Target: Victim
Format: GBF (Encrypted file table and contained files)
Algo:
a1 - InBufferPHP Code:
#define HIDWORD(x) (*((_DWORD*)&(x)+1))
#define LOBYTE(x) (*((_BYTE*)&(x)))
typedef unsigned char _BYTE;
typedef unsigned int _DWORD;
__int16 __stdcall GBF_Decrypt(int a1, int a2, unsigned __int64 a3)
{
unsigned int v3;
unsigned int v4;
__int16 result;
unsigned __int8 v6;
v3 = 0;
v4 = 0;
if ( a3 > 0 )
{
do
{
do
{
result = (char)(v3 + 1) * (char)((_BYTE)v3 ^ 0xCA);
LOBYTE(result) = *(_BYTE *)(v3 + a1) ^ (result - 84);
v6 = v3++ >= 0xFFFFFFFF;
*(_BYTE *)(v3 + a2 - 1) = result;
v4 += v6;
}
while ( v4 < HIDWORD(a3) );
}
while ( v4 <= HIDWORD(a3) && v3 < (_DWORD)a3 );
}
return result;
}
a2 - OutBuffer
a3 - Size
Usage:
For those who will make unpacker. Test source's attachedPHP Code:
GBF_Decrypt((int)InBuffer,(int)OutBuffer,size);
Please register or login to download attachments.