53 +08:00
|
|
|
|
|
|
|
|
|
This file is part of de4dot.
|
|
|
|
|
|
|
|
|
|
de4dot is free software: you can redistribute it and/or modify
|
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
|
|
de4dot is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
|
along with de4dot. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
using System;
|
|
|
|
|
using System.IO;
|
2012-12-20 09:06:09 +08:00
|
|
|
|
using dnlib.IO;
|
2012-02-12 21:28:53 +08:00
|
|
|
|
|
|
|
|
|
namespace de4dot.code.deobfuscators.CodeVeil {
|
|
|
|
|
class ErexResourceReader {
|
2012-11-08 16:48:05 +08:00
|
|
|
|
IBinaryReader reader;
|
2012-02-12 21:28:53 +08:00
|
|
|
|
uint[] key;
|
|
|
|
|
|
2012-11-08 16:48:05 +08:00
|
|
|
|
public ErexResourceReader(IBinaryReader reader) {
|
|
|
|
|
this.reader = reader;
|
2012-02-12 21:28:53 +08:00
|
|
|
|
}
|
|
|
|
|
|
2013-01-19 20:03:57 +08:00
|
|
|
|
public byte[] Decrypt() {
|
2012-02-12 21:28:53 +08:00
|
|
|
|
if (reader.ReadUInt32() != 0x58455245)
|
|
|
|
|
throw new InvalidDataException("Invalid EREX sig");
|
|
|
|
|
if (reader.ReadInt32() > 1)
|
|
|
|
|
throw new ApplicationException("Invalid EREX file");
|
|
|
|
|
|
|
|
|
|
byte flags = reader.ReadByte();
|
|
|
|
|
bool isEncrypted = (flags & 1) != 0;
|
|
|
|
|
bool isDeflated = (flags & 2) != 0;
|
|
|
|
|
|
|
|
|
|
int length = reader.ReadInt32();
|
|
|
|
|
if (length < 0)
|
|
|
|
|
throw new ApplicationException("Invalid length");
|
|
|
|
|
|
|
|
|
|
if (isEncrypted)
|
2013-01-19 20:03:57 +08:00
|
|
|
|
ReadKey();
|
2012-02-12 21:28:53 +08:00
|
|
|
|
|
|
|
|
|
if (isDeflated)
|
2013-01-19 20:03:57 +08:00
|
|
|
|
reader = Inflate(length);
|
2012-02-12 21:28:53 +08:00
|
|
|
|
|
|
|
|
|
if (isEncrypted)
|
2013-01-19 20:03:57 +08:00
|
|
|
|
reader = Decrypt(length);
|
2012-02-12 21:28:53 +08:00
|
|
|
|
|
|
|
|
|
return reader.ReadBytes(length);
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-19 20:03:57 +08:00
|
|
|
|
void ReadKey() {
|
2012-02-12 21:28:53 +08:00
|
|
|
|
key = new uint[reader.ReadByte()];
|
|
|
|
|
for (int i = 0; i < key.Length; i++)
|
|
|
|
|
key[i] = reader.ReadUInt32();
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-19 20:03:57 +08:00
|
|
|
|
IBinaryReader Inflate(int length) {
|
2012-11-08 16:48:05 +08:00
|
|
|
|
var data = reader.ReadRemainingBytes();
|
2013-01-19 20:03:57 +08:00
|
|
|
|
return MemoryImageStream.Create(DeobUtils.Inflate(data, true));
|
2012-02-12 21:28:53 +08:00
|
|
|
|
}
|
|
|
|
|
|
2013-01-19 20:03:57 +08:00
|
|
|
|
IBinaryReader Decrypt(int length) {
|
2012-02-12 21:28:53 +08:00
|
|
|
|
var block = new uint[4];
|
|
|
|
|
var decrypted = new byte[16];
|
|
|
|
|
|
|
|
|
|
var outStream = new MemoryStream(length);
|
2012-11-08 16:48:05 +08:00
|
|
|
|
while (reader.Position < reader.Length) {
|
2012-02-12 21:28:53 +08:00
|
|
|
|
block[0] = reader.ReadUInt32();
|
|
|
|
|
block[1] = reader.ReadUInt32();
|
|
|
|
|
block[2] = reader.ReadUInt32();
|
|
|
|
|
block[3] = reader.ReadUInt32();
|
2013-01-19 20:03:57 +08:00
|
|
|
|
DeobUtils.XxteaDecrypt(block, key);
|
2012-02-12 21:28:53 +08:00
|
|
|
|
Buffer.BlockCopy(block, 0, decrypted, 0, decrypted.Length);
|
|
|
|
|
outStream.Write(decrypted, 0, decrypted.Length);
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-08 16:48:05 +08:00
|
|
|
|
return MemoryImageStream.Create(outStream.ToArray());
|
2012-02-12 21:28:53 +08:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|