Support old DS 3.0.3.41 - 3.0.4.44

de4dot.code/deobfuscators/DeepSea/AssemblyResolver.cs

@@ -27,9 +27,16 @@ using de4dot.blocks;
 
 namespace de4dot.code.deobfuscators.DeepSea {
 	class AssemblyResolver : ResolverBase {
-		bool isV3;
+		Version version;
 		List<FieldInfo> fieldInfos;
 
+		enum Version {
+			Unknown,
+			V3Old,
+			V3,
+			V4,
+		}
+
 		public class AssemblyInfo {
 			public byte[] data;
 			public string fullName;
@@ -70,7 +77,10 @@ namespace de4dot.code.deobfuscators.DeepSea {
 
 		protected override bool checkHandlerMethodInternal(MethodDefinition handler) {
 			if (checkHandlerV3(handler) || checkHandlerSL(handler)) {
-				isV3 = true;
+				if (isV3Old(handler))
+					version = Version.V3Old;
+				else
+					version = Version.V3;
 				return true;
 			}
 
@@ -78,7 +88,7 @@ namespace de4dot.code.deobfuscators.DeepSea {
 			List<FieldInfo> fieldInfosTmp;
 			if (checkHandlerV4(handler, out fieldInfosTmp) ||
 				checkHandlerV4_0_4(handler, out fieldInfosTmp)) {
-				isV3 = false;
+				version = Version.V4;
 				fieldInfos = fieldInfosTmp;
 				return true;
 			}
@@ -86,6 +96,11 @@ namespace de4dot.code.deobfuscators.DeepSea {
 			return false;
 		}
 
+		static bool isV3Old(MethodDefinition method) {
+			return DotNetUtils.callsMethod(method, "System.Int32 System.IO.Stream::Read(System.Byte[],System.Int32,System.Int32)") &&
+				!DotNetUtils.callsMethod(method, "System.Int32 System.IO.Stream::ReadByte()");
+		}
+
 		static string[] handlerLocalTypes_NET = new string[] {
 			"System.Byte[]",
 			"System.IO.Compression.DeflateStream",
@@ -205,9 +220,18 @@ namespace de4dot.code.deobfuscators.DeepSea {
 		}
 
 		public IEnumerable<AssemblyInfo> getAssemblyInfos() {
-			if (isV3)
+			if (!Detected)
+				return new List<AssemblyInfo>();
+
+			switch (version) {
+			case Version.V3Old:
+			case Version.V3:
 				return getAssemblyInfosV3();
-			return getAssemblyInfosV4();
+			case Version.V4:
+				return getAssemblyInfosV4();
+			default:
+				throw new ApplicationException("Unknown version");
+			}
 		}
 
 		IEnumerable<AssemblyInfo> getAssemblyInfosV3() {
@@ -230,7 +254,8 @@ namespace de4dot.code.deobfuscators.DeepSea {
 
 		AssemblyInfo getAssemblyInfoV3(EmbeddedResource resource) {
 			try {
-				return getAssemblyInfo(decryptResourceV3(resource), resource);
+				var decrypted = version == Version.V3Old ? decryptResourceV3Old(resource) : decryptResourceV3(resource);
+				return getAssemblyInfo(decrypted, resource);
 			}
 			catch (Exception) {
 				return null;

de4dot.code/deobfuscators/DeepSea/ResolverBase.cs

@@ -130,6 +130,16 @@ namespace de4dot.code.deobfuscators.DeepSea {
 
 		protected abstract bool checkHandlerMethodInternal(MethodDefinition handler);
 
+		// 3.0.3.41 - 3.0.4.44
+		protected static byte[] decryptResourceV3Old(EmbeddedResource resource) {
+			return decryptResourceV3Old(resource.GetResourceData());
+		}
+
+		// 3.0.3.41 - 3.0.4.44
+		protected static byte[] decryptResourceV3Old(byte[] data) {
+			return decryptResource(data, 0, data.Length, 0);
+		}
+
 		protected static byte[] decryptResourceV3(EmbeddedResource resource) {
 			return decryptResourceV3(resource.GetResourceData());
 		}