Add CrypKey PE content checks

2026-02-04 05:35:49 +00:00 · 2022-12-28 23:28:38 -08:00
parent c9c14bcebf
commit daea4ea460
2 changed files with 45 additions and 8 deletions
--- a/BurnOutSharp/ProtectionType/CrypKey.cs
+++ b/BurnOutSharp/ProtectionType/CrypKey.cs
@@ -1,11 +1,47 @@
-namespace BurnOutSharp.ProtectionType
-{
-    public class CrypKey
-    {
-        // TODO: Implement - http://www.crypkey.com/products/cdlock/cdmain.html
+using BurnOutSharp.Interfaces;
+using BurnOutSharp.Wrappers;

-        // https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/CrypKey%20Installer.1.sg
-        // https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/CrypKey.2.sg
-        // https://github.com/wolfram77web/app-peid/blob/master/userdb.txt
+namespace BurnOutSharp.ProtectionType
+{
+    // http://www.crypkey.com/products/cdlock/cdmain.html
+    // https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/CrypKey%20Installer.1.sg
+    // https://github.com/horsicq/Detect-It-Easy/blob/master/db/PE/CrypKey.2.sg
+    // https://github.com/wolfram77web/app-peid/blob/master/userdb.txt
+    public class CrypKey : IPortableExecutableCheck
+    {
+        /// <inheritdoc/>
+        public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
+        {
+            // Get the sections from the executable, if possible
+            var sections = pex?.SectionTable;
+            if (sections == null)
+                return null;
+
+            // Get the CrypKey version from the VersionInfo, if it exists
+            string version = pex.GetVersionInfoString("CrypKey Version") ?? string.Empty;
+
+            // Found in 'cki32k.dll'
+            string name = pex.CompanyName;
+            if (name?.StartsWith("CrypKey") == true)
+                return $"CrypKey {version}".TrimEnd();
+
+            // Found in 'cki32k.dll'
+            name = pex.FileDescription;
+            if (name?.StartsWith("CrypKey") == true)
+                return $"CrypKey {version}".TrimEnd();
+
+            // Found in 'cki32k.dll'
+            name = pex.LegalCopyright;
+            if (name?.Contains("CrypKey") == true)
+                return $"CrypKey {version}".TrimEnd();
+
+            // Found in 'cki32k.dll'
+            if (!string.IsNullOrEmpty(version))
+                return $"CrypKey {version}".TrimEnd();
+
+            // TODO: Look into the `.loader`,`.wreloc`, `.widata`, and `.hooks` sections
+
+            return null;
+        }
    }
 }
--- a/README.md
+++ b/README.md
@@ -45,6 +45,7 @@ Below is a list of protections detected by BurnOutSharp. The two columns explain
 | ChosenBytes CodeLock | True | True | Partially unconfirmed² |
 | CopyKiller | True | True | Unconfirmed¹ |
 | CopyLok/CodeLok | True | False | |
+| CrypKey | True | False | |
 | Cucko (EA Custom) | True | False | Does not detect all known cases |
 | Denuvo Anti-Cheat/Anti-Tamper| True | True | |
 | Dinamic Multimedia Protection/LockBlocks | False | True | LockBlocks needs manual confirmation of the presence of 2 rings |