Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-22-2020, 11:44
winndy winndy is offline
VIP
 
Join Date: Sep 2005
Posts: 230
Rept. Given: 105
Rept. Rcvd 25 Times in 11 Posts
Thanks Given: 20
Thanks Rcvd at 13 Times in 12 Posts
winndy Reputation: 25
nvml debug log decrypt

Just for fun:

__NVML_DBG_FILE=./nvml.log __NVML_DBG_LVL=DEBUG ./sample_nvml


Code:
static uint32_t x = 0, y = 0, z = 0,
                w = 0, v = 0, d = 0;

void xorwow_init_seed()
{
    x = 0x0D3DAECB8, y = 0x1D4D4848, z = 0x0AA7B8E81,
                w = 0x23CC0EC3, v = 0x7645F3ED, d = 0x0E44A4F49;
}

void xorwow_encrypt(char* buffer, int len)
{
    int i = 0;
    for(i=0 ; i < len; i++){
        uint32_t t = (x^(x>>2)); x = y; y = z; z = w; w = v; v = (v^(v<<4))^(t^(t<<1));
        uint32_t r = ((d+=362437)+v);
        buffer[i] += (r & 0xFF);
    }
    return;
}
Althernative LD_PRELOAD method from Lekensteyn

hxxps://gist.github.com/Lekensteyn/c8d41c02d118aa40bc100020efde3696
Reply With Quote
The Following User Says Thank You to winndy For This Useful Post:
niculaita (08-25-2020)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 21:55.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )