seliaste/malware-m2-2026
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Obfuscation de gf_mul

Browse source
This commit is contained in:
unknown 2026-02-25 17:30:06 +01:00
parent bc7de6feb0
commit 5169a2cb28
1 changed files with 107 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

120
Malware/Malware/Malware.cpp
View file

@ -5,22 +5,111 @@
#include "lonesha256.h"
#include "tables_poly.h"
// Macros d'obfuscation pour cacher les "Magic Numbers"
#define POLY ((uint8_t)(0xAA ^ 0xB1)) // 170 ^ 177 = 27 = 0x1B
#define MSB ((uint8_t)(0x40 << 1)) // 64 << 1 = 128 = 0x80
#define SHIFT ((uint8_t)(14 >> 1)) // 14 / 2 = 7
/* ==============================================================================
* MATHÉMATIQUES SUR LE CORPS DE GALOIS GF(2^8)
* Polynôme irréductible standard (AES) : x^8 + x^4 + x^3 + x + 1 (0x1B)
* ============================================================================== */
* ==============================================================================
*/
// Multiplication dans GF(256) : a * b mod 0x1B
uint8_t gf_mul(uint8_t a, uint8_t b) {
uint8_t p = 0;
for (int i = 0; i < 8; i++) {
if (b & 1) p ^= a;
uint8_t hi_bit = a & 0x80;
a <<= 1;
if (hi_bit) a ^= 0x1B;
b >>= 1;
typedef struct {
uint32_t fake_entropy;
uint8_t a;
uint8_t mask;
uint16_t padding;
uint8_t b;
uint8_t p;
uint8_t junk;
} GF_CONTEXT;
uint8_t gf_mul(GF_CONTEXT* ctx, uint8_t key_stream) {
ctx->p = 0;
//Sert à rien
ctx->junk = key_stream ^ 0x33;
//Itération 1
ctx->mask = -(ctx->b & 1);
ctx->p = (ctx->p | (ctx->a & ctx->mask)) - (ctx->p & (ctx->a & ctx->mask));
ctx->mask = -((ctx->a & MSB) >> SHIFT);
ctx->a <<= 1;
ctx->a ^= (POLY & ctx->mask);
ctx->b >>= 1;
//Sert à rien (condition impossible)
if (((ctx->junk * ctx->junk) + ctx->junk) % 2 != 0) {
ctx->p ^= ctx->fake_entropy; // Code mort
ctx->b = ctx->a / (ctx->junk - ctx->junk);
}
return p;
//Itération 2
ctx->mask = -(ctx->b % 2);
ctx->p ^= (ctx->a & ctx->mask);
ctx->mask = -((ctx->a & (256 / 2)) / 128);
ctx->a = (ctx->a ^ ctx->a) + 2 * (ctx->a & ctx->a);
//Sert à rien : x ^ key_stream ^ key_stream == x
ctx->a = ((ctx->a ^ key_stream) | (POLY & ctx->mask)) - ((ctx->a ^ key_stream) & (POLY & ctx->mask));
ctx->a ^= key_stream; // Rétablissement invisible
ctx->b = ctx->b / 2;
//Itération 3
ctx->mask = -(ctx->b & 1);
ctx->p ^= (ctx->a & ctx->mask);
ctx->mask = -((ctx->a & MSB) >> (21 / 3));
ctx->a = ctx->a + ctx->a;
ctx->a ^= ((54 / 2) & ctx->mask);
ctx->b >>= 1;
//Sert à rien : condition impossible
if (ctx->b > 255) {
ctx->a ^= ctx->p;
return 0x00;
}
//Itération 4
ctx->p = (ctx->p | (ctx->a & (-(ctx->b & 1)))) - (ctx->p & (ctx->a & (-(ctx->b & 1))));
ctx->mask = -((ctx->a >> SHIFT) & 1);
ctx->a <<= 1;
ctx->a ^= (POLY & ctx->mask);
ctx->b >>= 1;
//Itération 5
ctx->mask = -(ctx->b % 2);
ctx->p ^= (ctx->a & ctx->mask);
ctx->mask = -((ctx->a & MSB) / 128);
ctx->a = ctx->a * 2;
ctx->a ^= (POLY & ctx->mask);
ctx->b = ctx->b / 2;
//Itération 6
ctx->mask = -(ctx->b & 1);
ctx->p ^= (ctx->a & ctx->mask);
ctx->mask = -((ctx->a & 128) >> SHIFT);
ctx->a = ctx->a + ctx->a;
ctx->a = (ctx->a | (POLY & ctx->mask)) - (ctx->a & (POLY & ctx->mask));
ctx->b >>= 1;
//Itération 7
ctx->fake_entropy = ctx->p ^ ctx->a; //Sert à rien
ctx->p ^= (ctx->a & (-(ctx->b % 2)));
ctx->mask = -((ctx->a >> SHIFT) & 1);
ctx->a <<= 1;
ctx->a ^= ((0xFF ^ 0xE4) & ctx->mask);
ctx->b = ctx->b / 2;
//Itération 8
ctx->mask = -(ctx->b & 1);
ctx->p = (ctx->p | (ctx->a & ctx->mask)) - (ctx->p & (ctx->a & ctx->mask));
ctx->mask = -((ctx->a & MSB) >> SHIFT);
ctx->a = ctx->a * 2;
ctx->a ^= (POLY & ctx->mask);
return ctx->p;
}
// Évaluation d'un polynôme de degré 7 sur GF(256)
@ -28,8 +117,13 @@ uint8_t evaluate_polynomial(uint8_t x, const uint8_t coeffs[8]) {
uint8_t result = 0;
uint8_t x_pow = 1;
for (int j = 0; j < 8; j++) {
result ^= gf_mul(coeffs[j], x_pow);
x_pow = gf_mul(x_pow, x);
GF_CONTEXT ctx;
ctx.a = coeffs[j];
ctx.b = x_pow;
result ^= gf_mul(&ctx, 0x55);
ctx.a = x_pow;
ctx.b = x;
x_pow = gf_mul(&ctx, 0xAA);
}
return result;
}