[求助]Need your help!-编程技术-看雪-安全社区|安全招聘|kanxue.com

[求助]Need your help!

2008-7-19 10:18 3968

[求助]Need your help!

hungnguyen 活跃值

2008-7-19 10:18

3968

This code to pass hs. But it doesn't work.Some one can tell me what problem with this code. I really appreciate your help!Thanks

HShieldEmu.h

#ifndef __HACKSHIELDEMU_H
#define __HACKSHIELDEMU_H

#include "global.h"

struct hshield_packet_ack_server {
  DWORD IntegrityCheck1_offset_ragII_exe;
  DWORD IntegrityCheck1_size_ragII_exe;
  DWORD VerfiyCheck_data;
  DWORD enabled_checks;
  DWORD MemoryCheck_function_adresses[32];
};

struct hshield_packet_ack_client {
  DWORD VerifyCheck_checksum[2];
  BYTE IntegrityCheck1_checksum[16];
  BYTE MemoryCheck_checksum[16];
  BYTE IntegrityCheck2_checksum[16];
  BYTE IntegrityCheck3_checksum[16];
};

static class HackShieldEmu {

enum doHShieldCheckFlags {
   doMemoryCheck = 1,    // calculate checksums of function addresses given by the server
   doIntegrityCheck1 = 2, // calculate checksum of RagII.exe
   doIntegrityCheck2 = 4, // calculate checksum of Ehsvc.dll and EGRNAP.dll
   doIntegrityCheck3 = 8, // calculate checksum of v3warpds.v3d and v3warpns.v3d
};

// hshield MakeGUIDAckMsg() and MakeGUIDAck() functions
//

// calculates the GUIDAck answer for given challenge input (20 bytes)
// output is 20 bytes
// reuturns 0 if successful
int MakeGUIDAckMsg(unsigned char *input, unsigned char *ack_answer);

// input: 160 bytes from server->client ack packet
// ack_answer: 72 bytes for the client->server packet
// returns 0 if succesful
int MakeAckMSG(unsigned char *input, unsigned char *ack_answer);

// input: the first 16 bytes from hshield server packet
// output: 16 bytes aes key
void calculate_hshield_aeskey(unsigned char* input, unsigned char* output)

// internal functions, not documented here
int GetCustumMD5OfFile(char *filename,DWORD offset, DWORD size, BYTE *output);

int GetMemoryCheckData(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);
int GetIntegrityCheck1Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);
int GetIntegrityCheck2Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);
int GetIntegrityCheck3Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);

// hshield.log de-/encryption functions
//
// format of a hshield.log file:
//
// struct hshield_log_file {
// hshield_log_entry entries[x];
// };
//
// struct hshield_log_entry {
// int log_size;
// unsigned char log_data[log_size];
// };
//

// output: pointer to the output buffer (must have same size as input buffer)
// input: pointer to the input buffer
// sizeInput: size of the input buffer (in bytes)
// key: key used for de-/encryption (RO2 default key is 1252)
int encrypt_logfile_data(unsigned char *output, unsigned char *input, int sizeInput,DWORD key = 1252);
int decrypt_logfile_data(unsigned char *output, unsigned char *input, int sizeInput,DWORD key = 1252);

};

#endif

HShieldEmu.h

#ifndef __HACKSHIELDEMU_H
#define __HACKSHIELDEMU_H

#include "global.h"

struct hshield_packet_ack_server {
  DWORD IntegrityCheck1_offset_ragII_exe;
  DWORD IntegrityCheck1_size_ragII_exe;
  DWORD VerfiyCheck_data;
  DWORD enabled_checks;
  DWORD MemoryCheck_function_adresses[32];
};

struct hshield_packet_ack_client {
  DWORD VerifyCheck_checksum[2];
  BYTE IntegrityCheck1_checksum[16];
  BYTE MemoryCheck_checksum[16];
  BYTE IntegrityCheck2_checksum[16];
  BYTE IntegrityCheck3_checksum[16];
};

static class HackShieldEmu {

enum doHShieldCheckFlags {
   doMemoryCheck = 1,    // calculate checksums of function addresses given by the server
   doIntegrityCheck1 = 2, // calculate checksum of RagII.exe
   doIntegrityCheck2 = 4, // calculate checksum of Ehsvc.dll and EGRNAP.dll
   doIntegrityCheck3 = 8, // calculate checksum of v3warpds.v3d and v3warpns.v3d
};

// hshield MakeGUIDAckMsg() and MakeGUIDAck() functions
//

// calculates the GUIDAck answer for given challenge input (20 bytes)
// output is 20 bytes
// reuturns 0 if successful
int MakeGUIDAckMsg(unsigned char *input, unsigned char *ack_answer);

// input: 160 bytes from server->client ack packet
// ack_answer: 72 bytes for the client->server packet
// returns 0 if succesful
int MakeAckMSG(unsigned char *input, unsigned char *ack_answer);

// input: the first 16 bytes from hshield server packet
// output: 16 bytes aes key
void calculate_hshield_aeskey(unsigned char* input, unsigned char* output)

// internal functions, not documented here
int GetCustumMD5OfFile(char *filename,DWORD offset, DWORD size, BYTE *output);

int GetMemoryCheckData(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);
int GetIntegrityCheck1Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);
int GetIntegrityCheck2Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);
int GetIntegrityCheck3Data(hshield_packet_ack_server *ackData,hshield_packet_ack_client *ackAnswer);

// hshield.log de-/encryption functions
//
// format of a hshield.log file:
//
// struct hshield_log_file {
// hshield_log_entry entries[x];
// };
//
// struct hshield_log_entry {
// int log_size;
// unsigned char log_data[log_size];
// };
//

// output: pointer to the output buffer (must have same size as input buffer)
// input: pointer to the input buffer
// sizeInput: size of the input buffer (in bytes)
// key: key used for de-/encryption (RO2 default key is 1252)
int encrypt_logfile_data(unsigned char *output, unsigned char *input, int sizeInput,DWORD key = 1252);
int decrypt_logfile_data(unsigned char *output, unsigned char *input, int sizeInput,DWORD key = 1252);

};

#endif

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

收藏・1

点赞・0

打赏