call dll

chrrox · Post by **chrrox** » Sun Dec 13, 2020 9:10 pm

I want to create this call dll function having some trouble with it.

  public static void Decrypt(
    ref byte[] data,
    int nStartOffset,
    int nSizeToDecrypt,
    char[] randomKey)
  {
    int oKey [16] = { 0x55, 0x52, 0x33, 0x48, 0x63, 0x6A, 0x37, 0x6E, 0x64, 0x68, 0x38, 0x59, 0x6E, 0x6F, 0x74, 0x39 };
    int num1 = 0;
    for (int index1 = nStartOffset; index1 < nStartOffset + nSizeToDecrypt; ++index1)
    {
      int index2 = num1 % oKey .Length;
      int index3 = num1 % randomKey.Length;
      byte num2 = (byte) ((uint) (byte) ((uint) data[index1] - (uint) (byte) randomKey[index3]) ^ (uint) (byte) oKey [index2]);
      data[index1] = num2;
      ++num1;
    }
  }

input should be

ref byte[] data, -- source file
int nStartOffset, -- 16
int nSizeToDecrypt, -- 64
char[] randomKey) -- first 16 bytes of the file

example

random key is E1 C9 16 93 99 04 7D 4F D5 43 28 57 E1 F4 DB 00
first few bytes of the file
DF E2 7D A3 DC

the function does this
(0xDF - 0xE1) ^ 0x55 = 0xAB
2nd byte
(0xE2 - 0xC9) ^ 0x52 = 0x4B

aluigi · Post by **aluigi** » Mon Dec 14, 2020 1:58 pm

Code: Select all

set MEMORY_FILE10 string "
typedef unsigned char   byte;
typedef unsigned int    uint;

void Decrypt(
    byte *data,
    int nStartOffset,
    int nSizeToDecrypt,
    char *randomKey)
  {
    int randomKey_Length = strlen(randomKey);
    int oKey [16] = { 0x55, 0x52, 0x33, 0x48, 0x63, 0x6A, 0x37, 0x6E, 0x64, 0x68, 0x38, 0x59, 0x6E, 0x6F, 0x74, 0x39 };
    int num1 = 0;
    for (int index1 = nStartOffset; index1 < nStartOffset + nSizeToDecrypt; ++index1)
    {
      int index2 = num1 % 16; //oKey_Length;
      int index3 = num1 % randomKey_Length;
      byte num2 = (byte) ((uint) (byte) ((uint) data[index1] - (uint) (byte) randomKey[index3]) ^ (uint) (byte) oKey [index2]);
      data[index1] = num2;
      ++num1;
    }
  }
"

get SIZE asize
log MEMORY_FILE 0 SIZE

set KEY binary "\xE1\xC9\x16\x93\x99\x04\x7D\x4F\xD5\x43\x28\x57\xE1\xF4\xDB"

calldll MEMORY_FILE10 "Decrypt" "tcc" RET MEMORY_FILE 16 64 KEY

log "dump.dat" 0 SIZE MEMORY_FILE

You can edit it very easily for adapting it to your needs.

Since randomKey was declared as "char" and your example had a NUL byte at the end I simply used strlen() to get its size, but I suppose all the keys are 16 bytes and I suggest you to replace randomKey_Length with 16 if you get any invalid data in the output.

aluigi · Post by **aluigi** » Mon Dec 14, 2020 2:08 pm

An alternative can be the following:

Code: Select all

math OFFSET = 16
math SIZE = 64
filerot "-0xE1 -0xC9 -0x16 -0x93 -0x99 -0x04 -0x7D -0x4F -0xD5 -0x43 -0x28 -0x57 -0xE1 -0xF4 -0xDB -0x00" OFFSET
encryption xor "\x55\x52\x33\x48\x63\x6A\x37\x6E\x64\x68\x38\x59\x6E\x6F\x74\x39"
log "dump.dat" OFFSET SIZE

chrrox · Post by **chrrox** » Mon Dec 14, 2020 10:34 pm

The call dll worked perfect.
how would yo use the 2nd option with getting the key from the file?

aluigi · Post by **aluigi** » Fri Dec 18, 2020 12:26 am

Idea 1:

Code: Select all

getdstring KEY 16
set STR string ""
for x = 0 < 16
    getvarchr TMP KEY x
    string STR + " -"
    string STR + TMP
next x
filerot STR

Idea 2:

Code: Select all

getdstring KEY 16
for x = 0 < 16
    getvarchr TMP KEY x
    math TMP n TMP
    putvarchr KEY x TMP
next x
filerot KEY

Not sure what of the two solutions work better, feel free to test them.

ZenHAX

call dll

call dll

Re: call dll

Re: call dll

Re: call dll

Re: call dll