BaumFX · Lrae1207 · Feb 6, 2024 · Feb 6, 2024
diff --git a/anti_debug.cpp b/anti_debug.cpp
@@ -43,14 +43,14 @@ const wchar_t* security::internal::get_string(int index) {
 	std::string value = "";
 
 	switch (index) {
-	case 0: value = xor ("Qt5QWindowIcon"); break;
-	case 1: value = xor ("OLLYDBG"); break;
-	case 2: value = xor ("SunAwtFrame"); break;
-	case 3: value = xor ("ID"); break;
-	case 4: value = xor ("ntdll.dll"); break;
-	case 5: value = xor ("antidbg"); break;
-	case 6: value = xor ("%random_environment_var_name_that_doesnt_exist?[]<>@\\;*!-{}#:/~%"); break;
-	case 7: value = xor ("%random_file_name_that_doesnt_exist?[]<>@\\;*!-{}#:/~%"); break;
+		case 0: value = xor ("Qt5QWindowIcon"); break;
+		case 1: value = xor ("OLLYDBG"); break;
+		case 2: value = xor ("SunAwtFrame"); break;
+		case 3: value = xor ("ID"); break;
+		case 4: value = xor ("ntdll.dll"); break;
+		case 5: value = xor ("antidbg"); break;
+		case 6: value = xor ("%random_environment_var_name_that_doesnt_exist?[]<>@\\;*!-{}#:/~%"); break;
+		case 7: value = xor ("%random_file_name_that_doesnt_exist?[]<>@\\;*!-{}#:/~%"); break;
 	}
 
 	return std::wstring(value.begin(), value.end()).c_str();
@@ -601,26 +601,26 @@ int security::internal::virtualization::check_cpuid() {
 
 int security::internal::virtualization::check_registry() {
 	HKEY h_key = 0;
-	if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, xor (L"HARDWARE\\ACPI\\DSDT\\VBOX__"), 0, KEY_READ, &h_key) == ERROR_SUCCESS) { return security::internal::debug_results::check_registry; }
+	if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, xor_wchar(L"HARDWARE\\ACPI\\DSDT\\VBOX__"), 0, KEY_READ, &h_key) == ERROR_SUCCESS) { return security::internal::debug_results::check_registry; }
 
 	return security::internal::debug_results::none;
 }
 
 int security::internal::virtualization::vm() {
-	if (CreateFile(xor (L"\\\\.\\VBoxMiniRdrDN"), GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 0, OPEN_EXISTING, 0, 0) != INVALID_HANDLE_VALUE) { return security::internal::debug_results::vm; }
+	if (CreateFile(xor_wchar (L"\\\\.\\VBoxMiniRdrDN"), GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, 0, OPEN_EXISTING, 0, 0) != INVALID_HANDLE_VALUE) { return security::internal::debug_results::vm; }
 
-	if (LoadLibrary(xor (L"VBoxHook.dll"))) { return security::internal::debug_results::vm; }
+	if (LoadLibrary(xor_wchar (L"VBoxHook.dll"))) { return security::internal::debug_results::vm; }
 
 	HKEY h_key = 0;
-	if ((ERROR_SUCCESS == RegOpenKeyEx(HKEY_LOCAL_MACHINE, xor(L"SOFTWARE\\Oracle\\VirtualBox Guest Additions"), 0, KEY_READ, &h_key)) && h_key) { RegCloseKey(h_key); return security::internal::debug_results::vm; }
+	if ((ERROR_SUCCESS == RegOpenKeyEx(HKEY_LOCAL_MACHINE, xor_wchar(L"SOFTWARE\\Oracle\\VirtualBox Guest Additions"), 0, KEY_READ, &h_key)) && h_key) { RegCloseKey(h_key); return security::internal::debug_results::vm; }
 
 	h_key = 0;
-	if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, xor(L"HARDWARE\\DESCRIPTION\\System"), 0, KEY_READ, &h_key) == ERROR_SUCCESS)
+	if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, xor_wchar(L"HARDWARE\\DESCRIPTION\\System"), 0, KEY_READ, &h_key) == ERROR_SUCCESS)
 	{
 		unsigned long type = 0;
 		unsigned long size = 0x100;
 		char* systembiosversion = (char*)LocalAlloc(LMEM_ZEROINIT, size + 10);
-		if (ERROR_SUCCESS == RegQueryValueEx(h_key, xor(L"SystemBiosVersion"), 0, &type, (unsigned char*)systembiosversion, &size))
+		if (ERROR_SUCCESS == RegQueryValueEx(h_key, xor_wchar(L"SystemBiosVersion"), 0, &type, (unsigned char*)systembiosversion, &size))
 		{
 			to_lower((unsigned char*)systembiosversion);
 			if (type == REG_SZ || type == REG_MULTI_SZ)
@@ -636,7 +636,7 @@ int security::internal::virtualization::vm() {
 		type = 0;
 		size = 0x200;
 		char* videobiosversion = (char*)LocalAlloc(LMEM_ZEROINIT, size + 10);
-		if (ERROR_SUCCESS == RegQueryValueEx(h_key, xor(L"VideoBiosVersion"), 0, &type, (unsigned char*)videobiosversion, &size))
+		if (ERROR_SUCCESS == RegQueryValueEx(h_key, xor_wchar(L"VideoBiosVersion"), 0, &type, (unsigned char*)videobiosversion, &size))
 		{
 			if (type == REG_MULTI_SZ)
 			{
@@ -653,7 +653,7 @@ int security::internal::virtualization::vm() {
 		RegCloseKey(h_key);
 	}
 
-	HANDLE h = CreateFile(xor(L"\\\\.\\pipe\\VBoxTrayIPC"), GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
+	HANDLE h = CreateFile(xor_wchar(L"\\\\.\\pipe\\VBoxTrayIPC"), GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, 0, 0);
 	if (h != INVALID_HANDLE_VALUE) { CloseHandle(h); return security::internal::debug_results::vm; }
 
 	unsigned long pnsize = 0x1000;
@@ -700,7 +700,7 @@ int security::internal::virtualization::vm() {
 								{
 									unsigned long size = 0xFFF;
 									unsigned char value_name[0x1000] = { 0 };
-									if (RegQueryValueEx(h_new_key, xor(L"FriendlyName"), 0, 0, value_name, &size) == ERROR_SUCCESS) { to_lower(value_name); if (strstr((char*)value_name, xor("vbox"))) { return security::internal::debug_results::vm; } }
+									if (RegQueryValueEx(h_new_key, xor_wchar(L"FriendlyName"), 0, 0, value_name, &size) == ERROR_SUCCESS) { to_lower(value_name); if (strstr((char*)value_name, xor("vbox"))) { return security::internal::debug_results::vm; } }
 									RegCloseKey(HKKK);
 								}
 							}

diff --git a/xor_cc.hpp b/xor_cc.hpp
@@ -0,0 +1,60 @@
+#include <iostream>
+#include <string>
+#include <ctime>
+
+namespace SystemInfo_WIN {
+    // Gets a timestamp and seed for the random algorithm below
+    unsigned long long TIME = time(0);
+    #define XSTR_SEED ((TIME - '0') * 1ull + (TIME - '0') * 10ull + (TIME - '0') * 60ull + (TIME - '0') * 600ull + (TIME - '0') * 3600ull + (TIME - '0') * 36000ull)
+
+    // Not sure how secure this algorithm is
+    constexpr unsigned long long linear_congruent_generator(unsigned rounds) {
+        unsigned long long sd = 1013904223ull + (1664525ull * ((rounds > 0) ? linear_congruent_generator(rounds - 1) : (XSTR_SEED))) % 0xFFFFFFFF;
+        if (rounds == 0 && sd % 2 == 1) {
+            return sd + 1;
+        }
+        return sd;
+    };
+
+    // Random algorithm uses ten rounds of the above algorithm
+    #define Random() linear_congruent_generator(10)
+    #define XSTR_RANDOM_NUMBER(Min, Max) (Min + (Random() % (Max - Min + 1)))
+
+    // Get the ull key
+    unsigned long long XORKEY = XSTR_RANDOM_NUMBER(0xF000000, 0xFFFFFFF);
+
+    template<typename Char >
+    constexpr Char encrypt_character(const Char character,
+        int index) {
+        return character ^ (static_cast<Char>(XORKEY) + index);
+    }
+
+    template <unsigned size, typename Char>
+    class SystemInfo_WIN_Const {
+    public:
+        const unsigned _nb_chars = (size - 1);
+        Char _string[size];
+
+        inline constexpr SystemInfo_WIN_Const(const Char* string)
+            : _string{}
+        {
+            for (unsigned i = 0u; i < size; ++i)
+                _string[i] = encrypt_character<Char>(string[i], i);
+        }
+
+        const Char* get() const
+        {
+            Char* string = const_cast<Char*>(_string);
+            for (unsigned t = 0; t < _nb_chars; t++) {
+                string[t] = string[t] ^ (static_cast<Char>(XORKEY) + t);
+            }
+            string[_nb_chars] = '\0';
+            return string;
+        }
+
+    };
+}
+#define SystemInfo_WIN_d_wchar(my_string) []{ SystemInfo_WIN::SystemInfo_WIN_Const<(sizeof(my_string)/sizeof(wchar_t)), wchar_t> expr(my_string); return expr; }().get()
+#define xor_wchar( string ) SystemInfo_WIN_d_wchar( string ) // xors the given wchar string with the generated key
+#define SystemInfo_WIN_d(my_string) []{ SystemInfo_WIN::SystemInfo_WIN_Const<(sizeof(my_string)/sizeof(char)), char> expr(my_string); return expr; }().get()
+#define xor( string ) SystemInfo_WIN_d( string ) // xors the given string with the generated key