// Decompiled with JetBrains decompiler // Type: Bmc.Services.Ticket.TicketManager // Assembly: ticketservice, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null // MVID: 3DFB8186-7053-43AF-8B45-70866071B1F2 // Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00001-msil\Trojan.Win32.Patched.mf-fd200e64412b6be5c177c3cfa7b94e83e807ff04211ce324f12e2ffa5537eb36.exe using Bmc.Broker.Config; using Bmc.RegistryAccess; using Bmc.RegistryAccess.Ticket; using Net.LShift.SPKI; using Net.LShift.Utilities; using System; using System.IO; using System.Net; using System.Text; namespace Bmc.Services.Ticket { public class TicketManager { private SignatureChecker _timeChecker; private WebClient _webClient; private ActivationManager _activationManager; private SecureStateManager _secureStateManager; private static byte[][] key_hashes = new byte[1][] { new byte[20] { (byte) 97, (byte) 170, byte.MaxValue, (byte) 55, (byte) 144, (byte) 148, (byte) 75, (byte) 50, (byte) 153, (byte) 84, (byte) 55, (byte) 229, (byte) 122, (byte) 62, (byte) 108, (byte) 42, (byte) 66, (byte) 9, (byte) 74, (byte) 148 } }; public TicketManager( WebClient webClient, ActivationManager activationManager, SecureStateManager secureStateManager) { this._timeChecker = new SignatureChecker(TicketManager.key_hashes); this._webClient = webClient; this._activationManager = activationManager; this._secureStateManager = secureStateManager; } public bool TicketFetchIncomplete { get { string str = ConfigurationManager.Instance[(FIELD) 10]; return str != null && bool.Parse(str); } set => ConfigurationManager.Instance[(FIELD) 10] = value.ToString(); } private void ConfirmTicket() { byte[] bytes = new ASCIIEncoding().GetBytes("current=" + this._activationManager.TicketId); WebRequest request = this._webClient.GetRequest("machine/confirm-ticket"); request.Method = "POST"; request.ContentType = "application/x-www-form-urlencoded"; request.ContentLength = (long) bytes.Length; Stream requestStream = request.GetRequestStream(); requestStream.Write(bytes, 0, bytes.Length); requestStream.Close(); request.GetResponse(); } public void FetchTime() { DateTime utcNow = DateTime.UtcNow; string id = RandomId.GenerateId("time-nonce", 6); SPKISexp sexp = SPKISexp.ParseSexp(this._webClient.GetStream("machine/time?nonce=" + id)); SPKISexp spkiSexp1 = sexp["current-time"]; this._timeChecker.CheckSequence(sexp, spkiSexp1); bool flag = false; SPKISexp spkiSexp2 = spkiSexp1["nonces"]; for (int index = 1; index < spkiSexp2.Length; ++index) { SPKISexp spkiSexp3 = spkiSexp2[index]; if (id.Equals(spkiSexp3.Name)) flag = true; } if (!flag) throw new SecureStateException(); this._secureStateManager.SetRatchetOffset(spkiSexp1.Get("time").ToDateTime() - utcNow); } public void FetchTicket() { if (this.TicketFetchIncomplete) { try { this.ConfirmTicket(); this.TicketFetchIncomplete = false; } catch (Exception ex) { } } this.FetchTime(); try { string str = this._secureStateManager[(SECURE_FIELD) 3]; WebRequest request = this._webClient.GetRequest("machine/ticket?current=" + str + "&version=" + BuildVersion.Version); request.Headers.Add("If-None-Match", "W/\"" + str + "\""); Stream responseStream = request.GetResponse().GetResponseStream(); this.TicketFetchIncomplete = true; this._activationManager.SetTicket(responseStream); } catch (WebException ex) { if (!(ex.Response is HttpWebResponse response) || response.StatusCode != HttpStatusCode.NotModified) throw ex; this.TicketFetchIncomplete = false; return; } this.ConfirmTicket(); this.TicketFetchIncomplete = false; } } }