def get_feedback(self, sigpos): if self.decryptor_template.arch == 'x86': new_ptr = self.reader.get_ptr_with_offset(sigpos + self.feedback_offset) self.reader.move(new_ptr) return self.reader.read(8) else: self.reader.move(sigpos + self.feedback_offset) offset = LONG(self.reader).value newpos = sigpos + self.feedback_offset + 4 + offset self.reader.move(newpos) return self.reader.read(8)
def get_random(self, sigpos): if self.decryptor_template.arch == 'x86': random_key_ptr = self.reader.get_ptr_with_offset(sigpos + self.decryptor_template.randomkey_ptr_offset) random_key_ptr = self.reader.get_ptr_with_offset(random_key_ptr) self.reader.move(random_key_ptr) else: self.reader.move(sigpos + self.decryptor_template.randomkey_ptr_offset) offset = LONG(self.reader).value newpos = sigpos + self.decryptor_template.desx_key_ptr_offset + 4 + offset self.reader.move(newpos) return self.reader.read(256)
def get_key(self, sigpos): if self.decryptor_template.arch == 'x86': new_ptr = self.reader.get_ptr_with_offset(sigpos + self.decryptor_template.desx_key_ptr_offset) self.reader.move(new_ptr) des_key_ptr = self.decryptor_template.key_struct_ptr(self.reader) des_key = des_key_ptr.read(self.reader) else: self.reader.move(sigpos + self.decryptor_template.desx_key_ptr_offset) offset = LONG(self.reader).value newpos = sigpos + self.decryptor_template.desx_key_ptr_offset + 4 + offset self.reader.move(newpos) des_key_ptr = self.decryptor_template.key_struct_ptr(self.reader) des_key = des_key_ptr.read(self.reader) return des_key