From 921292e07770eb8864cf7fbaa6b8b33dde15468f Mon Sep 17 00:00:00 2001 From: Matt Nadareski Date: Tue, 23 Mar 2021 09:52:09 -0700 Subject: [PATCH] Static list of content matchers This also includes some more path matcher conversions that I couldn't reasonably split out --- BurnOutSharp/IContentCheck.cs | 2 +- BurnOutSharp/IPathCheck.cs | 2 +- BurnOutSharp/IScannable.cs | 2 +- BurnOutSharp/PackerType/AdvancedInstaller.cs | 31 +-- BurnOutSharp/PackerType/Armadillo.cs | 23 ++- BurnOutSharp/PackerType/CExe.cs | 35 ++-- BurnOutSharp/PackerType/EXEStealth.cs | 31 +-- BurnOutSharp/PackerType/InnoSetup.cs | 23 ++- BurnOutSharp/PackerType/NSIS.cs | 41 ++-- BurnOutSharp/PackerType/SetupFactory.cs | 69 ++++--- BurnOutSharp/PackerType/UPX.cs | 71 ++++--- BurnOutSharp/PackerType/WinRARSFX.cs | 27 +-- BurnOutSharp/PackerType/dotFuscator.cs | 27 +-- BurnOutSharp/ProtectionType/ActiveMARK.cs | 33 +-- BurnOutSharp/ProtectionType/AlphaROM.cs | 17 +- BurnOutSharp/ProtectionType/CDCheck.cs | 31 +-- BurnOutSharp/ProtectionType/CDCops.cs | 31 +-- BurnOutSharp/ProtectionType/CDLock.cs | 29 +-- BurnOutSharp/ProtectionType/CDSHiELDSE.cs | 17 +- .../ProtectionType/CactusDataShield.cs | 29 +-- .../ProtectionType/CengaProtectDVD.cs | 17 +- BurnOutSharp/ProtectionType/CodeLock.cs | 39 ++-- BurnOutSharp/ProtectionType/CopyKiller.cs | 25 ++- BurnOutSharp/ProtectionType/DVDCops.cs | 25 ++- BurnOutSharp/ProtectionType/ElectronicArts.cs | 193 +++++++++--------- BurnOutSharp/ProtectionType/ImpulseReactor.cs | 61 +++--- BurnOutSharp/ProtectionType/Intenium.cs | 17 +- BurnOutSharp/ProtectionType/JoWooDXProt.cs | 53 ++--- BurnOutSharp/ProtectionType/KeyLock.cs | 25 ++- BurnOutSharp/ProtectionType/LaserLock.cs | 117 +++++------ BurnOutSharp/ProtectionType/MediaCloQ.cs | 25 ++- BurnOutSharp/ProtectionType/MediaMaxCD3.cs | 55 ++--- .../ProtectionType/OnlineRegistration.cs | 31 +-- BurnOutSharp/ProtectionType/Origin.cs | 39 ++-- BurnOutSharp/ProtectionType/PSXAntiModchip.cs | 69 ++++--- BurnOutSharp/ProtectionType/ProtectDisc.cs | 23 ++- BurnOutSharp/ProtectionType/RingPROTECH.cs | 27 +-- BurnOutSharp/ProtectionType/SVKProtector.cs | 17 +- BurnOutSharp/ProtectionType/SafeDisc.cs | 69 ++++--- BurnOutSharp/ProtectionType/SafeLock.cs | 17 +- BurnOutSharp/ProtectionType/SecuROM.cs | 73 +++---- BurnOutSharp/ProtectionType/SmartE.cs | 17 +- BurnOutSharp/ProtectionType/SolidShield.cs | 141 ++++++------- BurnOutSharp/ProtectionType/StarForce.cs | 167 +++++++-------- BurnOutSharp/ProtectionType/Sysiphus.cs | 39 ++-- BurnOutSharp/ProtectionType/Tages.cs | 51 ++--- BurnOutSharp/ProtectionType/ThreePLock.cs | 45 ++-- .../ProtectionType/ThreeTwoOneStudios.cs | 33 +-- .../ProtectionType/VOBProtectCDDVD.cs | 37 ++-- BurnOutSharp/ProtectionType/WTMCDProtect.cs | 17 +- BurnOutSharp/ProtectionType/XCP.cs | 45 ++-- .../ProtectionType/XtremeProtector.cs | 17 +- BurnOutSharp/Scanner.cs | 2 +- 53 files changed, 1174 insertions(+), 1025 deletions(-) diff --git a/BurnOutSharp/IContentCheck.cs b/BurnOutSharp/IContentCheck.cs index 950574ca..665a8a90 100644 --- a/BurnOutSharp/IContentCheck.cs +++ b/BurnOutSharp/IContentCheck.cs @@ -1,6 +1,6 @@ namespace BurnOutSharp { - public interface IContentCheck + internal interface IContentCheck { /// /// Check a path for protections based on file contents diff --git a/BurnOutSharp/IPathCheck.cs b/BurnOutSharp/IPathCheck.cs index 7558944f..ebaf6ef3 100644 --- a/BurnOutSharp/IPathCheck.cs +++ b/BurnOutSharp/IPathCheck.cs @@ -2,7 +2,7 @@ namespace BurnOutSharp { - public interface IPathCheck + internal interface IPathCheck { /// /// Check a file path for protections based on path name diff --git a/BurnOutSharp/IScannable.cs b/BurnOutSharp/IScannable.cs index 28359066..f30d9fa0 100644 --- a/BurnOutSharp/IScannable.cs +++ b/BurnOutSharp/IScannable.cs @@ -3,7 +3,7 @@ using System.IO; namespace BurnOutSharp { - public interface IScannable + internal interface IScannable { /// /// Determine if a file signature matches one of the expected values diff --git a/BurnOutSharp/PackerType/AdvancedInstaller.cs b/BurnOutSharp/PackerType/AdvancedInstaller.cs index f3491d5e..62de0ad0 100644 --- a/BurnOutSharp/PackerType/AdvancedInstaller.cs +++ b/BurnOutSharp/PackerType/AdvancedInstaller.cs @@ -6,23 +6,26 @@ namespace BurnOutSharp.PackerType // TODO: Add extraction and verify that all versions are detected public class AdvancedInstaller : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // Software\Caphyon\Advanced Installer + new ContentMatchSet(new byte?[] + { + 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, + 0x5C, 0x43, 0x61, 0x70, 0x68, 0x79, 0x6F, 0x6E, + 0x5C, 0x41, 0x64, 0x76, 0x61, 0x6E, 0x63, 0x65, + 0x64, 0x20, 0x49, 0x6E, 0x73, 0x74, 0x61, 0x6C, + 0x6C, 0x65, 0x72 + }, "Caphyon Advanced Installer"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // Software\Caphyon\Advanced Installer - new ContentMatchSet(new byte?[] - { - 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, - 0x5C, 0x43, 0x61, 0x70, 0x68, 0x79, 0x6F, 0x6E, - 0x5C, 0x41, 0x64, 0x76, 0x61, 0x6E, 0x63, 0x65, - 0x64, 0x20, 0x49, 0x6E, 0x73, 0x74, 0x61, 0x6C, - 0x6C, 0x65, 0x72 - }, "Caphyon Advanced Installer"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/PackerType/Armadillo.cs b/BurnOutSharp/PackerType/Armadillo.cs index 072aa6ae..dd9f69b9 100644 --- a/BurnOutSharp/PackerType/Armadillo.cs +++ b/BurnOutSharp/PackerType/Armadillo.cs @@ -5,19 +5,22 @@ namespace BurnOutSharp.PackerType { public class Armadillo : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // .nicode + (char)0x00 + new ContentMatchSet(new byte?[] { 0x2E, 0x6E, 0x69, 0x63, 0x6F, 0x64, 0x65, 0x00 }, "Armadillo"), + + // ARMDEBUG + new ContentMatchSet(new byte?[] { 0x41, 0x52, 0x4D, 0x44, 0x45, 0x42, 0x55, 0x47 }, "Armadillo"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // .nicode + (char)0x00 - new ContentMatchSet(new byte?[] { 0x2E, 0x6E, 0x69, 0x63, 0x6F, 0x64, 0x65, 0x00 }, "Armadillo"), - - // ARMDEBUG - new ContentMatchSet(new byte?[] { 0x41, 0x52, 0x4D, 0x44, 0x45, 0x42, 0x55, 0x47 }, "Armadillo"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/PackerType/CExe.cs b/BurnOutSharp/PackerType/CExe.cs index b81fee90..f64c1473 100644 --- a/BurnOutSharp/PackerType/CExe.cs +++ b/BurnOutSharp/PackerType/CExe.cs @@ -8,28 +8,31 @@ namespace BurnOutSharp.PackerType // http://www.scottlu.com/Content/CExe.html public class CExe : IContentCheck, IScannable { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // %Wo�a6.�a6.�a6.�a6.�{6.�.).�f6.��).�`6.��0.�`6.� + new ContentMatchSet( + new ContentMatch(new byte?[] + { + 0x25, 0x57, 0x6F, 0xC1, 0x61, 0x36, 0x01, 0x92, + 0x61, 0x36, 0x01, 0x92, 0x61, 0x36, 0x01, 0x92, + 0x61, 0x36, 0x00, 0x92, 0x7B, 0x36, 0x01, 0x92, + 0x03, 0x29, 0x12, 0x92, 0x66, 0x36, 0x01, 0x92, + 0x89, 0x29, 0x0A, 0x92, 0x60, 0x36, 0x01, 0x92, + 0xD9, 0x30, 0x07, 0x92, 0x60, 0x36, 0x01, 0x92 + }, end: 200), "CExe"), + }; + /// public bool ShouldScan(byte[] magic) => true; /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // %Wo�a6.�a6.�a6.�a6.�{6.�.).�f6.��).�`6.��0.�`6.� - new ContentMatchSet( - new ContentMatch(new byte?[] - { - 0x25, 0x57, 0x6F, 0xC1, 0x61, 0x36, 0x01, 0x92, - 0x61, 0x36, 0x01, 0x92, 0x61, 0x36, 0x01, 0x92, - 0x61, 0x36, 0x00, 0x92, 0x7B, 0x36, 0x01, 0x92, - 0x03, 0x29, 0x12, 0x92, 0x66, 0x36, 0x01, 0x92, - 0x89, 0x29, 0x0A, 0x92, 0x60, 0x36, 0x01, 0x92, - 0xD9, 0x30, 0x07, 0x92, 0x60, 0x36, 0x01, 0x92 - }, end: 200), "CExe"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/PackerType/EXEStealth.cs b/BurnOutSharp/PackerType/EXEStealth.cs index 31d1f464..36294e6d 100644 --- a/BurnOutSharp/PackerType/EXEStealth.cs +++ b/BurnOutSharp/PackerType/EXEStealth.cs @@ -5,23 +5,26 @@ namespace BurnOutSharp.PackerType { public class EXEStealth : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // ??[[__[[_ + (char)0x00 + {{ + (char)0x0 + (char)0x00 + {{ + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x0 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + ?;??;?? + new ContentMatchSet(new byte?[] + { + 0x3F, 0x3F, 0x5B, 0x5B, 0x5F, 0x5F, 0x5B, 0x5B, + 0x5F, 0x00, 0x7B, 0x7B, 0x00, 0x00, 0x7B, 0x7B, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x20, 0x3F, 0x3B, 0x3F, 0x3F, 0x3B, 0x3F, + 0x3F + }, "EXE Stealth"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // ??[[__[[_ + (char)0x00 + {{ + (char)0x0 + (char)0x00 + {{ + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x0 + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + ?;??;?? - new ContentMatchSet(new byte?[] - { - 0x3F, 0x3F, 0x5B, 0x5B, 0x5F, 0x5F, 0x5B, 0x5B, - 0x5F, 0x00, 0x7B, 0x7B, 0x00, 0x00, 0x7B, 0x7B, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x20, 0x3F, 0x3B, 0x3F, 0x3F, 0x3B, 0x3F, - 0x3F - }, "EXE Stealth"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/PackerType/InnoSetup.cs b/BurnOutSharp/PackerType/InnoSetup.cs index 0dc4a44d..03a82206 100644 --- a/BurnOutSharp/PackerType/InnoSetup.cs +++ b/BurnOutSharp/PackerType/InnoSetup.cs @@ -8,22 +8,25 @@ namespace BurnOutSharp.PackerType { public class InnoSetup : IContentCheck, IScannable { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // Inno + new ContentMatchSet( + new ContentMatch(new byte?[] { 0x49, 0x6E, 0x6E, 0x6F }, start: 0x30, end: 0x31), + GetVersion, + "Inno Setup"), + }; + /// public bool ShouldScan(byte[] magic) => true; /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // Inno - new ContentMatchSet( - new ContentMatch(new byte?[] { 0x49, 0x6E, 0x6E, 0x6F }, start: 0x30, end: 0x31), - GetVersion, - "Inno Setup"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/PackerType/NSIS.cs b/BurnOutSharp/PackerType/NSIS.cs index d0607c13..475f67aa 100644 --- a/BurnOutSharp/PackerType/NSIS.cs +++ b/BurnOutSharp/PackerType/NSIS.cs @@ -8,28 +8,31 @@ namespace BurnOutSharp.PackerType { public class NSIS : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // Nullsoft Install System + new ContentMatchSet(new byte?[] + { + 0x4e, 0x75, 0x6c, 0x6c, 0x73, 0x6f, 0x66, 0x74, + 0x20, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, + 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d + }, GetVersion, "NSIS"), + + // NullsoftInst + new ContentMatchSet(new byte?[] + { + 0x4e, 0x75, 0x6c, 0x6c, 0x73, 0x6f, 0x66, 0x74, + 0x49, 0x6e, 0x73, 0x74 + }, "NSIS"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // Nullsoft Install System - new ContentMatchSet(new byte?[] - { - 0x4e, 0x75, 0x6c, 0x6c, 0x73, 0x6f, 0x66, 0x74, - 0x20, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6c, 0x6c, - 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d - }, GetVersion, "NSIS"), - - // NullsoftInst - new ContentMatchSet(new byte?[] - { - 0x4e, 0x75, 0x6c, 0x6c, 0x73, 0x6f, 0x66, 0x74, - 0x49, 0x6e, 0x73, 0x74 - }, "NSIS"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } public static string GetVersion(string file, byte[] fileContent, List positions) diff --git a/BurnOutSharp/PackerType/SetupFactory.cs b/BurnOutSharp/PackerType/SetupFactory.cs index 9331bb34..ffbf6172 100644 --- a/BurnOutSharp/PackerType/SetupFactory.cs +++ b/BurnOutSharp/PackerType/SetupFactory.cs @@ -6,45 +6,48 @@ namespace BurnOutSharp.PackerType { public class SetupFactory : IContentCheck, IScannable { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // S.e.t.u.p. .F.a.c.t.o.r.y. + new ContentMatchSet(new byte?[] + { + 0x53, 0x00, 0x65, 0x00, 0x74, 0x00, 0x75, 0x00, + 0x70, 0x00, 0x20, 0x00, 0x46, 0x00, 0x61, 0x00, + 0x63, 0x00, 0x74, 0x00, 0x6F, 0x00, 0x72, 0x00, + 0x79, 0x00 + }, GetVersion, "Setup Factory"), + + // Longer version of the check that can be used if false positves become an issue: + // S.e.t.u.p. .F.a.c.t.o.r.y. .i.s. .a. .t.r.a.d.e.m.a.r.k. .o.f. .I.n.d.i.g.o. .R.o.s.e. .C.o.r.p.o.r.a.t.i.o.n. + // new ContentMatchSet(new byte?[] + // { + // 0x53, 0x00, 0x65, 0x00, 0x74, 0x00, 0x75, 0x00, + // 0x70, 0x00, 0x20, 0x00, 0x46, 0x00, 0x61, 0x00, + // 0x63, 0x00, 0x74, 0x00, 0x6F, 0x00, 0x72, 0x00, + // 0x79, 0x00, 0x20, 0x00, 0x69, 0x00, 0x73, 0x00, + // 0x20, 0x00, 0x61, 0x00, 0x20, 0x00, 0x74, 0x00, + // 0x72, 0x00, 0x61, 0x00, 0x64, 0x00, 0x65, 0x00, + // 0x6D, 0x00, 0x61, 0x00, 0x72, 0x00, 0x6B, 0x00, + // 0x20, 0x00, 0x6F, 0x00, 0x66, 0x00, 0x20, 0x00, + // 0x49, 0x00, 0x6E, 0x00, 0x64, 0x00, 0x69, 0x00, + // 0x67, 0x00, 0x6F, 0x00, 0x20, 0x00, 0x52, 0x00, + // 0x6F, 0x00, 0x73, 0x00, 0x65, 0x00, 0x20, 0x00, + // 0x43, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x70, 0x00, + // 0x6F, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, + // 0x69, 0x00, 0x6F, 0x00, 0x6E, 0x00 + // }, GetVersion, "Setup Factory"), + }; + /// public bool ShouldScan(byte[] magic) => true; /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // S.e.t.u.p. .F.a.c.t.o.r.y. - new ContentMatchSet(new byte?[] - { - 0x53, 0x00, 0x65, 0x00, 0x74, 0x00, 0x75, 0x00, - 0x70, 0x00, 0x20, 0x00, 0x46, 0x00, 0x61, 0x00, - 0x63, 0x00, 0x74, 0x00, 0x6F, 0x00, 0x72, 0x00, - 0x79, 0x00 - }, GetVersion, "Setup Factory"), - - // Longer version of the check that can be used if false positves become an issue: - // S.e.t.u.p. .F.a.c.t.o.r.y. .i.s. .a. .t.r.a.d.e.m.a.r.k. .o.f. .I.n.d.i.g.o. .R.o.s.e. .C.o.r.p.o.r.a.t.i.o.n. - // new ContentMatchSet(new byte?[] - // { - // 0x53, 0x00, 0x65, 0x00, 0x74, 0x00, 0x75, 0x00, - // 0x70, 0x00, 0x20, 0x00, 0x46, 0x00, 0x61, 0x00, - // 0x63, 0x00, 0x74, 0x00, 0x6F, 0x00, 0x72, 0x00, - // 0x79, 0x00, 0x20, 0x00, 0x69, 0x00, 0x73, 0x00, - // 0x20, 0x00, 0x61, 0x00, 0x20, 0x00, 0x74, 0x00, - // 0x72, 0x00, 0x61, 0x00, 0x64, 0x00, 0x65, 0x00, - // 0x6D, 0x00, 0x61, 0x00, 0x72, 0x00, 0x6B, 0x00, - // 0x20, 0x00, 0x6F, 0x00, 0x66, 0x00, 0x20, 0x00, - // 0x49, 0x00, 0x6E, 0x00, 0x64, 0x00, 0x69, 0x00, - // 0x67, 0x00, 0x6F, 0x00, 0x20, 0x00, 0x52, 0x00, - // 0x6F, 0x00, 0x73, 0x00, 0x65, 0x00, 0x20, 0x00, - // 0x43, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x70, 0x00, - // 0x6F, 0x00, 0x72, 0x00, 0x61, 0x00, 0x74, 0x00, - // 0x69, 0x00, 0x6F, 0x00, 0x6E, 0x00 - // }, GetVersion, "Setup Factory"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/PackerType/UPX.cs b/BurnOutSharp/PackerType/UPX.cs index 22ec30e1..31c4db92 100644 --- a/BurnOutSharp/PackerType/UPX.cs +++ b/BurnOutSharp/PackerType/UPX.cs @@ -6,43 +6,46 @@ namespace BurnOutSharp.PackerType { public class UPX : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // UPX! + new ContentMatchSet(new byte?[] { 0x55, 0x50, 0x58, 0x21 }, GetVersion, "UPX"), + + // NOS + new ContentMatchSet(new byte?[] { 0x4E, 0x4F, 0x53, 0x20 }, GetVersion, "UPX (NOS Variant)"), + + new ContentMatchSet( + new List + { + // UPX0 + new byte?[] { 0x55, 0x50, 0x58, 0x30 }, + + // UPX1 + new byte?[] { 0x55, 0x50, 0x58, 0x31 }, + }, + "UPX (Unknown Version)" + ), + + new ContentMatchSet( + new List + { + // NOS0 + new byte?[] { 0x4E, 0x4F, 0x53, 0x30 }, + + // NOS1 + new byte?[] { 0x4E, 0x4F, 0x53, 0x31 }, + }, + "UPX (NOS Variant) (Unknown Version)" + ), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // UPX! - new ContentMatchSet(new byte?[] { 0x55, 0x50, 0x58, 0x21 }, GetVersion, "UPX"), - - // NOS - new ContentMatchSet(new byte?[] { 0x4E, 0x4F, 0x53, 0x20 }, GetVersion, "UPX (NOS Variant)"), - - new ContentMatchSet( - new List - { - // UPX0 - new byte?[] { 0x55, 0x50, 0x58, 0x30 }, - - // UPX1 - new byte?[] { 0x55, 0x50, 0x58, 0x31 }, - }, - "UPX (Unknown Version)" - ), - - new ContentMatchSet( - new List - { - // NOS0 - new byte?[] { 0x4E, 0x4F, 0x53, 0x30 }, - - // NOS1 - new byte?[] { 0x4E, 0x4F, 0x53, 0x31 }, - }, - "UPX (NOS Variant) (Unknown Version)" - ), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } public static string GetVersion(string file, byte[] fileContent, List positions) diff --git a/BurnOutSharp/PackerType/WinRARSFX.cs b/BurnOutSharp/PackerType/WinRARSFX.cs index 3c3db7dc..0cba62df 100644 --- a/BurnOutSharp/PackerType/WinRARSFX.cs +++ b/BurnOutSharp/PackerType/WinRARSFX.cs @@ -9,24 +9,27 @@ namespace BurnOutSharp.PackerType { public class WinRARSFX : IContentCheck, IScannable { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // Software\WinRAR SFX + new ContentMatchSet(new byte?[] + { + 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, + 0x5C, 0x57, 0x69, 0x6E, 0x52, 0x41, 0x52, 0x20, + 0x53, 0x46, 0x58 + }, "WinRAR SFX"), + }; + /// public bool ShouldScan(byte[] magic) => true; /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // Software\WinRAR SFX - new ContentMatchSet(new byte?[] - { - 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, - 0x5C, 0x57, 0x69, 0x6E, 0x52, 0x41, 0x52, 0x20, - 0x53, 0x46, 0x58 - }, "WinRAR SFX"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } public Dictionary> Scan(Scanner scanner, string file) diff --git a/BurnOutSharp/PackerType/dotFuscator.cs b/BurnOutSharp/PackerType/dotFuscator.cs index e68f6d03..e430bec7 100644 --- a/BurnOutSharp/PackerType/dotFuscator.cs +++ b/BurnOutSharp/PackerType/dotFuscator.cs @@ -5,21 +5,24 @@ namespace BurnOutSharp.PackerType { public class dotFuscator : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // DotfuscatorAttribute + new ContentMatchSet(new byte?[] + { + 0x44, 0x6F, 0x74, 0x66, 0x75, 0x73, 0x63, 0x61, + 0x74, 0x6F, 0x72, 0x41, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65 + }, "dotFuscator"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // DotfuscatorAttribute - new ContentMatchSet(new byte?[] - { - 0x44, 0x6F, 0x74, 0x66, 0x75, 0x73, 0x63, 0x61, - 0x74, 0x6F, 0x72, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65 - }, "dotFuscator"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/ActiveMARK.cs b/BurnOutSharp/ProtectionType/ActiveMARK.cs index db94da3c..0274ac62 100644 --- a/BurnOutSharp/ProtectionType/ActiveMARK.cs +++ b/BurnOutSharp/ProtectionType/ActiveMARK.cs @@ -5,24 +5,27 @@ namespace BurnOutSharp.ProtectionType { public class ActiveMARK : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // TMSAMVOF + new ContentMatchSet(new byte?[] { 0x54, 0x4D, 0x53, 0x41, 0x4D, 0x56, 0x4F, 0x46 }, "ActiveMARK"), + + // " " + (char)0xC2 + (char)0x16 + (char)0x00 + (char)0xA8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0xB8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x86 + (char)0xC8 + (char)0x16 + (char)0x00 + (char)0x9A + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x10 + (char)0xC2 + (char)0x16 + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x20, 0xC2, 0x16, 0x00, 0xA8, 0xC1, 0x16, 0x00, + 0xB8, 0xC1, 0x16, 0x00, 0x86, 0xC8, 0x16, 0x00, + 0x9A, 0xC1, 0x16, 0x00, 0x10, 0xC2, 0x16, 0x00 + }, "ActiveMARK 5"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // TMSAMVOF - new ContentMatchSet(new byte?[] { 0x54, 0x4D, 0x53, 0x41, 0x4D, 0x56, 0x4F, 0x46 }, "ActiveMARK"), - - // " " + (char)0xC2 + (char)0x16 + (char)0x00 + (char)0xA8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0xB8 + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x86 + (char)0xC8 + (char)0x16 + (char)0x00 + (char)0x9A + (char)0xC1 + (char)0x16 + (char)0x00 + (char)0x10 + (char)0xC2 + (char)0x16 + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x20, 0xC2, 0x16, 0x00, 0xA8, 0xC1, 0x16, 0x00, - 0xB8, 0xC1, 0x16, 0x00, 0x86, 0xC8, 0x16, 0x00, - 0x9A, 0xC1, 0x16, 0x00, 0x10, 0xC2, 0x16, 0x00 - }, "ActiveMARK 5"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/AlphaROM.cs b/BurnOutSharp/ProtectionType/AlphaROM.cs index 80ff9e17..319fd4db 100644 --- a/BurnOutSharp/ProtectionType/AlphaROM.cs +++ b/BurnOutSharp/ProtectionType/AlphaROM.cs @@ -5,16 +5,19 @@ namespace BurnOutSharp.ProtectionType { public class AlphaROM : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // SETTEC + new ContentMatchSet(new byte?[] { 0x53, 0x45, 0x54, 0x54, 0x45, 0x43 }, "Alpha-ROM"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // SETTEC - new ContentMatchSet(new byte?[] { 0x53, 0x45, 0x54, 0x54, 0x45, 0x43 }, "Alpha-ROM"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/CDCheck.cs b/BurnOutSharp/ProtectionType/CDCheck.cs index c1e269a1..123b22de 100644 --- a/BurnOutSharp/ProtectionType/CDCheck.cs +++ b/BurnOutSharp/ProtectionType/CDCheck.cs @@ -5,23 +5,26 @@ namespace BurnOutSharp.ProtectionType { public class CDCheck : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // MGS CDCheck + new ContentMatchSet(new byte?[] + { + 0x4D, 0x47, 0x53, 0x20, 0x43, 0x44, 0x43, 0x68, + 0x65, 0x63, 0x6B + }, "Microsoft Game Studios CD Check"), + + // CDCheck + new ContentMatchSet(new byte?[] { 0x43, 0x44, 0x43, 0x68, 0x65, 0x63, 0x6B }, "Executable-Based CD Check"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // MGS CDCheck - new ContentMatchSet(new byte?[] - { - 0x4D, 0x47, 0x53, 0x20, 0x43, 0x44, 0x43, 0x68, - 0x65, 0x63, 0x6B - }, "Microsoft Game Studios CD Check"), - - // CDCheck - new ContentMatchSet(new byte?[] { 0x43, 0x44, 0x43, 0x68, 0x65, 0x63, 0x6B }, "Executable-Based CD Check"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } // These content checks are too broad to be useful diff --git a/BurnOutSharp/ProtectionType/CDCops.cs b/BurnOutSharp/ProtectionType/CDCops.cs index 2b7cb9cb..dde22b00 100644 --- a/BurnOutSharp/ProtectionType/CDCops.cs +++ b/BurnOutSharp/ProtectionType/CDCops.cs @@ -7,23 +7,26 @@ namespace BurnOutSharp.ProtectionType { public class CDCops : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // CD-Cops, ver. + new ContentMatchSet(new byte?[] + { + 0x43, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, 0x2C, + 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20 + }, GetVersion, "CD-Cops"), + + // .grand + (char)0x00 + new ContentMatchSet(new byte?[] { 0x2E, 0x67, 0x72, 0x61, 0x6E, 0x64, 0x00 }, "CD-Cops"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // CD-Cops, ver. - new ContentMatchSet(new byte?[] - { - 0x43, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, 0x2C, - 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20 - }, GetVersion, "CD-Cops"), - - // .grand + (char)0x00 - new ContentMatchSet(new byte?[] { 0x2E, 0x67, 0x72, 0x61, 0x6E, 0x64, 0x00 }, "CD-Cops"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/CDLock.cs b/BurnOutSharp/ProtectionType/CDLock.cs index 188edb60..b5216798 100644 --- a/BurnOutSharp/ProtectionType/CDLock.cs +++ b/BurnOutSharp/ProtectionType/CDLock.cs @@ -5,22 +5,25 @@ namespace BurnOutSharp.ProtectionType { public class CDLock : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // 2 + (char)0xF2 + (char)0x02 + (char)0x82 + (char)0xC3 + (char)0xBC + (char)0x0B + $ + (char)0x99 + (char)0xAD + 'C + (char)0xE4 + (char)0x9D + st + (char)0x99 + (char)0xFA + 2$ + (char)0x9D + )4 + (char)0xFF + t + new ContentMatchSet(new byte?[] + { + 0x32, 0xF2, 0x02, 0x82, 0xC3, 0xBC, 0x0B, 0x24, + 0x99, 0xAD, 0x27, 0x43, 0xE4, 0x9D, 0x73, 0x74, + 0x99, 0xFA, 0x32, 0x24, 0x9D, 0x29, 0x34, 0xFF, + 0x74 + }, "CD-Lock"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // 2 + (char)0xF2 + (char)0x02 + (char)0x82 + (char)0xC3 + (char)0xBC + (char)0x0B + $ + (char)0x99 + (char)0xAD + 'C + (char)0xE4 + (char)0x9D + st + (char)0x99 + (char)0xFA + 2$ + (char)0x9D + )4 + (char)0xFF + t - new ContentMatchSet(new byte?[] - { - 0x32, 0xF2, 0x02, 0x82, 0xC3, 0xBC, 0x0B, 0x24, - 0x99, 0xAD, 0x27, 0x43, 0xE4, 0x9D, 0x73, 0x74, - 0x99, 0xFA, 0x32, 0x24, 0x9D, 0x29, 0x34, 0xFF, - 0x74 - }, "CD-Lock"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/CDSHiELDSE.cs b/BurnOutSharp/ProtectionType/CDSHiELDSE.cs index 4fa47284..a09d406d 100644 --- a/BurnOutSharp/ProtectionType/CDSHiELDSE.cs +++ b/BurnOutSharp/ProtectionType/CDSHiELDSE.cs @@ -5,16 +5,19 @@ namespace BurnOutSharp.ProtectionType { public class CDSHiELDSE : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // ~0017.tmp + new ContentMatchSet(new byte?[] { 0x7E, 0x30, 0x30, 0x31, 0x37, 0x2E, 0x74, 0x6D, 0x70 }, "CDSHiELD SE"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // ~0017.tmp - new ContentMatchSet(new byte?[] { 0x7E, 0x30, 0x30, 0x31, 0x37, 0x2E, 0x74, 0x6D, 0x70 }, "CDSHiELD SE"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/CactusDataShield.cs b/BurnOutSharp/ProtectionType/CactusDataShield.cs index fe67715c..8920d887 100644 --- a/BurnOutSharp/ProtectionType/CactusDataShield.cs +++ b/BurnOutSharp/ProtectionType/CactusDataShield.cs @@ -9,22 +9,25 @@ namespace BurnOutSharp.ProtectionType { public class CactusDataShield : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // DATA.CDS + new ContentMatchSet(new byte?[] { 0x44, 0x41, 0x54, 0x41, 0x2E, 0x43, 0x44, 0x53 }, "Cactus Data Shield 200"), + + // \*.CDS + new ContentMatchSet(new byte?[] { 0x5C, 0x2A, 0x2E, 0x43, 0x44, 0x53 }, "Cactus Data Shield 200"), + + // CDSPlayer + new ContentMatchSet(new byte?[] { 0x43, 0x44, 0x53, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72 }, "Cactus Data Shield 200"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // DATA.CDS - new ContentMatchSet(new byte?[] { 0x44, 0x41, 0x54, 0x41, 0x2E, 0x43, 0x44, 0x53 }, "Cactus Data Shield 200"), - - // \*.CDS - new ContentMatchSet(new byte?[] { 0x5C, 0x2A, 0x2E, 0x43, 0x44, 0x53 }, "Cactus Data Shield 200"), - - // CDSPlayer - new ContentMatchSet(new byte?[] { 0x43, 0x44, 0x53, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72 }, "Cactus Data Shield 200"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/CengaProtectDVD.cs b/BurnOutSharp/ProtectionType/CengaProtectDVD.cs index 13c8c35d..ec5dd5f5 100644 --- a/BurnOutSharp/ProtectionType/CengaProtectDVD.cs +++ b/BurnOutSharp/ProtectionType/CengaProtectDVD.cs @@ -5,16 +5,19 @@ namespace BurnOutSharp.ProtectionType { public class CengaProtectDVD : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // .cenega + new ContentMatchSet(new byte?[] { 0x2E, 0x63, 0x65, 0x6E, 0x65, 0x67, 0x61 }, "Cenega ProtectDVD"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // .cenega - new ContentMatchSet(new byte?[] { 0x2E, 0x63, 0x65, 0x6E, 0x65, 0x67, 0x61 }, "Cenega ProtectDVD"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/CodeLock.cs b/BurnOutSharp/ProtectionType/CodeLock.cs index 7937f686..2b750b28 100644 --- a/BurnOutSharp/ProtectionType/CodeLock.cs +++ b/BurnOutSharp/ProtectionType/CodeLock.cs @@ -5,27 +5,30 @@ namespace BurnOutSharp.ProtectionType { public class CodeLock : IContentCheck { - // TODO: Verify if these are OR or AND + /// + /// Set of all ContentMatchSets for this protection + /// + /// TODO: Verify if these are OR or AND + private static List contentMatchers = new List + { + // icd1 + (char)0x00 + new ContentMatchSet(new byte?[] { 0x69, 0x63, 0x64, 0x31, 0x00 }, "Code Lock"), + + // icd2 + (char)0x00 + new ContentMatchSet(new byte?[] { 0x69, 0x63, 0x64, 0x32, 0x00 }, "Code Lock"), + + // CODE-LOCK.OCX + new ContentMatchSet(new byte?[] + { + 0x43, 0x4F, 0x44, 0x45, 0x2D, 0x4C, 0x4F, 0x43, + 0x4B, 0x2E, 0x4F, 0x43, 0x58 + }, "Code Lock"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // icd1 + (char)0x00 - new ContentMatchSet(new byte?[] { 0x69, 0x63, 0x64, 0x31, 0x00 }, "Code Lock"), - - // icd2 + (char)0x00 - new ContentMatchSet(new byte?[] { 0x69, 0x63, 0x64, 0x32, 0x00 }, "Code Lock"), - - // CODE-LOCK.OCX - new ContentMatchSet(new byte?[] - { - 0x43, 0x4F, 0x44, 0x45, 0x2D, 0x4C, 0x4F, 0x43, - 0x4B, 0x2E, 0x4F, 0x43, 0x58 - }, "Code Lock"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/CopyKiller.cs b/BurnOutSharp/ProtectionType/CopyKiller.cs index cc4e94a3..93423969 100644 --- a/BurnOutSharp/ProtectionType/CopyKiller.cs +++ b/BurnOutSharp/ProtectionType/CopyKiller.cs @@ -5,20 +5,23 @@ namespace BurnOutSharp.ProtectionType { public class CopyKiller : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // Tom Commander + new ContentMatchSet(new byte?[] + { + 0x54, 0x6F, 0x6D, 0x20, 0x43, 0x6F, 0x6D, 0x6D, + 0x61, 0x6E, 0x64, 0x65, 0x72 + }, "CopyKiller"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // Tom Commander - new ContentMatchSet(new byte?[] - { - 0x54, 0x6F, 0x6D, 0x20, 0x43, 0x6F, 0x6D, 0x6D, - 0x61, 0x6E, 0x64, 0x65, 0x72 - }, "CopyKiller"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/DVDCops.cs b/BurnOutSharp/ProtectionType/DVDCops.cs index 788d82ef..d52dc60f 100644 --- a/BurnOutSharp/ProtectionType/DVDCops.cs +++ b/BurnOutSharp/ProtectionType/DVDCops.cs @@ -7,20 +7,23 @@ namespace BurnOutSharp.ProtectionType { public class DVDCops : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // DVD-Cops, ver. + new ContentMatchSet(new byte?[] + { + 0x44, 0x56, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, + 0x2C, 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20 + }, GetVersion, "DVD-Cops"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // DVD-Cops, ver. - new ContentMatchSet(new byte?[] - { - 0x44, 0x56, 0x44, 0x2D, 0x43, 0x6F, 0x70, 0x73, - 0x2C, 0x20, 0x20, 0x76, 0x65, 0x72, 0x2E, 0x20 - }, GetVersion, "DVD-Cops"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } public static string GetVersion(string file, byte[] fileContent, List positions) diff --git a/BurnOutSharp/ProtectionType/ElectronicArts.cs b/BurnOutSharp/ProtectionType/ElectronicArts.cs index 8559983c..52b05870 100644 --- a/BurnOutSharp/ProtectionType/ElectronicArts.cs +++ b/BurnOutSharp/ProtectionType/ElectronicArts.cs @@ -5,6 +5,103 @@ namespace BurnOutSharp.ProtectionType { public class ElectronicArts : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // EASTL + //new ContentMatchSet(new byte?[] { 0x45, 0x41, 0x53, 0x54, 0x4C }, "Cucko (EA Custom)"), + + // R + (char)0x00 + e + (char)0x00 + g + (char)0x00 + i + (char)0x00 + s + (char)0x00 + t + (char)0x00 + r + (char)0x00 + a + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + + (char)0x00 + C + (char)0x00 + o + (char)0x00 + d + (char)0x00 + e + (char)0x00 + + (char)0x00 + i + (char)0x00 + n + (char)0x00 + s + (char)0x00 + t + (char)0x00 + a + (char)0x00 + l + (char)0x00 + l + (char)0x00 + e + (char)0x00 + r + (char)0x00 + + (char)0x00 + p + (char)0x00 + r + (char)0x00 + o + (char)0x00 + g + (char)0x00 + r + (char)0x00 + a + (char)0x00 + m + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x52, 0x00, 0x65, 0x00, 0x67, 0x00, 0x69, 0x00, + 0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, + 0x74, 0x00, 0x69, 0x00, 0x6F, 0x00, 0x6E, 0x00, + 0x20, 0x00, 0x43, 0x00, 0x6F, 0x00, 0x64, 0x00, + 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6E, 0x00, + 0x73, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, + 0x6C, 0x00, 0x65, 0x00, 0x72, 0x00, 0x20, 0x00, + 0x70, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x67, 0x00, + 0x72, 0x00, 0x61, 0x00, 0x6D, 0x00 + }, Utilities.GetFileVersion, "EA CdKey Registration Module"), + + // R + (char)0x00 + e + (char)0x00 + g + (char)0x00 + i + (char)0x00 + s + (char)0x00 + t + (char)0x00 + r + (char)0x00 + a + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + + (char)0x00 + c + (char)0x00 + o + (char)0x00 + d + (char)0x00 + e + (char)0x00 + + (char)0x00 + i + (char)0x00 + n + (char)0x00 + s + (char)0x00 + t + (char)0x00 + a + (char)0x00 + l + (char)0x00 + l + (char)0x00 + e + (char)0x00 + r + (char)0x00 + + (char)0x00 + p + (char)0x00 + r + (char)0x00 + o + (char)0x00 + g + (char)0x00 + r + (char)0x00 + a + (char)0x00 + m + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x52, 0x00, 0x65, 0x00, 0x67, 0x00, 0x69, 0x00, + 0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, + 0x74, 0x00, 0x69, 0x00, 0x6F, 0x00, 0x6E, 0x00, + 0x20, 0x00, 0x63, 0x00, 0x6F, 0x00, 0x64, 0x00, + 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6E, 0x00, + 0x73, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, + 0x6C, 0x00, 0x65, 0x00, 0x72, 0x00, 0x20, 0x00, + 0x70, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x67, 0x00, + 0x72, 0x00, 0x61, 0x00, 0x6D, 0x00 + }, Utilities.GetFileVersion, "EA CdKey Registration Module"), + + // A + (char)0x00 + b + (char)0x00 + o + (char)0x00 + u + (char)0x00 + t + (char)0x00 + + (char)0x00 + C + (char)0x00 + D + (char)0x00 + K + (char)0x00 + e + (char)0x00 + y + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x41, 0x00, 0x62, 0x00, 0x6F, 0x00, 0x75, 0x00, + 0x74, 0x00, 0x20, 0x00, 0x43, 0x00, 0x44, 0x00, + 0x4B, 0x00, 0x65, 0x00, 0x79, 0x00 + }, Utilities.GetFileVersion, "EA CdKey Registration Module"), + + // I + (char)0x00 + n + (char)0x00 + t + (char)0x00 + e + (char)0x00 + r + (char)0x00 + n + (char)0x00 + a + (char)0x00 + l + (char)0x00 + N + (char)0x00 + a + (char)0x00 + m + (char)0x00 + e + (char)0x00 + + (char)0x00 + + (char)0x00 + C + (char)0x00 + D + (char)0x00 + K + (char)0x00 + e + (char)0x00 + y + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x49, 0x00, 0x6E, 0x00, 0x74, 0x00, 0x65, 0x00, + 0x72, 0x00, 0x6E, 0x00, 0x61, 0x00, 0x6C, 0x00, + 0x4E, 0x00, 0x61, 0x00, 0x6D, 0x00, 0x65, 0x00, + 0x00, 0x00, 0x43, 0x00, 0x44, 0x00, 0x4B, 0x00, + 0x65, 0x00, 0x79, 0x00 + }, Utilities.GetFileVersion, "EA CdKey Registration Module"), + + // I + (char)0x00 + n + (char)0x00 + t + (char)0x00 + e + (char)0x00 + r + (char)0x00 + n + (char)0x00 + a + (char)0x00 + l + (char)0x00 + N + (char)0x00 + a + (char)0x00 + m + (char)0x00 + e + (char)0x00 + + (char)0x00 + + (char)0x00 + C + (char)0x00 + D + (char)0x00 + C + (char)0x00 + o + (char)0x00 + d + (char)0x00 + e + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x49, 0x00, 0x6E, 0x00, 0x74, 0x00, 0x65, 0x00, + 0x72, 0x00, 0x6E, 0x00, 0x61, 0x00, 0x6C, 0x00, + 0x4E, 0x00, 0x61, 0x00, 0x6D, 0x00, 0x65, 0x00, + 0x00, 0x00, 0x43, 0x00, 0x44, 0x00, 0x43, 0x00, + 0x6F, 0x00, 0x64, 0x00, 0x65, 0x00 + }, Utilities.GetFileVersion, "EA CdKey Registration Module"), + + // EReg Config Form + new ContentMatchSet(new byte?[] + { + 0x45, 0x52, 0x65, 0x67, 0x20, 0x43, 0x6F, 0x6E, + 0x66, 0x69, 0x67, 0x20, 0x46, 0x6F, 0x72, 0x6D + }, Utilities.GetFileVersion, "EA CdKey Registration Module"), + + // ereg.ea-europe.com + new ContentMatchSet(new byte?[] + { + 0x65, 0x72, 0x65, 0x67, 0x2E, 0x65, 0x61, 0x2D, + 0x65, 0x75, 0x72, 0x6F, 0x70, 0x65, 0x2E, 0x63, + 0x6F, 0x6D + }, Utilities.GetFileVersion, "EA CdKey Registration Module"), + + // GenericEA + (char)0x00 + (char)0x00 + (char)0x00 + Activation + new ContentMatchSet(new byte?[] + { + 0x47, 0x65, 0x6E, 0x65, 0x72, 0x69, 0x63, 0x45, + 0x41, 0x00, 0x00, 0x00, 0x41, 0x63, 0x74, 0x69, + 0x76, 0x61, 0x74, 0x69, 0x6F, 0x6E + }, "EA DRM Protection"), + + // E + (char)0x00 + A + (char)0x00 + + (char)0x00 + D + (char)0x00 + R + (char)0x00 + M + (char)0x00 + + (char)0x00 + H + (char)0x00 + e + (char)0x00 + l + (char)0x00 + p + (char)0x00 + e + (char)0x00 + r + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x45, 0x00, 0x41, 0x00, 0x20, 0x00, 0x44, 0x00, + 0x52, 0x00, 0x4D, 0x00, 0x20, 0x00, 0x48, 0x00, + 0x65, 0x00, 0x6C, 0x00, 0x70, 0x00, 0x65, 0x00, + 0x72, 0x00 + }, "EA DRM Protection"), + }; + // TODO: Verify this doesn't over-match // TODO: Do more research into the Cucko protection: // - Reference to `EASTL` and `EAStdC` are standard for EA products and does not indicate Cucko by itself @@ -12,101 +109,7 @@ namespace BurnOutSharp.ProtectionType /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // EASTL - //new ContentMatchSet(new byte?[] { 0x45, 0x41, 0x53, 0x54, 0x4C }, "Cucko (EA Custom)"), - - // R + (char)0x00 + e + (char)0x00 + g + (char)0x00 + i + (char)0x00 + s + (char)0x00 + t + (char)0x00 + r + (char)0x00 + a + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + + (char)0x00 + C + (char)0x00 + o + (char)0x00 + d + (char)0x00 + e + (char)0x00 + + (char)0x00 + i + (char)0x00 + n + (char)0x00 + s + (char)0x00 + t + (char)0x00 + a + (char)0x00 + l + (char)0x00 + l + (char)0x00 + e + (char)0x00 + r + (char)0x00 + + (char)0x00 + p + (char)0x00 + r + (char)0x00 + o + (char)0x00 + g + (char)0x00 + r + (char)0x00 + a + (char)0x00 + m + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x52, 0x00, 0x65, 0x00, 0x67, 0x00, 0x69, 0x00, - 0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, - 0x74, 0x00, 0x69, 0x00, 0x6F, 0x00, 0x6E, 0x00, - 0x20, 0x00, 0x43, 0x00, 0x6F, 0x00, 0x64, 0x00, - 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6E, 0x00, - 0x73, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, - 0x6C, 0x00, 0x65, 0x00, 0x72, 0x00, 0x20, 0x00, - 0x70, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x67, 0x00, - 0x72, 0x00, 0x61, 0x00, 0x6D, 0x00 - }, Utilities.GetFileVersion, "EA CdKey Registration Module"), - - // R + (char)0x00 + e + (char)0x00 + g + (char)0x00 + i + (char)0x00 + s + (char)0x00 + t + (char)0x00 + r + (char)0x00 + a + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + + (char)0x00 + c + (char)0x00 + o + (char)0x00 + d + (char)0x00 + e + (char)0x00 + + (char)0x00 + i + (char)0x00 + n + (char)0x00 + s + (char)0x00 + t + (char)0x00 + a + (char)0x00 + l + (char)0x00 + l + (char)0x00 + e + (char)0x00 + r + (char)0x00 + + (char)0x00 + p + (char)0x00 + r + (char)0x00 + o + (char)0x00 + g + (char)0x00 + r + (char)0x00 + a + (char)0x00 + m + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x52, 0x00, 0x65, 0x00, 0x67, 0x00, 0x69, 0x00, - 0x73, 0x00, 0x74, 0x00, 0x72, 0x00, 0x61, 0x00, - 0x74, 0x00, 0x69, 0x00, 0x6F, 0x00, 0x6E, 0x00, - 0x20, 0x00, 0x63, 0x00, 0x6F, 0x00, 0x64, 0x00, - 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6E, 0x00, - 0x73, 0x00, 0x74, 0x00, 0x61, 0x00, 0x6C, 0x00, - 0x6C, 0x00, 0x65, 0x00, 0x72, 0x00, 0x20, 0x00, - 0x70, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x67, 0x00, - 0x72, 0x00, 0x61, 0x00, 0x6D, 0x00 - }, Utilities.GetFileVersion, "EA CdKey Registration Module"), - - // A + (char)0x00 + b + (char)0x00 + o + (char)0x00 + u + (char)0x00 + t + (char)0x00 + + (char)0x00 + C + (char)0x00 + D + (char)0x00 + K + (char)0x00 + e + (char)0x00 + y + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x41, 0x00, 0x62, 0x00, 0x6F, 0x00, 0x75, 0x00, - 0x74, 0x00, 0x20, 0x00, 0x43, 0x00, 0x44, 0x00, - 0x4B, 0x00, 0x65, 0x00, 0x79, 0x00 - }, Utilities.GetFileVersion, "EA CdKey Registration Module"), - - // I + (char)0x00 + n + (char)0x00 + t + (char)0x00 + e + (char)0x00 + r + (char)0x00 + n + (char)0x00 + a + (char)0x00 + l + (char)0x00 + N + (char)0x00 + a + (char)0x00 + m + (char)0x00 + e + (char)0x00 + + (char)0x00 + + (char)0x00 + C + (char)0x00 + D + (char)0x00 + K + (char)0x00 + e + (char)0x00 + y + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x49, 0x00, 0x6E, 0x00, 0x74, 0x00, 0x65, 0x00, - 0x72, 0x00, 0x6E, 0x00, 0x61, 0x00, 0x6C, 0x00, - 0x4E, 0x00, 0x61, 0x00, 0x6D, 0x00, 0x65, 0x00, - 0x00, 0x00, 0x43, 0x00, 0x44, 0x00, 0x4B, 0x00, - 0x65, 0x00, 0x79, 0x00 - }, Utilities.GetFileVersion, "EA CdKey Registration Module"), - - // I + (char)0x00 + n + (char)0x00 + t + (char)0x00 + e + (char)0x00 + r + (char)0x00 + n + (char)0x00 + a + (char)0x00 + l + (char)0x00 + N + (char)0x00 + a + (char)0x00 + m + (char)0x00 + e + (char)0x00 + + (char)0x00 + + (char)0x00 + C + (char)0x00 + D + (char)0x00 + C + (char)0x00 + o + (char)0x00 + d + (char)0x00 + e + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x49, 0x00, 0x6E, 0x00, 0x74, 0x00, 0x65, 0x00, - 0x72, 0x00, 0x6E, 0x00, 0x61, 0x00, 0x6C, 0x00, - 0x4E, 0x00, 0x61, 0x00, 0x6D, 0x00, 0x65, 0x00, - 0x00, 0x00, 0x43, 0x00, 0x44, 0x00, 0x43, 0x00, - 0x6F, 0x00, 0x64, 0x00, 0x65, 0x00 - }, Utilities.GetFileVersion, "EA CdKey Registration Module"), - - // EReg Config Form - new ContentMatchSet(new byte?[] - { - 0x45, 0x52, 0x65, 0x67, 0x20, 0x43, 0x6F, 0x6E, - 0x66, 0x69, 0x67, 0x20, 0x46, 0x6F, 0x72, 0x6D - }, Utilities.GetFileVersion, "EA CdKey Registration Module"), - - // ereg.ea-europe.com - new ContentMatchSet(new byte?[] - { - 0x65, 0x72, 0x65, 0x67, 0x2E, 0x65, 0x61, 0x2D, - 0x65, 0x75, 0x72, 0x6F, 0x70, 0x65, 0x2E, 0x63, - 0x6F, 0x6D - }, Utilities.GetFileVersion, "EA CdKey Registration Module"), - - // GenericEA + (char)0x00 + (char)0x00 + (char)0x00 + Activation - new ContentMatchSet(new byte?[] - { - 0x47, 0x65, 0x6E, 0x65, 0x72, 0x69, 0x63, 0x45, - 0x41, 0x00, 0x00, 0x00, 0x41, 0x63, 0x74, 0x69, - 0x76, 0x61, 0x74, 0x69, 0x6F, 0x6E - }, "EA DRM Protection"), - - // E + (char)0x00 + A + (char)0x00 + + (char)0x00 + D + (char)0x00 + R + (char)0x00 + M + (char)0x00 + + (char)0x00 + H + (char)0x00 + e + (char)0x00 + l + (char)0x00 + p + (char)0x00 + e + (char)0x00 + r + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x45, 0x00, 0x41, 0x00, 0x20, 0x00, 0x44, 0x00, - 0x52, 0x00, 0x4D, 0x00, 0x20, 0x00, 0x48, 0x00, - 0x65, 0x00, 0x6C, 0x00, 0x70, 0x00, 0x65, 0x00, - 0x72, 0x00 - }, "EA DRM Protection"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/ImpulseReactor.cs b/BurnOutSharp/ProtectionType/ImpulseReactor.cs index 9176e070..c1f9322b 100644 --- a/BurnOutSharp/ProtectionType/ImpulseReactor.cs +++ b/BurnOutSharp/ProtectionType/ImpulseReactor.cs @@ -5,43 +5,46 @@ namespace BurnOutSharp.ProtectionType { public class ImpulseReactor : IContentCheck, IPathCheck { - /// - public string CheckContents(string file, byte[] fileContent, bool includePosition = false) + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List { - var matchers = new List + new ContentMatchSet(new List { - new ContentMatchSet(new List - { - // CVPInitializeClient - new byte?[] - { - 0x43, 0x56, 0x50, 0x49, 0x6E, 0x69, 0x74, 0x69, - 0x61, 0x6C, 0x69, 0x7A, 0x65, 0x43, 0x6C, 0x69, - 0x65, 0x6E, 0x74 - }, - - // A + (char)0x00 + T + (char)0x00 + T + (char)0x00 + L + (char)0x00 + I + (char)0x00 + S + (char)0x00 + T + (char)0x00 + (char)0x00 + (char)0x00 + E + (char)0x00 + L + (char)0x00 + E + (char)0x00 + M + (char)0x00 + E + (char)0x00 + N + (char)0x00 + T + (char)0x00 + (char)0x00 + (char)0x00 + N + (char)0x00 + O + (char)0x00 + T + (char)0x00 + A + (char)0x00 + T + (char)0x00 + I + (char)0x00 + O + (char)0x00 + N + (char)0x00 - new byte?[] - { - 0x41, 0x00, 0x54, 0x00, 0x54, 0x00, 0x4C, 0x00, - 0x49, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00, - 0x45, 0x00, 0x4C, 0x00, 0x45, 0x00, 0x4D, 0x00, - 0x45, 0x00, 0x4E, 0x00, 0x54, 0x00, 0x00, 0x00, - 0x4E, 0x00, 0x4F, 0x00, 0x54, 0x00, 0x41, 0x00, - 0x54, 0x00, 0x49, 0x00, 0x4F, 0x00, 0x4E - }, - }, Utilities.GetFileVersion, "Impulse Reactor"), - // CVPInitializeClient - new ContentMatchSet(new byte?[] + new byte?[] { 0x43, 0x56, 0x50, 0x49, 0x6E, 0x69, 0x74, 0x69, 0x61, 0x6C, 0x69, 0x7A, 0x65, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74 - }, "Impulse Reactor"), - }; + }, - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + // A + (char)0x00 + T + (char)0x00 + T + (char)0x00 + L + (char)0x00 + I + (char)0x00 + S + (char)0x00 + T + (char)0x00 + (char)0x00 + (char)0x00 + E + (char)0x00 + L + (char)0x00 + E + (char)0x00 + M + (char)0x00 + E + (char)0x00 + N + (char)0x00 + T + (char)0x00 + (char)0x00 + (char)0x00 + N + (char)0x00 + O + (char)0x00 + T + (char)0x00 + A + (char)0x00 + T + (char)0x00 + I + (char)0x00 + O + (char)0x00 + N + (char)0x00 + new byte?[] + { + 0x41, 0x00, 0x54, 0x00, 0x54, 0x00, 0x4C, 0x00, + 0x49, 0x00, 0x53, 0x00, 0x54, 0x00, 0x00, 0x00, + 0x45, 0x00, 0x4C, 0x00, 0x45, 0x00, 0x4D, 0x00, + 0x45, 0x00, 0x4E, 0x00, 0x54, 0x00, 0x00, 0x00, + 0x4E, 0x00, 0x4F, 0x00, 0x54, 0x00, 0x41, 0x00, + 0x54, 0x00, 0x49, 0x00, 0x4F, 0x00, 0x4E + }, + }, Utilities.GetFileVersion, "Impulse Reactor"), + + // CVPInitializeClient + new ContentMatchSet(new byte?[] + { + 0x43, 0x56, 0x50, 0x49, 0x6E, 0x69, 0x74, 0x69, + 0x61, 0x6C, 0x69, 0x7A, 0x65, 0x43, 0x6C, 0x69, + 0x65, 0x6E, 0x74 + }, "Impulse Reactor"), + }; + + /// + public string CheckContents(string file, byte[] fileContent, bool includePosition = false) + { + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/Intenium.cs b/BurnOutSharp/ProtectionType/Intenium.cs index 082f6af9..1eaa4c6e 100644 --- a/BurnOutSharp/ProtectionType/Intenium.cs +++ b/BurnOutSharp/ProtectionType/Intenium.cs @@ -21,16 +21,19 @@ namespace BurnOutSharp.ProtectionType * - NO NESTED PRMS SUPPORTED - 4E 4F 20 4E 45 53 54 45 44 20 50 52 4D 53 20 53 55 50 50 4F 52 54 45 44 */ + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // Trial + (char)0x00 + P + new ContentMatchSet(new byte?[] { 0x54, 0x72, 0x69, 0x61, 0x6C, 0x00, 0x50 }, "INTENIUM Trial & Buy Protection"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // Trial + (char)0x00 + P - new ContentMatchSet(new byte?[] { 0x54, 0x72, 0x69, 0x61, 0x6C, 0x00, 0x50 }, "INTENIUM Trial & Buy Protection"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/JoWooDXProt.cs b/BurnOutSharp/ProtectionType/JoWooDXProt.cs index a5928931..f6ed5957 100644 --- a/BurnOutSharp/ProtectionType/JoWooDXProt.cs +++ b/BurnOutSharp/ProtectionType/JoWooDXProt.cs @@ -7,34 +7,37 @@ namespace BurnOutSharp.ProtectionType { public class JoWooDXProt : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // @HC09 + new ContentMatchSet(new byte?[] { 0x40, 0x48, 0x43, 0x30, 0x39, 0x20, 0x20, 0x20, 0x20 }, "JoWooD X-Prot v2"), + + new ContentMatchSet(new List + { + // .ext + new byte?[] { 0x2E, 0x65, 0x78, 0x74, 0x20, 0x20, 0x20, 0x20 }, + + // kernel32.dll + (char)0x00 + (char)0x00 + (char)0x00 + VirtualProtect + new byte?[] + { + 0x6B, 0x65, 0x72, 0x6E, 0x65, 0x6C, 0x33, 0x32, + 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0x00, 0x00, 0x56, + 0x69, 0x72, 0x74, 0x75, 0x61, 0x6C, 0x50, 0x72, + 0x6F, 0x74, 0x65, 0x63, 0x74 + }, + }, GetVersion, "JoWooD X-Prot"), + + // .ext + new ContentMatchSet(new byte?[] { 0x2E, 0x65, 0x78, 0x74, 0x20, 0x20, 0x20, 0x20 }, "JoWooD X-Prot v1"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // @HC09 - new ContentMatchSet(new byte?[] { 0x40, 0x48, 0x43, 0x30, 0x39, 0x20, 0x20, 0x20, 0x20 }, "JoWooD X-Prot v2"), - - new ContentMatchSet(new List - { - // .ext - new byte?[] { 0x2E, 0x65, 0x78, 0x74, 0x20, 0x20, 0x20, 0x20 }, - - // kernel32.dll + (char)0x00 + (char)0x00 + (char)0x00 + VirtualProtect - new byte?[] - { - 0x6B, 0x65, 0x72, 0x6E, 0x65, 0x6C, 0x33, 0x32, - 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0x00, 0x00, 0x56, - 0x69, 0x72, 0x74, 0x75, 0x61, 0x6C, 0x50, 0x72, - 0x6F, 0x74, 0x65, 0x63, 0x74 - }, - }, GetVersion, "JoWooD X-Prot"), - - // .ext - new ContentMatchSet(new byte?[] { 0x2E, 0x65, 0x78, 0x74, 0x20, 0x20, 0x20, 0x20 }, "JoWooD X-Prot v1"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } public static string GetVersion(string file, byte[] fileContent, List positions) diff --git a/BurnOutSharp/ProtectionType/KeyLock.cs b/BurnOutSharp/ProtectionType/KeyLock.cs index d65b8cad..1ce8524d 100644 --- a/BurnOutSharp/ProtectionType/KeyLock.cs +++ b/BurnOutSharp/ProtectionType/KeyLock.cs @@ -5,20 +5,23 @@ namespace BurnOutSharp.ProtectionType { public class KeyLock : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // KEY-LOCK COMMAND + new ContentMatchSet(new byte?[] + { + 0x4B, 0x45, 0x59, 0x2D, 0x4C, 0x4F, 0x43, 0x4B, + 0x20, 0x43, 0x4F, 0x4D, 0x4D, 0x41, 0x4E, 0x44 + }, "Key-Lock (Dongle)"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // KEY-LOCK COMMAND - new ContentMatchSet(new byte?[] - { - 0x4B, 0x45, 0x59, 0x2D, 0x4C, 0x4F, 0x43, 0x4B, - 0x20, 0x43, 0x4F, 0x4D, 0x4D, 0x41, 0x4E, 0x44 - }, "Key-Lock (Dongle)"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/LaserLock.cs b/BurnOutSharp/ProtectionType/LaserLock.cs index a1aa6599..6bbe5839 100644 --- a/BurnOutSharp/ProtectionType/LaserLock.cs +++ b/BurnOutSharp/ProtectionType/LaserLock.cs @@ -9,6 +9,37 @@ namespace BurnOutSharp.ProtectionType // TODO: Figure out how to use GetContentMatches here public class LaserLock : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // :\\LASERLOK\\LASERLOK.IN + (char)0x00 + C:\\NOMOUSE.SP + new ContentMatchSet(new byte?[] + { + 0x3A, 0x5C, 0x5C, 0x4C, 0x41, 0x53, 0x45, 0x52, + 0x4C, 0x4F, 0x4B, 0x5C, 0x5C, 0x4C, 0x41, 0x53, + 0x45, 0x52, 0x4C, 0x4F, 0x4B, 0x2E, 0x49, 0x4E, + 0x00, 0x43, 0x3A, 0x5C, 0x5C, 0x4E, 0x4F, 0x4D, + 0x4F, 0x55, 0x53, 0x45, 0x2E, 0x53, 0x50 + }, "LaserLock 3"), + + // LASERLOK_INIT + (char)0xC + LASERLOK_RUN + (char)0xE + LASERLOK_CHECK + (char)0xF + LASERLOK_CHECK2 + (char)0xF + LASERLOK_CHECK3 + new ContentMatchSet(new byte?[] + { + 0x4C, 0x41, 0x53, 0x45, 0x52, 0x4C, 0x4F, 0x4B, + 0x5F, 0x49, 0x4E, 0x49, 0x54, 0x0C, 0x4C, 0x41, + 0x53, 0x45, 0x52, 0x4C, 0x4F, 0x4B, 0x5F, 0x52, + 0x55, 0x4E, 0x0E, 0x4C, 0x41, 0x53, 0x45, 0x52, + 0x4C, 0x4F, 0x4B, 0x5F, 0x43, 0x48, 0x45, 0x43, + 0x4B, 0x0F, 0x4C, 0x41, 0x53, 0x45, 0x52, 0x4C, + 0x4F, 0x4B, 0x5F, 0x43, 0x48, 0x45, 0x43, 0x4B, + 0x32, 0x0F, 0x4C, 0x41, 0x53, 0x45, 0x52, 0x4C, + 0x4F, 0x4B, 0x5F, 0x43, 0x48, 0x45, 0x43, 0x4B, + 0x33 + }, "LaserLock 5"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { @@ -30,76 +61,43 @@ namespace BurnOutSharp.ProtectionType if (file != null && string.Equals(Path.GetFileName(file), "NOMOUSE.SP", StringComparison.OrdinalIgnoreCase)) return $"LaserLock {GetVersion16Bit(fileContent)}" + (includePosition ? $" (Index 71)" : string.Empty); - var matchers = new List - { - // :\\LASERLOK\\LASERLOK.IN + (char)0x00 + C:\\NOMOUSE.SP - new ContentMatchSet(new byte?[] - { - 0x3A, 0x5C, 0x5C, 0x4C, 0x41, 0x53, 0x45, 0x52, - 0x4C, 0x4F, 0x4B, 0x5C, 0x5C, 0x4C, 0x41, 0x53, - 0x45, 0x52, 0x4C, 0x4F, 0x4B, 0x2E, 0x49, 0x4E, - 0x00, 0x43, 0x3A, 0x5C, 0x5C, 0x4E, 0x4F, 0x4D, - 0x4F, 0x55, 0x53, 0x45, 0x2E, 0x53, 0x50 - }, "LaserLock 3"), - - // LASERLOK_INIT + (char)0xC + LASERLOK_RUN + (char)0xE + LASERLOK_CHECK + (char)0xF + LASERLOK_CHECK2 + (char)0xF + LASERLOK_CHECK3 - new ContentMatchSet(new byte?[] - { - 0x4C, 0x41, 0x53, 0x45, 0x52, 0x4C, 0x4F, 0x4B, - 0x5F, 0x49, 0x4E, 0x49, 0x54, 0x0C, 0x4C, 0x41, - 0x53, 0x45, 0x52, 0x4C, 0x4F, 0x4B, 0x5F, 0x52, - 0x55, 0x4E, 0x0E, 0x4C, 0x41, 0x53, 0x45, 0x52, - 0x4C, 0x4F, 0x4B, 0x5F, 0x43, 0x48, 0x45, 0x43, - 0x4B, 0x0F, 0x4C, 0x41, 0x53, 0x45, 0x52, 0x4C, - 0x4F, 0x4B, 0x5F, 0x43, 0x48, 0x45, 0x43, 0x4B, - 0x32, 0x0F, 0x4C, 0x41, 0x53, 0x45, 0x52, 0x4C, - 0x4F, 0x4B, 0x5F, 0x43, 0x48, 0x45, 0x43, 0x4B, - 0x33 - }, "LaserLock 5"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// public string CheckDirectoryPath(string path, IEnumerable files) { - if (Directory.Exists(Path.Combine(path, "LASERLOK"))) + var matchers = new List { - return "LaserLock"; - } + new PathMatchSet($"LASERLOK{Path.DirectorySeparatorChar}", "LaserLock"), - // TODO: Verify if these are OR or AND - else if (files.Any(f => Path.GetFileName(f).Equals("NOMOUSE.SP", StringComparison.OrdinalIgnoreCase)) - || files.Any(f => Path.GetFileName(f).Equals("NOMOUSE.COM", StringComparison.OrdinalIgnoreCase)) - || files.Any(f => Path.GetFileName(f).Equals("l16dll.dll", StringComparison.OrdinalIgnoreCase)) - || files.Any(f => Path.GetFileName(f).Equals("laserlok.in", StringComparison.OrdinalIgnoreCase)) - || files.Any(f => Path.GetFileName(f).Equals("laserlok.o10", StringComparison.OrdinalIgnoreCase)) - || files.Any(f => Path.GetFileName(f).Equals("laserlok.011", StringComparison.OrdinalIgnoreCase))) - { - return "LaserLock"; - } - - return null; + // TODO: Verify if these are OR or AND + new PathMatchSet(new PathMatch("NOMOUSE.SP", useEndsWith: true), "LaserLock"), + new PathMatchSet(new PathMatch("NOMOUSE.COM", useEndsWith: true), "LaserLock"), + new PathMatchSet(new PathMatch("l16dll.dll", useEndsWith: true), "LaserLock"), + new PathMatchSet(new PathMatch("laserlok.in", useEndsWith: true), "LaserLock"), + new PathMatchSet(new PathMatch("laserlok.o10", useEndsWith: true), "LaserLock"), + new PathMatchSet(new PathMatch("laserlok.011", useEndsWith: true), "LaserLock"), + }; + + var matches = MatchUtil.GetAllMatches(files, matchers, any: true); + return string.Join(", ", matches); } /// public string CheckFilePath(string path) { - if (path != null && string.Equals(Path.GetFileName(path), "NOMOUSE.SP", StringComparison.OrdinalIgnoreCase)) - return $"LaserLock {GetVersion16Bit(path)}"; - - if (Path.GetFileName(path).Equals("NOMOUSE.SP", StringComparison.OrdinalIgnoreCase) - || Path.GetFileName(path).Equals("NOMOUSE.COM", StringComparison.OrdinalIgnoreCase) - || Path.GetFileName(path).Equals("l16dll.dll", StringComparison.OrdinalIgnoreCase) - || Path.GetFileName(path).Equals("laserlok.in", StringComparison.OrdinalIgnoreCase) - || Path.GetFileName(path).Equals("laserlok.o10", StringComparison.OrdinalIgnoreCase) - || Path.GetFileName(path).Equals("laserlok.011", StringComparison.OrdinalIgnoreCase)) + var matchers = new List { - return "LaserLock"; - } + new PathMatchSet(new PathMatch("NOMOUSE.SP", useEndsWith: true), GetVersion16Bit, "LaserLock"), + new PathMatchSet(new PathMatch("NOMOUSE.COM", useEndsWith: true), "LaserLock"), + new PathMatchSet(new PathMatch("l16dll.dll", useEndsWith: true), "LaserLock"), + new PathMatchSet(new PathMatch("laserlok.in", useEndsWith: true), "LaserLock"), + new PathMatchSet(new PathMatch("laserlok.o10", useEndsWith: true), "LaserLock"), + new PathMatchSet(new PathMatch("laserlok.011", useEndsWith: true), "LaserLock"), + }; - return null; + return MatchUtil.GetFirstMatch(path, matchers, any: true); } private static string GetBuild(byte[] fileContent, bool versionTwo) @@ -135,9 +133,12 @@ namespace BurnOutSharp.ProtectionType return new string(new ArraySegment(fileContent, position + 76, 4).Select(b => (char)b).ToArray()); } - private static string GetVersion16Bit(string file) + public static string GetVersion16Bit(string firstMatchedString, IEnumerable files) { - using (var fs = File.Open(file, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) + if (!File.Exists(firstMatchedString)) + return string.Empty; + + using (var fs = File.Open(firstMatchedString, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) using (var br = new BinaryReader(fs)) { return GetVersion16Bit(br.ReadBytes((int)fs.Length)); diff --git a/BurnOutSharp/ProtectionType/MediaCloQ.cs b/BurnOutSharp/ProtectionType/MediaCloQ.cs index c01f1b4d..fc2a6000 100644 --- a/BurnOutSharp/ProtectionType/MediaCloQ.cs +++ b/BurnOutSharp/ProtectionType/MediaCloQ.cs @@ -1,7 +1,5 @@ -using System; -using System.Collections.Generic; -using System.IO; -using System.Linq; +using System.Collections.Generic; +using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { @@ -10,19 +8,24 @@ namespace BurnOutSharp.ProtectionType /// public string CheckDirectoryPath(string path, IEnumerable files) { - if (files.Any(f => Path.GetFileName(f).Equals("sunncomm.ico", StringComparison.OrdinalIgnoreCase))) - return "MediaCloQ"; - - return null; + var matchers = new List + { + new PathMatchSet(new PathMatch("sunncomm.ico", useEndsWith: true), "MediaCloQ"), + }; + + var matches = MatchUtil.GetAllMatches(files, matchers, any: true); + return string.Join(", ", matches); } /// public string CheckFilePath(string path) { - if (Path.GetFileName(path).Equals("sunncomm.ico", StringComparison.OrdinalIgnoreCase)) - return "MediaCloQ"; + var matchers = new List + { + new PathMatchSet(new PathMatch("sunncomm.ico", useEndsWith: true), "MediaCloQ"), + }; - return null; + return MatchUtil.GetFirstMatch(path, matchers, any: true); } } } diff --git a/BurnOutSharp/ProtectionType/MediaMaxCD3.cs b/BurnOutSharp/ProtectionType/MediaMaxCD3.cs index 8351eff9..370e2842 100644 --- a/BurnOutSharp/ProtectionType/MediaMaxCD3.cs +++ b/BurnOutSharp/ProtectionType/MediaMaxCD3.cs @@ -1,48 +1,53 @@ -using System; -using System.Collections.Generic; -using System.IO; -using System.Linq; +using System.Collections.Generic; using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { public class MediaMaxCD3 : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // Cd3Ctl + new ContentMatchSet(new byte?[] { 0x43, 0x64, 0x33, 0x43, 0x74, 0x6C }, "MediaMax CD-3"), + + // DllInstallSbcp + new ContentMatchSet(new byte?[] + { + 0x44, 0x6C, 0x6C, 0x49, 0x6E, 0x73, 0x74, 0x61, + 0x6C, 0x6C, 0x53, 0x62, 0x63, 0x70 + }, "MediaMax CD-3"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // Cd3Ctl - new ContentMatchSet(new byte?[] { 0x43, 0x64, 0x33, 0x43, 0x74, 0x6C }, "MediaMax CD-3"), - - // DllInstallSbcp - new ContentMatchSet(new byte?[] - { - 0x44, 0x6C, 0x6C, 0x49, 0x6E, 0x73, 0x74, 0x61, - 0x6C, 0x6C, 0x53, 0x62, 0x63, 0x70 - }, "MediaMax CD-3"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// public string CheckDirectoryPath(string path, IEnumerable files) { - if (files.Any(f => Path.GetFileName(f).Equals("LaunchCd.exe", StringComparison.OrdinalIgnoreCase))) - return "MediaMax CD-3"; - - return null; + var matchers = new List + { + new PathMatchSet(new PathMatch("LaunchCd.exe", useEndsWith: true), "MediaMax CD-3"), + }; + + var matches = MatchUtil.GetAllMatches(files, matchers, any: true); + return string.Join(", ", matches); } /// public string CheckFilePath(string path) { - if (Path.GetFileName(path).Equals("LaunchCd.exe", StringComparison.OrdinalIgnoreCase)) - return "MediaMax CD-3"; + var matchers = new List + { + new PathMatchSet(new PathMatch("LaunchCd.exe", useEndsWith: true), "MediaMax CD-3"), + }; - return null; + return MatchUtil.GetFirstMatch(path, matchers, any: true); } } } diff --git a/BurnOutSharp/ProtectionType/OnlineRegistration.cs b/BurnOutSharp/ProtectionType/OnlineRegistration.cs index dcad8605..6c5fe7f6 100644 --- a/BurnOutSharp/ProtectionType/OnlineRegistration.cs +++ b/BurnOutSharp/ProtectionType/OnlineRegistration.cs @@ -5,23 +5,26 @@ namespace BurnOutSharp.ProtectionType { public class OnlineRegistration : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // I + (char)0x00 + n + (char)0x00 + t + (char)0x00 + e + (char)0x00 + r + (char)0x00 + n + (char)0x00 + a + (char)0x00 + l + (char)0x00 + N + (char)0x00 + a + (char)0x00 + m + (char)0x00 + e + (char)0x00 + + (char)0x00 + + (char)0x00 + E + (char)0x00 + R + (char)0x00 + e + (char)0x00 + g + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x49, 0x00, 0x6E, 0x00, 0x74, 0x00, 0x65, 0x00, + 0x72, 0x00, 0x6E, 0x00, 0x61, 0x00, 0x6C, 0x00, + 0x4E, 0x00, 0x61, 0x00, 0x6D, 0x00, 0x65, 0x00, + 0x00, 0x00, 0x45, 0x00, 0x52, 0x00, 0x65, 0x00, + 0x67, 0x00 + }, Utilities.GetFileVersion, "Executable-Based Online Registration"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // I + (char)0x00 + n + (char)0x00 + t + (char)0x00 + e + (char)0x00 + r + (char)0x00 + n + (char)0x00 + a + (char)0x00 + l + (char)0x00 + N + (char)0x00 + a + (char)0x00 + m + (char)0x00 + e + (char)0x00 + + (char)0x00 + + (char)0x00 + E + (char)0x00 + R + (char)0x00 + e + (char)0x00 + g + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x49, 0x00, 0x6E, 0x00, 0x74, 0x00, 0x65, 0x00, - 0x72, 0x00, 0x6E, 0x00, 0x61, 0x00, 0x6C, 0x00, - 0x4E, 0x00, 0x61, 0x00, 0x6D, 0x00, 0x65, 0x00, - 0x00, 0x00, 0x45, 0x00, 0x52, 0x00, 0x65, 0x00, - 0x67, 0x00 - }, Utilities.GetFileVersion, "Executable-Based Online Registration"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/Origin.cs b/BurnOutSharp/ProtectionType/Origin.cs index 52042250..9a4e4346 100644 --- a/BurnOutSharp/ProtectionType/Origin.cs +++ b/BurnOutSharp/ProtectionType/Origin.cs @@ -1,41 +1,46 @@ -using System; using System.Collections.Generic; -using System.IO; -using System.Linq; using BurnOutSharp.Matching; namespace BurnOutSharp.ProtectionType { public class Origin : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // O + (char)0x00 + r + (char)0x00 + i + (char)0x00 + g + (char)0x00 + i + (char)0x00 + n + (char)0x00 + S + (char)0x00 + e + (char)0x00 + t + (char)0x00 + u + (char)0x00 + p + (char)0x00 + . + (char)0x00 + e + (char)0x00 + x + (char)0x00 + e + (char)0x00 + new ContentMatchSet(new byte?[] { 0x4F, 0x00, 0x72, 0x00, 0x69, 0x00, 0x67, 0x00, 0x69, 0x00, 0x6E, 0x00, 0x53, 0x00, 0x65, 0x00, 0x74, 0x00, 0x75, 0x00, 0x70, 0x00, 0x2E, 0x00, 0x65, 0x00, 0x78, 0x00, 0x65, 0x00 }, "Origin"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // O + (char)0x00 + r + (char)0x00 + i + (char)0x00 + g + (char)0x00 + i + (char)0x00 + n + (char)0x00 + S + (char)0x00 + e + (char)0x00 + t + (char)0x00 + u + (char)0x00 + p + (char)0x00 + . + (char)0x00 + e + (char)0x00 + x + (char)0x00 + e + (char)0x00 - new ContentMatchSet(new byte?[] { 0x4F, 0x00, 0x72, 0x00, 0x69, 0x00, 0x67, 0x00, 0x69, 0x00, 0x6E, 0x00, 0x53, 0x00, 0x65, 0x00, 0x74, 0x00, 0x75, 0x00, 0x70, 0x00, 0x2E, 0x00, 0x65, 0x00, 0x78, 0x00, 0x65, 0x00 }, "Origin"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// public string CheckDirectoryPath(string path, IEnumerable files) { - if (files.Any(f => Path.GetFileName(f).Equals("OriginSetup.exe", StringComparison.OrdinalIgnoreCase))) - return "Origin"; - - return null; + var matchers = new List + { + new PathMatchSet(new PathMatch("OriginSetup.exe", useEndsWith: true), "Origin"), + }; + + var matches = MatchUtil.GetAllMatches(files, matchers, any: true); + return string.Join(", ", matches); } /// public string CheckFilePath(string path) { - if (Path.GetFileName(path).Equals("OriginSetup.exe", StringComparison.OrdinalIgnoreCase)) - return "Origin"; + var matchers = new List + { + new PathMatchSet(new PathMatch("OriginSetup.exe", useEndsWith: true), "Origin"), + }; - return null; + return MatchUtil.GetFirstMatch(path, matchers, any: true); } } } diff --git a/BurnOutSharp/ProtectionType/PSXAntiModchip.cs b/BurnOutSharp/ProtectionType/PSXAntiModchip.cs index b4548c89..f346198f 100644 --- a/BurnOutSharp/ProtectionType/PSXAntiModchip.cs +++ b/BurnOutSharp/ProtectionType/PSXAntiModchip.cs @@ -5,44 +5,47 @@ namespace BurnOutSharp.ProtectionType { public class PSXAntiModchip : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // SOFTWARE TERMINATED\nCONSOLE MAY HAVE BEEN MODIFIED\n CALL 1-888-780-7690 + new ContentMatchSet(new byte?[] + { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x4F, 0x46, + 0x54, 0x57, 0x41, 0x52, 0x45, 0x20, 0x54, 0x45, + 0x52, 0x4D, 0x49, 0x4E, 0x41, 0x54, 0x45, 0x44, + 0x5C, 0x6E, 0x43, 0x4F, 0x4E, 0x53, 0x4F, 0x4C, + 0x45, 0x20, 0x4D, 0x41, 0x59, 0x20, 0x48, 0x41, + 0x56, 0x45, 0x20, 0x42, 0x45, 0x45, 0x4E, 0x20, + 0x4D, 0x4F, 0x44, 0x49, 0x46, 0x49, 0x45, 0x44, + 0x5C, 0x6E, 0x20, 0x20, 0x20, 0x20, 0x20, 0x43, + 0x41, 0x4C, 0x4C, 0x20, 0x31, 0x2D, 0x38, 0x38, + 0x38, 0x2D, 0x37, 0x38, 0x30, 0x2D, 0x37, 0x36, + 0x39, 0x30 + }, "PlayStation Anti-modchip (English)"), + + // 強制終了しました。\n本体が改造されている\nおそれがあります。 + new ContentMatchSet(new byte?[] + { + 0x5F, 0x37, 0x52, 0x36, 0x7D, 0x42, 0x4E, 0x86, + 0x30, 0x57, 0x30, 0x7E, 0x30, 0x57, 0x30, 0x5F, + 0x30, 0x02, 0x5C, 0x6E, 0x67, 0x2C, 0x4F, 0x53, + 0x30, 0x4C, 0x65, 0x39, 0x90, 0x20, 0x30, 0x55, + 0x30, 0x8C, 0x30, 0x66, 0x30, 0x44, 0x30, 0x8B, + 0x5C, 0x6E, 0x30, 0x4A, 0x30, 0x5D, 0x30, 0x8C, + 0x30, 0x4C, 0x30, 0x42, 0x30, 0x8A, 0x30, 0x7E, + 0x30, 0x59, 0x30, 0x02 + }, "PlayStation Anti-modchip (Japanese)"), + }; + // TODO: Figure out PSX binary header so this can be checked explicitly // TODO: Detect Red Hand protection /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // SOFTWARE TERMINATED\nCONSOLE MAY HAVE BEEN MODIFIED\n CALL 1-888-780-7690 - new ContentMatchSet(new byte?[] - { - 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x4F, 0x46, - 0x54, 0x57, 0x41, 0x52, 0x45, 0x20, 0x54, 0x45, - 0x52, 0x4D, 0x49, 0x4E, 0x41, 0x54, 0x45, 0x44, - 0x5C, 0x6E, 0x43, 0x4F, 0x4E, 0x53, 0x4F, 0x4C, - 0x45, 0x20, 0x4D, 0x41, 0x59, 0x20, 0x48, 0x41, - 0x56, 0x45, 0x20, 0x42, 0x45, 0x45, 0x4E, 0x20, - 0x4D, 0x4F, 0x44, 0x49, 0x46, 0x49, 0x45, 0x44, - 0x5C, 0x6E, 0x20, 0x20, 0x20, 0x20, 0x20, 0x43, - 0x41, 0x4C, 0x4C, 0x20, 0x31, 0x2D, 0x38, 0x38, - 0x38, 0x2D, 0x37, 0x38, 0x30, 0x2D, 0x37, 0x36, - 0x39, 0x30 - }, "PlayStation Anti-modchip (English)"), - - // 強制終了しました。\n本体が改造されている\nおそれがあります。 - new ContentMatchSet(new byte?[] - { - 0x5F, 0x37, 0x52, 0x36, 0x7D, 0x42, 0x4E, 0x86, - 0x30, 0x57, 0x30, 0x7E, 0x30, 0x57, 0x30, 0x5F, - 0x30, 0x02, 0x5C, 0x6E, 0x67, 0x2C, 0x4F, 0x53, - 0x30, 0x4C, 0x65, 0x39, 0x90, 0x20, 0x30, 0x55, - 0x30, 0x8C, 0x30, 0x66, 0x30, 0x44, 0x30, 0x8B, - 0x5C, 0x6E, 0x30, 0x4A, 0x30, 0x5D, 0x30, 0x8C, - 0x30, 0x4C, 0x30, 0x42, 0x30, 0x8A, 0x30, 0x7E, - 0x30, 0x59, 0x30, 0x02 - }, "PlayStation Anti-modchip (Japanese)"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/ProtectDisc.cs b/BurnOutSharp/ProtectionType/ProtectDisc.cs index 907a6726..35759956 100644 --- a/BurnOutSharp/ProtectionType/ProtectDisc.cs +++ b/BurnOutSharp/ProtectionType/ProtectDisc.cs @@ -10,19 +10,22 @@ namespace BurnOutSharp.ProtectionType { public class ProtectDisc : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // HúMETINF + new ContentMatchSet(new byte?[] { 0x48, 0xFA, 0x4D, 0x45, 0x54, 0x49, 0x4E, 0x46 }, GetVersion76till10, "ProtectDisc"), + + // ACE-PCD + new ContentMatchSet(new byte?[] { 0x41, 0x43, 0x45, 0x2D, 0x50, 0x43, 0x44 }, GetVersion6till8, "ProtectDisc"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // HúMETINF - new ContentMatchSet(new byte?[] { 0x48, 0xFA, 0x4D, 0x45, 0x54, 0x49, 0x4E, 0x46 }, GetVersion76till10, "ProtectDisc"), - - // ACE-PCD - new ContentMatchSet(new byte?[] { 0x41, 0x43, 0x45, 0x2D, 0x50, 0x43, 0x44 }, GetVersion6till8, "ProtectDisc"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } public static string GetVersion6till8(string file, byte[] fileContent, List positions) diff --git a/BurnOutSharp/ProtectionType/RingPROTECH.cs b/BurnOutSharp/ProtectionType/RingPROTECH.cs index 04f8682c..7a3a8866 100644 --- a/BurnOutSharp/ProtectionType/RingPROTECH.cs +++ b/BurnOutSharp/ProtectionType/RingPROTECH.cs @@ -5,21 +5,24 @@ namespace BurnOutSharp.ProtectionType { public class RingPROTECH : IContentCheck { - /// + /// + /// Set of all ContentMatchSets for this protection + /// /// TODO: Investigate as this may be over-matching + private static List contentMatchers = new List + { + // (char)0x00 + Allocator + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x00, 0x41, 0x6C, 0x6C, 0x6F, 0x63, 0x61, 0x74, + 0x6F, 0x72, 0x00, 0x00, 0x00, 0x00 + }, "Ring PROTECH [Check disc for physical ring]"), + }; + + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // (char)0x00 + Allocator + (char)0x00 + (char)0x00 + (char)0x00 + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x00, 0x41, 0x6C, 0x6C, 0x6F, 0x63, 0x61, 0x74, - 0x6F, 0x72, 0x00, 0x00, 0x00, 0x00 - }, "Ring PROTECH [Check disc for physical ring]"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/SVKProtector.cs b/BurnOutSharp/ProtectionType/SVKProtector.cs index 5090d84e..bf813b92 100644 --- a/BurnOutSharp/ProtectionType/SVKProtector.cs +++ b/BurnOutSharp/ProtectionType/SVKProtector.cs @@ -5,16 +5,19 @@ namespace BurnOutSharp.ProtectionType { public class SVKProtector : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // ?SVKP + (char)0x00 + (char)0x00 + new ContentMatchSet(new byte?[] { 0x3F, 0x53, 0x56, 0x4B, 0x50, 0x00, 0x00 }, "SVK Protector"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // ?SVKP + (char)0x00 + (char)0x00 - new ContentMatchSet(new byte?[] { 0x3F, 0x53, 0x56, 0x4B, 0x50, 0x00, 0x00 }, "SVK Protector"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/SafeDisc.cs b/BurnOutSharp/ProtectionType/SafeDisc.cs index 2cc9567d..b83dae0f 100644 --- a/BurnOutSharp/ProtectionType/SafeDisc.cs +++ b/BurnOutSharp/ProtectionType/SafeDisc.cs @@ -10,50 +10,53 @@ namespace BurnOutSharp.ProtectionType { public class SafeDisc : IContentCheck, IPathCheck { - /// - public string CheckContents(string file, byte[] fileContent, bool includePosition = false) + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List { - var matchers = new List + new ContentMatchSet(new List { - new ContentMatchSet(new List - { - // BoG_ *90.0&!! Yy> - new byte?[] - { - 0x42, 0x6F, 0x47, 0x5F, 0x20, 0x2A, 0x39, 0x30, - 0x2E, 0x30, 0x26, 0x21, 0x21, 0x20, 0x20, 0x59, - 0x79, 0x3E - }, - - // product activation library - new byte?[] - { - 0x70, 0x72, 0x6F, 0x64, 0x75, 0x63, 0x74, 0x20, - 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x69, - 0x6F, 0x6E, 0x20, 0x6C, 0x69, 0x62, 0x72, 0x61, - 0x72, 0x79 - }, - }, GetVersion, "SafeCast"), - // BoG_ *90.0&!! Yy> - new ContentMatchSet(new byte?[] + new byte?[] { 0x42, 0x6F, 0x47, 0x5F, 0x20, 0x2A, 0x39, 0x30, 0x2E, 0x30, 0x26, 0x21, 0x21, 0x20, 0x20, 0x59, 0x79, 0x3E - }, "SafeDisc"), + }, - // (char)0x00 + (char)0x00 + BoG_ - new ContentMatchSet(new byte?[] { 0x00, 0x00, 0x42, 0x6F, 0x47, 0x5F }, Get320to4xVersion, "SafeDisc"), + // product activation library + new byte?[] + { + 0x70, 0x72, 0x6F, 0x64, 0x75, 0x63, 0x74, 0x20, + 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x69, + 0x6F, 0x6E, 0x20, 0x6C, 0x69, 0x62, 0x72, 0x61, + 0x72, 0x79 + }, + }, GetVersion, "SafeCast"), - // stxt774 - new ContentMatchSet(new byte?[] { 0x73, 0x74, 0x78, 0x74, 0x37, 0x37, 0x34 }, Get320to4xVersion, "SafeDisc"), + // BoG_ *90.0&!! Yy> + new ContentMatchSet(new byte?[] + { + 0x42, 0x6F, 0x47, 0x5F, 0x20, 0x2A, 0x39, 0x30, + 0x2E, 0x30, 0x26, 0x21, 0x21, 0x20, 0x20, 0x59, + 0x79, 0x3E + }, "SafeDisc"), - // stxt371 - new ContentMatchSet(new byte?[] { 0x73, 0x74, 0x78, 0x74, 0x33, 0x37, 0x31 }, Get320to4xVersion, "SafeDisc"), - }; + // (char)0x00 + (char)0x00 + BoG_ + new ContentMatchSet(new byte?[] { 0x00, 0x00, 0x42, 0x6F, 0x47, 0x5F }, Get320to4xVersion, "SafeDisc"), - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + // stxt774 + new ContentMatchSet(new byte?[] { 0x73, 0x74, 0x78, 0x74, 0x37, 0x37, 0x34 }, Get320to4xVersion, "SafeDisc"), + + // stxt371 + new ContentMatchSet(new byte?[] { 0x73, 0x74, 0x78, 0x74, 0x33, 0x37, 0x31 }, Get320to4xVersion, "SafeDisc"), + }; + + /// + public string CheckContents(string file, byte[] fileContent, bool includePosition = false) + { + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/SafeLock.cs b/BurnOutSharp/ProtectionType/SafeLock.cs index 2960e7b9..15fd9bbf 100644 --- a/BurnOutSharp/ProtectionType/SafeLock.cs +++ b/BurnOutSharp/ProtectionType/SafeLock.cs @@ -8,16 +8,19 @@ namespace BurnOutSharp.ProtectionType { public class SafeLock : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // SafeLock + new ContentMatchSet(new byte?[] { 0x53, 0x61, 0x66, 0x65, 0x4C, 0x6F, 0x63, 0x6B }, "SafeLock"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // SafeLock - new ContentMatchSet(new byte?[] { 0x53, 0x61, 0x66, 0x65, 0x4C, 0x6F, 0x63, 0x6B }, "SafeLock"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/SecuROM.cs b/BurnOutSharp/ProtectionType/SecuROM.cs index 9dc8d104..ba5384f5 100644 --- a/BurnOutSharp/ProtectionType/SecuROM.cs +++ b/BurnOutSharp/ProtectionType/SecuROM.cs @@ -9,44 +9,47 @@ namespace BurnOutSharp.ProtectionType { public class SecuROM : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // AddD + (char)0x03 + (char)0x00 + (char)0x00 + (char)0x00) + new ContentMatchSet(new byte?[] { 0x41, 0x64, 0x64, 0x44, 0x03, 0x00, 0x00, 0x00 }, GetV4Version, "SecuROM"), + + // (char)0xCA + (char)0xDD + (char)0xDD + (char)0xAC + (char)0x03 + new ContentMatchSet(new byte?[] { 0xCA, 0xDD, 0xDD, 0xAC, 0x03 }, GetV5Version, "SecuROM"), + + // .securom + (char)0xE0 + (char)0xC0 + new ContentMatchSet(new byte?[] + { + 0x2E, 0x73, 0x65, 0x63, 0x75, 0x72, 0x6F, 0x6D, + 0xE0, 0xC0 + }, GetV7Version, "SecuROM"), + + // .securom + new ContentMatchSet(new byte?[] { 0x2E, 0x73, 0x65, 0x63, 0x75, 0x72, 0x6F, 0x6D }, GetV7Version, "SecuROM"), + + // _and_play.dll + (char)0x00 + drm_pagui_doit + new ContentMatchSet(new byte?[] + { + 0x5F, 0x61, 0x6E, 0x64, 0x5F, 0x70, 0x6C, 0x61, + 0x79, 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0x64, 0x72, + 0x6D, 0x5F, 0x70, 0x61, 0x67, 0x75, 0x69, 0x5F, + 0x64, 0x6F, 0x69, 0x74 + }, Utilities.GetFileVersion, "SecuROM Product Activation"), + + // .cms_t + (char)0x00 + new ContentMatchSet(new byte?[] { 0x2E, 0x63, 0x6D, 0x73, 0x5F, 0x74, 0x00 }, "SecuROM 1-3"), + + // .cms_d + (char)0x00 + new ContentMatchSet(new byte?[] { 0x2E, 0x63, 0x6D, 0x73, 0x5F, 0x64, 0x00 }, "SecuROM 1-3"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // AddD + (char)0x03 + (char)0x00 + (char)0x00 + (char)0x00) - new ContentMatchSet(new byte?[] { 0x41, 0x64, 0x64, 0x44, 0x03, 0x00, 0x00, 0x00 }, GetV4Version, "SecuROM"), - - // (char)0xCA + (char)0xDD + (char)0xDD + (char)0xAC + (char)0x03 - new ContentMatchSet(new byte?[] { 0xCA, 0xDD, 0xDD, 0xAC, 0x03 }, GetV5Version, "SecuROM"), - - // .securom + (char)0xE0 + (char)0xC0 - new ContentMatchSet(new byte?[] - { - 0x2E, 0x73, 0x65, 0x63, 0x75, 0x72, 0x6F, 0x6D, - 0xE0, 0xC0 - }, GetV7Version, "SecuROM"), - - // .securom - new ContentMatchSet(new byte?[] { 0x2E, 0x73, 0x65, 0x63, 0x75, 0x72, 0x6F, 0x6D }, GetV7Version, "SecuROM"), - - // _and_play.dll + (char)0x00 + drm_pagui_doit - new ContentMatchSet(new byte?[] - { - 0x5F, 0x61, 0x6E, 0x64, 0x5F, 0x70, 0x6C, 0x61, - 0x79, 0x2E, 0x64, 0x6C, 0x6C, 0x00, 0x64, 0x72, - 0x6D, 0x5F, 0x70, 0x61, 0x67, 0x75, 0x69, 0x5F, - 0x64, 0x6F, 0x69, 0x74 - }, Utilities.GetFileVersion, "SecuROM Product Activation"), - - // .cms_t + (char)0x00 - new ContentMatchSet(new byte?[] { 0x2E, 0x63, 0x6D, 0x73, 0x5F, 0x74, 0x00 }, "SecuROM 1-3"), - - // .cms_d + (char)0x00 - new ContentMatchSet(new byte?[] { 0x2E, 0x63, 0x6D, 0x73, 0x5F, 0x64, 0x00 }, "SecuROM 1-3"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/SmartE.cs b/BurnOutSharp/ProtectionType/SmartE.cs index cf548e24..f0206c2e 100644 --- a/BurnOutSharp/ProtectionType/SmartE.cs +++ b/BurnOutSharp/ProtectionType/SmartE.cs @@ -8,16 +8,19 @@ namespace BurnOutSharp.ProtectionType { public class SmartE : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // BITARTS + new ContentMatchSet(new byte?[] { 0x42, 0x49, 0x54, 0x41, 0x52, 0x54, 0x53 }, "SmartE"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // BITARTS - new ContentMatchSet(new byte?[] { 0x42, 0x49, 0x54, 0x41, 0x52, 0x54, 0x53 }, "SmartE"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/SolidShield.cs b/BurnOutSharp/ProtectionType/SolidShield.cs index db206443..64e249bc 100644 --- a/BurnOutSharp/ProtectionType/SolidShield.cs +++ b/BurnOutSharp/ProtectionType/SolidShield.cs @@ -9,78 +9,81 @@ namespace BurnOutSharp.ProtectionType { public class SolidShield : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // D + (char)0x00 + V + (char)0x00 + M + (char)0x00 + + (char)0x00 + L + (char)0x00 + i + (char)0x00 + b + (char)0x00 + r + (char)0x00 + a + (char)0x00 + r + (char)0x00 + y + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x44, 0x00, 0x56, 0x00, 0x4D, 0x00, 0x20, 0x00, + 0x4C, 0x00, 0x69, 0x00, 0x62, 0x00, 0x72, 0x00, + 0x61, 0x00, 0x72, 0x00, 0x79, 0x00 + }, Utilities.GetFileVersion, "SolidShield"), + + // S + (char)0x00 + o + (char)0x00 + l + (char)0x00 + i + (char)0x00 + d + (char)0x00 + s + (char)0x00 + h + (char)0x00 + i + (char)0x00 + e + (char)0x00 + l + (char)0x00 + d + (char)0x00 + + (char)0x00 + L + (char)0x00 + i + (char)0x00 + b + (char)0x00 + r + (char)0x00 + a + (char)0x00 + r + (char)0x00 + y + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x53, 0x00, 0x6F, 0x00, 0x6C, 0x00, 0x69, 0x00, + 0x64, 0x00, 0x73, 0x00, 0x68, 0x00, 0x69, 0x00, + 0x65, 0x00, 0x6C, 0x00, 0x64, 0x00, 0x20, 0x00, + 0x4C, 0x00, 0x69, 0x00, 0x62, 0x00, 0x72, 0x00, + 0x61, 0x00, 0x72, 0x00, 0x79, 0x00 + }, GetFileVersion, "SolidShield Core.dll"), + + // S + (char)0x00 + o + (char)0x00 + l + (char)0x00 + i + (char)0x00 + d + (char)0x00 + s + (char)0x00 + h + (char)0x00 + i + (char)0x00 + e + (char)0x00 + l + (char)0x00 + d + (char)0x00 + + (char)0x00 + A + (char)0x00 + c + (char)0x00 + t + (char)0x00 + i + (char)0x00 + v + (char)0x00 + a + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + + (char)0x00 + L + (char)0x00 + i + (char)0x00 + b + (char)0x00 + r + (char)0x00 + a + (char)0x00 + r + (char)0x00 + y + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x53, 0x00, 0x6F, 0x00, 0x6C, 0x00, 0x69, 0x00, + 0x64, 0x00, 0x73, 0x00, 0x68, 0x00, 0x69, 0x00, + 0x65, 0x00, 0x6C, 0x00, 0x64, 0x00, 0x20, 0x00, + 0x41, 0x00, 0x63, 0x00, 0x74, 0x00, 0x69, 0x00, + 0x76, 0x00, 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, + 0x6F, 0x00, 0x6E, 0x00, 0x20, 0x00, 0x4C, 0x00, + 0x69, 0x00, 0x62, 0x00, 0x72, 0x00, 0x61, 0x00, + 0x72, 0x00, 0x79, 0x00 + }, GetFileVersion, "SolidShield Core.dll"), + + // (char)0xEF + (char)0xBE + (char)0xAD + (char)0xDE + new ContentMatchSet(new byte?[] { 0xEF, 0xBE, 0xAD, 0xDE }, GetExeWrapperVersion, "SolidShield"), + + // A + (char)0x00 + c + (char)0x00 + t + (char)0x00 + i + (char)0x00 + v + (char)0x00 + a + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + + (char)0x00 + M + (char)0x00 + a + (char)0x00 + n + (char)0x00 + a + (char)0x00 + g + (char)0x00 + e + (char)0x00 + r + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x41, 0x00, 0x63, 0x00, 0x74, 0x00, 0x69, 0x00, + 0x76, 0x00, 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, + 0x6f, 0x00, 0x6e, 0x00, 0x20, 0x00, 0x4d, 0x00, + 0x61, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x67, 0x00, + 0x65, 0x00, 0x72, 0x00 + }, GetFileVersion, "SolidShield Activation Manager Module"), + + // dvm.dll + new ContentMatchSet(new byte?[] { 0x64, 0x76, 0x6D, 0x2E, 0x64, 0x6C, 0x6C }, "SolidShield EXE Wrapper"), + + // (char)0xAD + (char)0xDE + (char)0xFE + (char)0xCA + new ContentMatchSet(new byte?[] { 0xAD, 0xDE, 0xFE, 0xCA }, GetVersionPlusTages, "SolidShield"), + + // Solidshield + new ContentMatchSet(new byte?[] + { + 0x53, 0x6F, 0x6C, 0x69, 0x64, 0x73, 0x68, 0x69, + 0x65, 0x6C, 0x64 + }, GetVersion, "SolidShield"), + + // B + (char)0x00 + I + (char)0x00 + N + (char)0x00 + (char)0x7 + (char)0x00 + I + (char)0x00 + D + (char)0x00 + R + (char)0x00 + _ + (char)0x00 + S + (char)0x00 + G + (char)0x00 + T + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x42, 0x00, 0x49, 0x00, 0x4E, 0x00, 0x07, 0x00, + 0x49, 0x00, 0x44, 0x00, 0x52, 0x00, 0x5F, 0x00, + 0x53, 0x00, 0x47, 0x00, 0x54, 0x00 + }, "SolidShield"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // D + (char)0x00 + V + (char)0x00 + M + (char)0x00 + + (char)0x00 + L + (char)0x00 + i + (char)0x00 + b + (char)0x00 + r + (char)0x00 + a + (char)0x00 + r + (char)0x00 + y + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x44, 0x00, 0x56, 0x00, 0x4D, 0x00, 0x20, 0x00, - 0x4C, 0x00, 0x69, 0x00, 0x62, 0x00, 0x72, 0x00, - 0x61, 0x00, 0x72, 0x00, 0x79, 0x00 - }, Utilities.GetFileVersion, "SolidShield"), - - // S + (char)0x00 + o + (char)0x00 + l + (char)0x00 + i + (char)0x00 + d + (char)0x00 + s + (char)0x00 + h + (char)0x00 + i + (char)0x00 + e + (char)0x00 + l + (char)0x00 + d + (char)0x00 + + (char)0x00 + L + (char)0x00 + i + (char)0x00 + b + (char)0x00 + r + (char)0x00 + a + (char)0x00 + r + (char)0x00 + y + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x53, 0x00, 0x6F, 0x00, 0x6C, 0x00, 0x69, 0x00, - 0x64, 0x00, 0x73, 0x00, 0x68, 0x00, 0x69, 0x00, - 0x65, 0x00, 0x6C, 0x00, 0x64, 0x00, 0x20, 0x00, - 0x4C, 0x00, 0x69, 0x00, 0x62, 0x00, 0x72, 0x00, - 0x61, 0x00, 0x72, 0x00, 0x79, 0x00 - }, GetFileVersion, "SolidShield Core.dll"), - - // S + (char)0x00 + o + (char)0x00 + l + (char)0x00 + i + (char)0x00 + d + (char)0x00 + s + (char)0x00 + h + (char)0x00 + i + (char)0x00 + e + (char)0x00 + l + (char)0x00 + d + (char)0x00 + + (char)0x00 + A + (char)0x00 + c + (char)0x00 + t + (char)0x00 + i + (char)0x00 + v + (char)0x00 + a + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + + (char)0x00 + L + (char)0x00 + i + (char)0x00 + b + (char)0x00 + r + (char)0x00 + a + (char)0x00 + r + (char)0x00 + y + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x53, 0x00, 0x6F, 0x00, 0x6C, 0x00, 0x69, 0x00, - 0x64, 0x00, 0x73, 0x00, 0x68, 0x00, 0x69, 0x00, - 0x65, 0x00, 0x6C, 0x00, 0x64, 0x00, 0x20, 0x00, - 0x41, 0x00, 0x63, 0x00, 0x74, 0x00, 0x69, 0x00, - 0x76, 0x00, 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, - 0x6F, 0x00, 0x6E, 0x00, 0x20, 0x00, 0x4C, 0x00, - 0x69, 0x00, 0x62, 0x00, 0x72, 0x00, 0x61, 0x00, - 0x72, 0x00, 0x79, 0x00 - }, GetFileVersion, "SolidShield Core.dll"), - - // (char)0xEF + (char)0xBE + (char)0xAD + (char)0xDE - new ContentMatchSet(new byte?[] { 0xEF, 0xBE, 0xAD, 0xDE }, GetExeWrapperVersion, "SolidShield"), - - // A + (char)0x00 + c + (char)0x00 + t + (char)0x00 + i + (char)0x00 + v + (char)0x00 + a + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + + (char)0x00 + M + (char)0x00 + a + (char)0x00 + n + (char)0x00 + a + (char)0x00 + g + (char)0x00 + e + (char)0x00 + r + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x41, 0x00, 0x63, 0x00, 0x74, 0x00, 0x69, 0x00, - 0x76, 0x00, 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, - 0x6f, 0x00, 0x6e, 0x00, 0x20, 0x00, 0x4d, 0x00, - 0x61, 0x00, 0x6e, 0x00, 0x61, 0x00, 0x67, 0x00, - 0x65, 0x00, 0x72, 0x00 - }, GetFileVersion, "SolidShield Activation Manager Module"), - - // dvm.dll - new ContentMatchSet(new byte?[] { 0x64, 0x76, 0x6D, 0x2E, 0x64, 0x6C, 0x6C }, "SolidShield EXE Wrapper"), - - // (char)0xAD + (char)0xDE + (char)0xFE + (char)0xCA - new ContentMatchSet(new byte?[] { 0xAD, 0xDE, 0xFE, 0xCA }, GetVersionPlusTages, "SolidShield"), - - // Solidshield - new ContentMatchSet(new byte?[] - { - 0x53, 0x6F, 0x6C, 0x69, 0x64, 0x73, 0x68, 0x69, - 0x65, 0x6C, 0x64 - }, GetVersion, "SolidShield"), - - // B + (char)0x00 + I + (char)0x00 + N + (char)0x00 + (char)0x7 + (char)0x00 + I + (char)0x00 + D + (char)0x00 + R + (char)0x00 + _ + (char)0x00 + S + (char)0x00 + G + (char)0x00 + T + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x42, 0x00, 0x49, 0x00, 0x4E, 0x00, 0x07, 0x00, - 0x49, 0x00, 0x44, 0x00, 0x52, 0x00, 0x5F, 0x00, - 0x53, 0x00, 0x47, 0x00, 0x54, 0x00 - }, "SolidShield"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/StarForce.cs b/BurnOutSharp/ProtectionType/StarForce.cs index 1b7046b7..4a8e620d 100644 --- a/BurnOutSharp/ProtectionType/StarForce.cs +++ b/BurnOutSharp/ProtectionType/StarForce.cs @@ -8,47 +8,15 @@ namespace BurnOutSharp.ProtectionType { public class StarForce : IContentCheck, IPathCheck { - /// - public string CheckContents(string file, byte[] fileContent, bool includePosition = false) + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List { - var matchers = new List + new ContentMatchSet(new List { - new ContentMatchSet(new List - { - // ( + (char)0x00 + c + (char)0x00 + ) + (char)0x00 + + (char)0x00 + P + (char)0x00 + r + (char)0x00 + o + (char)0x00 + t + (char)0x00 + e + (char)0x00 + c + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + + (char)0x00 + T + (char)0x00 + e + (char)0x00 + c + (char)0x00 + h + (char)0x00 + n + (char)0x00 + o + (char)0x00 + l + (char)0x00 + o + (char)0x00 + g + (char)0x00 + y + (char)0x00 - new byte?[] - { - 0x28, 0x00, 0x63, 0x00, 0x29, 0x00, 0x20, 0x00, - 0x50, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x74, 0x00, - 0x65, 0x00, 0x63, 0x00, 0x74, 0x00, 0x69, 0x00, - 0x6F, 0x00, 0x6E, 0x00, 0x20, 0x00, 0x54, 0x00, - 0x65, 0x00, 0x63, 0x00, 0x68, 0x00, 0x6E, 0x00, - 0x6F, 0x00, 0x6C, 0x00, 0x6F, 0x00, 0x67, 0x00, - 0x79, 0x00 - }, - - // // PSA_GetDiscLabel - // new byte?[] - // { - // 0x50, 0x53, 0x41, 0x5F, 0x47, 0x65, 0x74, 0x44, - // 0x69, 0x73, 0x63, 0x4C, 0x61, 0x62, 0x65, 0x6C - // }, - - // (c) Protection Technology - // new byte?[] - // { - // 0x28, 0x63, 0x29, 0x20, 0x50, 0x72, 0x6F, 0x74, - // 0x65, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x54, - // 0x65, 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, - // 0x79 - // }, - - // TradeName - new byte?[] { 0x54, 0x72, 0x61, 0x64, 0x65, 0x4E, 0x61, 0x6D, 0x65 }, - }, GetVersion, "StarForce"), - // ( + (char)0x00 + c + (char)0x00 + ) + (char)0x00 + + (char)0x00 + P + (char)0x00 + r + (char)0x00 + o + (char)0x00 + t + (char)0x00 + e + (char)0x00 + c + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + + (char)0x00 + T + (char)0x00 + e + (char)0x00 + c + (char)0x00 + h + (char)0x00 + n + (char)0x00 + o + (char)0x00 + l + (char)0x00 + o + (char)0x00 + g + (char)0x00 + y + (char)0x00 - new ContentMatchSet(new byte?[] + new byte?[] { 0x28, 0x00, 0x63, 0x00, 0x29, 0x00, 0x20, 0x00, 0x50, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x74, 0x00, @@ -57,65 +25,100 @@ namespace BurnOutSharp.ProtectionType 0x65, 0x00, 0x63, 0x00, 0x68, 0x00, 0x6E, 0x00, 0x6F, 0x00, 0x6C, 0x00, 0x6F, 0x00, 0x67, 0x00, 0x79, 0x00 - }, Utilities.GetFileVersion, "StarForce"), + }, - new ContentMatchSet(new List - { - // Protection Technology, Ltd. - new byte?[] - { - 0x50, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x69, - 0x6F, 0x6E, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6E, - 0x6F, 0x6C, 0x6F, 0x67, 0x79, 0x2C, 0x20, 0x4C, - 0x74, 0x64, 0x2E - }, + // // PSA_GetDiscLabel + // new byte?[] + // { + // 0x50, 0x53, 0x41, 0x5F, 0x47, 0x65, 0x74, 0x44, + // 0x69, 0x73, 0x63, 0x4C, 0x61, 0x62, 0x65, 0x6C + // }, - // // PSA_GetDiscLabel - // new byte?[] - // { - // 0x50, 0x53, 0x41, 0x5F, 0x47, 0x65, 0x74, 0x44, - // 0x69, 0x73, 0x63, 0x4C, 0x61, 0x62, 0x65, 0x6C - // }, + // (c) Protection Technology + // new byte?[] + // { + // 0x28, 0x63, 0x29, 0x20, 0x50, 0x72, 0x6F, 0x74, + // 0x65, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x54, + // 0x65, 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, + // 0x79 + // }, - // (c) Protection Technology - // new byte?[] - // { - // 0x28, 0x63, 0x29, 0x20, 0x50, 0x72, 0x6F, 0x74, - // 0x65, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x54, - // 0x65, 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, - // 0x79 - // }, + // TradeName + new byte?[] { 0x54, 0x72, 0x61, 0x64, 0x65, 0x4E, 0x61, 0x6D, 0x65 }, + }, GetVersion, "StarForce"), - // TradeName - new byte?[] { 0x54, 0x72, 0x61, 0x64, 0x65, 0x4E, 0x61, 0x6D, 0x65 }, - }, GetVersion, "StarForce"), + // ( + (char)0x00 + c + (char)0x00 + ) + (char)0x00 + + (char)0x00 + P + (char)0x00 + r + (char)0x00 + o + (char)0x00 + t + (char)0x00 + e + (char)0x00 + c + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + + (char)0x00 + T + (char)0x00 + e + (char)0x00 + c + (char)0x00 + h + (char)0x00 + n + (char)0x00 + o + (char)0x00 + l + (char)0x00 + o + (char)0x00 + g + (char)0x00 + y + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x28, 0x00, 0x63, 0x00, 0x29, 0x00, 0x20, 0x00, + 0x50, 0x00, 0x72, 0x00, 0x6F, 0x00, 0x74, 0x00, + 0x65, 0x00, 0x63, 0x00, 0x74, 0x00, 0x69, 0x00, + 0x6F, 0x00, 0x6E, 0x00, 0x20, 0x00, 0x54, 0x00, + 0x65, 0x00, 0x63, 0x00, 0x68, 0x00, 0x6E, 0x00, + 0x6F, 0x00, 0x6C, 0x00, 0x6F, 0x00, 0x67, 0x00, + 0x79, 0x00 + }, Utilities.GetFileVersion, "StarForce"), + new ContentMatchSet(new List + { // Protection Technology, Ltd. - new ContentMatchSet(new byte?[] + new byte?[] { 0x50, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, 0x79, 0x2C, 0x20, 0x4C, 0x74, 0x64, 0x2E - }, Utilities.GetFileVersion, "StarForce"), + }, - // .sforce - new ContentMatchSet(new byte?[] { 0x2E, 0x73, 0x66, 0x6F, 0x72, 0x63, 0x65 }, "StarForce 3-5"), + // // PSA_GetDiscLabel + // new byte?[] + // { + // 0x50, 0x53, 0x41, 0x5F, 0x47, 0x65, 0x74, 0x44, + // 0x69, 0x73, 0x63, 0x4C, 0x61, 0x62, 0x65, 0x6C + // }, - // .brick - new ContentMatchSet(new byte?[] { 0x2E, 0x62, 0x72, 0x69, 0x63, 0x6B }, "StarForce 3-5"), + // (c) Protection Technology + // new byte?[] + // { + // 0x28, 0x63, 0x29, 0x20, 0x50, 0x72, 0x6F, 0x74, + // 0x65, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x54, + // 0x65, 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, + // 0x79 + // }, - // P + (char)0x00 + r + (char)0x00 + o + (char)0x00 + t + (char)0x00 + e + (char)0x00 + c + (char)0x00 + t + (char)0x00 + e + (char)0x00 + d + (char)0x00 + + (char)0x00 + M + (char)0x00 + o + (char)0x00 + d + (char)0x00 + u + (char)0x00 + l + (char)0x00 + e + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x50, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x74, 0x00, - 0x65, 0x00, 0x63, 0x00, 0x74, 0x00, 0x65, 0x00, - 0x64, 0x00, 0x20, 0x00, 0x4d, 0x00, 0x6f, 0x00, - 0x64, 0x00, 0x75, 0x00, 0x6c, 0x00, 0x65, 0x00 - }, "StarForce 5"), - }; + // TradeName + new byte?[] { 0x54, 0x72, 0x61, 0x64, 0x65, 0x4E, 0x61, 0x6D, 0x65 }, + }, GetVersion, "StarForce"), - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + // Protection Technology, Ltd. + new ContentMatchSet(new byte?[] + { + 0x50, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x69, + 0x6F, 0x6E, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6E, + 0x6F, 0x6C, 0x6F, 0x67, 0x79, 0x2C, 0x20, 0x4C, + 0x74, 0x64, 0x2E + }, Utilities.GetFileVersion, "StarForce"), + + // .sforce + new ContentMatchSet(new byte?[] { 0x2E, 0x73, 0x66, 0x6F, 0x72, 0x63, 0x65 }, "StarForce 3-5"), + + // .brick + new ContentMatchSet(new byte?[] { 0x2E, 0x62, 0x72, 0x69, 0x63, 0x6B }, "StarForce 3-5"), + + // P + (char)0x00 + r + (char)0x00 + o + (char)0x00 + t + (char)0x00 + e + (char)0x00 + c + (char)0x00 + t + (char)0x00 + e + (char)0x00 + d + (char)0x00 + + (char)0x00 + M + (char)0x00 + o + (char)0x00 + d + (char)0x00 + u + (char)0x00 + l + (char)0x00 + e + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x50, 0x00, 0x72, 0x00, 0x6f, 0x00, 0x74, 0x00, + 0x65, 0x00, 0x63, 0x00, 0x74, 0x00, 0x65, 0x00, + 0x64, 0x00, 0x20, 0x00, 0x4d, 0x00, 0x6f, 0x00, + 0x64, 0x00, 0x75, 0x00, 0x6c, 0x00, 0x65, 0x00 + }, "StarForce 5"), + }; + + /// + public string CheckContents(string file, byte[] fileContent, bool includePosition = false) + { + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/Sysiphus.cs b/BurnOutSharp/ProtectionType/Sysiphus.cs index 1ca62331..cd379099 100644 --- a/BurnOutSharp/ProtectionType/Sysiphus.cs +++ b/BurnOutSharp/ProtectionType/Sysiphus.cs @@ -5,27 +5,30 @@ namespace BurnOutSharp.ProtectionType { public class Sysiphus : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // V SUHPISYSDVD + new ContentMatchSet(new byte?[] + { + 0x56, 0x20, 0x53, 0x55, 0x48, 0x50, 0x49, 0x53, + 0x59, 0x53, 0x44, 0x56, 0x44 + }, GetVersion, "Sysiphus DVD"), + + // V SUHPISYSDVD + new ContentMatchSet(new byte?[] + { + 0x56, 0x20, 0x53, 0x55, 0x48, 0x50, 0x49, 0x53, + 0x59, 0x53 + }, GetVersion, "Sysiphus"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // V SUHPISYSDVD - new ContentMatchSet(new byte?[] - { - 0x56, 0x20, 0x53, 0x55, 0x48, 0x50, 0x49, 0x53, - 0x59, 0x53, 0x44, 0x56, 0x44 - }, GetVersion, "Sysiphus DVD"), - - // V SUHPISYSDVD - new ContentMatchSet(new byte?[] - { - 0x56, 0x20, 0x53, 0x55, 0x48, 0x50, 0x49, 0x53, - 0x59, 0x53 - }, GetVersion, "Sysiphus"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } public static string GetVersion(string file, byte[] fileContent, List positions) diff --git a/BurnOutSharp/ProtectionType/Tages.cs b/BurnOutSharp/ProtectionType/Tages.cs index 3b02ace1..d5aa44c8 100644 --- a/BurnOutSharp/ProtectionType/Tages.cs +++ b/BurnOutSharp/ProtectionType/Tages.cs @@ -8,33 +8,36 @@ namespace BurnOutSharp.ProtectionType { public class Tages : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // protected-tages-runtime.exe + new ContentMatchSet(new byte?[] + { + 0x70, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x65, + 0x64, 0x2D, 0x74, 0x61, 0x67, 0x65, 0x73, 0x2D, + 0x72, 0x75, 0x6E, 0x74, 0x69, 0x6D, 0x65, 0x2E, + 0x65, 0x78, 0x65 + }, Utilities.GetFileVersion, "TAGES"), + + // tagesprotection.com + new ContentMatchSet(new byte?[] + { + 0x74, 0x61, 0x67, 0x65, 0x73, 0x70, 0x72, 0x6F, + 0x74, 0x65, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x2E, + 0x63, 0x6F, 0x6D + }, Utilities.GetFileVersion, "TAGES"), + + // (char)0xE8 + u + (char)0x00 + (char)0x00 + (char)0x00 + (char)0xE8 + new ContentMatchSet(new byte?[] { 0xE8, 0x75, 0x00, 0x00, 0x00, 0xE8 }, GetVersion, "TAGES"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // protected-tages-runtime.exe - new ContentMatchSet(new byte?[] - { - 0x70, 0x72, 0x6F, 0x74, 0x65, 0x63, 0x74, 0x65, - 0x64, 0x2D, 0x74, 0x61, 0x67, 0x65, 0x73, 0x2D, - 0x72, 0x75, 0x6E, 0x74, 0x69, 0x6D, 0x65, 0x2E, - 0x65, 0x78, 0x65 - }, Utilities.GetFileVersion, "TAGES"), - - // tagesprotection.com - new ContentMatchSet(new byte?[] - { - 0x74, 0x61, 0x67, 0x65, 0x73, 0x70, 0x72, 0x6F, - 0x74, 0x65, 0x63, 0x74, 0x69, 0x6F, 0x6E, 0x2E, - 0x63, 0x6F, 0x6D - }, Utilities.GetFileVersion, "TAGES"), - - // (char)0xE8 + u + (char)0x00 + (char)0x00 + (char)0x00 + (char)0xE8 - new ContentMatchSet(new byte?[] { 0xE8, 0x75, 0x00, 0x00, 0x00, 0xE8 }, GetVersion, "TAGES"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/ThreePLock.cs b/BurnOutSharp/ProtectionType/ThreePLock.cs index 6dc32a72..3a18bd8c 100644 --- a/BurnOutSharp/ProtectionType/ThreePLock.cs +++ b/BurnOutSharp/ProtectionType/ThreePLock.cs @@ -5,30 +5,33 @@ namespace BurnOutSharp.ProtectionType { public class ThreePLock : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + new ContentMatchSet(new List + { + // .ldr + new byte?[] { 0x2E, 0x6C, 0x64, 0x72 }, + + // .ldt + new byte?[] { 0x2E, 0x6C, 0x64, 0x74 }, + }, "3PLock"), + + // This produced false positives in some DirectX 9.0c installer files + // "Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW" + // new ContentMatchSet(new byte?[] + // { + // 0x59, 0xC3, 0x55, 0x8B, 0xEC, 0x83, 0xEC, 0x30, + // 0x53, 0x56, 0x57 + // }, "3PLock"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - new ContentMatchSet(new List - { - // .ldr - new byte?[] { 0x2E, 0x6C, 0x64, 0x72 }, - - // .ldt - new byte?[] { 0x2E, 0x6C, 0x64, 0x74 }, - }, "3PLock"), - - // This produced false positives in some DirectX 9.0c installer files - // "Y" + (char)0xC3 + "U" + (char)0x8B + (char)0xEC + (char)0x83 + (char)0xEC + "0SVW" - // new ContentMatchSet(new byte?[] - // { - // 0x59, 0xC3, 0x55, 0x8B, 0xEC, 0x83, 0xEC, 0x30, - // 0x53, 0x56, 0x57 - // }, "3PLock"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs b/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs index 358abdba..6a3b34dc 100644 --- a/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs +++ b/BurnOutSharp/ProtectionType/ThreeTwoOneStudios.cs @@ -5,24 +5,27 @@ namespace BurnOutSharp.ProtectionType { public class ThreeTwoOneStudios : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // 3 + (char)0x00 + 1 + 2 + (char)0x00 + 1 + (char)0x00 + S + (char)0x00 + t + (char)0x00 + u + (char)0x00 + d + (char)0x00 + i + (char)0x00 + o + (char)0x00 + s + (char)0x00 + + (char)0x00 + A + (char)0x00 + c + (char)0x00 + t + (char)0x00 + i + (char)0x00 + v + (char)0x00 + a + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 + new ContentMatchSet(new byte?[] + { + 0x33, 0x00, 0x32, 0x00, 0x31, 0x00, 0x53, 0x00, + 0x74, 0x00, 0x75, 0x00, 0x64, 0x00, 0x69, 0x00, + 0x6F, 0x00, 0x73, 0x00, 0x20, 0x00, 0x41, 0x00, + 0x63, 0x00, 0x74, 0x00, 0x69, 0x00, 0x76, 0x00, + 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6F, 0x00, + 0x6E, 0x00 + }, "321Studios Online Activation"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // 3 + (char)0x00 + 1 + 2 + (char)0x00 + 1 + (char)0x00 + S + (char)0x00 + t + (char)0x00 + u + (char)0x00 + d + (char)0x00 + i + (char)0x00 + o + (char)0x00 + s + (char)0x00 + + (char)0x00 + A + (char)0x00 + c + (char)0x00 + t + (char)0x00 + i + (char)0x00 + v + (char)0x00 + a + (char)0x00 + t + (char)0x00 + i + (char)0x00 + o + (char)0x00 + n + (char)0x00 - new ContentMatchSet(new byte?[] - { - 0x33, 0x00, 0x32, 0x00, 0x31, 0x00, 0x53, 0x00, - 0x74, 0x00, 0x75, 0x00, 0x64, 0x00, 0x69, 0x00, - 0x6F, 0x00, 0x73, 0x00, 0x20, 0x00, 0x41, 0x00, - 0x63, 0x00, 0x74, 0x00, 0x69, 0x00, 0x76, 0x00, - 0x61, 0x00, 0x74, 0x00, 0x69, 0x00, 0x6F, 0x00, - 0x6E, 0x00 - }, "321Studios Online Activation"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/ProtectionType/VOBProtectCDDVD.cs b/BurnOutSharp/ProtectionType/VOBProtectCDDVD.cs index d8a67746..76da1a1c 100644 --- a/BurnOutSharp/ProtectionType/VOBProtectCDDVD.cs +++ b/BurnOutSharp/ProtectionType/VOBProtectCDDVD.cs @@ -10,26 +10,29 @@ namespace BurnOutSharp.ProtectionType { public class VOBProtectCDDVD : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // VOB ProtectCD + new ContentMatchSet(new byte?[] + { + 0x56, 0x4F, 0x42, 0x20, 0x50, 0x72, 0x6F, 0x74, + 0x65, 0x63, 0x74, 0x43, 0x44 + }, GetOldVersion, "VOB ProtectCD/DVD"), + + // DCP-BOV + (char)0x00 + (char)0x00 + new ContentMatchSet(new byte?[] { 0x44, 0x43, 0x50, 0x2D, 0x42, 0x4F, 0x56, 0x00, 0x00 }, GetVersion, "VOB ProtectCD/DVD"), + + // .vob.pcd + new ContentMatchSet(new byte?[] { 0x2E, 0x76, 0x6F, 0x62, 0x2E, 0x70, 0x63, 0x64 }, "VOB ProtectCD"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // VOB ProtectCD - new ContentMatchSet(new byte?[] - { - 0x56, 0x4F, 0x42, 0x20, 0x50, 0x72, 0x6F, 0x74, - 0x65, 0x63, 0x74, 0x43, 0x44 - }, GetOldVersion, "VOB ProtectCD/DVD"), - - // DCP-BOV + (char)0x00 + (char)0x00 - new ContentMatchSet(new byte?[] { 0x44, 0x43, 0x50, 0x2D, 0x42, 0x4F, 0x56, 0x00, 0x00 }, GetVersion, "VOB ProtectCD/DVD"), - - // .vob.pcd - new ContentMatchSet(new byte?[] { 0x2E, 0x76, 0x6F, 0x62, 0x2E, 0x70, 0x63, 0x64 }, "VOB ProtectCD"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/WTMCDProtect.cs b/BurnOutSharp/ProtectionType/WTMCDProtect.cs index 12bca8ec..cb0c7132 100644 --- a/BurnOutSharp/ProtectionType/WTMCDProtect.cs +++ b/BurnOutSharp/ProtectionType/WTMCDProtect.cs @@ -8,16 +8,19 @@ namespace BurnOutSharp.ProtectionType { public class WTMCDProtect : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // WTM76545 + new ContentMatchSet(new byte?[] { 0x57, 0x54, 0x4D, 0x37, 0x36, 0x35, 0x34, 0x35 }, "WTM CD Protect"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // WTM76545 - new ContentMatchSet(new byte?[] { 0x57, 0x54, 0x4D, 0x37, 0x36, 0x35, 0x34, 0x35 }, "WTM CD Protect"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/XCP.cs b/BurnOutSharp/ProtectionType/XCP.cs index 40b34317..4ed67989 100644 --- a/BurnOutSharp/ProtectionType/XCP.cs +++ b/BurnOutSharp/ProtectionType/XCP.cs @@ -9,30 +9,33 @@ namespace BurnOutSharp.ProtectionType { public class XCP : IContentCheck, IPathCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // XCP.DAT + new ContentMatchSet(new byte?[] { 0x58, 0x43, 0x50, 0x2E, 0x44, 0x41, 0x54 }, "XCP"), + + // XCPPlugins.dll + new ContentMatchSet(new byte?[] + { + 0x58, 0x43, 0x50, 0x50, 0x6C, 0x75, 0x67, 0x69, + 0x6E, 0x73, 0x2E, 0x64, 0x6C, 0x6C + }, "XCP"), + + // XCPPhoenix.dll + new ContentMatchSet(new byte?[] + { + 0x58, 0x43, 0x50, 0x50, 0x68, 0x6F, 0x65, 0x6E, + 0x69, 0x78, 0x2E, 0x64, 0x6C, 0x6C + }, "XCP"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // XCP.DAT - new ContentMatchSet(new byte?[] { 0x58, 0x43, 0x50, 0x2E, 0x44, 0x41, 0x54 }, "XCP"), - - // XCPPlugins.dll - new ContentMatchSet(new byte?[] - { - 0x58, 0x43, 0x50, 0x50, 0x6C, 0x75, 0x67, 0x69, - 0x6E, 0x73, 0x2E, 0x64, 0x6C, 0x6C - }, "XCP"), - - // XCPPhoenix.dll - new ContentMatchSet(new byte?[] - { - 0x58, 0x43, 0x50, 0x50, 0x68, 0x6F, 0x65, 0x6E, - 0x69, 0x78, 0x2E, 0x64, 0x6C, 0x6C - }, "XCP"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } /// diff --git a/BurnOutSharp/ProtectionType/XtremeProtector.cs b/BurnOutSharp/ProtectionType/XtremeProtector.cs index 09a3611e..9976ed1e 100644 --- a/BurnOutSharp/ProtectionType/XtremeProtector.cs +++ b/BurnOutSharp/ProtectionType/XtremeProtector.cs @@ -5,16 +5,19 @@ namespace BurnOutSharp.ProtectionType { public class XtremeProtector : IContentCheck { + /// + /// Set of all ContentMatchSets for this protection + /// + private static List contentMatchers = new List + { + // XPROT + new ContentMatchSet(new byte?[] { 0x58, 0x50, 0x52, 0x4F, 0x54, 0x20, 0x20, 0x20 }, "Xtreme-Protector"), + }; + /// public string CheckContents(string file, byte[] fileContent, bool includePosition = false) { - var matchers = new List - { - // XPROT - new ContentMatchSet(new byte?[] { 0x58, 0x50, 0x52, 0x4F, 0x54, 0x20, 0x20, 0x20 }, "Xtreme-Protector"), - }; - - return MatchUtil.GetFirstMatch(file, fileContent, matchers, includePosition); + return MatchUtil.GetFirstMatch(file, fileContent, contentMatchers, includePosition); } } } diff --git a/BurnOutSharp/Scanner.cs b/BurnOutSharp/Scanner.cs index 65405c3a..443796d5 100644 --- a/BurnOutSharp/Scanner.cs +++ b/BurnOutSharp/Scanner.cs @@ -193,7 +193,7 @@ namespace BurnOutSharp foreach (var pathCheckClass in pathCheckClasses) { IPathCheck pathCheck = Activator.CreateInstance(pathCheckClass) as IPathCheck; - string protection = pathCheck.CheckDirectoryPath(path, files);; + string protection = pathCheck.CheckDirectoryPath(path, files); if (!string.IsNullOrWhiteSpace(protection)) protections.Add(protection); }