aguml |
25-12-2017 17:05:54 |
Aqui os pongo todas las funciones que creo que son las que estan involucradas por si podeis echarme un cable:
El botón que desencripta:
Código PHP:
private void button_1_Click(object sender, EventArgs e) { File.WriteAllBytes(this.string_0, new Form1.GClass1(this.byte_0).Decrypt(File.ReadAllBytes(this.string_0))); int num = (int)MessageBox.Show(Class5.c39c0e0f1863ae92a6bb9f1c4d11eea98(80)); }
La función desencriptadora:
Código PHP:
public unsafe byte[] Decrypt(byte[] eData) { byte[] numArray = Class41.smethod_0((int) Class37.smethod_0(eData)); byte[] byte_0_1; // ISSUE: cast to a reference type // ISSUE: explicit reference operation // ISSUE: explicit reference operation fixed (byte* numPtr1 = &^((byte_0_1 = eData) == null || (int) Class37.smethod_0(byte_0_1) == 0 ? (byte&) Class4.smethod_0(272) : @byte_0_1[Class4.smethod_0(276)])) { byte[] byte_0_2; // ISSUE: cast to a reference type // ISSUE: explicit reference operation // ISSUE: explicit reference operation fixed (byte* numPtr2 = &^((byte_0_2 = numArray) == null || (int) Class37.smethod_0(byte_0_2) == 0 ? (byte&) Class4.smethod_0(280) : @byte_0_2[Class4.smethod_0(284)])) { int* numPtr3 = (int*) numPtr1; int* numPtr4 = (int*) numPtr2; int num1 = Class4.smethod_0(288); while (num1 < (int) Class37.smethod_0(eData) >> Class4.smethod_0(312)) { int* numPtr5 = numPtr3; IntPtr num2 = (IntPtr) Class4.smethod_0(292); int* numPtr6 = (int*) ((IntPtr) numPtr5 + num2); int int_2 = GClass0.smethod_2(*numPtr5); int* numPtr7 = numPtr6; IntPtr num3 = (IntPtr) Class4.smethod_0(296); numPtr3 = (int*) ((IntPtr) numPtr7 + num3); int int_3 = GClass0.smethod_2(*numPtr7); this.ccfae92404b1d8caf890158f763ac579b(ref int_2, ref int_3); int* numPtr8 = numPtr4; IntPtr num4 = (IntPtr) Class4.smethod_0(300); int* numPtr9 = (int*) ((IntPtr) numPtr8 + num4); int num5; int num6 = num5 = GClass0.smethod_2(int_2); *numPtr8 = num5; int* numPtr10 = numPtr9; IntPtr num7 = (IntPtr) Class4.smethod_0(304); numPtr4 = (int*) ((IntPtr) numPtr10 + num7); int num8; int_3 = num8 = GClass0.smethod_2(int_3); *numPtr10 = num8; num1 += Class4.smethod_0(308); } // ISSUE: cast to a reference type // ISSUE: variable of a reference type byte& local1 = (byte&) Class4.smethod_0(316); // ISSUE: cast to a reference type // ISSUE: variable of a reference type byte& local2 = (byte&) Class4.smethod_0(320); return numArray; } } }
Esta función creo que es la que realmente desencripta usando dos valores enteros (supongo que uno será el que está en el archivo y el otro el que se usa para desencriptar):
Código PHP:
private void ccfae92404b1d8caf890158f763ac579b(ref int int_2, ref int int_3) { Class4.smethod_0(376); int num1 = Class4.smethod_0(380); int num2; do { num2 = this.int_0[Class4.smethod_0(384) - num1] ^ int_2; int_2 = (this.int_1[Class4.smethod_0(388), (int) (byte) (num2 >> Class4.smethod_0(392))] + this.int_1[Class4.smethod_0(396), (int) (byte) (num2 >> Class4.smethod_0(400))] ^ this.int_1[Class4.smethod_0(404), (int) (byte) (num2 >> Class4.smethod_0(408))]) + this.int_1[Class4.smethod_0(412), (int) (byte) num2] ^ int_3; int_3 = num2; num1 += Class4.smethod_0(416); } while (num1 < Class4.smethod_0(420)); int_3 = this.int_0[Class4.smethod_0(424)] ^ int_2; int_2 = this.int_0[Class4.smethod_0(428)] ^ num2; }
La función Class41.smethod_0:
Código PHP:
internal static byte[] smethod_0(int int_0) { return new byte[int_0]; }
la función Class37.smethod_0:
Código PHP:
internal static UIntPtr smethod_0(byte[] byte_0) { return (UIntPtr) byte_0.Length; }
La función Class4.smethod_0:
Código PHP:
internal static int smethod_0(int int_1) { return BitConverter.ToInt32(Class4.byte_0, int_1); }
La parte donde se define Class4.byte_0:
Código PHP:
internal sealed class Class4 { internal static readonly byte[] byte_0; internal readonly int int_0;
static Class4() { if (Class4.byte_0 != null) return; byte[] bytes = Convert.FromBase64String("UmVzaWRlbnQgRXZpbCBSZXZlbGF0aW9ucyAyIERlY3J5cHRlciU="); Class4.byte_0 = Class6.smethod_1(97L, Assembly.GetExecutingAssembly().GetManifestResourceStream(Encoding.UTF8.GetString(bytes, 0, bytes.Length))); } ...
El botón donde se encripta:
Código PHP:
private void button_2_Click(object sender, EventArgs e) { File.WriteAllBytes(this.string_0, new Form1.GClass1(this.byte_0).Encrypt(File.ReadAllBytes(this.string_0))); int num = (int)MessageBox.Show(Class5.c39c0e0f1863ae92a6bb9f1c4d11eea98(95)); }
Para la funcion encriptadora:
Código PHP:
public unsafe byte[] Encrypt(byte[] uData) { byte[] numArray = Class41.smethod_0((int) Class37.smethod_0(uData)); byte[] byte_0_1; // ISSUE: cast to a reference type // ISSUE: explicit reference operation // ISSUE: explicit reference operation fixed (byte* numPtr1 = &^((byte_0_1 = uData) == null || (int) Class37.smethod_0(byte_0_1) == 0 ? (byte&) Class4.smethod_0(220) : @byte_0_1[Class4.smethod_0(224)])) { byte[] byte_0_2; // ISSUE: cast to a reference type // ISSUE: explicit reference operation // ISSUE: explicit reference operation fixed (byte* numPtr2 = &^((byte_0_2 = numArray) == null || (int) Class37.smethod_0(byte_0_2) == 0 ? (byte&) Class4.smethod_0(228) : @byte_0_2[Class4.smethod_0(232)])) { int* numPtr3 = (int*) numPtr2; int* numPtr4 = (int*) numPtr1; int num1 = Class4.smethod_0(236); while (num1 < (int) Class37.smethod_0(uData) >> Class4.smethod_0(260)) { int* numPtr5 = numPtr4; IntPtr num2 = (IntPtr) Class4.smethod_0(240); int* numPtr6 = (int*) ((IntPtr) numPtr5 + num2); int int_2 = GClass0.smethod_2(*numPtr5); int* numPtr7 = numPtr6; IntPtr num3 = (IntPtr) Class4.smethod_0(244); numPtr4 = (int*) ((IntPtr) numPtr7 + num3); int int_3 = GClass0.smethod_2(*numPtr7); this.c0c1ef294051644e1e4a229a2e6a0ee04(ref int_2, ref int_3); int* numPtr8 = numPtr3; IntPtr num4 = (IntPtr) Class4.smethod_0(248); int* numPtr9 = (int*) ((IntPtr) numPtr8 + num4); int num5; int num6 = num5 = GClass0.smethod_2(int_2); *numPtr8 = num5; int* numPtr10 = numPtr9; IntPtr num7 = (IntPtr) Class4.smethod_0(252); numPtr3 = (int*) ((IntPtr) numPtr10 + num7); int num8; int_3 = num8 = GClass0.smethod_2(int_3); *numPtr10 = num8; num1 += Class4.smethod_0(256); } // ISSUE: cast to a reference type // ISSUE: variable of a reference type byte& local1 = (byte&) Class4.smethod_0(264); // ISSUE: cast to a reference type // ISSUE: variable of a reference type byte& local2 = (byte&) Class4.smethod_0(268); return numArray; } } }
Esta función creo que es la que realmente encripta usando dos valores enteros (supongo que uno será el que está en el archivo y el otro el que se usa para encriptar):
Código PHP:
private void c0c1ef294051644e1e4a229a2e6a0ee04(ref int int_2, ref int int_3) { Class4.smethod_0(324); int index = Class4.smethod_0(328); int num; do { num = this.int_0[index] ^ int_2; int_2 = (this.int_1[Class4.smethod_0(332), (int) (byte) (num >> Class4.smethod_0(336))] + this.int_1[Class4.smethod_0(340), (int) (byte) (num >> Class4.smethod_0(344))] ^ this.int_1[Class4.smethod_0(348), (int) (byte) (num >> Class4.smethod_0(352))]) + this.int_1[Class4.smethod_0(356), (int) (byte) num] ^ int_3; int_3 = num; index += Class4.smethod_0(360); } while (index < Class4.smethod_0(364)); int_3 = this.int_0[Class4.smethod_0(368)] ^ int_2; int_2 = this.int_0[Class4.smethod_0(372)] ^ num; }
|