darscute03
Data Breach Investigator
LEVEL 1
300 XP
Hey,
TheBrain tried so hard to encrpyt their strings but forgot that their encryption function was 5 lines and could easily be used for decryption.
So here we are with a modified version of "TheBrainDesktop.dll", simply replace the file in "C:\Program Files\TheBrain\TheBrain 13" and voila!
Here is the file: https://file.io/6CMvte3l5SlC
Here is the program I wrote to decrypt the strings and write them back in the assembly:
TheBrain tried so hard to encrpyt their strings but forgot that their encryption function was 5 lines and could easily be used for decryption.
So here we are with a modified version of "TheBrainDesktop.dll", simply replace the file in "C:\Program Files\TheBrain\TheBrain 13" and voila!
Here is the file: https://file.io/6CMvte3l5SlC
Here is the program I wrote to decrypt the strings and write them back in the assembly:
Code:
using dnlib.DotNet;
using dnlib.DotNet.Emit;
using System;
using System.IO;
using System.Linq;
using System.Text;
class Program
{
static void Main(string[] args)
{
// Check if the user has provided the .dll file path as an argument
if (args.Length != 1)
{
Console.WriteLine("Usage: program.exe <path_to_dll>");
return;
}
string dllFilePath = args[0];
// Check if the file exists
if (!File.Exists(dllFilePath))
{
Console.WriteLine($"File {dllFilePath} does not exist.");
return;
}
try
{
// Open the assembly using dnlib
ModuleDefMD module = ModuleDefMD.Load(dllFilePath);
// Iterate through each type, method, and instruction
foreach (TypeDef type in module.Types)
{
foreach (MethodDef method in type.Methods.Where(m => m.HasBody))
{
method.Body.KeepOldMaxStack = true; // Set KeepOldMaxStack to true
for (int i = 0; i < method.Body.Instructions.Count - 1; i++)
{
Instruction currentInstruction = method.Body.Instructions;
Instruction nextInstruction = method.Body.Instructions[i + 1];
// Check if the current instruction is ldstr and the next one is also ldstr
if (currentInstruction.OpCode == OpCodes.Ldstr &&
nextInstruction.OpCode == OpCodes.Ldstr)
{
// Get the operands of ldstr instructions
string operand1 = ((string)currentInstruction.Operand);
string operand2 = ((string)nextInstruction.Operand);
// Call XorEncrypt with the operands
string decryptedResult = XorEncrypt(operand1, operand2);
// Replace the string operands of ldstr instructions with decrypted version
currentInstruction.Operand = decryptedResult;
}
}
}
}
// Save the modified assembly
module.Write(Path.GetFileNameWithoutExtension(dllFilePath) + "_modified.dll");
module.Dispose(); // Clean up
Console.WriteLine("Decryption and saving complete.");
}
catch (Exception ex)
{
Console.WriteLine($"An error occurred: {ex.Message}");
}
}
private static string XorEncrypt(string inputString, string keyString)
{
// Calculate the key by summing the ASCII values of the first four characters of the key string
char key = (char)(keyString[0] + keyString[1] + keyString[2] + keyString[3]);
// Convert input string to char array
char[] charArray = inputString.ToCharArray();
// Iterate through each character of the input string
for (int i = 0; i < charArray.Length; i++)
{
// XOR each character of the input string with a modified key
// The key is modified by adding the position times 7 to it
// The result is modulo 255 to ensure it's within ASCII range
charArray = (char)((int)charArray ^ ((int)key + i * 7) % 255);
}
// Convert char array back to string
return new string(charArray);
}
}