mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-19 09:56:10 +00:00
134 lines
5.2 KiB
C#
134 lines
5.2 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
|
// Type: Microsoft.InfoCards.PinProtectionHelper
|
|||
|
|
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
|
|||
|
|
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
|
|||
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Virus.Win32.Expiro.w-1f15ee7e9f7da02b6bfb4c5a5e6484eb9fa71b82d3699c54bcc7a31794b4a66d.exe
|
|||
|
|
|
|||
|
|
using Microsoft.InfoCards.Diagnostics;
|
|||
|
|
using System;
|
|||
|
|
using System.IO;
|
|||
|
|
using System.Security.Cryptography;
|
|||
|
|
|
|||
|
|
namespace Microsoft.InfoCards
|
|||
|
|
{
|
|||
|
|
internal class PinProtectionHelper
|
|||
|
|
{
|
|||
|
|
private const int InfoCardPKCS5IterationCount = 1000;
|
|||
|
|
public const int SaltSize = 16;
|
|||
|
|
private const int AESBlockByteLength = 16;
|
|||
|
|
private const int AESKeyByteLength = 32;
|
|||
|
|
private const byte EncryptForPinProtectionVersion = 2;
|
|||
|
|
private const int VersionOffset = 0;
|
|||
|
|
private const int SaltOffset = 1;
|
|||
|
|
private const int IterationsOffset = 17;
|
|||
|
|
private const int IVOffset = 21;
|
|||
|
|
private const int EncryptedDataOffset = 37;
|
|||
|
|
private PasswordDeriveBytes m_pkcs5;
|
|||
|
|
private byte[] m_key;
|
|||
|
|
private RijndaelManaged m_aes = new RijndaelManaged();
|
|||
|
|
|
|||
|
|
public PinProtectionHelper(string pin)
|
|||
|
|
{
|
|||
|
|
RNGCryptoServiceProvider cryptoServiceProvider = new RNGCryptoServiceProvider();
|
|||
|
|
byte[] numArray = new byte[16];
|
|||
|
|
cryptoServiceProvider.GetBytes(numArray);
|
|||
|
|
this.m_pkcs5 = new PasswordDeriveBytes(pin, numArray, "SHA256", 1000);
|
|||
|
|
this.m_key = this.m_pkcs5.GetBytes(32);
|
|||
|
|
this.m_aes.Padding = PaddingMode.PKCS7;
|
|||
|
|
this.m_aes.Mode = CipherMode.CBC;
|
|||
|
|
this.m_aes.BlockSize = 128;
|
|||
|
|
this.m_aes.KeySize = this.m_key.Length * 8;
|
|||
|
|
this.m_aes.GenerateIV();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public PinProtectionHelper(string pin, byte[] serializedParameters)
|
|||
|
|
{
|
|||
|
|
if ((byte) 2 != serializedParameters[0])
|
|||
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidCardException(SR.GetString("ServiceCardDecryptionFailed")));
|
|||
|
|
byte[] numArray = new byte[16];
|
|||
|
|
Array.Copy((Array) serializedParameters, 1, (Array) numArray, 0, 16);
|
|||
|
|
uint uint32 = BitConverter.ToUInt32(serializedParameters, 17);
|
|||
|
|
this.m_pkcs5 = new PasswordDeriveBytes(pin, numArray, "SHA256", (int) uint32);
|
|||
|
|
this.m_key = this.m_pkcs5.GetBytes(32);
|
|||
|
|
this.m_aes.Padding = PaddingMode.PKCS7;
|
|||
|
|
this.m_aes.Mode = CipherMode.CBC;
|
|||
|
|
this.m_aes.BlockSize = 128;
|
|||
|
|
this.m_aes.KeySize = this.m_key.Length * 8;
|
|||
|
|
byte[] destinationArray = new byte[16];
|
|||
|
|
Array.Copy((Array) serializedParameters, 21, (Array) destinationArray, 0, destinationArray.Length);
|
|||
|
|
this.m_aes.IV = destinationArray;
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public byte[] EncryptMasterKey(byte[] toEncrypt)
|
|||
|
|
{
|
|||
|
|
byte[] buffer = this.Encrypt(toEncrypt);
|
|||
|
|
using (MemoryStream memoryStream = new MemoryStream())
|
|||
|
|
{
|
|||
|
|
memoryStream.WriteByte((byte) 2);
|
|||
|
|
memoryStream.Write(this.m_pkcs5.Salt, 0, this.m_pkcs5.Salt.Length);
|
|||
|
|
memoryStream.Write(BitConverter.GetBytes((uint) this.m_pkcs5.IterationCount), 0, 4);
|
|||
|
|
memoryStream.Write(this.m_aes.IV, 0, this.m_aes.IV.Length);
|
|||
|
|
memoryStream.Write(buffer, 0, buffer.Length);
|
|||
|
|
return memoryStream.ToArray();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public static int EncryptedMasterKeySize => 85;
|
|||
|
|
|
|||
|
|
public byte[] Encrypt(byte[] toEncrypt)
|
|||
|
|
{
|
|||
|
|
using (ICryptoTransform encryptor = this.m_aes.CreateEncryptor(this.m_key, this.m_aes.IV))
|
|||
|
|
{
|
|||
|
|
using (MemoryStream memoryStream = new MemoryStream())
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
using (CryptoStream cryptoStream = new CryptoStream((Stream) memoryStream, encryptor, CryptoStreamMode.Write))
|
|||
|
|
{
|
|||
|
|
cryptoStream.Write(toEncrypt, 0, toEncrypt.Length);
|
|||
|
|
cryptoStream.FlushFinalBlock();
|
|||
|
|
return memoryStream.ToArray();
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
catch (CryptographicException ex)
|
|||
|
|
{
|
|||
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidCardException(SR.GetString("ServiceCardEncryptionFailed"), (Exception) ex));
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public byte[] DecryptMasterKey(byte[] toDecrypt)
|
|||
|
|
{
|
|||
|
|
byte[] numArray = new byte[toDecrypt.Length - 37];
|
|||
|
|
Array.Copy((Array) toDecrypt, 37, (Array) numArray, 0, toDecrypt.Length - 37);
|
|||
|
|
return this.Decrypt(numArray);
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public byte[] Decrypt(byte[] encrypted)
|
|||
|
|
{
|
|||
|
|
using (ICryptoTransform decryptor = this.m_aes.CreateDecryptor(this.m_key, this.m_aes.IV))
|
|||
|
|
{
|
|||
|
|
using (MemoryStream memoryStream = new MemoryStream(encrypted))
|
|||
|
|
{
|
|||
|
|
try
|
|||
|
|
{
|
|||
|
|
using (CryptoStream cryptoStream = new CryptoStream((Stream) memoryStream, decryptor, CryptoStreamMode.Read))
|
|||
|
|
{
|
|||
|
|
byte[] numArray = new byte[encrypted.Length];
|
|||
|
|
int length = cryptoStream.Read(numArray, 0, numArray.Length);
|
|||
|
|
byte[] destinationArray = new byte[length];
|
|||
|
|
Array.Copy((Array) numArray, (Array) destinationArray, length);
|
|||
|
|
return destinationArray;
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
catch (CryptographicException ex)
|
|||
|
|
{
|
|||
|
|
throw InfoCardTrace.ThrowHelperError((Exception) new InvalidCardException(SR.GetString("ServiceCardDecryptionFailed"), (Exception) ex));
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
}
|