added tree long calculation and sha256 stuff

Malware/Malware/Malware.cpp

@@ -6,6 +6,7 @@
 #include <cstdlib>
 #include <stdio.h>
 #include "encryption.h"
+#include "lonesha256.h"
 
 char* this_is_useful_fr_dont_miss_it(){ // it's not,  pure red herring
 	char* useful = (char*) malloc(sizeof(char)*100);
@@ -16,11 +17,23 @@ char* this_is_useful_fr_dont_miss_it(){ // it's not,  pure red herring
 	return useful;
 }
 
+bool is_good_hash(char* decoded){
+    unsigned char hash[32] = {0xf4,0xed,0x2a,0x38,0xd2,0xff,0xcc,0x38,0xbc,0x63,0x28,0x46,0xaf,0xe2,0x4f,0x34,0x2d,0xd8,0xb8,0x5e,0x74,0xbd,0x73,0x99,0x2d,0x91,0x56,0x24,0xb4,0x73,0x5d,0xee};
+    unsigned char hash_computed[32];
+    lonesha256(hash_computed, (unsigned char*) decoded, sizeof(char)*57);
+    for(int i = 0; i < 32; i++){
+        if(hash[i] != hash_computed[i]){
+            return false;
+        }
+    }
+    return true;
+}
+
 int _tmain(int argc, wchar_t* argv[])
 {
     if(argc <= 1){
         printf("Il est où l'argv??????");
-        exit(0);
+        exit(1);
     }
     // char* encoded = "Salut a tous les amis, gg pour avoir dechiffre ce string";
     char* encoded = "\x64\x55\x58\x41\x43\x14\x56\x13\x46\x5b\x47\x40\x14\x5e\x52\x47\x13\x56\x5e\x5d\x40\x1f\x13\x53\x54\x14\x42\x5b\x41\x40\x13\x53\x47\x58\x5d\x46\x14\x53\x51\x54\x5b\x5b\x52\x54\x41\x51\x12\x54\x51\x13\x44\x47\x46\x5a\x5d\x54";
@@ -31,11 +44,7 @@ int _tmain(int argc, wchar_t* argv[])
     key[8]='\0';
     // printf("Key: %s\n", key);
     encrypt_decrypt(key,encoded);
-    int sum = 0;
-    for(int i = 0; encoded[i] != '\0'; i++){
-        sum += (int) encoded[i];
-    }
-    if(sum == 5187){
+    if(is_good_hash(encoded)){
         printf("%s", encoded);
     } else {
         printf("%S", argv[1]);

Malware/Malware/Malware.vcxproj

@@ -130,6 +130,7 @@
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="encryption.h" />
+    <ClInclude Include="lonesha256.h" />
     <ClInclude Include="stdafx.h" />
     <ClInclude Include="targetver.h" />
     <ClInclude Include="tree.h" />

Malware/Malware/Malware.vcxproj.filters

@@ -30,6 +30,9 @@
     <ClInclude Include="encryption.h">
       <Filter>Fichiers d%27en-tête</Filter>
     </ClInclude>
+    <ClInclude Include="lonesha256.h">
+      <Filter>Fichiers d%27en-tête</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="stdafx.cpp">

Malware/Malware/encryption.cpp

@@ -1,28 +1,28 @@
 #include "stdafx.h" // IWYU pragma: keep
 #include "encryption.h"
 #include "tree.h"
-#include <cstddef>
-#include <cstdio>
+#ifdef _WIN32
 #include <windows.h>
+#endif
 
 // 1re étape: chaque bit de la clé d'entrée est un gauche ou droite dans l'arbre
 // l'arbre est de profondeur inégale et random
 
 Node* gen_tree(){
-    Node* r = (Node*) malloc(sizeof(Node)); // root
-    r->value = '1';
-    Node* a = (Node*) malloc(sizeof(Node)); // left
-    a->value = '8';
-    Node* aa = (Node*) malloc(sizeof(Node)); // left left
-    aa->value = '3';
-    Node* ab = (Node*) malloc(sizeof(Node));
-    ab->value = '7';
-    Node* b = (Node*) malloc(sizeof(Node));
-    b->value = '5';
-    Node* ba = (Node*) malloc(sizeof(Node));
-    ba->value = '4';
-    Node* bb = (Node*) malloc(sizeof(Node));
-    bb->value = '2';
+    Node* r = new Node(); // root
+    r->value ^= '1';
+    Node* a = new Node(); // left
+    a->value ^= '8';
+    Node* aa = new Node(); // left left
+    aa->value ^= ('3'^0xbe);
+    Node* ab = new Node();
+    ab->value ^= ('7'^0xef);
+    Node* b = new Node();
+    b->value ^= '5';
+    Node* ba = new Node();
+    ba->value ^= '4';
+    Node* bb = new Node();
+    bb->value ^= '2';
     // defining tree links
     r->left = a;
     r->right = b;
@@ -30,14 +30,8 @@ Node* gen_tree(){
     a->right = ab;
     b->left = ba;
     b->right = bb;
-    ab->left = NULL;
-    bb->left = NULL;
-    aa->left = NULL;
-    ba->left = NULL;
-    ab->right = NULL;
-    bb->right = NULL;
-    aa->right = NULL;
-    ba->right = NULL;
+    aa->value^=0xbe;
+    ab->value^=0xef;
     return r;
 }
 
@@ -70,8 +64,10 @@ char* derive_key_from_tree(char* key){
 }
 
 void encrypt_decrypt(char* key, char* msg){
+    #ifdef _WIN32
     DWORD old;
     VirtualProtect(msg, 0x100, PAGE_EXECUTE_READWRITE, &old);
+    #endif
     char* newkey = derive_key_from_tree(key);
     // printf("%s\n",newkey);
     int i = 0;
@@ -86,4 +82,4 @@ void encrypt_decrypt(char* key, char* msg){
         i++;
     }
     // printf("%s\n",msg);
-}
+}

Malware/Malware/lonesha256.h

@@ -0,0 +1,143 @@
+/*
+lonesha256.h - Portable, endian-proof, single-file, single-function sha256 implementation, originally based on LibTomCrypt
+
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring
+rights to this software to the public domain worldwide. This software is distributed without any warranty.
+You should have received a copy of the CC0 Public Domain Dedication along with this software.
+If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+
+/*
+lonesha256 supports the following three configurations:
+#define LONESHA256_EXTERN
+    Default, should be used when using lonesha256 in multiple compilation units within the same project.
+#define LONESHA256_IMPLEMENTATION
+    Must be defined in exactly one source file within a project for lonesha256 to be found by the linker.
+#define LONESHA256_STATIC
+    Defines the lonesha256() function as static, useful if lonesha256 is only used in a single compilation unit.
+
+lonesha256 function:
+(static|extern) int lonesha256 (unsigned char out[32], const unsigned char* in, size_t len)
+    writes the sha256 hash of the first "len" bytes in buffer "in" to buffer "out"
+    returns 0 on success, may return non-zero in future versions to indicate error
+*/
+
+//header section
+#ifndef LONESHA256_H
+#define LONESHA256_H
+
+//process configuration
+#ifdef LONESHA256_STATIC
+    #define LONESHA256_IMPLEMENTATION
+    #define LSHA256DEF static
+#else //LONESHA256_EXTERN
+    #define LSHA256DEF extern
+#endif
+
+//includes
+#include <stddef.h> //size_t
+
+//lonesha256 declaration
+LSHA256DEF int lonesha256(unsigned char[32], const unsigned char*, size_t);
+
+#endif //LONESHA256_H
+
+//implementation section
+// #ifdef LONESHA256_IMPLEMENTATION
+#undef LONESHA256_IMPLEMENTATION
+
+//macros
+#define S(x, n) (((((uint32_t)(x)&0xFFFFFFFFUL)>>(uint32_t)((n)&31))|((uint32_t)(x)<<(uint32_t)((32-((n)&31))&31)))&0xFFFFFFFFUL)
+#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n))
+#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
+#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
+#define RND(a,b,c,d,e,f,g,h,i) \
+    t0 = h + (S(e, 6) ^ S(e, 11) ^ S(e, 25)) + (g ^ (e & (f ^ g))) + K[i] + W[i]; \
+    t1 = (S(a, 2) ^ S(a, 13) ^ S(a, 22)) + (((a | b) & c) | (a & b)); \
+    d += t0; \
+    h  = t0 + t1;
+#define STORE32H(x, y) \
+    (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \
+    (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255);
+#define LOAD32H(x, y) \
+    x = ((uint32_t)((y)[0]&255)<<24)|((uint32_t)((y)[1]&255)<<16)|((uint32_t)((y)[2]&255)<<8)|((uint32_t)((y)[3]&255));
+#define STORE64H(x, y) \
+    (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \
+    (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \
+    (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \
+    (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255);
+#define SHA256_COMPRESS(buff) \
+    for (int i = 0; i < 8; i++) S[i] = sha256_state[i]; \
+    for (int i = 0; i < 16; i++) LOAD32H(W[i], buff + (4*i)); \
+    for (int i = 16; i < 64; i++) W[i] = Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16]; \
+    for (int i = 0; i < 64; i++) { \
+        RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i); \
+        t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; \
+        S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; \
+    } \
+    for (int i = 0; i < 8; i++) sha256_state[i] = sha256_state[i] + S[i];
+
+//includes
+#include <stdint.h> //uint32_t, uint64_t
+#include <string.h> //memcpy
+
+//lonesha256 function
+LSHA256DEF int lonesha256 (unsigned char out[32], const unsigned char* in, size_t len) {
+    //writes the sha256 hash of the first "len" bytes in buffer "in" to buffer "out"
+    //returns 0 on success, may return non-zero in future versions to indicate error
+    const uint32_t K[64] = {
+        0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+        0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+        0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+        0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+        0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+        0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+        0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+        0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+        0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+        0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+        0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+        0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+        0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+        0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+        0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+        0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+    };
+    uint64_t sha256_length = 0;
+    uint32_t sha256_state[8] = {
+        0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
+        0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL
+    }, S[8], W[64], t0, t1, t;
+    unsigned char sha256_buf[64];
+    //process input in 64 byte chunks
+    while (len >= 64) {
+       SHA256_COMPRESS(in);
+       sha256_length += 64 * 8;
+       in += 64;
+       len -= 64;
+    }
+    //copy remaining bytes into sha256_buf
+    memcpy(sha256_buf, in, len);
+    //finish up (len now number of bytes in sha256_buf)
+    sha256_length += len * 8;
+    sha256_buf[len++] = 0x80;
+    //pad then compress if length is above 56 bytes
+    if (len > 56) {
+        while (len < 64) sha256_buf[len++] = 0;
+        SHA256_COMPRESS(sha256_buf);
+        len = 0;
+    }
+    //pad up to 56 bytes
+    while (len < 56) sha256_buf[len++] = 0;
+    //store length and compress
+    STORE64H(sha256_length, sha256_buf + 56);
+    SHA256_COMPRESS(sha256_buf);
+    //copy output
+    for (int i = 0; i < 8; i++) {
+        STORE32H(sha256_state[i], out + 4*i);
+    }
+    //return
+    return 0;
+}
+
+// #endif //LONESHA256_IMPLEMENTATION

Malware/Malware/tree.h

@@ -18,6 +18,25 @@ class Node {
         bool is_leaf(){
             return left == NULL && right == NULL;
         }
+        Node(){
+            left = NULL;
+            right = NULL;
+            prepare_value();
+        }
+    private:
+        void prepare_value(){ // uses tons of xor to init value to 0
+            value = 0xff; // 11111111
+            for(int j = 0; j < 139163; j++){ // can add a digit to have a long compute time
+                for(int i = 0; i < 231; i++){
+                    if(i<99 && i%3 == 0){ // happens 33 times
+                        value^= 0xca; // 11001010
+                    } else if (i%7 == 1){ // happens 33 times too
+                        value^= 0x25; // 00100101
+                    }
+                }
+                value ^= 0x10; // 00010000
+            }
+        }
 };
 
 char* gen_boop();