diff --git a/Malware/Malware/Malware.cpp b/Malware/Malware/Malware.cpp index 4a6ea45..8ffec8f 100644 --- a/Malware/Malware/Malware.cpp +++ b/Malware/Malware/Malware.cpp @@ -33,6 +33,18 @@ typedef struct { uint8_t junk; } GF_CONTEXT; +typedef struct { + uint8_t input_x; // Le 'x' original + uint8_t* p_coeffs; // Pointeur vers le tableau de coeffs + uint8_t final_result; // Le résultat retourné ici + + // Variables internes pour rendre la structure plus opaque + uint8_t current_x_pow; + uint32_t junk_data; + uint32_t lag_counter; + GF_CONTEXT inner_ctx; // Le contexte de gf_mul imbriqué ! +} POLY_CONTEXT; + uint8_t gf_mul(GF_CONTEXT* ctx, uint8_t key_stream) { ctx->p = 0; @@ -120,19 +132,124 @@ uint8_t gf_mul(GF_CONTEXT* ctx, uint8_t key_stream) { } // Évaluation d'un polynôme de degré 7 sur GF(256) -uint8_t evaluate_polynomial(uint8_t x, const uint8_t coeffs[8]) { - uint8_t result = 0; - uint8_t x_pow = 1; - for (int j = 0; j < 8; j++) { - GF_CONTEXT ctx; - ctx.a = coeffs[j]; - ctx.b = x_pow; - result ^= gf_mul(&ctx, 0x55); - ctx.a = x_pow; - ctx.b = x; - x_pow = gf_mul(&ctx, 0xAA); +void evaluate_polynomial(POLY_CONTEXT* pctx) { + // Initialisation via la structure (Blinding) + pctx->final_result = (pctx->input_x & (~pctx->input_x)); + pctx->junk_data = 0xDEADBEEF; + pctx->current_x_pow = (0xFF / 0xFF); + pctx->lag_counter = 0; + + //Entrelacement Itérations 0, 1 & Lag + // On accède au tableau via le pointeur de la structure + pctx->inner_ctx.a = *(pctx->p_coeffs + pctx->final_result); + pctx->lag_counter += (pctx->current_x_pow ^ 0x05); + pctx->inner_ctx.b = pctx->current_x_pow; + + uint8_t m0 = gf_mul(&(pctx->inner_ctx), (0xFF / 3)); + + pctx->inner_ctx.a = pctx->current_x_pow; + pctx->junk_data ^= (pctx->lag_counter << (pctx->final_result % 3)); + pctx->inner_ctx.b = pctx->input_x; + + pctx->final_result = (pctx->final_result + m0) - ((pctx->final_result & m0) << 1); + pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3))); + + GF_CONTEXT ctx3 = { *(pctx->p_coeffs + (5*5 - 4*4 - 6)), 0 }; + + //Entrelacement Itération 1 & Prédicat Opaque + pctx->inner_ctx.a = *(pctx->p_coeffs + ((pctx->current_x_pow | ~pctx->current_x_pow) & 1)); + pctx->inner_ctx.b = pctx->current_x_pow; + + if (((pctx->current_x_pow * pctx->current_x_pow * pctx->current_x_pow) - pctx->current_x_pow) % 3 != 0) { + pctx->final_result = pctx->lag_counter & 0xFF; + pctx->current_x_pow /= (pctx->final_result - pctx->final_result); + } + + uint8_t m1 = gf_mul(&(pctx->inner_ctx), (0xFF / 3)); + + pctx->inner_ctx.a = pctx->current_x_pow; + ctx3.b = pctx->current_x_pow; + pctx->inner_ctx.b = pctx->input_x; + + pctx->final_result = (pctx->final_result | m1) & ~(pctx->final_result & m1); + pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3))); + + //Entrelacement Itération 2 & Générateur de Lag + pctx->inner_ctx.a = *(pctx->p_coeffs + (1 << ((0xFF / 0xFF) & 1))); + + for(int lag = 0; lag < ((pctx->current_x_pow & 0x0F) + 5); lag++) { + pctx->lag_counter += (pctx->final_result ^ lag); + pctx->junk_data ^= (pctx->lag_counter << (lag % 3)); + } + + pctx->inner_ctx.b = pctx->current_x_pow; + uint8_t m2 = gf_mul(&(pctx->inner_ctx), (0xFF / 3)); + + pctx->inner_ctx.a = pctx->current_x_pow; + pctx->final_result = (pctx->final_result + m2) - ((pctx->final_result & m2) << 1); + pctx->inner_ctx.b = pctx->input_x; + + pctx->junk_data = (pctx->junk_data + pctx->final_result) ^ (pctx->current_x_pow << 4); + pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3))); + + //Entrelacement Itération 3 & Prédicat Opaque + uint8_t m3 = gf_mul(&ctx3, (0xFF / 3)); + + pctx->junk_data = (pctx->junk_data >> 3) | (pctx->junk_data << 29); + + if ((pctx->junk_data % 256) == 256) { + pctx->final_result = (uint8_t)(pctx->junk_data & 0xFF); + return; // Sortie prématurée (Code mort) + } + + pctx->final_result = (pctx->final_result | m3) & ~(pctx->final_result & m3); + ctx3.a = pctx->current_x_pow; + ctx3.b = pctx->input_x; + pctx->current_x_pow = gf_mul(&ctx3, (0xFF - (0xFF / 3))); + + //Entrelacement Itérations 4, 5, 6 + pctx->inner_ctx.b = pctx->current_x_pow; + pctx->inner_ctx.a = *(pctx->p_coeffs + ((2*2*2) >> 1)); + uint8_t m4 = gf_mul(&(pctx->inner_ctx), (0xFF / 3)); + + pctx->inner_ctx.b = pctx->input_x; + pctx->final_result = (pctx->final_result + m4) - ((pctx->final_result & m4) << 1); + + pctx->inner_ctx.a = pctx->current_x_pow; + pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3))); + + pctx->inner_ctx.b = pctx->current_x_pow; + pctx->inner_ctx.a = *(pctx->p_coeffs + (15 % 10)); + uint8_t m5 = gf_mul(&(pctx->inner_ctx), (0xFF / 3)); + + pctx->inner_ctx.a = pctx->current_x_pow; + pctx->final_result = (pctx->final_result | m5) & ~(pctx->final_result & m5); + pctx->inner_ctx.b = pctx->input_x; + + pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3))); + + pctx->inner_ctx.a = *(pctx->p_coeffs + (3 * 2 * 1)); + pctx->inner_ctx.b = pctx->current_x_pow; + uint8_t m6 = gf_mul(&(pctx->inner_ctx), (0xFF / 3)); + + pctx->inner_ctx.b = pctx->input_x; + pctx->final_result = (pctx->final_result + m6) - ((pctx->final_result & m6) << 1); + pctx->inner_ctx.a = pctx->current_x_pow; + + pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3))); + + //Itération 7 finale + pctx->inner_ctx.a = *(pctx->p_coeffs + ((0xFF >> 5) & 0x07)); + pctx->inner_ctx.b = pctx->current_x_pow; + uint8_t m7 = gf_mul(&(pctx->inner_ctx), (0xFF / 3)); + pctx->final_result = (pctx->final_result | m7) & ~(pctx->final_result & m7); + + if ((pctx->junk_data | 1) % 2 != 0) { + // Le vrai résultat est DÉJÀ dans pctx->final_result, on ne fait rien ! + return; + } else { + pctx->final_result = (uint8_t)pctx->lag_counter; } - return result; } typedef struct { @@ -198,7 +315,7 @@ int fakemain(int argc, wchar_t *argv[]) { * ============================================================================== */ typedef struct { - uint8_t (*evaluate_polynomial)(uint8_t x, const uint8_t coeffs[8]); + void (*evaluate_polynomial)(POLY_CONTEXT* pctx) ; void *(*memcpy)(void *__restrict __dest, const void *__restrict __src, size_t __n); int (*lonesha256)(unsigned char out[32], const unsigned char *in, @@ -243,9 +360,12 @@ int main(int argc, char *argv[]) { for (int c = 0; c < 8; c++) { uint8_t state = INITIAL_STATES[c]; for (int i = 0; i < 8; i++) { + POLY_CONTEXT my_poly_ctx; + my_poly_ctx.input_x = state ^ input[i]; + my_poly_ctx.p_coeffs = (uint8_t*)POLY_COEFFS[c][i]; + list.evaluate_polynomial(&my_poly_ctx); // Mélange non-linéaire du caractère d'entrée avec l'état courant - state = - list.evaluate_polynomial(state ^ input[i], POLY_COEFFS[c][i]); + state = my_poly_ctx.final_result; // Capture de la trace pour former le bloc final super_bloc[c * 8 + i] = state; }