ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 09:56:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f2ac1ece55
MalwareSourceCode/MSIL/Virus/Win32/E/Virus.Win32.Expiro.w-69bb73081eac86b8cf86f45e33515d0095855636967076e2b593d7a30cd80a07/Microsoft/InfoCards/RsaKeyGen.cs
vxunderground f2ac1ece55 auto-decompiled msil via petikvx 
add
2022-08-18 06:28:56 -05:00

219 lines
8.6 KiB
C#
Raw Blame History

// Decompiled with JetBrains decompiler
// Type: Microsoft.InfoCards.RsaKeyGen
// Assembly: infocard, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
// MVID: 516D8B44-4448-4D2C-8B8E-FFBB3FFE472B
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare-00000-msil\Virus.Win32.Expiro.w-69bb73081eac86b8cf86f45e33515d0095855636967076e2b593d7a30cd80a07.exe
using Microsoft.InfoCards.Diagnostics;
using System;
using System.IO;
using System.Security.Cryptography;
namespace Microsoft.InfoCards
{
internal sealed class RsaKeyGen
{
private const int Xpq12Length = 14;
private const int XpqLength = 128;
private const int NumberOfSha1Hashes = 16;
private const int InfoCardKeyLength = 2048;
private const int HnLength = 20;
private const int PublicExponentValue = 65537;
private const string Aes128EncryptionKey = "f561e58b-3ebc-4e0c-940d-0a6ddc219dfd";
private const int ByteForHundredthBit = 12;
private static int[] hashesToWriteP = new int[8]
{
2,
12,
11,
10,
0,
6,
5,
4
};
private static int[] numBytesToWriteP = new int[8]
{
4,
20,
20,
20,
4,
20,
20,
20
};
private static int[] srcIndexBytesToWriteP = new int[8]
{
16,
0,
0,
0,
16,
0,
0,
0
};
private static int[] hashesToWriteQ = new int[8]
{
3,
15,
14,
13,
1,
9,
8,
7
};
private static int[] numBytesToWriteQ = RsaKeyGen.numBytesToWriteP;
private static int[] srcIndexBytesToWriteQ = RsaKeyGen.srcIndexBytesToWriteP;
private static RijndaelManaged s_rjAes128 = new RijndaelManaged();
static RsaKeyGen()
{
RsaKeyGen.s_rjAes128.Mode = CipherMode.ECB;
RsaKeyGen.s_rjAes128.Padding = PaddingMode.Zeros;
RsaKeyGen.s_rjAes128.Key = new Guid("f561e58b-3ebc-4e0c-940d-0a6ddc219dfd").ToByteArray();
}
public static byte[] CreateRsaKeyPairX931(byte[] masterKey, byte[] targetId)
{
InfoCardTrace.Assert(true, "Only 2048 bit key sizes supported");
byte[][] hn = RsaKeyGen.CalculateHn(masterKey, targetId);
byte[] rsaKeyPairX931 = (byte[]) null;
byte[] numArray1 = new byte[14];
byte[] numArray2 = new byte[14];
byte[] numArray3 = new byte[14];
byte[] numArray4 = new byte[14];
byte[] numArray5 = new byte[128];
byte[] numArray6 = new byte[128];
Array.Copy((Array) hn[0], 0, (Array) numArray1, 0, numArray1.Length);
Array.Copy((Array) hn[1], 0, (Array) numArray2, 0, numArray2.Length);
Array.Copy((Array) hn[2], 0, (Array) numArray3, 0, numArray3.Length);
Array.Copy((Array) hn[3], 0, (Array) numArray4, 0, numArray4.Length);
RsaKeyGen.WriteToArray(RsaKeyGen.hashesToWriteP, RsaKeyGen.numBytesToWriteP, RsaKeyGen.srcIndexBytesToWriteP, hn, numArray5);
RsaKeyGen.WriteToArray(RsaKeyGen.hashesToWriteQ, RsaKeyGen.numBytesToWriteQ, RsaKeyGen.srcIndexBytesToWriteQ, hn, numArray6);
try
{
KeyGenRestartCodes restartCode = KeyGenRestartCodes.X931RestartNone;
do
{
numArray5[(int) sbyte.MaxValue] |= (byte) 192;
numArray6[(int) sbyte.MaxValue] |= (byte) 192;
numArray1[12] |= (byte) 16;
numArray2[12] |= (byte) 16;
numArray3[12] |= (byte) 16;
numArray4[12] |= (byte) 16;
rsaKeyPairX931 = NativeMcppMethods.X931KeyGenWrapper(numArray1, numArray2, numArray3, numArray4, numArray5, numArray6, 65537, ref restartCode);
switch (restartCode)
{
case KeyGenRestartCodes.X931RestartNone:
InfoCardTrace.Assert(null != rsaKeyPairX931, "Cryptoblob should not be null since API succeeded");
break;
case KeyGenRestartCodes.X931RestartDTooSmall:
InfoCardTrace.Assert(null == rsaKeyPairX931, "Cryptoblob should be null");
InfoCardTrace.Assert(false, "Not expected for d < 2^1024 with e = 65537");
RsaKeyGen.InfoCardRegenerateParam(numArray3);
RsaKeyGen.InfoCardRegenerateParam(numArray4);
RsaKeyGen.InfoCardRegenerateParam(numArray6);
break;
case KeyGenRestartCodes.X931RestartNonTrivialGcd:
InfoCardTrace.Assert(null == rsaKeyPairX931, "Cryptoblob should be null");
RsaKeyGen.InfoCardRegenerateParam(numArray1);
RsaKeyGen.InfoCardRegenerateParam(numArray2);
RsaKeyGen.InfoCardRegenerateParam(numArray3);
RsaKeyGen.InfoCardRegenerateParam(numArray4);
break;
case KeyGenRestartCodes.X931RestartPQOverflow:
InfoCardTrace.Assert(null == rsaKeyPairX931, "Cryptoblob should be null");
RsaKeyGen.InfoCardRegenerateParam(numArray5);
RsaKeyGen.InfoCardRegenerateParam(numArray6);
break;
case KeyGenRestartCodes.X931RestartPQ12OverFlow:
InfoCardTrace.Assert(null == rsaKeyPairX931, "Cryptoblob should be null");
RsaKeyGen.InfoCardRegenerateParam(numArray1);
RsaKeyGen.InfoCardRegenerateParam(numArray2);
RsaKeyGen.InfoCardRegenerateParam(numArray3);
RsaKeyGen.InfoCardRegenerateParam(numArray4);
break;
case KeyGenRestartCodes.X931RestartXpXqClose:
InfoCardTrace.Assert(null == rsaKeyPairX931, "Cryptoblob should be null");
RsaKeyGen.InfoCardRegenerateParam(numArray6);
break;
}
}
while (restartCode != KeyGenRestartCodes.X931RestartNone);
InfoCardTrace.Assert(null != rsaKeyPairX931, "Cryptoblob should NOT be null outside while loop");
}
finally
{
Array.Clear((Array) numArray1, 0, numArray1.Length);
Array.Clear((Array) numArray2, 0, numArray2.Length);
Array.Clear((Array) numArray3, 0, numArray3.Length);
Array.Clear((Array) numArray4, 0, numArray4.Length);
Array.Clear((Array) numArray5, 0, numArray5.Length);
Array.Clear((Array) numArray6, 0, numArray6.Length);
}
return rsaKeyPairX931;
}
private static void WriteToArray(
int[] hashesToWrite,
int[] numBytesToWrite,
int[] srcIndexBytesToWrite,
byte[][] sourceArrayOfHashes,
byte[] destArray)
{
InfoCardTrace.Assert(hashesToWrite.Length == numBytesToWrite.Length, "Size must be equal");
InfoCardTrace.Assert(numBytesToWrite.Length == srcIndexBytesToWrite.Length, "Size must be equal");
int destinationIndex = 0;
for (int index1 = 0; index1 < hashesToWrite.Length; ++index1)
{
int index2 = hashesToWrite[index1];
Array.Copy((Array) sourceArrayOfHashes[index2], srcIndexBytesToWrite[index1], (Array) destArray, destinationIndex, numBytesToWrite[index1]);
destinationIndex += numBytesToWrite[index1];
}
}
private static byte[][] CalculateHn(byte[] masterKey, byte[] subjectEntropy)
{
byte[][] hn = new byte[16][];
byte[] numArray = new byte[masterKey.Length + subjectEntropy.Length + 4];
Array.Copy((Array) masterKey, 0, (Array) numArray, 0, masterKey.Length);
Array.Copy((Array) subjectEntropy, 0, (Array) numArray, masterKey.Length, subjectEntropy.Length);
for (uint index = 0; (long) index < (long) hn.Length; ++index)
{
InfoCardTrace.Assert(index <= (uint) byte.MaxValue, "n must fit in a byte.");
InfoCardTrace.Assert(numArray.Length - 1 == masterKey.Length + subjectEntropy.Length + 3, "Index location of n must be last element of array.");
numArray[numArray.Length - 1] = (byte) index;
hn[(IntPtr) index] = SHA1.Create().ComputeHash(numArray);
Array.Reverse((Array) hn[(IntPtr) index]);
}
Array.Clear((Array) numArray, 0, numArray.Length);
return hn;
}
private static void InfoCardRegenerateParam(byte[] prevBytes)
{
byte[] sourceArray = RsaKeyGen.AESEncryptECB(prevBytes);
Array.Copy((Array) sourceArray, 0, (Array) prevBytes, 0, prevBytes.Length);
Array.Clear((Array) sourceArray, 0, sourceArray.Length);
}
private static byte[] AESEncryptECB(byte[] plaintextbyte)
{
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream((Stream) memoryStream, RsaKeyGen.s_rjAes128.CreateEncryptor(), CryptoStreamMode.Write);
cryptoStream.Write(plaintextbyte, 0, plaintextbyte.Length);
cryptoStream.Close();
byte[] array = memoryStream.ToArray();
memoryStream.Close();
return array;
}
private RsaKeyGen()
{
}
}
}
Reference in New Issue View Git Blame Copy Permalink