Exetools

Exetools (https://forum.exetools.com/index.php)
-   Source Code (https://forum.exetools.com/forumdisplay.php?f=46)
-   -   nvml debug log decrypt (https://forum.exetools.com/showthread.php?t=19628)

winndy 08-22-2020 11:44

nvml debug log decrypt
 
Just for fun:

__NVML_DBG_FILE=./nvml.log __NVML_DBG_LVL=DEBUG ./sample_nvml


Code:


static uint32_t x = 0, y = 0, z = 0,
                w = 0, v = 0, d = 0;

void xorwow_init_seed()
{
    x = 0x0D3DAECB8, y = 0x1D4D4848, z = 0x0AA7B8E81,
                w = 0x23CC0EC3, v = 0x7645F3ED, d = 0x0E44A4F49;
}

void xorwow_encrypt(char* buffer, int len)
{
    int i = 0;
    for(i=0 ; i < len; i++){
        uint32_t t = (x^(x>>2)); x = y; y = z; z = w; w = v; v = (v^(v<<4))^(t^(t<<1));
        uint32_t r = ((d+=362437)+v);
        buffer[i] += (r & 0xFF);
    }
    return;
}

Althernative LD_PRELOAD method from Lekensteyn

hxxps://gist.github.com/Lekensteyn/c8d41c02d118aa40bc100020efde3696


All times are GMT +8. The time now is 00:56.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX