#1
|
|||
|
|||
New InstallShield script format?
Hi,
I've tried to decompile an InstallShield installation script file (setup.inx) with isdcc and sid. Both attempts failed. Is Installshield using a new script format in there latest products and are there tools to decompile those scripts? MrHalo |
#2
|
|||
|
|||
AFAIR "isdcc" supports scripts for IS v5.5 and below (setup.ins). "sid" and "isd" supports v6+, but starting from v8 additional mangling is applied to the setup.inx. Try de-mangle it with the following code:
Code:
#include <stdio.h> #include <fcntl.h> #include <io.h> #define XOR_VAL 0xF1 void main (void) { int i, c; unsigned char b; // Set "stdin" and "stdout" to have binary mode _setmode (_fileno (stdin), _O_BINARY); _setmode (_fileno (stdout), _O_BINARY); // Decrypt INX for (i = 0; (c = getchar ()) != EOF; i++) { c ^= XOR_VAL; b = (unsigned char)((c >> 2) | (c << 6)) - (i % 71); putchar (b); } } |
#3
|
|||
|
|||
Thank you for the code Dmit.
But the code like you posted it here doesn't correctly work for me and perhaps for others neither. I compiled it with VC++ ("ISDHelper.exe") and tried it with some encrypted SETUP.INX files. I tried the following commands: "ISDHelper < SETUP.INX > NewSETUP.INX" and "Type SETUP.INX | ISDHelper > NewSetup.INX" But both commands truncated the output file at different locations and didn't fully decrypt it. The same result with DMC. Then I used BC++ to compile (I had to rename "_setmode" to "setmode" and it worked fine. What could be the reason for this? |
#4
|
|||
|
|||
XOR_VAL must be 0x0E (or not(0xF1))
|
#5
|
|||
|
|||
Quote:
Quote:
|
#6
|
||||
|
||||
Installshield 6/7 script decompiler
You can Use Installshield 6/7 script decompiler for decompile InstallShield 6/7 Script
|
#7
|
||||
|
||||
for binary files, use feof() function, don't use EOF macro.
__________________
AKA Solomon/blowfish. |
#8
|
|||
|
|||
Quote:
Quote:
|
#9
|
|||
|
|||
@Dmit:
For me TYPE only truncates the output if it is directed to the console. As soon as it is redirected to any other file or any other program, it fully copies the filecontents. My BC++ compiled copy worked with the TYPE command just like the other way. The VC++ and DMC copies truncated the file somewhere after 100kb or something (each one at the different position), so I guess (and tested) that there was at least one 0x1A before that file position. @wasq: For me it works with 0xF1 as XOR value. Using 0x0E gives me the wrong output. |
#10
|
|||
|
|||
@ wasq: 0xF1 is the right XOR value.
I started a small project and decrypted a setup.inx with ISDHelper, then I worked on it with SID (Sexy InstallShield Decompiler) and rebuild the original crypted setup.inx. All worked fine. Here is my solution for rebuilding the crypted INX: Code:
//Usage: ISDGoBack.exe <newsetup.inx> setup.inx #include <stdio.h> #include <fcntl.h> #include <io.h> #define XOR_VAL 0xF1 void main (void) { int i, c; unsigned char b; // Set "stdin" and "stdout" to have binary mode setmode (_fileno (stdin), _O_BINARY); setmode (_fileno (stdout), _O_BINARY); // Rebuild the crypted INX for (i = 0; (c = getchar ()) != EOF; i++) { int d, e; d = 0x00; do { e = d; e ^= XOR_VAL; b = (unsigned char)((e >> 2) | (e << 6)) - (i % 71); if (b == c) { putchar (d); } else d++; } while (b != c && d <= 0xFF); } } |
#11
|
|||
|
|||
@sackpower
sorry. the original IS decrypting algorithm in isscript.dll uses (not(char)) xor (not (0xF1)) and this is realy equal to char xor 0xF1. i forgot about the second not(). |
#12
|
|||
|
|||
@Dmit
Worked fine when compiled with VC++ 6.0 as a W32 Console App. Thanks, I thought they had done something totally new but all it good again. @sackpower Couldn't get yours to work for some reason xtx |
#13
|
||||
|
||||
Quote:
__________________
AKA Solomon/blowfish. |
#14
|
|||
|
|||
IMHO reading crypted *.inx into memory buffer, then xor this buffer, and write back xored buffer into second file would be better.
regards. |
#15
|
|||
|
|||
@xtx:
I'm using VC++ 7 (VS 2003) and for me everything works fine. Maybe the attached sample project will help you (please change the path in the .bat file or use the current directory instruction: set APP_PATH=%CD%). Sackpower Last edited by sackpower; 02-08-2005 at 15:09. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
InstallShield 12 Script decompiler ? | DARKER | General Discussion | 27 | 02-04-2024 00:40 |
packing-format | MaRKuS-DJM | General Discussion | 4 | 11-11-2004 03:05 |
If anybody know this format... | qaz_qaz | General Discussion | 4 | 07-15-2002 04:51 |