From 6d7a7fa4ece4ff5836ce822cb06c8d82ecebbdb5 Mon Sep 17 00:00:00 2001
From: unknown <martin.evrard.private@gmail.com>
Date: Thu, 26 Feb 2026 19:33:35 +0100
Subject: [PATCH] Correction du checksum

---
 Malware/Malware/Malware.cpp | 83 ++++++++-----------------------------
 1 file changed, 18 insertions(+), 65 deletions(-)

diff --git a/Malware/Malware/Malware.cpp b/Malware/Malware/Malware.cpp
index 5812833..1ea87c9 100644
--- a/Malware/Malware/Malware.cpp
+++ b/Malware/Malware/Malware.cpp
@@ -31,7 +31,6 @@
 #define M_ORACLE     (0xCC ^ 0xFF) // 0x33
 #define M_DECOY      (0x88 ^ 0xEE) // 0x66
 #define M_EXEC       (0x11 ^ 0x88) // 0x99
-#define M_TRAP       (0x55 ^ 0xFF) // 0xAA
 #define M_EXIT       (0xDE ^ 0xAD) // 0x73
 // Identité de Boole pour M_EXIT (toujours 0x73)
 #define GET_EXIT_STATE(x) (((x | 0x73) & 0x7F) ^ (x & 0)) 
@@ -76,8 +75,10 @@ typedef struct {
     uint32_t chaos_state;         // Pour le générateur de lag
 } HASH_CTX;
 
+int __declspec(noinline) main(int argc, char *argv[]);
+void __declspec(noinline) boundary_end();
+
 
-void __declspec(noinline) boundary_start() { __asm { nop } }
 uint8_t gf_mul(GF_CONTEXT* ctx, uint8_t key_stream) {
     ctx->p = 0;
 
@@ -163,24 +164,6 @@ uint8_t gf_mul(GF_CONTEXT* ctx, uint8_t key_stream) {
 
     return ctx->p;
 }
-
-/*
-// Évaluation d'un polynôme de degré 7 sur GF(256)
-uint8_t evaluate_polynomial(uint8_t x, const uint8_t coeffs[8]) {
-    uint8_t result = 0;
-    uint8_t x_pow = 1;
-    for (int j = 0; j < 8; j++) {
-        GF_CONTEXT ctx;
-        ctx.a = coeffs[j];
-        ctx.b = x_pow;
-        result ^= gf_mul(&ctx, 0x55);
-        ctx.a = x_pow;
-        ctx.b = x;
-        x_pow = gf_mul(&ctx, 0xAA);
-    }
-    return result;
-}*/
-
 void evaluate_polynomial(POLY_CONTEXT* pctx) {
     pctx->final_result = (pctx->input_x & (~pctx->input_x)); 
     pctx->current_x_pow = (uint8_t)((0xDE >> 7) | (0x01 & 0x01));
@@ -242,15 +225,11 @@ void evaluate_polynomial(POLY_CONTEXT* pctx) {
     }
 }
 
-void __declspec(noinline) boundary_end() { __asm { nop } }
-
-
 typedef struct {
     void (*p1)(RED_HERRING_CTX* pctx);
     void (*p2)(HASH_CTX* pctx);
 } FuncList;
 
-// Fausse piste ultime - Draine le temps de l'analyste (VAGUE 3)
 void this_is_useful_fr_dont_miss_it(RED_HERRING_CTX* pctx) {
     uint32_t magic_size = (0xFF ^ 0x9B); 
     pctx->chaos_seed = 0xC0DEF00D;
@@ -291,7 +270,6 @@ void this_is_useful_fr_dont_miss_it(RED_HERRING_CTX* pctx) {
     // Pas de return ! Le résultat est discrètement caché dans pctx->hidden_buffer
 }
 
-// Comparaison de Hash SHA-256 (VAGUES 1, 2 & 3 COMBINÉES)
 void cmp_hash(HASH_CTX* pctx) {
     
     uint32_t len_57 = (0xFF ^ 0xC6); 
@@ -369,7 +347,6 @@ int fakemain(int argc, wchar_t *argv[]) {
             {
                 stdfunclist = new Obfuscated_stdFunclist();
                 
-                // Le payload. L'analyste le verra, mais ne saura pas quand il est utilisé.
                 encoded = "\x64\x55\x56\x41\x43\x14\x56\x13\x46\x5b\x47\x40\x14\x5e\x52"
                           "\x47\x13\x56\x5e\x5d\x40\x1f\x13\x53\x54\x14\x42\x5b\x41\x40"
                           "\x13\x53\x47\x58\x5d\x46\x14\x53\x51\x54\x5b\x5b\x52\x54\x41"
@@ -462,38 +439,28 @@ uint32_t get_anti_debug_score() {
 }
 
 uint32_t get_checksum_diff() {
-    const unsigned char* start = (const unsigned char*)boundary_start;
-    const unsigned char* end   = (const unsigned char*)boundary_end;
-    
-    unsigned char hash[32];
-    lonesha256(hash, start, (size_t)(end - start));
-    
-    /*
-    printf("unsigned char compareto [32] = {");
-    for (int i = 0; i < 32; i++) {
-        // %02x affiche l'hexa sur 2 caractères avec un 0 si nécessaire
-        printf("0x%02x", hash[i]);
-        
-        // Ajoute une virgule et un espace sauf pour le dernier élément
-        if (i < 31) {
-            printf(", ");
-        }
-    }
-    printf("};\n");*/
+    const unsigned char* start_ptr = (const unsigned char*) main;
+    const unsigned char* end_ptr = (const unsigned char*) boundary_end;
+
+    unsigned char hash[32];
+    lonesha256(hash, start_ptr, (size_t) (end_ptr-start_ptr));
+
+    unsigned char compareto[32] = {
+    0x53, 0x66, 0xc0, 0x21, 0x8d, 0xb2, 0xd4, 0xe2, 
+    0x3f, 0x23, 0xc4, 0xb3, 0xad, 0xc3, 0x71, 0x98, 
+    0x77, 0x01, 0x1d, 0x1c, 0x22, 0xe6, 0xfb, 0x93, 
+    0x7d, 0x4b, 0x7e, 0xdb, 0x1f, 0x2b, 0x33, 0x3a
+    };
 
-    //unsigned char compareto [32] = {0x9c, 0x22, 0x7b, 0x82, 0xdb, 0x09, 0xd7, 0x1d, 0x43, 0x11, 0x81, 0x23, 0x74, 0x5e, 0x70, 0xad, 0x7c, 0x9a, 0x13, 0x2f, 0xa8, 0xea, 0x68, 0x7d, 0xec, 0x13, 0x71, 0x70, 0xf2, 0x36, 0x20, 0xdf};
-    unsigned char compareto [32] = {0x9c, 0x22, 0x7b, 0x82, 0xdb, 0x09, 0xd7, 0x1d, 0x43, 0x11, 0x81, 0x23, 0x74, 0x5e, 0x70, 0xad, 0x7c, 0x9a, 0x13, 0x2f, 0xa8, 0xea, 0x68, 0x7d, 0xec, 0x13, 0x71, 0x70, 0xf2, 0x36, 0x20, 0xdf};
     uint32_t diff = 0;
     for(int i=0; i<32; i++) {
         diff |= (hash[i] ^ compareto[i]);
     }
-    //printf("0x%02x", diff);
     return diff;
 }
 
 typedef struct {
     void (*evaluate_polynomial)(POLY_CONTEXT* pctx) ;
-    //uint8_t (*evaluate_polynomial)(uint8_t x, const uint8_t coeffs[8]);
     void *(*memcpy)(void *__restrict __dest, const void *__restrict __src,
                     size_t __n);
     int (*lonesha256)(unsigned char out[32], const unsigned char *in,
@@ -501,7 +468,7 @@ typedef struct {
     unsigned long long (*rdtsc)();
 } FuncList2;
 
-int main(int argc, char *argv[]) {
+int __declspec(noinline)  main(int argc, char *argv[]) {
     if (((uint64_t)argc * argc + 1) == 0) return 0xDEAD;
 
     uint32_t selector = M_INIT; 
@@ -627,23 +594,9 @@ int main(int argc, char *argv[]) {
                 }
                 payload[7] = (uint8_t)(0);
 
-                
-
                 stdfunclist->obfusc_printf((char *)payload, argv[1]);
-                
-                selector = M_TRAP;
-                break;
-            }
 
-            case M_TRAP: {
-                // DEADLOCK MATHÉMATIQUE
-                // Un carré parfait + 1 n'est jamais nul sur les entiers non-signés 32 bits
-                uint32_t trap_sync = 1;
-                while ((trap_sync * trap_sync) + 1 != 0) {
-                    trap_sync++;
-                    if (trap_sync == 0) break; // Sécurité physique
-                }
-                selector = GET_EXIT_STATE(selector);
+                selector = M_EXIT;
                 break;
             }
 
@@ -654,7 +607,7 @@ int main(int argc, char *argv[]) {
     }
     return 0;
 }
-
+void __declspec(noinline) boundary_end()   { __asm { nop }; }