diff --git a/BurnOutSharp/ProtectionType/ByteShield.cs b/BurnOutSharp/ProtectionType/ByteShield.cs index 3ef907fc..5f6b138a 100644 --- a/BurnOutSharp/ProtectionType/ByteShield.cs +++ b/BurnOutSharp/ProtectionType/ByteShield.cs @@ -1,7 +1,9 @@ using System.Collections.Concurrent; using System.Collections.Generic; +using System.Linq; using BurnOutSharp.Interfaces; using BurnOutSharp.Matching; +using BurnOutSharp.Wrappers; namespace BurnOutSharp.ProtectionType { @@ -35,15 +37,104 @@ namespace BurnOutSharp.ProtectionType /// https://www.ftc.gov/sites/default/files/documents/public_comments/ftc-town-hall-address-digital-rights-management-technologies-event-takes-place-wednesday-march-25/539814-00707.pdf /// https://www.gamesindustry.biz/byteshield-drm-system-now-protecting-over-200-games /// - public class ByteShield : IPathCheck + public class ByteShield : IPortableExecutableCheck, IPathCheck { + /// + public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug) + { + // Get the sections from the executable, if possible + var sections = pex?.SectionTable; + if (sections == null) + return null; + + // Found in "LineRider2.exe" in Redump entry 6236 + string name = pex.FileDescription; + if (name?.Equals("ByteShield Client") == true) + return $"ByteShield Activation Client {Tools.Utilities.GetInternalVersion(pex)}"; + + // Found in "LineRider2.exe" in Redump entry 6236 + name = pex.InternalName; + if (name?.Equals("ByteShield") == true) + return $"ByteShield Activation Client {Tools.Utilities.GetInternalVersion(pex)}"; + + // Found in "LineRider2.exe" in Redump entry 6236 + name = pex.OriginalFilename; + if (name?.Equals("ByteShield.EXE") == true) + return $"ByteShield Activation Client {Tools.Utilities.GetInternalVersion(pex)}"; + + // Found in "LineRider2.exe" in Redump entry 6236 + name = pex.ProductName; + if (name?.Equals("ByteShield Client") == true) + return $"ByteShield Activation Client {Tools.Utilities.GetInternalVersion(pex)}"; + + // Found in "ByteShield.dll" in Redump entry 6236 + name = pex.ExportTable?.ExportDirectoryTable?.Name; + if (name?.Equals("ByteShield Client") == true) + return "ByteShield Component Module"; + + // Found in "LineRider2.exe" in Redump entry 6236 + var stMatch = pex.FindStringTableByEntry("ByteShield"); + if (stMatch.Any()) + return $"ByteShield Activation Client {Tools.Utilities.GetInternalVersion(pex)}"; + + // Found in "LineRider2.exe" in Redump entry 6236 + var dbMatch = pex.FindDialogByTitle("About ByteShield"); + if (dbMatch.Any()) + return "ByteShield"; + + // TODO: See if the version number is anywhere else + // TODO: Parse the version number out of the dialog box item + // Found in "LineRider2.exe" in Redump entry 6236 + dbMatch = pex.FindDialogBoxByItemTitle("ByteShield Version 1.0"); + if (dbMatch.Any()) + return "ByteShield"; + + // Get strings from .data, if possible + var strings = pex.GetFirstSectionStrings(".data"); + if (strings != null && strings.Any()) + { + // Found in "LineRider2.exe" in Redump entry 6236 + if (strings.Any(s => s?.Contains("ByteShield") == true)) + return "ByteShield"; + } + + // Get strings from .rdata, if possible + strings = pex.GetFirstSectionStrings(".rdata"); + if (strings != null && strings.Any()) + { + // Found in "ByteShield.dll" in Redump entry 6236 + if (strings.Any(s => s?.Contains("Byte|Shield") == true)) + return "ByteShield Component Module"; + + // Found in "ByteShield.dll" in Redump entry 6236 + else if (strings.Any(s => s?.Contains("Byteshield0") == true)) + return "ByteShield Component Module"; + + // Found in "ByteShield.dll" in Redump entry 6236 + else if (strings.Any(s => s?.Contains("ByteShieldLoader") == true)) + return "ByteShield Component Module"; + } + + // Get strings from .ret, if possible + strings = pex.GetFirstSectionStrings(".ret"); + if (strings != null && strings.Any()) + { + // Found in "LineRider2.bbz" in Redump entry 6236 + if (strings.Any(s => s?.Contains("ByteShield") == true)) + return "ByteShield Encrypted Executable"; + } + + return null; + } + /// public ConcurrentQueue CheckDirectoryPath(string path, IEnumerable files) { var matchers = new List { - new PathMatchSet(new PathMatch("Byteshield.dll", useEndsWith: true), "ByteShield (Unconfirmed - Please report to us on Github)"), - new PathMatchSet(new PathMatch(".bbz", useEndsWith: true), "ByteShield (Unconfirmed - Please report to us on Github)"), + new PathMatchSet(new PathMatch("Byteshield.dll", useEndsWith: true), "ByteShield Component Module"), + new PathMatchSet(new PathMatch("Byteshield.ini", useEndsWith: true), "ByteShield"), + new PathMatchSet(new PathMatch(".bbz", useEndsWith: true), "ByteShield Encrypted Executable"), }; return MatchUtil.GetAllMatches(files, matchers, any: true); @@ -54,8 +145,9 @@ namespace BurnOutSharp.ProtectionType { var matchers = new List { - new PathMatchSet(new PathMatch("Byteshield.dll", useEndsWith: true), "ByteShield (Unconfirmed - Please report to us on Github)"), - new PathMatchSet(new PathMatch(".bbz", useEndsWith: true), "ByteShield (Unconfirmed - Please report to us on Github)"), + new PathMatchSet(new PathMatch("Byteshield.dll", useEndsWith: true), "ByteShield Component Module"), + new PathMatchSet(new PathMatch("Byteshield.ini", useEndsWith: true), "ByteShield"), + new PathMatchSet(new PathMatch(".bbz", useEndsWith: true), "ByteShield Encrypted Executable"), }; return MatchUtil.GetFirstMatch(path, matchers, any: true); diff --git a/BurnOutSharp/ProtectionType/SoftLock.cs b/BurnOutSharp/ProtectionType/SoftLock.cs index b10fa6df..d69fb79b 100644 --- a/BurnOutSharp/ProtectionType/SoftLock.cs +++ b/BurnOutSharp/ProtectionType/SoftLock.cs @@ -58,6 +58,7 @@ namespace BurnOutSharp.ProtectionType return "SoftLock"; // TODO: See if the version number is anywhere else + // TODO: Parse the version number out of the dialog box item // Found in "IALib.DLL" in IA item "TAFSEERVER4SETUP" dbMatch = pex.FindDialogBoxByItemTitle("Softlock Protected Application Version 1.0"); if (dbMatch.Any()) @@ -73,7 +74,7 @@ namespace BurnOutSharp.ProtectionType // Found in "TafseerVer4.exe" in IA item "TAFSEERVER4SETUP" if (strings.Any(s => s?.Contains("SOFTLOCKPROTECTION") == true)) return "SoftLock"; - }; + } // Investigate if the ".section" section is an indicator of SoftLock diff --git a/README.md b/README.md index d2a3e866..371c3b4d 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ Below is a list of protections detected by BurnOutSharp. The two columns explain | Alpha-ROM | True | False | | | BD+ | False | True | | | Bitpool | False | True | | -| ByteShield | False | True | Unconfirmed¹ | +| ByteShield | True | True | | | C-Dilla License Management Solution / CD-Secure / CD-Compress | True | True | | | Cactus Data Shield | True | True | | | CD-Cops / DVD-Cops | True | True | Partially unconfirmed² |