mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-02-05 05:37:34 +00:00
Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
25d6822283 | ||
|
3b22262c21 | ||
|
|
314fc1e3fc | ||
|
|
5742749dec | ||
|
|
c55fffeb7b | ||
|
e469dc38bf | ||
|
|
553703c30e | ||
|
|
3fd093f9b4 | ||
|
|
4946d4e7ff |
@@ -11,7 +11,7 @@
|
||||
<Nullable>enable</Nullable>
|
||||
<SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings>
|
||||
<!-- <TreatWarningsAsErrors>true</TreatWarningsAsErrors> --> <!-- Can't be enabled because of external code -->
|
||||
<Version>3.1.3</Version>
|
||||
<Version>3.1.5</Version>
|
||||
|
||||
<!-- Package Properties -->
|
||||
<Authors>Matt Nadareski</Authors>
|
||||
@@ -81,14 +81,14 @@
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="SabreTools.Compression" Version="0.4.0" />
|
||||
<PackageReference Include="SabreTools.Compression" Version="0.4.2" />
|
||||
<PackageReference Include="SabreTools.Hashing" Version="1.2.0" />
|
||||
<PackageReference Include="SabreTools.IO" Version="1.3.2" />
|
||||
<PackageReference Include="SabreTools.IO" Version="1.3.3" />
|
||||
<PackageReference Include="SabreTools.Matching" Version="1.3.1" />
|
||||
<PackageReference Include="SabreTools.Models" Version="1.4.0" />
|
||||
<PackageReference Include="SabreTools.Serialization" Version="1.4.1" />
|
||||
<PackageReference Include="UnshieldSharp" Version="1.7.3" />
|
||||
<PackageReference Include="WiseUnpacker" Version="1.3.1" />
|
||||
<PackageReference Include="SabreTools.Models" Version="1.4.2" />
|
||||
<PackageReference Include="SabreTools.Serialization" Version="1.5.0" />
|
||||
<PackageReference Include="UnshieldSharp" Version="1.7.4" />
|
||||
<PackageReference Include="WiseUnpacker" Version="1.3.2" />
|
||||
</ItemGroup>
|
||||
|
||||
</Project>
|
||||
|
||||
84
BinaryObjectScanner/Protection/Roxxe.cs
Normal file
84
BinaryObjectScanner/Protection/Roxxe.cs
Normal file
@@ -0,0 +1,84 @@
|
||||
using System;
|
||||
#if NET40_OR_GREATER || NETCOREAPP
|
||||
using System.Collections.Concurrent;
|
||||
#endif
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using BinaryObjectScanner.Interfaces;
|
||||
using SabreTools.Matching;
|
||||
using SabreTools.Serialization.Wrappers;
|
||||
|
||||
namespace BinaryObjectScanner.Protection
|
||||
{
|
||||
/// <summary>
|
||||
/// Roxxe was a Czech DRM. It appears to have been a simple disc check that also relied on unusual disc manufacturing and dummy files to attempt to prevent copying.
|
||||
///
|
||||
/// DRML: https://github.com/TheRogueArchivist/DRML/blob/main/entries/Roxxe/Roxxe.md
|
||||
/// </summary>
|
||||
public class Roxxe : IPathCheck, IPortableExecutableCheck
|
||||
{
|
||||
/// <inheritdoc/>
|
||||
public string? CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
||||
{
|
||||
// Get the sections from the executable, if possible
|
||||
var sections = pex.Model.SectionTable;
|
||||
if (sections == null)
|
||||
return null;
|
||||
|
||||
// Get the code/CODE section strings, if they exist
|
||||
var strs = pex.GetFirstSectionStrings("code") ?? pex.GetFirstSectionStrings("CODE");
|
||||
if (strs != null)
|
||||
{
|
||||
// Found in "Owar.exe" in IA item "game4u-22-cd".
|
||||
if (strs.Any(s => s.Contains("TRCHANGER.INI")))
|
||||
return "Roxxe";
|
||||
}
|
||||
|
||||
// Get the .rsrc section strings, if they exist
|
||||
// TODO: Check for these strings specifically within the application-defined resource that they're found in, not just the generic resource section.
|
||||
strs = pex.GetFirstSectionStrings(".rsrc");
|
||||
if (strs != null)
|
||||
{
|
||||
// Found in "Owar.exe" in IA items "game4u-22-cd" and "original-war".
|
||||
// These checks are less reliable, as they are still found in a version of the game that appears to have patched out Roxxe (the version present in IA item "original-war").
|
||||
if (strs.Any(s => s.Contains("PRRT01")))
|
||||
return "Roxxe (Possibly remnants)";
|
||||
|
||||
if (strs.Any(s => s.Contains("CommonPRRT")))
|
||||
return "Roxxe (Possibly remnants)";
|
||||
|
||||
// Currently overmatches, will likely be a viable check when better Delphi executable parsing is available.
|
||||
// if (strs.Any(s => s.Contains("roxe")))
|
||||
// return "Roxxe (Possibly remnants)";
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
#if NET20 || NET35
|
||||
public Queue<string> CheckDirectoryPath(string path, IEnumerable<string>? files)
|
||||
#else
|
||||
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string>? files)
|
||||
#endif
|
||||
{
|
||||
var matchers = new List<PathMatchSet>
|
||||
{
|
||||
// Files such as "TRCHANGER.INI" may be present, but haven't been found yet.
|
||||
};
|
||||
|
||||
return MatchUtil.GetAllMatches(files, matchers, any: true);
|
||||
}
|
||||
|
||||
/// <inheritdoc/>
|
||||
public string? CheckFilePath(string path)
|
||||
{
|
||||
var matchers = new List<PathMatchSet>
|
||||
{
|
||||
// Files such as "TRCHANGER.INI" may be present, but haven't been found yet.
|
||||
};
|
||||
|
||||
return MatchUtil.GetFirstMatch(path, matchers, any: true);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -226,31 +226,40 @@ namespace BinaryObjectScanner.Protection
|
||||
// These live in the MS-DOS stub, for some reason
|
||||
private static string GetV7Version(PortableExecutable pex)
|
||||
{
|
||||
int index = 172; // 64 bytes for DOS stub, 236 bytes in total
|
||||
try
|
||||
{
|
||||
int index = 172; // 64 bytes for DOS stub, 236 bytes in total
|
||||
#if NETFRAMEWORK
|
||||
byte[] bytes = new byte[4];
|
||||
Array.Copy(pex.StubExecutableData, index, bytes, 0, 4);
|
||||
byte[] bytes = new byte[4];
|
||||
Array.Copy(pex.StubExecutableData, index, bytes, 0, 4);
|
||||
#else
|
||||
byte[] bytes = new ReadOnlySpan<byte>(pex.StubExecutableData, index, 4).ToArray();
|
||||
byte[] bytes = new ReadOnlySpan<byte>(pex.StubExecutableData, index, 4).ToArray();
|
||||
#endif
|
||||
|
||||
//SecuROM 7 new and 8
|
||||
if (bytes[3] == 0x5C) // if (bytes[0] == 0xED && bytes[3] == 0x5C {
|
||||
{
|
||||
return $"{bytes[0] ^ 0xEA}.{bytes[1] ^ 0x2C:00}.{bytes[2] ^ 0x8:0000}";
|
||||
//SecuROM 7 new and 8
|
||||
if (bytes[3] == 0x5C) // if (bytes[0] == 0xED && bytes[3] == 0x5C {
|
||||
{
|
||||
return $"{bytes[0] ^ 0xEA}.{bytes[1] ^ 0x2C:00}.{bytes[2] ^ 0x8:0000}";
|
||||
}
|
||||
|
||||
// SecuROM 7 old
|
||||
else
|
||||
{
|
||||
index = 58; // 64 bytes for DOS stub, 122 bytes in total
|
||||
#if NETFRAMEWORK
|
||||
bytes = new byte[2];
|
||||
Array.Copy(pex.StubExecutableData, index, bytes, 0, 2);
|
||||
#else
|
||||
bytes = new ReadOnlySpan<byte>(pex.StubExecutableData, index, 2).ToArray();
|
||||
#endif
|
||||
return $"7.{bytes[0] ^ 0x10:00}.{bytes[1] ^ 0x10:0000}"; //return "7.01-7.10"
|
||||
}
|
||||
}
|
||||
|
||||
// SecuROM 7 old
|
||||
else
|
||||
catch (ArgumentException)
|
||||
{
|
||||
index = 58; // 64 bytes for DOS stub, 122 bytes in total
|
||||
#if NETFRAMEWORK
|
||||
bytes = new byte[2];
|
||||
Array.Copy(pex.StubExecutableData, index, bytes, 0, 2);
|
||||
#else
|
||||
bytes = new ReadOnlySpan<byte>(pex.StubExecutableData, index, 2).ToArray();
|
||||
#endif
|
||||
return $"7.{bytes[0] ^ 0x10:00}.{bytes[1] ^ 0x10:0000}"; //return "7.01-7.10"
|
||||
// If SecuROM is stripped, the MS-DOS stub might be shorter.
|
||||
// We then know that SecuROM -was- there, but we don't know what exact version.
|
||||
return "7 remnants";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# BinaryObjectScanner
|
||||
# Binary Object Scanner
|
||||
|
||||
[](https://ci.appveyor.com/project/mnadareski/BinaryObjectScanner)
|
||||
[](https://github.com/SabreTools/BinaryObjectScanner/actions/workflows/build_test.yml)
|
||||
@@ -94,6 +94,7 @@ Below is a list of protections detected by BinaryObjectScanner. The two columns
|
||||
| Rainbow Sentinel | True | True | |
|
||||
| Ring PROTECH / ProRing | True | True | Partially unconfirmed² |
|
||||
| RipGuard | True | True | Partially unconfirmed² |
|
||||
| Roxxe | True | False | |
|
||||
| SafeDisc / SafeCast | True | True | Can't distinguish between some versions of SafeDisc and SafeCast |
|
||||
| SafeLock | False | True | |
|
||||
| SecuROM | True | True | v8.x and White Label detected partially² |
|
||||
|
||||
@@ -49,60 +49,68 @@ namespace Test
|
||||
{
|
||||
Console.WriteLine($"Attempting to print info for {file}");
|
||||
|
||||
using Stream stream = File.Open(file, FileMode.Open, FileAccess.Read, FileShare.ReadWrite);
|
||||
|
||||
// Read the first 8 bytes
|
||||
byte[]? magic = stream.ReadBytes(8);
|
||||
stream.Seek(0, SeekOrigin.Begin);
|
||||
|
||||
// Get the file type
|
||||
SupportedFileType ft = FileTypes.GetFileType(magic ?? []);
|
||||
if (ft == SupportedFileType.UNKNOWN)
|
||||
try
|
||||
{
|
||||
string extension = Path.GetExtension(file).TrimStart('.');
|
||||
ft = FileTypes.GetFileType(extension);
|
||||
}
|
||||
using Stream stream = File.Open(file, FileMode.Open, FileAccess.Read, FileShare.ReadWrite);
|
||||
|
||||
// Print out the file format
|
||||
Console.WriteLine($"File format found: {ft}");
|
||||
// Read the first 8 bytes
|
||||
byte[]? magic = stream.ReadBytes(8);
|
||||
stream.Seek(0, SeekOrigin.Begin);
|
||||
|
||||
// Setup the wrapper to print
|
||||
var wrapper = WrapperFactory.CreateWrapper(ft, stream);
|
||||
// Get the file type
|
||||
SupportedFileType ft = FileTypes.GetFileType(magic ?? []);
|
||||
if (ft == SupportedFileType.UNKNOWN)
|
||||
{
|
||||
string extension = Path.GetExtension(file).TrimStart('.');
|
||||
ft = FileTypes.GetFileType(extension);
|
||||
}
|
||||
|
||||
// If we don't have a wrapper
|
||||
if (wrapper == null)
|
||||
{
|
||||
Console.WriteLine($"Either {ft} is not supported or something went wrong during parsing!");
|
||||
Console.WriteLine();
|
||||
return;
|
||||
}
|
||||
// Print out the file format
|
||||
Console.WriteLine($"File format found: {ft}");
|
||||
|
||||
// Print the wrapper name
|
||||
Console.WriteLine($"{wrapper.Description()} wrapper created successfully!");
|
||||
// Setup the wrapper to print
|
||||
var wrapper = WrapperFactory.CreateWrapper(ft, stream);
|
||||
|
||||
// Get the base info output name
|
||||
string filenameBase = $"info-{DateTime.Now:yyyy-MM-dd_HHmmss.ffff}";
|
||||
// If we don't have a wrapper
|
||||
if (wrapper == null)
|
||||
{
|
||||
Console.WriteLine($"Either {ft} is not supported or something went wrong during parsing!");
|
||||
Console.WriteLine();
|
||||
return;
|
||||
}
|
||||
|
||||
// Print the wrapper name
|
||||
Console.WriteLine($"{wrapper.Description()} wrapper created successfully!");
|
||||
|
||||
// Get the base info output name
|
||||
string filenameBase = $"info-{DateTime.Now:yyyy-MM-dd_HHmmss.ffff}";
|
||||
|
||||
#if NET6_0_OR_GREATER
|
||||
// If we have the JSON flag
|
||||
if (json)
|
||||
{
|
||||
// Create the output data
|
||||
string serializedData = wrapper.ExportJSON();
|
||||
Console.WriteLine(serializedData);
|
||||
// If we have the JSON flag
|
||||
if (json)
|
||||
{
|
||||
// Create the output data
|
||||
string serializedData = wrapper.ExportJSON();
|
||||
Console.WriteLine(serializedData);
|
||||
|
||||
// Write the output data
|
||||
using var jsw = new StreamWriter(File.OpenWrite($"{filenameBase}.json"));
|
||||
jsw.WriteLine(serializedData);
|
||||
}
|
||||
// Write the output data
|
||||
using var jsw = new StreamWriter(File.OpenWrite($"{filenameBase}.json"));
|
||||
jsw.WriteLine(serializedData);
|
||||
}
|
||||
#endif
|
||||
// Create the output data
|
||||
var builder = wrapper.PrettyPrint();
|
||||
Console.WriteLine(builder);
|
||||
// Create the output data
|
||||
var builder = wrapper.PrettyPrint();
|
||||
Console.WriteLine(builder);
|
||||
|
||||
// Write the output data
|
||||
using var sw = new StreamWriter(File.OpenWrite($"{filenameBase}.txt"));
|
||||
sw.WriteLine(builder.ToString());
|
||||
// Write the output data
|
||||
using var sw = new StreamWriter(File.OpenWrite($"{filenameBase}.txt"));
|
||||
sw.WriteLine(builder.ToString());
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
Console.WriteLine(debug ? ex : "[Exception opening file, please try again]");
|
||||
Console.WriteLine();
|
||||
}
|
||||
}
|
||||
|
||||
#region Printing Implementations
|
||||
|
||||
@@ -27,13 +27,13 @@
|
||||
</ItemGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="SabreTools.Compression" Version="0.4.0" />
|
||||
<PackageReference Include="SabreTools.IO" Version="1.3.2" />
|
||||
<PackageReference Include="SabreTools.Compression" Version="0.4.2" />
|
||||
<PackageReference Include="SabreTools.IO" Version="1.3.3" />
|
||||
<PackageReference Include="SabreTools.Matching" Version="1.3.1" />
|
||||
<PackageReference Include="SabreTools.Models" Version="1.4.0" />
|
||||
<PackageReference Include="SabreTools.Printing" Version="1.3.3" />
|
||||
<PackageReference Include="SabreTools.Serialization" Version="1.4.1" />
|
||||
<PackageReference Include="UnshieldSharp" Version="1.7.3" />
|
||||
<PackageReference Include="SabreTools.Models" Version="1.4.2" />
|
||||
<PackageReference Include="SabreTools.Printing" Version="1.3.5" />
|
||||
<PackageReference Include="SabreTools.Serialization" Version="1.5.0" />
|
||||
<PackageReference Include="UnshieldSharp" Version="1.7.4" />
|
||||
</ItemGroup>
|
||||
|
||||
</Project>
|
||||
Reference in New Issue
Block a user