Beispiel #1
0
	def get_feedback(self, sigpos):
		if self.decryptor_template.arch == 'x86':
			new_ptr = self.reader.get_ptr_with_offset(sigpos + self.feedback_offset)
			self.reader.move(new_ptr)
			return self.reader.read(8)
		else:
			self.reader.move(sigpos + self.feedback_offset)
			offset = LONG(self.reader).value
			newpos = sigpos + self.feedback_offset + 4 + offset
			self.reader.move(newpos)
			return self.reader.read(8)
Beispiel #2
0
	def get_random(self, sigpos):
		if self.decryptor_template.arch == 'x86':
			random_key_ptr = self.reader.get_ptr_with_offset(sigpos + self.decryptor_template.randomkey_ptr_offset)
			random_key_ptr = self.reader.get_ptr_with_offset(random_key_ptr)
			self.reader.move(random_key_ptr)
		else:
			self.reader.move(sigpos + self.decryptor_template.randomkey_ptr_offset)
			offset = LONG(self.reader).value
			newpos = sigpos + self.decryptor_template.desx_key_ptr_offset + 4 + offset
			self.reader.move(newpos)
		
		return self.reader.read(256)
Beispiel #3
0
	def get_key(self, sigpos):
		if self.decryptor_template.arch == 'x86':
			new_ptr = self.reader.get_ptr_with_offset(sigpos + self.decryptor_template.desx_key_ptr_offset)
			self.reader.move(new_ptr)
			des_key_ptr = self.decryptor_template.key_struct_ptr(self.reader)
			des_key = des_key_ptr.read(self.reader)
		else:
			self.reader.move(sigpos + self.decryptor_template.desx_key_ptr_offset)
			offset = LONG(self.reader).value
			newpos = sigpos + self.decryptor_template.desx_key_ptr_offset + 4 + offset
			self.reader.move(newpos)
			des_key_ptr = self.decryptor_template.key_struct_ptr(self.reader)
			des_key = des_key_ptr.read(self.reader)

		return des_key