dot/macho
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

simple xor string data

Browse Source
This commit is contained in:
nganhkhoa 2024-08-29 15:23:50 +07:00
parent 083556f914
commit 1c495989d4
2 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
macho-go/pkg/ios/macho/edit.go
View File

@ -772,7 +772,11 @@ func (mc *MachoContext) RemoveStrings() {
// this is a way to divert their effort, writing fake strings
// will be written again at runtime
dummy := make([]byte, edit_segment.Fileoff() - string_segment.Fileoff())
copy(dummy, []byte("We R BShield\n"))
mc.file.ReadAt(dummy, int64(cstring.Offset()))
// copy(dummy, []byte("We R BShield\n"))
for i := 0; i < len(dummy); i++ {
dummy[i] = dummy[i] ^ 0x4f
}
mc.file.WriteAt(dummy, int64(string_segment.Fileoff()))
// TODO: erase old strings

32
research/strings_empty/restore.cc
View File

@ -112,6 +112,7 @@ void restore_strings(void* main) {
uint32_t slide = 0;
char* secrets = 0;
uint64_t secrets_size = 0;
for (int i = 0; i < ncmds; i++) {
const uint32_t cmd = *((uint32_t *)ptr + 0);
@ -134,8 +135,10 @@ void restore_strings(void* main) {
if (custom_strncmp(secname, "__secrets", 16) == 0) {
uint64_t addr = *((uint64_t *)sections_ptr + 4);
uint64_t size = *((uint64_t *)sections_ptr + 5);
printf("secrets offset 0x%lx\n", addr);
secrets = (char*)(addr + slide);
secrets_size = size;
}
sections_ptr += 16 * 2 + 8 * 2 + 4 * 8;
}
@ -144,16 +147,21 @@ void restore_strings(void* main) {
ptr += cmdsize;
}
secrets[0] = 'F';
secrets[1] = 'R';
secrets[2] = 'E';
secrets[3] = 'E';
secrets[4] = ' ';
secrets[5] = 'S';
secrets[6] = 'P';
secrets[7] = 'A';
secrets[8] = 'C';
secrets[9] = 'E';
secrets[10] = '\n';
secrets[11] = 0;
printf("secrets %p\n", secrets);
printf("secrets_size = 0x%lx\n", secrets_size);
for (size_t i = 0; i < 0x4000; i++) {
secrets[i] = secrets[i] ^ 0x4f;
}
// secrets[0] = 'F';
// secrets[1] = 'R';
// secrets[2] = 'E';
// secrets[3] = 'E';
// secrets[4] = ' ';
// secrets[5] = 'S';
// secrets[6] = 'P';
// secrets[7] = 'A';
// secrets[8] = 'C';
// secrets[9] = 'E';
// secrets[10] = '\n';
// secrets[11] = 0;
}