/
main.asm
558 lines (504 loc) · 14.9 KB
/
main.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
; «Low-level programming is good for the programmer's soul.» - John Carmack
; ---- skeleton -----------------------------------------------------------
.686
.mmx
.model flat, stdcall
option casemap :none
; ---- Include ------------------------------------------------------------
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\comctl32.inc
include \masm32\include\gdi32.inc
include \masm32\include\winmm.inc
include \masm32\macros\macros.asm
include Libs\ufmod.inc
include Libs\XXControls.inc
include Libs\biglib.inc
include Libs\cryptohash.inc
include Libs\Aboutb0x.inc
includelib \masm32\lib\gdi32.lib
includelib \masm32\lib\winmm.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\comctl32.lib
includelib Libs\ufmod.lib
includelib Libs\XXControls.lib
includelib Libs\biglib.lib
includelib Libs\cryptohash.lib
; ---- Prototypes ---------------------------------------------------------
DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD
DialogProc2 PROTO :DWORD,:DWORD,:DWORD,:DWORD
CenterWindow PROTO :DWORD
DrawXXControlButtons PROTO :DWORD
DrawEffects PROTO :HWND
KeygenProc PROTO
CleanBuffers PROTO
; ---- constants ----------------------------------------------------------
.const
DIALOG_2 equ 2
IDC_MUSIC equ 1008
IDD_MAIN equ 1337
IDC_TITLE equ 1010
IDB_EXIT equ 1011
IDB_EXIT2 equ 1012
IDC_NAME equ 1013
IDC_SERIAL equ 1014
BTN_CHECK equ 1017
IDB_NOSOUND equ 1018
EFFECTS_HEIGHT equ 207
EFFECTS_WIDTH equ 344
MAXSiZE equ 256
bufSize = MAX_COMPUTERNAME_LENGTH + 1
; ---- Initialized data ---------------------------------------------------
.data
;PC name check
computer db "UEMtUEM=",0 ; PC-PC
buffer db 100 dup(?)
bSize dd bufSize
getName db bufSize dup(?)
nameb64 db bufSize dup(?)
;move windows derfinition for the second dialog
MoveDlg BOOL ?
OldPos POINT <>
NewPos POINT <>
Rect2 RECT <>
;Algo stuff
E db "10001",0
N db "9F58207FFC1F211A3D3B4853CA98441DDF9C8D4C95EA7E3A9D4E80FD2E0A4F81",0
;D db "6F4A70E092E9F707C98E7734B6C26487CEB7BB7D55DC1EEC0C78F5AE945B22C5",0
;P db "EF16D9B6532A35EA5BB6418EAFD4E9FB",0
;Q db "AA9D58C6A8B610CC5A605E7C4A4F0FB3",0
name_input dd MAXSiZE dup (00)
serial_input dd MAXSiZE dup (00)
md5 dd MAXSiZE dup (00)
hex_name dd MAXSiZE dup (00)
rsa dd MAXSiZE dup (00)
UnRev dd MAXSiZE dup (00)
serialfp1 dd MAXSiZE dup (00)
serialfp2 dd MAXSiZE dup (00)
serialfp3 dd MAXSiZE dup (00)
szTitle db "Temari.fr - Invitation #1",0
;Realease disclaimer (not used here)
;szMBoxTitle db "Message à caractère informatif",0
;szMBoxText db "[GRP] will not be responsible for and do *NOT* support warez",13,10
; db "distributions of this release. It is forbidden to include one of",13,10
; db "our release in a warez distribution. Groups or individual will be",13,10
; db "exposed for this !",0
pIntroBackBufferThreadID dd 0
screenHeight dd 0
screenWidth dd 0
dwColor dd 0
wDC1 dd 0
wDC2 dd 0
y dd 0
x dd 0
x1 dd 0
R dd 0
G dd 0
B dd 0
B1 dd 0
B2 dd 0
B3 dd 0
B4 dd 0
B5 dd 0
B6 dd 0
status dd ?
; ---- Uninitialized data -------------------------------------------------
.data?
iHWND dd ?
hInstance dd ?
hBlackBrush HBRUSH ?
hExit BOOL ?
handle dd ?
hMatrix DWORD ?
hDC HANDLE ?
ppv1 dd ?
srcdc1 dd ?
hdcx1 dd ?
bigM dd ?
bigC dd ?
bigN dd ?
bigE dd ?
name_len dd ?
; ---- Macro --------------------------------------------------------------
$invoke MACRO Fun:REQ, A:VARARG
IFB <A>
invoke Fun
ELSE
invoke Fun, A
ENDIF
EXITM <eax>
ENDM
; ---- Code ---------------------------------------------------------------
.code
start:
; MASM32 antiPeID fake ExeCryptor`s OEP
db 0E8h,024h,000h,000h,000h,08Bh,04Ch,024h,00Ch,0C7h,001h,017h,000h,001h,000h,0C7h
db 081h,0B8h,000h,000h,000h,000h,000h,000h,000h,031h,0C0h,089h,041h,014h,089h,041h
db 018h,080h,0A1h,0C1h,000h,000h,000h,0FEh,0C3h,031h,0C0h,064h,0FFh,030h,064h,089h
db 020h
ASSUME FS:NOTHING
POP FS:[0]
ADD ESP,4
call IsDebuggerPresent
test eax,eax
popa
jz @F ;No debug
push 0
call ExitProcess
@@:
; Inspired from a malware (Satan RaaS)
invoke BlockInput,TRUE
invoke BlockInput,FALSE
; Check PC name
invoke GetComputerName,ADDR getName,ADDR bSize
invoke wsprintf,ADDR buffer,chr$("%s"),ADDR getName
invoke lstrlen,addr buffer
invoke Base64Encode,addr buffer,eax,addr nameb64
invoke lstrcmp,addr nameb64,addr computer
TEST EAX,EAX
jnz @scnd
invoke InitCommonControls
mov hBlackBrush,$invoke (CreateSolidBrush,Black)
mov hInstance,$invoke (GetModuleHandle, NULL)
invoke DialogBoxParam, hInstance, IDD_MAIN, NULL, offset DlgProc, 0
invoke ExitProcess,NULL
; Display the second dialog if not the good name
@scnd:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke DialogBoxParam,hInstance,DIALOG_2,NULL, offset DialogProc2, 0
invoke ExitProcess,NULL
DialogProc2 Proc hWnd:dword, uMsg:dword, wParam:dword, lParam:dword
PUSHAD
mov EAX,hWnd
mov hWnd,EAX
.if uMsg==WM_INITDIALOG
invoke uFMOD_PlaySong,IDC_MUSIC,hInstance,XM_RESOURCE
invoke LoadIcon,hInstance,200
invoke SendMessage, hWnd, WM_SETICON, 1, eax
invoke SetWindowText,hWnd,chr$('temari.fr - Invitation #1')
.elseif uMsg==WM_LBUTTONDOWN
mov MoveDlg,TRUE
invoke SetCapture,hWnd
invoke GetCursorPos,addr OldPos
.elseif uMsg==WM_MOUSEMOVE
.if MoveDlg==TRUE
invoke GetWindowRect,hWnd,addr Rect2
invoke GetCursorPos,addr NewPos
mov eax,NewPos.x
mov ecx,eax
sub eax,OldPos.x
mov OldPos.x,ecx
add eax,Rect2.left
mov ebx,NewPos.y
mov ecx,ebx
sub ebx,OldPos.y
mov OldPos.y,ecx
add ebx,Rect2.top
mov ecx,Rect2.right
sub ecx,Rect2.left
mov edx,Rect2.bottom
sub edx,Rect2.top
invoke MoveWindow,hWnd,eax,ebx,ecx,edx,TRUE
.endif
.elseif uMsg==WM_LBUTTONUP
mov MoveDlg,FALSE
invoke ReleaseCapture
.elseif uMsg==WM_LBUTTONDBLCLK
invoke EndDialog,hWnd,0
.elseif uMsg==WM_RBUTTONDBLCLK
invoke EndDialog,hWnd,0
.elseif uMsg==WM_COMMAND
.elseif uMsg==WM_CLOSE
@CLOSEiT:
invoke uFMOD_PlaySong,0,0,0
invoke EndDialog,hWnd,NULL
JMP @End
.else
POPAD
MOV EAX,FALSE
RET
.endif
@End:
POPAD
XOR EAX,EAX
RET
DialogProc2 endp
DlgProc proc uses esi edi hWnd:DWORD,uMsg:DWORD,wParam:DWORD,lParam:DWORD
local rect:RECT,hDrawEffects:HANDLE
PUSHAD
mov EAX,hWnd
mov iHWND,EAX
PUSHAD
mov eax,uMsg
push hWnd
;pop handle
.if uMsg == WM_INITDIALOG
invoke GetParent,hWnd
mov ecx,eax
invoke GetWindowRect,ecx,addr rect
mov edi,rect.left
mov esi, rect.top
add edi,25
add esi,100
;invoke MessageBox,NULL,ADDR szMBoxText,ADDR szMBoxTitle,MB_ICONINFORMATION
invoke CreateTVBox,iHWND
invoke LoadIcon,hInstance,200
invoke SendMessage, hWnd, WM_SETICON, 1, eax
invoke uFMOD_PlaySong,400,hInstance,XM_RESOURCE
invoke SetDlgItemText,hWnd,IDC_TITLE,addr szTitle
invoke SetWindowText,iHWND,chr$('temari.fr - Invitation #1')
invoke SetDlgItemText,iHWND,IDC_NAME,chr$('iNViTATiON')
invoke CenterWindow,hWnd
invoke DrawXXControlButtons,hWnd
mov hMatrix,$invoke (VirtualAlloc,NULL,0*EFFECTS_WIDTH+100,MEM_COMMIT,PAGE_READWRITE)
invoke BuildMatrix
mov hDrawEffects,$invoke (CreateThread,NULL,0,addr DrawEffects,hWnd,0,addr pIntroBackBufferThreadID)
invoke SetThreadPriority,hDrawEffects,THREAD_PRIORITY_NORMAL
mov status,1 ; Declare the sound control button statut
.elseif uMsg==WM_COMMAND
MOV EAX,wParam
.IF ax==BTN_CHECK
invoke GetDlgItemText,iHWND,IDC_NAME,ADDR name_input,MAXSiZE
.if eax == 0
invoke MessageBox,iHWND,chr$("NAME STATUS: NO NAME"),chr$("Status"),MB_ICONEXCLAMATION
.elseif eax > 15
invoke MessageBox,iHWND,chr$("NAME STATUS: TOO LONG"),chr$("Status"),MB_ICONEXCLAMATION
.elseif eax < 3
invoke MessageBox,iHWND,chr$("NAME STATUS: TOO SHORT"),chr$("Status"),MB_ICONEXCLAMATION
.elseif
invoke GetDlgItemText,iHWND,IDC_SERIAL,ADDR serial_input,MAXSiZE
.if eax == 0
invoke MessageBox,iHWND,chr$("SERiAL STATUS: NO SERiAL"),chr$("Status"),MB_ICONEXCLAMATION
.elseif eax > 108
invoke MessageBox,iHWND,chr$("SERiAL STATUS: TOO LONG"),chr$("Status"),MB_ICONEXCLAMATION
.elseif eax < 107
invoke MessageBox,iHWND,chr$("SERiAL STATUS: TOO SHORT"),chr$("Status"),MB_ICONEXCLAMATION
.elseif
invoke KeygenProc
.endif
.endif
.endif
.if ax == IDB_EXIT || eax == IDB_EXIT2
mov hExit,TRUE
invoke SendMessage, hWnd, WM_CLOSE, 0, 0
.endif
.if ax==IDB_NOSOUND
.if status == 1
invoke SetDlgItemText,iHWND,IDB_NOSOUND,chr$(">")
invoke uFMOD_PlaySong,0,0,0
mov status,0
.else
invoke SetDlgItemText,iHWND,IDB_NOSOUND,chr$("<")
invoke uFMOD_PlaySong,400,hInstance,XM_RESOURCE
mov status,1
.endif
.endif
.elseIF uMsg == WM_CTLCOLORDLG
mov eax,wParam
invoke SetBkColor,eax,Black
invoke GetStockObject,BLACK_BRUSH
ret
.elseif uMsg==WM_CTLCOLOREDIT || uMsg==WM_CTLCOLORSTATIC
invoke SetBkMode,wParam,OPAQUE
invoke SetBkColor,wParam,000000h
invoke SetTextColor,wParam,0FCDC7Ch
invoke GetStockObject,BLACK_BRUSH
ret
.elseif uMsg == WM_CTLCOLORBTN
invoke CreateSolidBrush, 000000FFh
ret
.elseif eax==WM_LBUTTONDOWN
invoke SendMessage,hWnd,WM_NCLBUTTONDOWN,HTCAPTION,0
.elseif eax==WM_RBUTTONDOWN
invoke SendMessage,hWnd,WM_CLOSE,0,0
.elseif eax == WM_CLOSE
invoke AnimateWindow,hWnd,500,AW_HIDE or AW_BLEND
invoke uFMOD_PlaySong,0,0,XM_RESOURCE
invoke TerminateThread,threadID,0
invoke DeleteDC,srcdc
invoke EndDialog, hWnd, 0
.endif
xor eax,eax
ret
DlgProc endp
KeygenProc PROC
; ---- KEYGEN PROC --------------------------------------------------------
; iNViTATiON
; iNViTATiON-75596E86CE496F7A6DAFE2EFB3C6D2AE7FC06574663E0AFC2E895C2ED1E15C37-D2885F77ADF18405B04CB07979611DB3
cmp byte ptr ss:[serial_input+10],02Dh
jnz @wrong
cmp byte ptr ss:[serial_input+75],02Dh
jnz @wrong
invoke lstrcpyn,addr serialfp1,addr serial_input,10 + 1
invoke lstrcpyn,addr serialfp2,addr serial_input + 11,64 + 1
invoke lstrcpyn,addr serialfp3,addr serial_input + 76,32 + 1
invoke lstrcmp,addr serialfp1,chr$("iNViTATiON")
TEST EAX,EAX
jnz @wrong
invoke lstrlen,addr name_input
mov name_len,eax
invoke HexEncode,addr name_input,name_len,addr hex_name
lea esi,serialfp2
call REVERSEiT
invoke _BigCreate,0
mov bigM,eax
invoke _BigCreate,0
mov bigN,eax
invoke _BigCreate,0
mov bigE,eax
invoke _BigCreate,0
mov bigC,eax
invoke _BigIn,addr UnRev,16,bigM
invoke _BigIn,addr E,16,bigE
invoke _BigIn,addr N,16,bigN
invoke _BigPowMod,bigM,bigE,bigN,bigC
invoke _BigOutB16,bigC,addr rsa
invoke _BigDestroy,bigM
invoke _BigDestroy,bigE
invoke _BigDestroy,bigN
invoke _BigDestroy,bigC
invoke lstrcmp,addr hex_name,addr rsa
TEST EAX,EAX
jnz @wrong
invoke MD5Init
invoke MD5Update,addr name_input,name_len
invoke MD5Final
invoke HexEncode,eax,MD5_DIGESTSIZE,addr md5
invoke lstrcmp,addr serialfp3,addr md5
TEST EAX,EAX
jnz @wrong
invoke MessageBox,iHWND,chr$("SERiAL STATUS: REGiSTERED"),chr$("Status"),MB_ICONINFORMATION
CALL CLEAR
RET
@wrong:
invoke MessageBox,iHWND,chr$("SERiAL STATUS: UNREGiSTERED"),chr$("Status"),MB_ICONERROR
CALL CLEAR
RET
KeygenProc ENDP
CLEAR proc
invoke RtlZeroMemory,addr name_input,MAXSiZE
invoke RtlZeroMemory,addr serial_input,MAXSiZE
invoke RtlZeroMemory,addr md5,MAXSiZE
invoke RtlZeroMemory,addr rsa,MAXSiZE
invoke RtlZeroMemory,addr UnRev,MAXSiZE
RET
CLEAR endp
REVERSEiT PROC
lea edi, UnRev
mov ecx, 40h
xor ebx, ebx
Reversor:
mov al, byte ptr[esi+ecx-1]
mov byte ptr[edi+ebx], al
inc ebx
dec ecx
jnz Reversor
mov byte ptr[edi+ebx], 0
Ret
REVERSEiT ENDP
DrawEffects Proc hWnd:HWND
local bmpi1:BITMAPINFO
; ---- Activate Vectors ---------------------------------------------------
mov hDC,$invoke (GetDC,hWnd)
invoke CreateCompatibleDC,hDC
mov wDC1,eax
mov wDC2,eax
invoke CreateCompatibleBitmap,hDC,EFFECTS_WIDTH,1
invoke SelectObject,wDC1,eax
invoke DeleteObject,eax
invoke CreateCompatibleBitmap,hDC,EFFECTS_WIDTH,1
invoke SelectObject,wDC2,eax
invoke DeleteObject,eax
_back:
invoke DrawColorScroller
.if hExit != TRUE
invoke Sleep,20
invoke BitBlt,hDC,left,29,EFFECTS_WIDTH,1,wDC1,0,0,SRCCOPY
invoke BitBlt,hDC,left,25+EFFECTS_HEIGHT,EFFECTS_WIDTH,1,wDC2,0,0,SRCCOPY
invoke BitBlt,hDC,344,29,EFFECTS_WIDTH,1,wDC1,0,0,SRCCOPY
invoke BitBlt,hDC,344,25+EFFECTS_HEIGHT,EFFECTS_WIDTH,1,wDC2,0,0,SRCCOPY
jmp _back
.endif
mov x1,0
invoke DeleteDC,wDC1
invoke DeleteDC,wDC2
Ret
DrawEffects endp
DrawColorScroller Proc
mov esi,hMatrix
mov x,0
; Commented commands would be useful only when we build a matrix on screen, instead of 2 scrolling vectors
;mov y,0
; .repeat
.repeat
mov eax,x1
add eax,x
mov ebx,EFFECTS_WIDTH
xor edx,edx
idiv ebx
push edx
invoke SetPixel,wDC1,edx,y,dword ptr [esi]
mov eax,EFFECTS_HEIGHT
; add eax,y
pop edx
; add esi,EFFECTS_WIDTH*4*EFFECTS_HEIGHT-EFFECTS_WIDTH*4
; sub esi,20h
invoke SetPixel,wDC2,edx,eax,dword ptr [esi]
; add esi,20h
; sub esi,EFFECTS_WIDTH*4*EFFECTS_HEIGHT-EFFECTS_WIDTH*4
add esi,4
inc x
.until x == EFFECTS_WIDTH
mov x,0
; inc y
; .until y == 1 ;EFFECTS_HEIGHT
; mov y,0
add x1,5 ; Speed of wave
Ret
DrawColorScroller endp
CenterWindow Proc hWnd:HWND
LOCAL rc:RECT
mov screenWidth,$invoke (GetSystemMetrics,SM_CXSCREEN)
mov screenHeight,$invoke (GetSystemMetrics,SM_CYSCREEN)
invoke GetWindowRect,hWnd,addr rc
mov eax,rc.right
sub eax,rc.left
mov ecx,screenWidth
sub ecx,eax
shr ecx,1
mov eax,rc.bottom
sub eax,rc.top
mov edx,screenHeight
sub edx,eax
shr edx,1
invoke SetWindowPos,hWnd,0,ecx,edx,0,0,5;SWP_NOZORDER || SWP_NOSIZE
Ret
CenterWindow endp
DrawXXControlButtons Proc hWnd:HWND
LOCAL sButtonStructure:XXBUTTON,hSmallButtonFont:HFONT,hBtn:HWND
mov hSmallButtonFont,$invoke (CreateFont,8,0,0,0,FW_NORMAL,FALSE,FALSE,FALSE,DEFAULT_CHARSET,OUT_CHARACTER_PRECIS,CLIP_CHARACTER_PRECIS,PROOF_QUALITY,FF_DONTCARE,chr$('MS Sans Serif'))
invoke RtlZeroMemory,addr sButtonStructure,sizeof sButtonStructure
invoke LoadCursor,NULL,IDC_HAND
mov sButtonStructure.hCursor_hover,eax
mov sButtonStructure.hover_clr,White
mov sButtonStructure.push_clr,White
mov sButtonStructure.normal_clr,White
mov sButtonStructure.btn_prop, 08000000Fh
mov hBtn,$invoke ( GetDlgItem,hWnd,IDB_EXIT2 )
invoke RedrawButton,hBtn,addr sButtonStructure
mov sButtonStructure.push_clr,0B0B0B0h
mov sButtonStructure.btn_prop,08000000Bh
mov hBtn,$invoke ( GetDlgItem,hWnd,IDB_EXIT )
invoke RedrawButton,hBtn,addr sButtonStructure
mov hBtn,$invoke ( GetDlgItem,hWnd,BTN_CHECK )
invoke RedrawButton,hBtn,addr sButtonStructure
mov hBtn,$invoke ( GetDlgItem,hWnd,IDB_NOSOUND )
invoke RedrawButton,hBtn,addr sButtonStructure
invoke SetFocus,eax
mov eax,TRUE
Ret
DrawXXControlButtons endp
end start