Skip to content

Instantly share code, notes, and snippets.

@Lorak-mmk

Lorak-mmk/my_decrypt.c Secret

Created Dec 27, 2020
Embed
What would you like to do?
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <unistd.h>
struct __attribute__((__packed__)) header_struct {
uint32_t MAGIC_NUMBER;
uint32_t file_length;
char original_filename[256];
char encrypted_password[32];
};
int encrypted_functions[] = {2641436120, 975465081, 3639072764, 675281407, 513948138, 3031756428, 2926203943, 837877829, 1603594944, 2674519367, 14904615, 1904161682, 1309572624,
1994684315, 3910680652, 1536647422, 3918535801, 323721627, 3668362202, 3213866328, 794644938, 131977481, 2317446848, 2453208172, 85782959, 766000050,
3399236994, 1532102173, 1886368010, 3235867784, 643900750, 1717543307, 2343514176, 1149557049, 1073275240, 3257519993, 288790638, 1076794953, 4268601417,
3266887874, 3645237953, 1843745858, 1781056571, 1034680822, 104138810, 3295793340, 1465521029, 1224605082, 2530136465, 3983223631, 2841605508,
3444926664, 4149515519, 3780638026, 982363417, 174387901, 2539220994, 951286662, 157827293, 1468744899, 3883083532, 2194888239, 2152260906, 1994013429,
918382859, 811246267, 4291154621, 301503864, 947108398, 2366758585, 2815734210, 3121781063, 2301142496, 1256258315, 3298709743, 1798567309, 1164547884,
3454806340, 2625884970, 1454649368, 446660275, 1277510936, 4159153455, 10824485, 3750559173, 1686871593, 1418242110, 3044965063, 2723463997, 2550151912,
515181895, 2002464040, 1638838068, 1046903818, 2587864173, 4458591, 404174259, 308706747, 2172521490, 1298255283, 1275572871, 3137382528, 585406011,
1639641840, 2825155210};
int decrypt_queue[4] = {0x62831853, 0x7179586, 0x27182818, 0x28459045};
int unhexlified_pass_buffer[5];
int password_global[8];
void print_queue() {
printf("[generic] queue: %08X, %08X, %08X, %08X\n", decrypt_queue[0], decrypt_queue[1], decrypt_queue[2], decrypt_queue[3]);
}
void decrypt_very_easy(uint32_t param_1){
uint32_t retval = param_1 ^ decrypt_queue[0];
decrypt_queue[0] = decrypt_queue[1];
decrypt_queue[1] = decrypt_queue[2];
decrypt_queue[2] = decrypt_queue[3];
decrypt_queue[3] = retval >> 6 | retval << 0x1a;
printf("[very easy] queue: %08X, %08X, %08X, %08X\n", decrypt_queue[0], decrypt_queue[1], decrypt_queue[2], decrypt_queue[3]);
return;
}
uint32_t decrypt_easy(uint32_t arg) {
uint32_t retval = arg ^ decrypt_queue[0];
uint32_t tmp = decrypt_queue[2] * 0x2137 + retval;
decrypt_queue[0] = decrypt_queue[1];
decrypt_queue[1] = decrypt_queue[2];
decrypt_queue[2] = decrypt_queue[3];
decrypt_queue[3] = tmp >> 6 | tmp * 0x4000000;
printf("[easy] queue: %08X, %08X, %08X, %08X\n", decrypt_queue[0], decrypt_queue[1], decrypt_queue[2], decrypt_queue[3]);
return retval;
}
uint32_t param_0x1030d7 = 0x2137;
uint32_t param_0x1030bd = 0x7a69;
uint32_t param_0x1030dc = 0x1234567;
uint32_t decrypt_hard(uint32_t arg) {
uint32_t retval = arg ^ decrypt_queue[0];
uint32_t tmp = decrypt_queue[2] * param_0x1030d7 + retval;
decrypt_queue[0] = decrypt_queue[2] * param_0x1030bd + decrypt_queue[1];
decrypt_queue[1] = decrypt_queue[2];
decrypt_queue[2] = decrypt_queue[2] * param_0x1030dc + decrypt_queue[3];
decrypt_queue[3] = tmp >> 6 | tmp * 0x4000000;
return retval;
}
void strange_function(struct header_struct* header) {
char status_key [256];
char status_value [1032];
char* orig_filename = header->original_filename;
char* enc_password = header->encrypted_password;
do {
decrypt_very_easy(*(uint32_t *)orig_filename);
orig_filename += 4;
} while (orig_filename != enc_password);
FILE *status_file = fopen("/proc/self/status","r");
if(status_file == NULL) {
perror("status");
exit(1);
}
int scanf_result;
while(1) {
scanf_result = fscanf(status_file,"%[^:]: %s ", status_key, status_value);
if (scanf_result == -1) {
scanf_result = fclose(status_file);
return;
}
if (scanf_result != 2) break;
size_t key_length = strlen(status_key);
if (((status_key[key_length + -3] == 'P') && (status_key[key_length + -2] == 'i')) && (status_key[key_length + -1] == 'd')) {
uint our_pid;
sscanf(status_value, "%u", &our_pid);
printf("our pid (%s): %u\n", status_key, our_pid);
decrypt_very_easy(our_pid);
}
}
fprintf(stderr,"%d? umm what?\n",(ulong)scanf_result);
exit(1);
}
int main(int argc,char **argv){
int retval = 0;
if (argc < 2) {
printf("usage: %s <input filename> [<key>]\n",*argv);
return 0;
}
FILE *encrypted_file = fopen(argv[1], "rb");
if (encrypted_file == NULL) {
perror("fopen");
retval = 1;
goto cleanup_1;
}
struct header_struct file_header;
memset(&file_header, 0, sizeof(file_header));
size_t read_chars = fread(&file_header,0x128,1,encrypted_file);
if(read_chars != 1) {
perror("fread");
retval = 1;
goto cleanup_1;
}
if ((file_header.MAGIC_NUMBER != 0xb542020) && (file_header.MAGIC_NUMBER != 0x20200b54)) {
fwrite("unrecognized file\n",1,0x12,stderr);
retval = 1;
goto cleanup_1;
}
if (argc == 2) {
const char *mode_name = "easy";
if (file_header.MAGIC_NUMBER != 0xb542020) {
mode_name = "hard";
}
printf("%s mode file, original name %s\n", mode_name, file_header.original_filename);
retval = 0;
goto cleanup_1;
}
size_t key_len = strlen(argv[2]);
if(key_len != 0x40) {
fwrite("wrong key length\n",1,0x11,stderr);
retval = 1;
goto cleanup_1;
}
int* ptr = encrypted_functions;
for(int i = 0; i < 105; i++) {
encrypted_functions[i] = decrypt_easy(encrypted_functions[i]);
}
printf("decrypted functions\n");
decrypt_queue[0] = getpid();
decrypt_queue[1] = getppid();
printf("after pid & ppid\n");
print_queue();
strange_function(&file_header);
printf("after strange function\n");
print_queue();
const char *pass = argv[2];
char password_fragment [9];
password_fragment[8] = 0;
*(uint64_t*)password_fragment = ((uint64_t*)pass)[0];
sscanf(password_fragment,"%x", unhexlified_pass_buffer + 4);
*(uint64_t*)password_fragment = ((uint64_t*)pass)[1];
sscanf(password_fragment,"%x", unhexlified_pass_buffer + 3);
*(uint64_t*)password_fragment = ((uint64_t*)pass)[2];
sscanf(password_fragment,"%x", &param_0x1030d7);
*(uint64_t*)password_fragment = ((uint64_t*)pass)[3];
sscanf(password_fragment,"%x", &param_0x1030bd);
*(uint64_t*)password_fragment = ((uint64_t*)pass)[4];
sscanf(password_fragment,"%x", unhexlified_pass_buffer + 2);
*(uint64_t*)password_fragment = ((uint64_t*)pass)[5];
sscanf(password_fragment,"%x", &param_0x1030dc);
*(uint64_t*)password_fragment = ((uint64_t*)pass)[6];
sscanf(password_fragment,"%x", unhexlified_pass_buffer + 1);
*(uint64_t*)password_fragment = ((uint64_t*)pass)[7];
sscanf(password_fragment,"%x", unhexlified_pass_buffer);
password_global[0] = decrypt_easy(unhexlified_pass_buffer[4]);
password_global[1] = decrypt_easy(unhexlified_pass_buffer[3]);
password_global[2] = decrypt_easy(param_0x1030d7);
password_global[3] = decrypt_easy(param_0x1030bd);
password_global[4] = decrypt_easy(unhexlified_pass_buffer[2]);
password_global[5] = decrypt_easy(param_0x1030dc);
password_global[6] = decrypt_easy(unhexlified_pass_buffer[1]);
password_global[7] = decrypt_easy(unhexlified_pass_buffer[0]);
int identical = memcmp(file_header.encrypted_password,password_global,0x20);
printf("pass from header:\n");
for(int i = 0; i < 8; i++) {
printf("%08X ", ((int*)file_header.encrypted_password)[i]);
}
printf("our pass:\n");
for(int i = 0; i < 8; i++) {
printf("%08X ", password_global[i]);
}
if(identical != 0) {
fwrite("wrong key\n",1,10,stderr);
retval = 1;
goto cleanup_1;
}
fwrite("OK, decrypting...\n",1,0x12,stderr);
FILE *decrypted_file = fopen(file_header.original_filename,"wb");
if (decrypted_file == NULL) {
perror("open");
retval = 1;
goto cleanup_2;
}
uint32_t current_data;
if (file_header.file_length != 0) {
for(int i = 0; i < file_header.file_length; i += 4) {
read_chars = fread(&current_data,4,1,encrypted_file);
if (read_chars != 1) {
perror("fread");
retval = 1;
goto cleanup_2;
}
if (file_header.MAGIC_NUMBER == 0xb542020) {
current_data = decrypt_easy(current_data);
}
else {
current_data = decrypt_hard(current_data);
}
int32_t remaining = file_header.file_length - i;
if (4 < remaining) {
remaining = 4;
}
read_chars = fwrite(&current_data,(long)remaining,1,decrypted_file);
if (read_chars != 1) {
retval = 1;
goto cleanup_2;
}
}
}
cleanup_2:
fclose(decrypted_file);
cleanup_1:
fclose(encrypted_file);
return retval;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment