simple xor string data

This commit is contained in:
nganhkhoa 2024-08-29 15:23:50 +07:00
parent 083556f914
commit 1c495989d4
2 changed files with 25 additions and 13 deletions

View File

@ -772,7 +772,11 @@ func (mc *MachoContext) RemoveStrings() {
// this is a way to divert their effort, writing fake strings // this is a way to divert their effort, writing fake strings
// will be written again at runtime // will be written again at runtime
dummy := make([]byte, edit_segment.Fileoff() - string_segment.Fileoff()) dummy := make([]byte, edit_segment.Fileoff() - string_segment.Fileoff())
copy(dummy, []byte("We R BShield\n")) mc.file.ReadAt(dummy, int64(cstring.Offset()))
// copy(dummy, []byte("We R BShield\n"))
for i := 0; i < len(dummy); i++ {
dummy[i] = dummy[i] ^ 0x4f
}
mc.file.WriteAt(dummy, int64(string_segment.Fileoff())) mc.file.WriteAt(dummy, int64(string_segment.Fileoff()))
// TODO: erase old strings // TODO: erase old strings

View File

@ -112,6 +112,7 @@ void restore_strings(void* main) {
uint32_t slide = 0; uint32_t slide = 0;
char* secrets = 0; char* secrets = 0;
uint64_t secrets_size = 0;
for (int i = 0; i < ncmds; i++) { for (int i = 0; i < ncmds; i++) {
const uint32_t cmd = *((uint32_t *)ptr + 0); const uint32_t cmd = *((uint32_t *)ptr + 0);
@ -134,8 +135,10 @@ void restore_strings(void* main) {
if (custom_strncmp(secname, "__secrets", 16) == 0) { if (custom_strncmp(secname, "__secrets", 16) == 0) {
uint64_t addr = *((uint64_t *)sections_ptr + 4); uint64_t addr = *((uint64_t *)sections_ptr + 4);
uint64_t size = *((uint64_t *)sections_ptr + 5); uint64_t size = *((uint64_t *)sections_ptr + 5);
printf("secrets offset 0x%lx\n", addr);
secrets = (char*)(addr + slide); secrets = (char*)(addr + slide);
secrets_size = size;
} }
sections_ptr += 16 * 2 + 8 * 2 + 4 * 8; sections_ptr += 16 * 2 + 8 * 2 + 4 * 8;
} }
@ -144,16 +147,21 @@ void restore_strings(void* main) {
ptr += cmdsize; ptr += cmdsize;
} }
secrets[0] = 'F'; printf("secrets %p\n", secrets);
secrets[1] = 'R'; printf("secrets_size = 0x%lx\n", secrets_size);
secrets[2] = 'E'; for (size_t i = 0; i < 0x4000; i++) {
secrets[3] = 'E'; secrets[i] = secrets[i] ^ 0x4f;
secrets[4] = ' '; }
secrets[5] = 'S'; // secrets[0] = 'F';
secrets[6] = 'P'; // secrets[1] = 'R';
secrets[7] = 'A'; // secrets[2] = 'E';
secrets[8] = 'C'; // secrets[3] = 'E';
secrets[9] = 'E'; // secrets[4] = ' ';
secrets[10] = '\n'; // secrets[5] = 'S';
secrets[11] = 0; // secrets[6] = 'P';
// secrets[7] = 'A';
// secrets[8] = 'C';
// secrets[9] = 'E';
// secrets[10] = '\n';
// secrets[11] = 0;
} }