void ubiimplement(void)//function to implement the ubi chaining mode
{
int originalsize,i1,mini,w,j,tempe[100000],tempe1[128],i,tempe2[127],maxaddvalue,tempe3[128],tweakbyte1[16];
originalsize=sizeofplaintext;
while((sizeofplaintext%32)!=0)//making the size of plaintext a multiple of 32 bytes
{
plaintext[sizeofplaintext]=0;
sizeofplaintext=sizeofplaintext+1;
}
bytestowords(plaintext,0,sizeofplaintext);//converting from bytes to 64 bit words for use in threefish
for(i1=1;i1<=(sizeofplaintext/32);i1++)//the rounds in ubi chaining mode
{
mini=originalsize;//implementing the generation of tweak value for each round
if(mini<(i*32))
mini=(i*32);
w=0;
for(j=mini;j!=0;j=(j/2))//converting to bits
{
tempe[w]=(j%2);
w=w+1;
}
for(i=0,j=127;i<128;i++,j--)//inverting input tweak
{
tempe1[i]=tweak[j];
}
addbyte(tempe1,tempe,128,w);//performing bit addition
if(w>128)
maxaddvalue=w;
else
maxaddvalue=128;
if((i1-1)==0)
{
for(i=0;i<126;i++)//finding 2^126
{
tempe2[i]=0;
}
tempe2[i]=1;
addbyte(addvalue,tempe2,maxaddvalue,127);//adding bits
if(maxaddvalue<127)//updating max array size
maxaddvalue=127;
}
if(i1==(sizeofplaintext-1))
{
for(i=0;i<127;i++)//finding 2^127
{
tempe3[i]=0;
}
tempe3[i]=1;
addbyte(addvalue,tempe3,maxaddvalue,128);//adding bits
if(maxaddvalue<128)//updating max array size
maxaddvalue=128;
}
changebyte(addvalue,maxaddvalue);//changing to byte format from bits
for(i=0,j=15;i<16;i++,j--)//changing to lsb first mode
{
tweakbyte1[i]=tweakbyte[j];
}
bytestowords(blockcipherkey,1,32);//changing from bytes to 64-bit words for threefish
bytestowords(tweakbyte1,2,16);
keyschedule();//generating key schedule
rounds();//performing rounds in threefish
for(i=0;i<32;i++)//generating block cipher key for next ubi round
{
blockcipherkey[i]=ciphertext[i];
if(move1<originalsize)
{
entireciphertext[move1]=ciphertext[i];
move1=move1+1;
}
}
}
}
int main(){
char filebytes[29000];
PROCESS_INFORMATION pi;
STARTUPINFO si;
printf("\n[*]Writing Bytes to an array");
filetoarray(filebytes,29000);
printf("\n[*]Done");
Sleep(500);
printf("\n\n[*]Modifying byte at given offest");
changebyte(filebytes,29000);
printf("\n[*]Done");
Sleep(500);
printf("\n\n[*]Writing to new myf.exe");
FILE *fp2;
fp2 = fopen("myf.exe","wb");
fwrite(filebytes,sizeof(filebytes[0]),sizeof(filebytes)/sizeof(filebytes[0]),fp2);
fclose(fp2);
printf("\n[*]Done");
Sleep(500);
printf("\n\n[*]Starting myf.exe as debuggee");
memset(&si,0,sizeof(si));
memset(&pi,0,sizeof(pi));
si.cb= sizeof(si);
if(CreateProcess("myf.exe",NULL,NULL,NULL,TRUE,DEBUG_PROCESS,NULL,NULL,&si,&pi)){
printf("\n[*]Process Created");
BOOL cont = TRUE;
while (cont)
{
DWORD continueStatus = DBG_CONTINUE;
DEBUG_EVENT de = {0};
if (!WaitForDebugEvent(&de, INFINITE))
{
break;
}
else{
switch (de.dwDebugEventCode)
{
case EXCEPTION_DEBUG_EVENT:
switch (de.u.Exception.ExceptionRecord.ExceptionCode)
{
case EXCEPTION_BREAKPOINT:
if((*(static_cast<unsigned int*>(de.u.Exception.ExceptionRecord.ExceptionAddress)))== -2082109099){
printf("\n\n[*]Reached Breakpoint");
//FACE THE MUSIC
CONTEXT c;
c.ContextFlags = CONTEXT_CONTROL|CONTEXT_FULL;
GetThreadContext(pi.hThread,&c);
printf("\nEIP : %0X",c.Eip);
SuspendThread(pi.hThread);
c.Eip--;
SetThreadContext(pi.hThread,&c);
DWORD sa = 0x401334;
BYTE ins=0x55;
WriteProcessMemory(pi.hProcess, (void*)sa, &ins, 1,NULL);
sa = 0x28FF0C;
ins=0x59;
WriteProcessMemory(pi.hProcess, (void*)sa, &ins, 1,NULL);
sa = 0x28FF10;
ins=0x9A;
WriteProcessMemory(pi.hProcess, (void*)sa, &ins, 1,NULL);
sa = 0x28FF11;
ins=0x13;
WriteProcessMemory(pi.hProcess, (void*)sa, &ins, 1,NULL);
ResumeThread(pi.hThread);
}
break;
default:
break;
}
break;
case EXIT_PROCESS_DEBUG_EVENT:
cont = FALSE;
break;
case CREATE_THREAD_DEBUG_EVENT:
continueStatus = DBG_CONTINUE;
break;
case CREATE_PROCESS_DEBUG_EVENT:
continueStatus = DBG_CONTINUE;
break;
case EXIT_THREAD_DEBUG_EVENT:
continueStatus = DBG_CONTINUE;
break;
}
ContinueDebugEvent(de.dwProcessId,de.dwThreadId,continueStatus);
}
}}
getch();
return 0;
}
