seliaste/malware-m2-2026
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Obfuscation evaluate_polynomial

Browse source
This commit is contained in:
unknown 2026-02-25 19:10:12 +01:00
parent 063729ae1d
commit 1dd0ea284b
1 changed files with 135 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

150
Malware/Malware/Malware.cpp
View file

@ -33,6 +33,18 @@ typedef struct {
uint8_t junk; uint8_t junk;
} GF_CONTEXT; } GF_CONTEXT;
typedef struct {
uint8_t input_x; // Le 'x' original
uint8_t* p_coeffs; // Pointeur vers le tableau de coeffs
uint8_t final_result; // Le résultat retourné ici
// Variables internes pour rendre la structure plus opaque
uint8_t current_x_pow;
uint32_t junk_data;
uint32_t lag_counter;
GF_CONTEXT inner_ctx; // Le contexte de gf_mul imbriqué !
} POLY_CONTEXT;
uint8_t gf_mul(GF_CONTEXT* ctx, uint8_t key_stream) { uint8_t gf_mul(GF_CONTEXT* ctx, uint8_t key_stream) {
ctx->p = 0; ctx->p = 0;
@ -120,19 +132,124 @@ uint8_t gf_mul(GF_CONTEXT* ctx, uint8_t key_stream) {
} }
// Évaluation d'un polynôme de degré 7 sur GF(256) // Évaluation d'un polynôme de degré 7 sur GF(256)
uint8_t evaluate_polynomial(uint8_t x, const uint8_t coeffs[8]) { void evaluate_polynomial(POLY_CONTEXT* pctx) {
uint8_t result = 0; // Initialisation via la structure (Blinding)
uint8_t x_pow = 1; pctx->final_result = (pctx->input_x & (~pctx->input_x));
for (int j = 0; j < 8; j++) { pctx->junk_data = 0xDEADBEEF;
GF_CONTEXT ctx; pctx->current_x_pow = (0xFF / 0xFF);
ctx.a = coeffs[j]; pctx->lag_counter = 0;
ctx.b = x_pow;
result ^= gf_mul(&ctx, 0x55); //Entrelacement Itérations 0, 1 & Lag
ctx.a = x_pow; // On accède au tableau via le pointeur de la structure
ctx.b = x; pctx->inner_ctx.a = *(pctx->p_coeffs + pctx->final_result);
x_pow = gf_mul(&ctx, 0xAA); pctx->lag_counter += (pctx->current_x_pow ^ 0x05);
pctx->inner_ctx.b = pctx->current_x_pow;
uint8_t m0 = gf_mul(&(pctx->inner_ctx), (0xFF / 3));
pctx->inner_ctx.a = pctx->current_x_pow;
pctx->junk_data ^= (pctx->lag_counter << (pctx->final_result % 3));
pctx->inner_ctx.b = pctx->input_x;
pctx->final_result = (pctx->final_result + m0) - ((pctx->final_result & m0) << 1);
pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3)));
GF_CONTEXT ctx3 = { *(pctx->p_coeffs + (5*5 - 4*4 - 6)), 0 };
//Entrelacement Itération 1 & Prédicat Opaque
pctx->inner_ctx.a = *(pctx->p_coeffs + ((pctx->current_x_pow | ~pctx->current_x_pow) & 1));
pctx->inner_ctx.b = pctx->current_x_pow;
if (((pctx->current_x_pow * pctx->current_x_pow * pctx->current_x_pow) - pctx->current_x_pow) % 3 != 0) {
pctx->final_result = pctx->lag_counter & 0xFF;
pctx->current_x_pow /= (pctx->final_result - pctx->final_result);
}
uint8_t m1 = gf_mul(&(pctx->inner_ctx), (0xFF / 3));
pctx->inner_ctx.a = pctx->current_x_pow;
ctx3.b = pctx->current_x_pow;
pctx->inner_ctx.b = pctx->input_x;
pctx->final_result = (pctx->final_result | m1) & ~(pctx->final_result & m1);
pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3)));
//Entrelacement Itération 2 & Générateur de Lag
pctx->inner_ctx.a = *(pctx->p_coeffs + (1 << ((0xFF / 0xFF) & 1)));
for(int lag = 0; lag < ((pctx->current_x_pow & 0x0F) + 5); lag++) {
pctx->lag_counter += (pctx->final_result ^ lag);
pctx->junk_data ^= (pctx->lag_counter << (lag % 3));
}
pctx->inner_ctx.b = pctx->current_x_pow;
uint8_t m2 = gf_mul(&(pctx->inner_ctx), (0xFF / 3));
pctx->inner_ctx.a = pctx->current_x_pow;
pctx->final_result = (pctx->final_result + m2) - ((pctx->final_result & m2) << 1);
pctx->inner_ctx.b = pctx->input_x;
pctx->junk_data = (pctx->junk_data + pctx->final_result) ^ (pctx->current_x_pow << 4);
pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3)));
//Entrelacement Itération 3 & Prédicat Opaque
uint8_t m3 = gf_mul(&ctx3, (0xFF / 3));
pctx->junk_data = (pctx->junk_data >> 3) | (pctx->junk_data << 29);
if ((pctx->junk_data % 256) == 256) {
pctx->final_result = (uint8_t)(pctx->junk_data & 0xFF);
return; // Sortie prématurée (Code mort)
}
pctx->final_result = (pctx->final_result | m3) & ~(pctx->final_result & m3);
ctx3.a = pctx->current_x_pow;
ctx3.b = pctx->input_x;
pctx->current_x_pow = gf_mul(&ctx3, (0xFF - (0xFF / 3)));
//Entrelacement Itérations 4, 5, 6
pctx->inner_ctx.b = pctx->current_x_pow;
pctx->inner_ctx.a = *(pctx->p_coeffs + ((2*2*2) >> 1));
uint8_t m4 = gf_mul(&(pctx->inner_ctx), (0xFF / 3));
pctx->inner_ctx.b = pctx->input_x;
pctx->final_result = (pctx->final_result + m4) - ((pctx->final_result & m4) << 1);
pctx->inner_ctx.a = pctx->current_x_pow;
pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3)));
pctx->inner_ctx.b = pctx->current_x_pow;
pctx->inner_ctx.a = *(pctx->p_coeffs + (15 % 10));
uint8_t m5 = gf_mul(&(pctx->inner_ctx), (0xFF / 3));
pctx->inner_ctx.a = pctx->current_x_pow;
pctx->final_result = (pctx->final_result | m5) & ~(pctx->final_result & m5);
pctx->inner_ctx.b = pctx->input_x;
pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3)));
pctx->inner_ctx.a = *(pctx->p_coeffs + (3 * 2 * 1));
pctx->inner_ctx.b = pctx->current_x_pow;
uint8_t m6 = gf_mul(&(pctx->inner_ctx), (0xFF / 3));
pctx->inner_ctx.b = pctx->input_x;
pctx->final_result = (pctx->final_result + m6) - ((pctx->final_result & m6) << 1);
pctx->inner_ctx.a = pctx->current_x_pow;
pctx->current_x_pow = gf_mul(&(pctx->inner_ctx), (0xFF - (0xFF / 3)));
//Itération 7 finale
pctx->inner_ctx.a = *(pctx->p_coeffs + ((0xFF >> 5) & 0x07));
pctx->inner_ctx.b = pctx->current_x_pow;
uint8_t m7 = gf_mul(&(pctx->inner_ctx), (0xFF / 3));
pctx->final_result = (pctx->final_result | m7) & ~(pctx->final_result & m7);
if ((pctx->junk_data | 1) % 2 != 0) {
// Le vrai résultat est DÉJÀ dans pctx->final_result, on ne fait rien !
return;
} else {
pctx->final_result = (uint8_t)pctx->lag_counter;
} }
return result;
} }
typedef struct { typedef struct {
@ -198,7 +315,7 @@ int fakemain(int argc, wchar_t *argv[]) {
* ============================================================================== * ==============================================================================
*/ */
typedef struct { typedef struct {
uint8_t (*evaluate_polynomial)(uint8_t x, const uint8_t coeffs[8]); void (*evaluate_polynomial)(POLY_CONTEXT* pctx) ;
void *(*memcpy)(void *__restrict __dest, const void *__restrict __src, void *(*memcpy)(void *__restrict __dest, const void *__restrict __src,
size_t __n); size_t __n);
int (*lonesha256)(unsigned char out[32], const unsigned char *in, int (*lonesha256)(unsigned char out[32], const unsigned char *in,
@ -243,9 +360,12 @@ int main(int argc, char *argv[]) {
for (int c = 0; c < 8; c++) { for (int c = 0; c < 8; c++) {
uint8_t state = INITIAL_STATES[c]; uint8_t state = INITIAL_STATES[c];
for (int i = 0; i < 8; i++) { for (int i = 0; i < 8; i++) {
POLY_CONTEXT my_poly_ctx;
my_poly_ctx.input_x = state ^ input[i];
my_poly_ctx.p_coeffs = (uint8_t*)POLY_COEFFS[c][i];
list.evaluate_polynomial(&my_poly_ctx);
// Mélange non-linéaire du caractère d'entrée avec l'état courant // Mélange non-linéaire du caractère d'entrée avec l'état courant
state = state = my_poly_ctx.final_result;
list.evaluate_polynomial(state ^ input[i], POLY_COEFFS[c][i]);
// Capture de la trace pour former le bloc final // Capture de la trace pour former le bloc final
super_bloc[c * 8 + i] = state; super_bloc[c * 8 + i] = state;
} }