bool LoginEncryption(Client &client)
{
ud_instr iRet{ UD_Iret, { ud_arg::imm(4) } };
ud_instr iCmp{ UD_Icmp, { ud_arg::reg(), ud_arg::imm(0x10000) } };
int start;
if (!client.Find(Hooks::sendFunc, &start))
return false;//find beginning of the function
int end = start;
if (!client.Find(iRet, &end, 128))
return false;//find end of the function
int i = start;
if (!client.Find(iCmp, &i, end - start)) //find cmp, 0x10000 in this function
if (!client.FindAndFollow(UD_Icall, &i, start - end) || !client.Find(iCmp, &i, 16))
return false;//or in a call in this function
int dest = i += 2;
if (!client.Find(UD_Ijnz, &dest, 8))
return false;//find conditional jump after cmp
client.Hook(i, client[dest].destination());
return true;
}
//---------------------------------------------------------------------------//
//---------------------------------------------------------------------------//
//---------------------------------------------------------------------------//
void Intro(Client &client)
{
BYTE intro[10] = "intro.bik";
BYTE osilogo[12] = "osilogo.bik";
BYTE splash[12] = "Splash gump";
BYTE *offset;
if (client.Find(intro, &offset))
client.Set<BYTE>(offset, '_');
if (client.Find(osilogo, &offset))
client.Set<BYTE>(offset, '_');
if (client.Find(splash, &offset))
{
ud_instr iSplash{ UD_Imov, { ud_arg::mem(UD_R_ESI, 8), ud_arg::imm((UINT)offset) } };
ud_instr iTimeout{ UD_Imov, { ud_arg::reg(UD_R_EAX), ud_arg::mem(UD_R_ESP) } };
int i;
if (client.Find(iSplash, &i) && client.Find(iTimeout, &i, 32))
{
BYTE *offset = (BYTE*)client[i].offset;
//xor eax, eax
client.Set<BYTE>(offset, 0x33);
client.Set<BYTE>(offset + 1, 0xC0);
//xor eax, eax
client.Set<BYTE>(offset + 2, 0x33);
client.Set<BYTE>(offset + 3, 0xC0);
}
}
}
bool ProtocolDecryption(Client &client)
{
ud_instr iCmp{ UD_Icmp, { ud_arg::reg(UD_R_EDI), ud_arg::imm(0xFF) } };
int i;
if (!client.Find((LPVOID)Hooks::vtbl[5], &i))
return false;//get fifth function in socket vtbl
if (!client.Find(iCmp, &i, 32))
return false;//find cmp, -1 in this function
int dest = i += 2;
if (!client.Find(UD_Ijz, &dest, 4))
return false;//find conditional jump after cmp
client.Hook(i, client[dest].destination(), 3);
return true;
}
bool TwoFishEncryption(Client &client)
{
int i;
if (!client.Find((LPVOID)Hooks::vtbl[6], &i))
return false;//get sixth function in socket vtbl
if (!client.FindAndFollow(UD_Icall, &i, 4))
return false;//follow first call
if (!client.FindAndFollow(UD_Ijnz, &i, 8))
return false;//follow first jnz
int dest = i;
if (!client.Find(UD_Ijz, &dest, 4))
return false;//find next jz
client.Hook(i, client[dest].destination());
return true;
}
