void Blowfish_Decrypt_Buffer(BlowfishContext *ctx, uint32_t *buffer, uint32_t length) { uint32_t *buf = (uint32_t *)buffer; unsigned int i; for (i=0;i<length; i+=8, buf+=2) Blowfish_Decrypt(ctx, buf, buf+1); }
int decryption (char *key, unsigned char *decrypt_string, unsigned char *crypt64) { BLOWFISH_CTX ctx; unsigned long message_left; unsigned long message_right; int block_len; int n,i; int keylen = strlen(key); unsigned char ciphertext_buffer[TAILLE]; unsigned char *ciphertext_string = &ciphertext_buffer[0]; int ciphertext_len, ciphertext_len_sav; ciphertext_len_sav = decode_base64( crypt64, ciphertext_string); //ciphertext_len = strlen (ciphertext_string); ciphertext_len = ciphertext_len_sav; Blowfish_Init(&ctx, key, keylen); while(ciphertext_len) { message_left = message_right = 0UL; for (block_len = 0; block_len < 4; block_len++) { message_left = message_left << 8; message_left += *ciphertext_string++; if (ciphertext_len) ciphertext_len--; } for (block_len = 0; block_len < 4; block_len++) { message_right = message_right << 8; message_right += *ciphertext_string++; if (ciphertext_len) ciphertext_len--; } Blowfish_Decrypt(&ctx, &message_left, &message_right); /* save the results of decryption */ *decrypt_string++ = (unsigned char)(message_left >> 24); *decrypt_string++ = (unsigned char)(message_left >> 16); *decrypt_string++ = (unsigned char)(message_left >> 8); *decrypt_string++ = (unsigned char)message_left; *decrypt_string++ = (unsigned char)(message_right >> 24); *decrypt_string++ = (unsigned char)(message_right >> 16); *decrypt_string++ = (unsigned char)(message_right >> 8); *decrypt_string++ = (unsigned char)message_right; } return ciphertext_len; }
static void paz_decrypt(DWORD *cipher, DWORD cipher_length, unsigned char *key, int key_len) { BLOWFISH_CTX ctx; DWORD i; Blowfish_Init(&ctx, key, key_len); for (i = 0; i < cipher_length / 8; i++) Blowfish_Decrypt(&ctx, &cipher[i * 2 + 0], &cipher[i * 2 + 1]); }
static forceinline void Decrypt(_BLOWFISH_CTX *ctx,unsigned long *IV_L,unsigned long *IV_R,unsigned long *left,unsigned long *right) { unsigned long tl=*left; unsigned long tr=*right; Blowfish_Decrypt(ctx,left,right); *left ^=*IV_L; *right^=*IV_R; *IV_L^=tl; *IV_R^=tr; };
int main(void) { unsigned long L = 1, R = 2; BLOWFISH_CTX ctx; printf("%d\n", Blowfish_Test(&ctx)); Blowfish_Init (&ctx, (unsigned char*)"TESTKEY", 7); Blowfish_Encrypt(&ctx, &L, &R); printf("%08lX %08lX\n", L, R); assert(L == 0xDF333FD2L && R == 0x30A71BB4L); Blowfish_Decrypt(&ctx, &L, &R); assert(L == 1 && R == 2); }
int Blowfish_Test(BlowfishContext *ctx) { uint32_t L = 1, R = 2; Blowfish_Init (ctx, (unsigned char*)"TESTKEY", 7); Blowfish_Encrypt(ctx, &L, &R); if (L != 0xDF333FD2L || R != 0x30A71BB4L) return (-1); Blowfish_Decrypt(ctx, &L, &R); if (L != 1 || R != 2) return (-1); return (0); }
static gpointer parallel_blowfish(unsigned int start, unsigned int end, void *data, gint thread_number) { BLOWFISH_CTX ctx; unsigned int i; unsigned long L, R; L = 0xBEBACAFE; R = 0xDEADBEEF; for (i = start; i <= end; i++) { Blowfish_Init(&ctx, (unsigned char*)data, 65536); Blowfish_Encrypt(&ctx, &L, &R); Blowfish_Decrypt(&ctx, &L, &R); } return NULL; }
int main() { unsigned long L = 1, R = 2; BLOWFISH_CTX ctx; Blowfish_Init (&ctx, (unsigned char*)"TESTKEY", 7); Blowfish_Encrypt(&ctx, &L, &R); printf("%08lX %08lX\n", L, R); if (L == 0xDF333FD2L && R == 0x30A71BB4L) printf("Test encryption OK.\n"); else printf("Test encryption failed.\n"); Blowfish_Decrypt(&ctx, &L, &R); if (L == 1 && R == 2) printf("Test decryption OK.\n"); else printf("Test decryption failed.\n"); return 0; }
static void BlowFishDecode(int len,BYTE *source,int len_key,BYTE* init) { BLOWFISH_CTX ctx; unsigned long lvalue,rvalue; int i; Blowfish_Init(&ctx,init,len_key); for (i=0; i < (len /8); i++) { lvalue = *source << 24 | *(source+1) << 16 | +*(source+2) << 8 | *(source+3); rvalue = *(source+4) << 24 | *(source+5) << 16 | +*(source+6) << 8 | *(source+7); Blowfish_Decrypt(&ctx,&lvalue,&rvalue); WORD_WRITE(source,lvalue >> 16); WORD_WRITE(source,lvalue & 0x0000ffff); WORD_WRITE(source,rvalue >> 16); WORD_WRITE(source,rvalue & 0x0000ffff); } }
/*--------------------------------------------------------------------------------*/ void ABlowfish::Decrypt(const uint8_t *src, uint8_t *dst, uint32_t& iv1, uint32_t& iv2) { BLOWFISH_CTX *ctx = (BLOWFISH_CTX *)GetContext(); uint32_t l, r, iv1_1 = iv1, iv2_1 = iv2; // copy bytes into 2 32-bit variables memcpy(&l, src, sizeof(l)); memcpy(&r, src + sizeof(l), sizeof(r)); // for little endian machines, swap bytes to make all data big-endian if (!MachineIsBigEndian()) { l = SwapBytes(l); r = SwapBytes(r); } // return new initialisation vectors (for CBC mode) iv1 = l; iv2 = r; // decrypt data Blowfish_Decrypt(ctx, &l, &r); // XOR in initialisation vectors (for CBC mode) l ^= iv1_1; r ^= iv2_1; // zero local variables for security iv1_1 = iv2_1 = 0; // for little endian machines, swap bytes back to make all data little-endian if (!MachineIsBigEndian()) { l = SwapBytes(l); r = SwapBytes(r); } // copy bytes to destination memcpy(dst, &l, sizeof(l)); memcpy(dst + sizeof(l), &r, sizeof(r)); l = r = 0; // clear local variables to prevent security leaks }
static forceinline void Decrypt(_BLOWFISH_CTX *ctx,unsigned long *IV_L,unsigned long *IV_R,unsigned long *left,unsigned long *right) { (void) IV_L; (void) IV_R; Blowfish_Decrypt(ctx,left,right); };
int pkg_load(const char* filename, char* key, int keyLen) { BLOWFISH_CTX userEnc; BLOWFISH_CTX emuEnc; FileInfo* fi; int i; int len; FILE* f; f = fopen(filename, "rb"); if (f == NULL) { return 0; } fseek(f, 0, SEEK_END); len = ftell(f); fseek(f, 0, SEEK_SET); if (len <= 0) { fclose(f); return 0; } pkg_buf = (char*)malloc(len); len = fread(pkg_buf, 1, len, f); if (len <= 0) { free(pkg_buf); pkg_buf = NULL; fclose(f); return 0; } fclose(f); // Decrypt using private emulator key Blowfish_Init(&emuEnc, (unsigned char*)AuthKey, (int)strlen(AuthKey)); for (i = 0; i < len; i += 8) { unsigned long* l = (unsigned long*)(pkg_buf + i + 0); unsigned long* r = (unsigned long*)(pkg_buf + i + 4); Blowfish_Decrypt(&emuEnc, l, r); } // Decrypt using user key if (keyLen > 0) { Blowfish_Init(&userEnc, (unsigned char*)key, keyLen); } else { unsigned char val = 0; Blowfish_Init(&userEnc, &val, 1); } for (i = 0; i < len; i += 8) { unsigned long* l = (unsigned long*)(pkg_buf + i + 0); unsigned long* r = (unsigned long*)(pkg_buf + i + 4); Blowfish_Decrypt(&userEnc, l, r); } // Unsalt data for (i = 0; i < len - 8; i++) { pkg_buf[i] ^= pkg_buf[len - 8 + (i & 7)]; } if (memcmp(pkg_buf, PKG_HDR, PKG_HDR_SIZE) != 0) { free(pkg_buf); pkg_buf = NULL; return 0; } fi = (FileInfo*)(pkg_buf + 16); while (fi->offset != 0) { printf("%d\t%d\t%s\n", fi->offset, fi->length, fi->path); fi++; } return 1; }
/* Parses packfile and writes out all files within it. * Preserves directory structure. */ int unpack_file() { check_handle(); printf("Packfile size: %d bytes (%d MB)\n", get_filesize(), get_filesize()/1024/1024); uint32_t itemcount = get_itemcount(); printf("%d (0x%04x) items in packfile.\n\n", itemcount, itemcount); packitem files[itemcount]; // list of file entries // populate list of items uint32_t i; for(i=0; i<itemcount; ++i) { packitem p; fread(&p, sizeof(p), 1, packfile); files[i] = p; if(using_blowfish != 0) { // LZSS header in encrypted packfile is worthless, toss it out files[i].start += 0x08; files[i].length -= 0x08; } } // write out each file for(i=0; i<itemcount; ++i) { fseek(packfile, files[i].start, SEEK_SET); printf("[%4d] %08x .. %s\n", i + 1, files[i].start, files[i].name); buff = (char*) malloc(sizeof(char) * files[i].length); // set buffer to size of file size_t result = fread(buff, 1, files[i].length, packfile); if(result != files[i].length) { printf(" - WARNING: Expected %d bytes, only read %d bytes.\n", files[i].length, result); } if(using_blowfish != 0) { // decrypt if necessary int half_block = sizeof(unsigned long); int j; unsigned long L, R; for(j=0; j<result; j+=(2*half_block)) { memcpy(&L, &buff[j], half_block); memcpy(&R, &buff[j+half_block], half_block); Blowfish_Decrypt(&cipher, &L, &R); memcpy(&buff[j], &L, half_block); memcpy(&buff[j+half_block], &R, half_block); } } substitute_chars(files[i].name, '\\', '/'); // packfile uses \ for its path separator, change to / char outputname[MAX_PATH + 1]; strncpy(outputname, outputfolder, MAX_PATH + 1); strcat(outputname, "/"); strcat(outputname, files[i].name); prepare_directory_tree(outputname); printf(" - Writing to %s...\n", outputname); outputfile = fopen(outputname, "wb"); if(outputfile == NULL) { perror(" - ERROR: "); } fwrite(buff, 1, files[i].length, outputfile); fclose(outputfile); if(using_decompressor != 0) { // decompress output file if enabled char command[MAX_PATH * 2 + 14]; strcpy(command, "LLZSS.exe "); strncat(command, outputname, MAX_PATH + 1); strcat(command, " "); strncat(command, outputname, MAX_PATH + 1); strcat(command, " -d"); printf(" - Decompressing %s...\n", outputname); system(command); } free(buff); } return 0; }
void NamedPipeThread(void* pParam) { HANDLE hFile=INVALID_HANDLE_VALUE; char chBuf[BUFSIZE]; BOOL fSuccess; DWORD cbRead, dwMode; char szPipeName[MAX_PATH]; char szOutputBuffer[2 * MAX_PATH]; DWORD dwDataChunk1, dwDataChunk2; char* lpszServer = (char*)pParam; // pParam is the name of the server to connect to int i; ::ZeroMemory(szPipeName, MAX_PATH); ::ZeroMemory(szOutputBuffer, 2 * MAX_PATH); int nError = 2; if (stricmp(lpszServer, "\\\\localhost") == 0 || stricmp(lpszServer, "\\\\127.0.0.1") == 0) { _snprintf(szPipeName, MAX_PATH, PIPE_FORMAT, "\\\\.", szGUID); while (nError == 2) { BOOL bPipe = WaitNamedPipe(szPipeName, 30000); if (!bPipe) { // Error 2 means the pipe is not yet available, keep trying nError = GetLastError(); Sleep(100); } else nError = 0; } hFile = CreateFile(szPipeName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); while(GetLastError() == ERROR_PIPE_BUSY) { Sleep(100); hFile = CreateFile(szPipeName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); } if(hFile == INVALID_HANDLE_VALUE) { printf("CreateFile failed to create a new client-side pipe: error %d\n", GetLastError()); return; } } else { _snprintf(szPipeName, MAX_PATH, PIPE_FORMAT, lpszServer, szGUID); while (nError == 2) { BOOL bPipe = WaitNamedPipe(szPipeName, 30000); if (!bPipe) { // Error 2 means the pipe is not yet available, keep trying nError = GetLastError(); Sleep(100); } else nError = 0; } hFile = CreateFile(szPipeName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); if(hFile == INVALID_HANDLE_VALUE) { printf("CreateFile failed to create a new client-side pipe: error %d\n", GetLastError()); return; } } do { dwMode = PIPE_READMODE_MESSAGE; fSuccess = SetNamedPipeHandleState(hFile, &dwMode, NULL, NULL); if (!fSuccess) { printf("SetNamedPipeHandleState failed, error %d\n", GetLastError()); return; } ::ZeroMemory(chBuf, BUFSIZE); fSuccess = ReadFile(hFile, chBuf, BUFSIZE, &cbRead, NULL); if (!fSuccess) { printf("ReadFile failed with %d.\n", GetLastError()); break; } else { // Received a valid message - decode it if (cbRead >= 3) { if (chBuf[0] == 0) { // Terminate the thread // Need to connect once more here so that the target knows the message has been received and unblocks CloseHandle(hFile); hFile=INVALID_HANDLE_VALUE; /*hFile = CreateFile(szPipeName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); if(hFile == INVALID_HANDLE_VALUE) { printf("CreateFile failed to create a new client-side pipe: error %d\n", GetLastError()); return; }*/ break; } else if (chBuf[0] == 2) { // This is hash data from the target // Hash data will be 64 encrypted bytes followed by the user's name // Store in an appropriate structure USERINFO* pTemp; BYTE cUserBlocks = chBuf[2]; if (lpUserInfoArray == NULL) { lpUserInfoArray = (USERINFO*)GlobalAlloc(GMEM_FIXED, sizeof(USERINFO)); nUserInfoArraySize = 1; pTemp = lpUserInfoArray; } else { lpUserInfoArray = (USERINFO*)GlobalReAlloc((HGLOBAL)lpUserInfoArray, (nUserInfoArraySize + 1) * sizeof(USERINFO), GMEM_MOVEABLE); int n = sizeof(USERINFO); pTemp = lpUserInfoArray + nUserInfoArraySize; // (nUserInfoArraySize * sizeof(USERINFO)); ++nUserInfoArraySize; } // Copy data to the structure for (i = 0; i < 64; i++) { pTemp->cHash[i] = chBuf[i + 3]; } // Decrypt user and hash data /*char temp[400]; memset(temp, 0, 400); memcpy(temp, &(chBuf[3]), 30); printf("Message size: %d, raw data: %s\n",cUserBlocks, temp);*/ // User data for (i = 0; i <= cUserBlocks; i++) { ConvertToBlowfishLongs(chBuf + (i * 8) + 67, &dwDataChunk1, &dwDataChunk2); Blowfish_Decrypt(&ctx, &dwDataChunk1, &dwDataChunk2); // Unicode pointer math - only increment by 1/2 memcpy(&(pTemp->wszUser[(i * 4)]), &dwDataChunk1, 4); memcpy(&(pTemp->wszUser[(i * 4) + 2]), &dwDataChunk2, 4); } // Hash data for (i = 0; i < 4; i++) { ConvertToBlowfishLongs(chBuf + (i * 8) + 3, &dwDataChunk1, &dwDataChunk2); Blowfish_Decrypt(&ctx, &dwDataChunk1, &dwDataChunk2); memcpy(pTemp->cHash + (i * 8), &dwDataChunk1, 4); memcpy(pTemp->cHash + (i * 8) + 4, &dwDataChunk2, 4); } } else if (chBuf[0] == 3) { // Status message - just print it out printf("%ls\n", chBuf + 67/*267*/); } else { // Unknown message printf("Invalid message received from target host: %d\n", chBuf[0]); } } else printf("Invalid data received (length was %d)\n", cbRead); // Purge data from the pipe CloseHandle(hFile); hFile = CreateFile(szPipeName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); while(GetLastError() == ERROR_PIPE_BUSY) { Sleep(100); if (!WaitNamedPipe(szPipeName, 20000)) { printf("Timed out waiting to get our pipe back\n"); return; } hFile = CreateFile(szPipeName, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); } if(hFile == INVALID_HANDLE_VALUE) { printf("CreateFile failed to create a new client-side pipe: error %d\n", GetLastError()); return; } } } while (1); if (hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile); return; }