mirror of
https://github.com/SabreTools/BinaryObjectScanner.git
synced 2026-02-13 13:45:57 +00:00
151 lines
6.2 KiB
C#
151 lines
6.2 KiB
C#
using System;
|
|
using System.Collections.Concurrent;
|
|
using System.Collections.Generic;
|
|
using System.IO;
|
|
using System.Linq;
|
|
using System.Text;
|
|
using BurnOutSharp.ExecutableType.Microsoft.PE;
|
|
using BurnOutSharp.Interfaces;
|
|
using BurnOutSharp.Matching;
|
|
|
|
namespace BurnOutSharp.ProtectionType
|
|
{
|
|
public class CactusDataShield : IContentCheck, IPathCheck, IPortableExecutableCheck
|
|
{
|
|
/// <inheritdoc/>
|
|
public string CheckContents(string file, byte[] fileContent, bool includeDebug)
|
|
{
|
|
// TODO: Limit these checks to Mac binaries
|
|
// TODO: Obtain a sample to find where this string is in a typical executable
|
|
if (includeDebug)
|
|
{
|
|
var contentMatchSets = new List<ContentMatchSet>
|
|
{
|
|
// CDSPlayer
|
|
new ContentMatchSet(new byte?[] { 0x43, 0x44, 0x53, 0x50, 0x6C, 0x61, 0x79, 0x65, 0x72 }, "Cactus Data Shield 200"),
|
|
|
|
// yucca.cds
|
|
new ContentMatchSet(new byte?[] { 0x79, 0x75, 0x63, 0x63, 0x61, 0x2E, 0x63, 0x64, 0x73 }, "Cactus Data Shield 200"),
|
|
};
|
|
|
|
if (contentMatchSets != null && contentMatchSets.Any())
|
|
return MatchUtil.GetFirstMatch(file, fileContent, contentMatchSets, includeDebug);
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
/// <inheritdoc/>
|
|
public string CheckPortableExecutable(string file, PortableExecutable pex, bool includeDebug)
|
|
{
|
|
// Get the sections from the executable, if possible
|
|
var sections = pex?.SectionTable;
|
|
if (sections == null)
|
|
return null;
|
|
|
|
// Get the .data section, if it exists
|
|
if (pex.DataSectionRaw != null)
|
|
{
|
|
var matchers = new List<ContentMatchSet>
|
|
{
|
|
// \*.CDS
|
|
new ContentMatchSet(new byte?[] { 0x5C, 0x2A, 0x2E, 0x43, 0x44, 0x53 }, "Cactus Data Shield 200"),
|
|
|
|
// DATA.CDS
|
|
new ContentMatchSet(new byte?[] { 0x44, 0x41, 0x54, 0x41, 0x2E, 0x43, 0x44, 0x53 }, "Cactus Data Shield 200"),
|
|
};
|
|
|
|
string match = MatchUtil.GetFirstMatch(file, pex.DataSectionRaw, matchers, includeDebug);
|
|
if (!string.IsNullOrWhiteSpace(match))
|
|
return match;
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
/// <inheritdoc/>
|
|
public ConcurrentQueue<string> CheckDirectoryPath(string path, IEnumerable<string> files)
|
|
{
|
|
// TODO: Verify if these are OR or AND
|
|
var matchers = new List<PathMatchSet>
|
|
{
|
|
new PathMatchSet(new PathMatch("CACTUSPJ.exe", useEndsWith: true), GetVersion, "Cactus Data Shield"),
|
|
new PathMatchSet(new PathMatch("CDSPlayer.app", useEndsWith: true), GetVersion, "Cactus Data Shield"),
|
|
new PathMatchSet(new PathMatch("PJSTREAM.DLL", useEndsWith: true), GetVersion, "Cactus Data Shield"),
|
|
new PathMatchSet(new PathMatch("wmmp.exe", useEndsWith: true), GetVersion, "Cactus Data Shield"),
|
|
|
|
// Present on CDS-300, as well as SafeDisc. This is likely due to both protections being created by Macrovision.
|
|
new PathMatchSet(new PathMatch("00000001.TMP", useEndsWith: true), Get00000001TMPVersion, "Cactus Data Shield 300 (Confirm presence of other CDS-300 files)"),
|
|
};
|
|
|
|
return MatchUtil.GetAllMatches(files, matchers, any: true);
|
|
}
|
|
|
|
/// <inheritdoc/>
|
|
public string CheckFilePath(string path)
|
|
{
|
|
var matchers = new List<PathMatchSet>
|
|
{
|
|
new PathMatchSet(new PathMatch("CACTUSPJ.exe", useEndsWith: true), "Cactus Data Shield 200"),
|
|
new PathMatchSet(new PathMatch("CDSPlayer.app", useEndsWith: true), "Cactus Data Shield 200"),
|
|
new PathMatchSet(new PathMatch("PJSTREAM.DLL", useEndsWith: true), "Cactus Data Shield 200"),
|
|
new PathMatchSet(new PathMatch("wmmp.exe", useEndsWith: true), "Cactus Data Shield 200"),
|
|
|
|
// Present on CDS-300, as well as SafeDisc. This is likely due to both protections being created by Macrovision.
|
|
new PathMatchSet(new PathMatch("00000001.TMP", useEndsWith: true), Get00000001TMPVersion, "Cactus Data Shield 300"),
|
|
};
|
|
|
|
return MatchUtil.GetFirstMatch(path, matchers, any: true);
|
|
}
|
|
|
|
public static string Get00000001TMPVersion(string firstMatchedString, IEnumerable<string> files)
|
|
{
|
|
if (string.IsNullOrEmpty(firstMatchedString) || !File.Exists(firstMatchedString))
|
|
return string.Empty;
|
|
|
|
// This file is present on both CDS-300 and SafeDisc.
|
|
// Only one specific file size appears to be associated with CDS-300, so any files with a differing file size are discarded. If it is the correct file size, return it as valid.
|
|
FileInfo fi = new FileInfo(firstMatchedString);
|
|
switch (fi.Length)
|
|
{
|
|
case 2_048:
|
|
return "(Confirm presence of other CDS-300 files)";
|
|
default:
|
|
return null;
|
|
}
|
|
}
|
|
|
|
public static string GetVersion(string firstMatchedString, IEnumerable<string> files)
|
|
{
|
|
// Find the version.txt file first
|
|
string versionPath = files.FirstOrDefault(f => Path.GetFileName(f).Equals("version.txt", StringComparison.OrdinalIgnoreCase));
|
|
if (!string.IsNullOrWhiteSpace(versionPath))
|
|
{
|
|
string version = GetInternalVersion(versionPath);
|
|
if (!string.IsNullOrWhiteSpace(version))
|
|
return version;
|
|
}
|
|
|
|
return "200";
|
|
}
|
|
|
|
private static string GetInternalVersion(string path)
|
|
{
|
|
if (!File.Exists(path))
|
|
return null;
|
|
|
|
try
|
|
{
|
|
using (var sr = new StreamReader(path, Encoding.Default))
|
|
{
|
|
return $"{sr.ReadLine().Substring(3)} ({sr.ReadLine()})";
|
|
}
|
|
}
|
|
catch
|
|
{
|
|
return null;
|
|
}
|
|
}
|
|
}
|
|
}
|