Actlon
April 8th, 2002, 23:14
Hi - I've recently been playing with the LaserLock v5.00 protection scheme & have come up against a question;
Given a dumped version of a running target I've been able to get the translated API calls. I've also got the LaserLock dll (with the CallDLL export) for the target, have located the info block followed by a list of RVA's with encrypted data indicating the correct api import.
Based on this I've discovered the encrypted data should be xor'ed with the key in the in info block and then there is a secondary key. Given the 'answers' & the original data I have been able to determine the values, which seem to be applied in circular fashion - ie:
long secondary_key[9] = { 0x8C01, 0x1A46, 0x978F,
0xF7AB, 0xA4C0, 0x7BF8,
0xAF42, 0x60B5, 0xAB2E };
long primary_key = /*what ever it is*/;
for(i = 0; i < numCalls; i++) {
long x = ( encrypt_data[I] ^ primary_key ) ^ secondary_key[i%9];
data[ rva[I] - 4 ] = x;
}
These values have come from Worm World Party - the question is; are the secondary keys fixed for the version of LaserLock or is it either tabulated somewhere (& specific to WWP) or algorithmically determined ? can anyone help me - thanks !
Given a dumped version of a running target I've been able to get the translated API calls. I've also got the LaserLock dll (with the CallDLL export) for the target, have located the info block followed by a list of RVA's with encrypted data indicating the correct api import.
Based on this I've discovered the encrypted data should be xor'ed with the key in the in info block and then there is a secondary key. Given the 'answers' & the original data I have been able to determine the values, which seem to be applied in circular fashion - ie:
long secondary_key[9] = { 0x8C01, 0x1A46, 0x978F,
0xF7AB, 0xA4C0, 0x7BF8,
0xAF42, 0x60B5, 0xAB2E };
long primary_key = /*what ever it is*/;
for(i = 0; i < numCalls; i++) {
long x = ( encrypt_data[I] ^ primary_key ) ^ secondary_key[i%9];
data[ rva[I] - 4 ] = x;
}
These values have come from Worm World Party - the question is; are the secondary keys fixed for the version of LaserLock or is it either tabulated somewhere (& specific to WWP) or algorithmically determined ? can anyone help me - thanks !