mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-30 06:55:27 +00:00
219 lines
8.6 KiB
C#
219 lines
8.6 KiB
C#
|
// Decompiled with JetBrains decompiler
|
|||
|
// Type: Microsoft.InfoCards.RsaKeyGen
|
|||
|
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
|
|||
|
// MVID: ADE0A079-11DB-4A46-8BDE-D2A592CA8DEA
|
|||
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Expiro.w-67b630ead60119692b9abbdfd8717c96904ef041127c2cae033c86b718eaa61e.exe
|
|||
|
|
|||
|
using Microsoft.InfoCards.Diagnostics;
|
|||
|
using System;
|
|||
|
using System.IO;
|
|||
|
using System.Security.Cryptography;
|
|||
|
|
|||
|
namespace Microsoft.InfoCards
|
|||
|
{
|
|||
|
internal sealed class RsaKeyGen
|
|||
|
{
|
|||
|
private const int Xpq12Length = 14;
|
|||
|
private const int XpqLength = 128;
|
|||
|
private const int NumberOfSha1Hashes = 16;
|
|||
|
private const int InfoCardKeyLength = 2048;
|
|||
|
private const int HnLength = 20;
|
|||
|
private const int PublicExponentValue = 65537;
|
|||
|
private const string Aes128EncryptionKey = "f561e58b-3ebc-4e0c-940d-0a6ddc219dfd";
|
|||
|
private const int ByteForHundredthBit = 12;
|
|||
|
private static int[] hashesToWriteP = new int[8]
|
|||
|
{
|
|||
|
2,
|
|||
|
12,
|
|||
|
11,
|
|||
|
10,
|
|||
|
0,
|
|||
|
6,
|
|||
|
5,
|
|||
|
4
|
|||
|
};
|
|||
|
private static int[] numBytesToWriteP = new int[8]
|
|||
|
{
|
|||
|
4,
|
|||
|
20,
|
|||
|
20,
|
|||
|
20,
|
|||
|
4,
|
|||
|
20,
|
|||
|
20,
|
|||
|
20
|
|||
|
};
|
|||
|
private static int[] srcIndexBytesToWriteP = new int[8]
|
|||
|
{
|
|||
|
16,
|
|||
|
0,
|
|||
|
0,
|
|||
|
0,
|
|||
|
16,
|
|||
|
0,
|
|||
|
0,
|
|||
|
0
|
|||
|
};
|
|||
|
private static int[] hashesToWriteQ = new int[8]
|
|||
|
{
|
|||
|
3,
|
|||
|
15,
|
|||
|
14,
|
|||
|
13,
|
|||
|
1,
|
|||
|
9,
|
|||
|
8,
|
|||
|
7
|
|||
|
};
|
|||
|
private static int[] numBytesToWriteQ = RsaKeyGen.numBytesToWriteP;
|
|||
|
private static int[] srcIndexBytesToWriteQ = RsaKeyGen.srcIndexBytesToWriteP;
|
|||
|
private static RijndaelManaged s_rjAes128 = new RijndaelManaged();
|
|||
|
|
|||
|
static RsaKeyGen()
|
|||
|
{
|
|||
|
RsaKeyGen.s_rjAes128.Mode = CipherMode.ECB;
|
|||
|
RsaKeyGen.s_rjAes128.Padding = PaddingMode.Zeros;
|
|||
|
RsaKeyGen.s_rjAes128.Key = new Guid("f561e58b-3ebc-4e0c-940d-0a6ddc219dfd").ToByteArray();
|
|||
|
}
|
|||
|
|
|||
|
public static byte[] CreateRsaKeyPairX931(byte[] masterKey, byte[] targetId)
|
|||
|
{
|
|||
|
InfoCardTrace.Assert(true, "Only 2048 bit key sizes supported");
|
|||
|
byte[][] hn = RsaKeyGen.CalculateHn(masterKey, targetId);
|
|||
|
byte[] rsaKeyPairX931 = (byte[]) null;
|
|||
|
byte[] numArray1 = new byte[14];
|
|||
|
byte[] numArray2 = new byte[14];
|
|||
|
byte[] numArray3 = new byte[14];
|
|||
|
byte[] numArray4 = new byte[14];
|
|||
|
byte[] numArray5 = new byte[128];
|
|||
|
byte[] numArray6 = new byte[128];
|
|||
|
Array.Copy((Array) hn[0], 0, (Array) numArray1, 0, numArray1.Length);
|
|||
|
Array.Copy((Array) hn[1], 0, (Array) numArray2, 0, numArray2.Length);
|
|||
|
Array.Copy((Array) hn[2], 0, (Array) numArray3, 0, numArray3.Length);
|
|||
|
Array.Copy((Array) hn[3], 0, (Array) numArray4, 0, numArray4.Length);
|
|||
|
RsaKeyGen.WriteToArray(RsaKeyGen.hashesToWriteP, RsaKeyGen.numBytesToWriteP, RsaKeyGen.srcIndexBytesToWriteP, hn, numArray5);
|
|||
|
RsaKeyGen.WriteToArray(RsaKeyGen.hashesToWriteQ, RsaKeyGen.numBytesToWriteQ, RsaKeyGen.srcIndexBytesToWriteQ, hn, numArray6);
|
|||
|
try
|
|||
|
{
|
|||
|
KeyGenRestartCodes restartCode = KeyGenRestartCodes.X931RestartNone;
|
|||
|
do
|
|||
|
{
|
|||
|
numArray5[(int) sbyte.MaxValue] |= (byte) 192;
|
|||
|
numArray6[(int) sbyte.MaxValue] |= (byte) 192;
|
|||
|
numArray1[12] |= (byte) 16;
|
|||
|
numArray2[12] |= (byte) 16;
|
|||
|
numArray3[12] |= (byte) 16;
|
|||
|
numArray4[12] |= (byte) 16;
|
|||
|
rsaKeyPairX931 = NativeMcppMethods.X931KeyGenWrapper(numArray1, numArray2, numArray3, numArray4, numArray5, numArray6, 65537, ref restartCode);
|
|||
|
switch (restartCode)
|
|||
|
{
|
|||
|
case KeyGenRestartCodes.X931RestartNone:
|
|||
|
InfoCardTrace.Assert(null != rsaKeyPairX931, "Cryptoblob should not be null since API succeeded");
|
|||
|
break;
|
|||
|
case KeyGenRestartCodes.X931RestartDTooSmall:
|
|||
|
InfoCardTrace.Assert(null == rsaKeyPairX931, "Cryptoblob should be null");
|
|||
|
InfoCardTrace.Assert(false, "Not expected for d < 2^1024 with e = 65537");
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray3);
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray4);
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray6);
|
|||
|
break;
|
|||
|
case KeyGenRestartCodes.X931RestartNonTrivialGcd:
|
|||
|
InfoCardTrace.Assert(null == rsaKeyPairX931, "Cryptoblob should be null");
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray1);
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray2);
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray3);
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray4);
|
|||
|
break;
|
|||
|
case KeyGenRestartCodes.X931RestartPQOverflow:
|
|||
|
InfoCardTrace.Assert(null == rsaKeyPairX931, "Cryptoblob should be null");
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray5);
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray6);
|
|||
|
break;
|
|||
|
case KeyGenRestartCodes.X931RestartPQ12OverFlow:
|
|||
|
InfoCardTrace.Assert(null == rsaKeyPairX931, "Cryptoblob should be null");
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray1);
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray2);
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray3);
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray4);
|
|||
|
break;
|
|||
|
case KeyGenRestartCodes.X931RestartXpXqClose:
|
|||
|
InfoCardTrace.Assert(null == rsaKeyPairX931, "Cryptoblob should be null");
|
|||
|
RsaKeyGen.InfoCardRegenerateParam(numArray6);
|
|||
|
break;
|
|||
|
}
|
|||
|
}
|
|||
|
while (restartCode != KeyGenRestartCodes.X931RestartNone);
|
|||
|
InfoCardTrace.Assert(null != rsaKeyPairX931, "Cryptoblob should NOT be null outside while loop");
|
|||
|
}
|
|||
|
finally
|
|||
|
{
|
|||
|
Array.Clear((Array) numArray1, 0, numArray1.Length);
|
|||
|
Array.Clear((Array) numArray2, 0, numArray2.Length);
|
|||
|
Array.Clear((Array) numArray3, 0, numArray3.Length);
|
|||
|
Array.Clear((Array) numArray4, 0, numArray4.Length);
|
|||
|
Array.Clear((Array) numArray5, 0, numArray5.Length);
|
|||
|
Array.Clear((Array) numArray6, 0, numArray6.Length);
|
|||
|
}
|
|||
|
return rsaKeyPairX931;
|
|||
|
}
|
|||
|
|
|||
|
private static void WriteToArray(
|
|||
|
int[] hashesToWrite,
|
|||
|
int[] numBytesToWrite,
|
|||
|
int[] srcIndexBytesToWrite,
|
|||
|
byte[][] sourceArrayOfHashes,
|
|||
|
byte[] destArray)
|
|||
|
{
|
|||
|
InfoCardTrace.Assert(hashesToWrite.Length == numBytesToWrite.Length, "Size must be equal");
|
|||
|
InfoCardTrace.Assert(numBytesToWrite.Length == srcIndexBytesToWrite.Length, "Size must be equal");
|
|||
|
int destinationIndex = 0;
|
|||
|
for (int index1 = 0; index1 < hashesToWrite.Length; ++index1)
|
|||
|
{
|
|||
|
int index2 = hashesToWrite[index1];
|
|||
|
Array.Copy((Array) sourceArrayOfHashes[index2], srcIndexBytesToWrite[index1], (Array) destArray, destinationIndex, numBytesToWrite[index1]);
|
|||
|
destinationIndex += numBytesToWrite[index1];
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
private static byte[][] CalculateHn(byte[] masterKey, byte[] subjectEntropy)
|
|||
|
{
|
|||
|
byte[][] hn = new byte[16][];
|
|||
|
byte[] numArray = new byte[masterKey.Length + subjectEntropy.Length + 4];
|
|||
|
Array.Copy((Array) masterKey, 0, (Array) numArray, 0, masterKey.Length);
|
|||
|
Array.Copy((Array) subjectEntropy, 0, (Array) numArray, masterKey.Length, subjectEntropy.Length);
|
|||
|
for (uint index = 0; (long) index < (long) hn.Length; ++index)
|
|||
|
{
|
|||
|
InfoCardTrace.Assert(index <= (uint) byte.MaxValue, "n must fit in a byte.");
|
|||
|
InfoCardTrace.Assert(numArray.Length - 1 == masterKey.Length + subjectEntropy.Length + 3, "Index location of n must be last element of array.");
|
|||
|
numArray[numArray.Length - 1] = (byte) index;
|
|||
|
hn[(IntPtr) index] = SHA1.Create().ComputeHash(numArray);
|
|||
|
Array.Reverse((Array) hn[(IntPtr) index]);
|
|||
|
}
|
|||
|
Array.Clear((Array) numArray, 0, numArray.Length);
|
|||
|
return hn;
|
|||
|
}
|
|||
|
|
|||
|
private static void InfoCardRegenerateParam(byte[] prevBytes)
|
|||
|
{
|
|||
|
byte[] sourceArray = RsaKeyGen.AESEncryptECB(prevBytes);
|
|||
|
Array.Copy((Array) sourceArray, 0, (Array) prevBytes, 0, prevBytes.Length);
|
|||
|
Array.Clear((Array) sourceArray, 0, sourceArray.Length);
|
|||
|
}
|
|||
|
|
|||
|
private static byte[] AESEncryptECB(byte[] plaintextbyte)
|
|||
|
{
|
|||
|
MemoryStream memoryStream = new MemoryStream();
|
|||
|
CryptoStream cryptoStream = new CryptoStream((Stream) memoryStream, RsaKeyGen.s_rjAes128.CreateEncryptor(), CryptoStreamMode.Write);
|
|||
|
cryptoStream.Write(plaintextbyte, 0, plaintextbyte.Length);
|
|||
|
cryptoStream.Close();
|
|||
|
byte[] array = memoryStream.ToArray();
|
|||
|
memoryStream.Close();
|
|||
|
return array;
|
|||
|
}
|
|||
|
|
|||
|
private RsaKeyGen()
|
|||
|
{
|
|||
|
}
|
|||
|
}
|
|||
|
}
|