ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-26 13:25:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9432413cf6
MalwareSourceCode/MSIL/Trojan/Win32/P/Trojan.Win32.Patched.mf-fd200e64412b6be5c177c3cfa7b94e83e807ff04211ce324f12e2ffa5537eb36/Services/Ticket/TicketManager.cs

141 lines
4.2 KiB
C#
Raw Normal View History

auto-decompiled msil via petikvx add
2022-08-18 11:28:56 +00:00
// Decompiled with JetBrains decompiler
// Type: Bmc.Services.Ticket.TicketManager
// Assembly: ticketservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null
// MVID: 3DFB8186-7053-43AF-8B45-70866071B1F2
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-fd200e64412b6be5c177c3cfa7b94e83e807ff04211ce324f12e2ffa5537eb36.exe
using Bmc.Broker.Config;
using Bmc.RegistryAccess;
using Bmc.RegistryAccess.Ticket;
using Net.LShift.SPKI;
using Net.LShift.Utilities;
using System;
using System.IO;
using System.Net;
using System.Text;
namespace Bmc.Services.Ticket
{
public class TicketManager
{
private SignatureChecker _timeChecker;
private WebClient _webClient;
private ActivationManager _activationManager;
private SecureStateManager _secureStateManager;
private static byte[][] key_hashes = new byte[1][]
{
new byte[20]
{
(byte) 97,
(byte) 170,
byte.MaxValue,
(byte) 55,
(byte) 144,
(byte) 148,
(byte) 75,
(byte) 50,
(byte) 153,
(byte) 84,
(byte) 55,
(byte) 229,
(byte) 122,
(byte) 62,
(byte) 108,
(byte) 42,
(byte) 66,
(byte) 9,
(byte) 74,
(byte) 148
}
};
public TicketManager(
WebClient webClient,
ActivationManager activationManager,
SecureStateManager secureStateManager)
{
this._timeChecker = new SignatureChecker(TicketManager.key_hashes);
this._webClient = webClient;
this._activationManager = activationManager;
this._secureStateManager = secureStateManager;
}
public bool TicketFetchIncomplete
{
get
{
string str = ConfigurationManager.Instance[(FIELD) 10];
return str != null && bool.Parse(str);
}
set => ConfigurationManager.Instance[(FIELD) 10] = value.ToString();
}
private void ConfirmTicket()
{
byte[] bytes = new ASCIIEncoding().GetBytes("current=" + this._activationManager.TicketId);
WebRequest request = this._webClient.GetRequest("machine/confirm-ticket");
request.Method = "POST";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = (long) bytes.Length;
Stream requestStream = request.GetRequestStream();
requestStream.Write(bytes, 0, bytes.Length);
requestStream.Close();
request.GetResponse();
}
public void FetchTime()
{
DateTime utcNow = DateTime.UtcNow;
string id = RandomId.GenerateId("time-nonce", 6);
SPKISexp sexp = SPKISexp.ParseSexp(this._webClient.GetStream("machine/time?nonce=" + id));
SPKISexp spkiSexp1 = sexp["current-time"];
this._timeChecker.CheckSequence(sexp, spkiSexp1);
bool flag = false;
SPKISexp spkiSexp2 = spkiSexp1["nonces"];
for (int index = 1; index < spkiSexp2.Length; ++index)
{
SPKISexp spkiSexp3 = spkiSexp2[index];
if (id.Equals(spkiSexp3.Name))
flag = true;
}
if (!flag)
throw new SecureStateException();
this._secureStateManager.SetRatchetOffset(spkiSexp1.Get("time").ToDateTime() - utcNow);
}
public void FetchTicket()
{
if (this.TicketFetchIncomplete)
{
try
{
this.ConfirmTicket();
this.TicketFetchIncomplete = false;
}
catch (Exception ex)
{
}
}
this.FetchTime();
try
{
string str = this._secureStateManager[(SECURE_FIELD) 3];
WebRequest request = this._webClient.GetRequest("machine/ticket?current=" + str + "&version=" + BuildVersion.Version);
request.Headers.Add("If-None-Match", "W/\"" + str + "\"");
Stream responseStream = request.GetResponse().GetResponseStream();
this.TicketFetchIncomplete = true;
this._activationManager.SetTicket(responseStream);
}
catch (WebException ex)
{
if (!(ex.Response is HttpWebResponse response) || response.StatusCode != HttpStatusCode.NotModified)
throw ex;
this.TicketFetchIncomplete = false;
return;
}
this.ConfirmTicket();
this.TicketFetchIncomplete = false;
}
}
}
Reference in New Issue Copy Permalink