monocul.us/de4dot-cex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support old MC 3.2

Browse Source
This commit is contained in:
de4dot 2012-02-22 12:38:02 +01:00
parent 59ee55105d
commit 7c4f014da3
1 changed files with 50 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
de4dot.code/deobfuscators/MaxtoCode/FileDecrypter.cs
View File

@ -115,6 +115,7 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
Unknown, Unknown,
V1, V1,
V2, V2,
V3,
} }
class EncryptionInfo { class EncryptionInfo {
@ -125,11 +126,17 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
static EncryptionInfo[] encryptionInfos_Rva900h = new EncryptionInfo[] { static EncryptionInfo[] encryptionInfos_Rva900h = new EncryptionInfo[] {
// PE header timestamp // PE header timestamp
// 462FA2D2 = Wed, 25 Apr 2007 18:49:54 (3.20)
new EncryptionInfo {
MagicLo = 0xA098B387,
MagicHi = 0x1E8EBCA3,
Version = EncryptionVersion.V1,
},
// 482384FB = Thu, 08 May 2008 22:55:55 (3.36) // 482384FB = Thu, 08 May 2008 22:55:55 (3.36)
new EncryptionInfo { new EncryptionInfo {
MagicLo = 0xAA98B387, MagicLo = 0xAA98B387,
MagicHi = 0x1E8EECA3, MagicHi = 0x1E8EECA3,
Version = EncryptionVersion.V1, Version = EncryptionVersion.V2,
}, },
// 4C622357 = Wed, 11 Aug 2010 04:13:11 // 4C622357 = Wed, 11 Aug 2010 04:13:11
// 4C6220EC = Wed, 11 Aug 2010 04:02:52 // 4C6220EC = Wed, 11 Aug 2010 04:02:52
@ -137,7 +144,7 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
new EncryptionInfo { new EncryptionInfo {
MagicLo = 0xAA98B387, MagicLo = 0xAA98B387,
MagicHi = 0x128EECA3, MagicHi = 0x128EECA3,
Version = EncryptionVersion.V1, Version = EncryptionVersion.V2,
}, },
// 4DFA3D5D = Thu, 16 Jun 2011 17:29:01 // 4DFA3D5D = Thu, 16 Jun 2011 17:29:01
// 4DC2FC75 = Thu, 05 May 2011 19:37:25 // 4DC2FC75 = Thu, 05 May 2011 19:37:25
@ -146,29 +153,35 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
new EncryptionInfo { new EncryptionInfo {
MagicLo = 0xAA98B387, MagicLo = 0xAA98B387,
MagicHi = 0xF28EECA3, MagicHi = 0xF28EECA3,
Version = EncryptionVersion.V1, Version = EncryptionVersion.V2,
}, },
// 4DC2FE0C = Thu, 05 May 2011 19:44:12 // 4DC2FE0C = Thu, 05 May 2011 19:44:12
new EncryptionInfo { new EncryptionInfo {
MagicLo = 0xAA98B387, MagicLo = 0xAA98B387,
MagicHi = 0xF28EEAA3, MagicHi = 0xF28EEAA3,
Version = EncryptionVersion.V1, Version = EncryptionVersion.V2,
}, },
// 4EE1FAD1 = Fri, 09 Dec 2011 12:10:57 // 4EE1FAD1 = Fri, 09 Dec 2011 12:10:57
// 4ED76740 = Thu, 01 Dec 2011 11:38:40 // 4ED76740 = Thu, 01 Dec 2011 11:38:40
new EncryptionInfo { new EncryptionInfo {
MagicLo = 0xAA983B87, MagicLo = 0xAA983B87,
MagicHi = 0xF28EECA3, MagicHi = 0xF28EECA3,
Version = EncryptionVersion.V2, Version = EncryptionVersion.V3,
}, },
}; };
static EncryptionInfo[] encryptionInfos_McHeader8C0h = new EncryptionInfo[] { static EncryptionInfo[] encryptionInfos_McHeader8C0h = new EncryptionInfo[] {
// 462FA2D2 = Wed, 25 Apr 2007 18:49:54 (3.20)
new EncryptionInfo {
MagicLo = 0x6AA13B13,
MagicHi = 0xD72B991F,
Version = EncryptionVersion.V1,
},
// 482384FB = Thu, 08 May 2008 22:55:55 (3.36) // 482384FB = Thu, 08 May 2008 22:55:55 (3.36)
new EncryptionInfo { new EncryptionInfo {
MagicLo = 0x6A713B13, MagicLo = 0x6A713B13,
MagicHi = 0xD72B891F, MagicHi = 0xD72B891F,
Version = EncryptionVersion.V1, Version = EncryptionVersion.V2,
}, },
// 4DFA3D5D = Thu, 16 Jun 2011 17:29:01 // 4DFA3D5D = Thu, 16 Jun 2011 17:29:01
// 4DC2FE0C = Thu, 05 May 2011 19:44:12 // 4DC2FE0C = Thu, 05 May 2011 19:44:12
@ -181,14 +194,14 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
new EncryptionInfo { new EncryptionInfo {
MagicLo = 0x6A713B13, MagicLo = 0x6A713B13,
MagicHi = 0xD72B891F, MagicHi = 0xD72B891F,
Version = EncryptionVersion.V1, Version = EncryptionVersion.V2,
}, },
// 4EE1FAD1 = Fri, 09 Dec 2011 12:10:57 // 4EE1FAD1 = Fri, 09 Dec 2011 12:10:57
// 4ED76740 = Thu, 01 Dec 2011 11:38:40 // 4ED76740 = Thu, 01 Dec 2011 11:38:40
new EncryptionInfo { new EncryptionInfo {
MagicLo = 0x6A731B13, MagicLo = 0x6A731B13,
MagicHi = 0xD72B891F, MagicHi = 0xD72B891F,
Version = EncryptionVersion.V2, Version = EncryptionVersion.V3,
}, },
}; };
@ -307,10 +320,10 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
public byte[] decrypt(int type, byte[] encrypted) { public byte[] decrypt(int type, byte[] encrypted) {
switch (type) { switch (type) {
case 1: return methodInfos.decrypt3(encrypted); case 1: return methodInfos.decrypt1(encrypted);
case 2: return methodInfos.decrypt2(encrypted); case 2: return methodInfos.decrypt4(encrypted);
case 3: return methodInfos.decrypt1(encrypted); case 3: return methodInfos.decrypt2(encrypted);
case 4: return methodInfos.decrypt4(encrypted); case 4: return methodInfos.decrypt3(encrypted);
case 5: return methodInfos.decrypt5(encrypted); case 5: return methodInfos.decrypt5(encrypted);
case 6: return methodInfos.decrypt6(encrypted); case 6: return methodInfos.decrypt6(encrypted);
case 7: return methodInfos.decrypt7(encrypted); case 7: return methodInfos.decrypt7(encrypted);
@ -326,6 +339,27 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
this.methodInfos = methodInfos; this.methodInfos = methodInfos;
} }
public byte[] decrypt(int type, byte[] encrypted) {
switch (type) {
case 1: return methodInfos.decrypt3(encrypted);
case 2: return methodInfos.decrypt2(encrypted);
case 3: return methodInfos.decrypt1(encrypted);
case 4: return methodInfos.decrypt4(encrypted);
case 5: return methodInfos.decrypt5(encrypted);
case 6: return methodInfos.decrypt6(encrypted);
case 7: return methodInfos.decrypt7(encrypted);
default: throw new ApplicationException(string.Format("Invalid encryption type: {0:X2}", type));
}
}
}
class DecrypterV3 : IDecrypter {
MethodInfos methodInfos;
public DecrypterV3(MethodInfos methodInfos) {
this.methodInfos = methodInfos;
}
public byte[] decrypt(int type, byte[] encrypted) { public byte[] decrypt(int type, byte[] encrypted) {
switch (type) { switch (type) {
case 1: return methodInfos.decrypt1(encrypted); case 1: return methodInfos.decrypt1(encrypted);
@ -350,6 +384,10 @@ namespace de4dot.code.deobfuscators.MaxtoCode {
decrypter = new DecrypterV2(this); decrypter = new DecrypterV2(this);
break; break;
case EncryptionVersion.V3:
decrypter = new DecrypterV3(this);
break;
case EncryptionVersion.Unknown: case EncryptionVersion.Unknown:
default: default:
throw new ApplicationException("Unknown MC version"); throw new ApplicationException("Unknown MC version");