//! \file KiriKiriCx.cs
//! \date Sun Sep 07 06:50:11 2014
//! \brief KiriKiri Cx encryption scheme implementation.
//
// Copyright (C) 2014-2016 by morkt
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to
// deal in the Software without restriction, including without limitation the
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
// sell copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
// IN THE SOFTWARE.
//
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Runtime.Serialization;
using System.Text;
namespace GameRes.Formats.KiriKiri
{
public class CxProgramException : ApplicationException
{
public CxProgramException (string message) : base (message)
{
}
}
[Serializable]
public class CxScheme
{
public uint Mask;
public uint Offset;
public byte[] PrologOrder;
public byte[] OddBranchOrder;
public byte[] EvenBranchOrder;
public uint[] ControlBlock;
public string TpmFileName;
}
[Serializable]
public class CxEncryption : ICrypt
{
protected uint m_mask;
protected uint m_offset;
protected byte[] PrologOrder;
protected byte[] OddBranchOrder;
protected byte[] EvenBranchOrder;
protected uint[] ControlBlock;
protected string TpmFileName;
[NonSerialized]
CxProgram[] m_program_list = new CxProgram[0x80];
[OnDeserialized()]
void PostDeserialization (StreamingContext context)
{
m_program_list = new CxProgram[0x80];
}
public CxEncryption (CxScheme scheme)
{
m_mask = scheme.Mask;
m_offset = scheme.Offset;
PrologOrder = scheme.PrologOrder;
OddBranchOrder = scheme.OddBranchOrder;
EvenBranchOrder = scheme.EvenBranchOrder;
ControlBlock = scheme.ControlBlock;
TpmFileName = scheme.TpmFileName;
}
public override string ToString ()
{
return string.Format ("{0}(0x{1:X}, 0x{2:X})", base.ToString(), m_mask, m_offset);
}
static readonly byte[] s_ctl_block_signature = Encoding.ASCII.GetBytes (" Encryption control block");
///
/// Look for control block within specified TPM plugin file.
///
public override void Init (ArcFile arc)
{
if (ControlBlock != null)
return;
if (string.IsNullOrEmpty (TpmFileName))
throw new InvalidEncryptionScheme();
var dir_name = VFS.GetDirectoryName (arc.File.Name);
var tpm_name = VFS.CombinePath (dir_name, TpmFileName);
using (var tpm = VFS.OpenView (tpm_name))
{
if (tpm.MaxOffset < 0x1000 || tpm.MaxOffset > uint.MaxValue)
throw new InvalidEncryptionScheme ("Invalid KiriKiri TPM plugin");
using (var view = tpm.CreateViewAccessor (0, (uint)tpm.MaxOffset))
unsafe
{
byte* begin = view.GetPointer (0);
byte* end = begin + (((uint)tpm.MaxOffset - 0x1000u) & ~0x3u);
try {
while (begin < end)
{
int i;
for (i = 0; i < s_ctl_block_signature.Length; ++i)
{
if (begin[i] != s_ctl_block_signature[i])
break;
}
if (s_ctl_block_signature.Length == i)
{
ControlBlock = new uint[0x400];
uint* src = (uint*)begin;
for (i = 0; i < ControlBlock.Length; ++i)
ControlBlock[i] = ~src[i];
return;
}
begin += 4; // control block expected to be on a dword boundary
}
throw new InvalidEncryptionScheme ("No control block found inside TPM plugin");
}
finally {
view.SafeMemoryMappedViewHandle.ReleasePointer();
}
}
}
}
uint GetBaseOffset (uint hash)
{
return (hash & m_mask) + m_offset;
}
public override byte Decrypt (Xp3Entry entry, long offset, byte value)
{
uint key = entry.Hash;
uint base_offset = GetBaseOffset (key);
if (offset >= base_offset)
{
key = (key >> 16) ^ key;
}
var buffer = new byte[1] { value };
Decode (key, offset, buffer, 0, 1);
return buffer[0];
}
public override void Decrypt (Xp3Entry entry, long offset, byte[] buffer, int pos, int count)
{
uint key = entry.Hash;
uint base_offset = GetBaseOffset (key);
if (offset < base_offset)
{
int base_length = Math.Min ((int)(base_offset - offset), count);
Decode (key, offset, buffer, pos, base_length);
offset += base_length;
pos += base_length;
count -= base_length;
}
if (count > 0)
{
key = (key >> 16) ^ key;
Decode (key, offset, buffer, pos, count);
}
}
void Decode (uint key, long offset, byte[] buffer, int pos, int count)
{
Tuple ret = ExecuteXCode (key);
uint key1 = ret.Item2 >> 16;
uint key2 = ret.Item2 & 0xffff;
byte key3 = (byte)(ret.Item1);
if (key1 == key2)
key2 += 1;
if (0 == key3)
key3 = 1;
if ((key2 >= offset) && (key2 < offset + count))
buffer[pos + key2 - offset] ^= (byte)(ret.Item1 >> 16);
if ((key1 >= offset) && (key1 < offset + count))
buffer[pos + key1 - offset] ^= (byte)(ret.Item1 >> 8);
for (int i = 0; i < count; ++i)
buffer[pos + i] ^= key3;
}
public override void Encrypt (Xp3Entry entry, long offset, byte[] values, int pos, int count)
{
Decrypt (entry, offset, values, pos, count);
}
protected Tuple ExecuteXCode (uint hash)
{
uint seed = hash & 0x7f;
if (null == m_program_list[seed])
{
m_program_list[seed] = GenerateProgram (seed);
}
hash >>= 7;
uint ret1 = m_program_list[seed].Execute (hash);
uint ret2 = m_program_list[seed].Execute (~hash);
return new Tuple (ret1, ret2);
}
CxProgram GenerateProgram (uint seed)
{
var program = NewProgram (seed);
for (int stage = 5; stage > 0; --stage)
{
if (EmitCode (program, stage))
return program;
// Trace.WriteLine (string.Format ("stage {0} failed for seed {1}", stage, seed), "GenerateProgram");
program.Clear();
}
throw new CxProgramException ("Overly large CxEncryption bytecode");
}
internal virtual CxProgram NewProgram (uint seed)
{
return new CxProgram (seed, ControlBlock);
}
bool EmitCode (CxProgram program, int stage)
{
return program.EmitNop (5) // 0x57 0x56 0x53 0x51 0x52
&& program.Emit (CxByteCode.MOV_EDI_ARG, 4) // 0x8b 0x7c 0x24 0x18
&& EmitBody (program, stage)
&& program.EmitNop (5) // 0x5a 0x59 0x5b 0x5e 0x5f
&& program.Emit (CxByteCode.RETN); // 0xc3
}
bool EmitBody (CxProgram program, int stage)
{
if (1 == stage)
return EmitProlog (program);
if (!program.Emit (CxByteCode.PUSH_EBX)) // 0x53
return false;
if (0 != (program.GetRandom() & 1))
{
if (!EmitBody (program, stage - 1))
return false;
}
else if (!EmitBody2 (program, stage - 1))
return false;
if (!program.Emit (CxByteCode.MOV_EBX_EAX, 2)) // 0x89 0xc3
return false;
if (0 != (program.GetRandom() & 1))
{
if (!EmitBody (program, stage - 1))
return false;
}
else if (!EmitBody2 (program, stage - 1))
return false;
return EmitOddBranch (program) && program.Emit (CxByteCode.POP_EBX); // 0x5b
}
bool EmitBody2 (CxProgram program, int stage)
{
if (1 == stage)
return EmitProlog (program);
bool rc = true;
if (0 != (program.GetRandom() & 1))
rc = EmitBody (program, stage - 1);
else
rc = EmitBody2 (program, stage - 1);
return rc && EmitEvenBranch (program);
}
bool EmitProlog (CxProgram program)
{
bool rc = true;
switch (PrologOrder[program.GetRandom() % 3])
{
case 2:
// MOV EAX, (Random() & 0x3ff)
// MOV EAX, EncryptionControlBlock[EAX]
rc = program.EmitNop (5) // 0xbe
&& program.Emit (CxByteCode.MOV_EAX_IMMED, 2) // 0x8b 0x86
&& program.EmitUInt32 (program.GetRandom() & 0x3ff)
&& program.Emit (CxByteCode.MOV_EAX_INDIRECT, 0);
break;
case 1:
rc = program.Emit (CxByteCode.MOV_EAX_EDI, 2); // 0x8b 0xc7
break;
case 0:
// MOV EAX, Random()
rc = program.Emit (CxByteCode.MOV_EAX_IMMED) // 0xb8
&& program.EmitRandom();
break;
}
return rc;
}
bool EmitEvenBranch (CxProgram program)
{
bool rc = true;
switch (EvenBranchOrder[program.GetRandom() & 7])
{
case 0:
rc = program.Emit (CxByteCode.NOT_EAX, 2); // 0xf7 0xd0
break;
case 1:
rc = program.Emit (CxByteCode.DEC_EAX); // 0x48
break;
case 2:
rc = program.Emit (CxByteCode.NEG_EAX, 2); // 0xf7 0xd8
break;
case 3:
rc = program.Emit (CxByteCode.INC_EAX); // 0x40
break;
case 4:
rc = program.EmitNop (5) // 0xbe
&& program.Emit (CxByteCode.AND_EAX_IMMED) // 0x25
&& program.EmitUInt32 (0x3ff)
&& program.Emit (CxByteCode.MOV_EAX_INDIRECT, 3); // 0x8b 0x04 0x86
break;
case 5:
rc = program.Emit (CxByteCode.PUSH_EBX) // 0x53
&& program.Emit (CxByteCode.MOV_EBX_EAX, 2) // 0x89 0xc3
&& program.Emit (CxByteCode.AND_EBX_IMMED, 2) // 0x81 0xe3
&& program.EmitUInt32 (0xaaaaaaaa)
&& program.Emit (CxByteCode.AND_EAX_IMMED) // 0x25
&& program.EmitUInt32 (0x55555555)
&& program.Emit (CxByteCode.SHR_EBX_1, 2) // 0xd1 0xeb
&& program.Emit (CxByteCode.SHL_EAX_1, 2) // 0xd1 0xe0
&& program.Emit (CxByteCode.OR_EAX_EBX, 2) // 0x09 0xd8
&& program.Emit (CxByteCode.POP_EBX); // 0x5b
break;
case 6:
rc = program.Emit (CxByteCode.XOR_EAX_IMMED) // 0x35
&& program.EmitRandom();
break;
case 7:
if (0 != (program.GetRandom() & 1))
rc = program.Emit (CxByteCode.ADD_EAX_IMMED); // 0x05
else
rc = program.Emit (CxByteCode.SUB_EAX_IMMED); // 0x2d
rc = rc && program.EmitRandom();
break;
}
return rc;
}
bool EmitOddBranch (CxProgram program)
{
bool rc = true;
switch (OddBranchOrder[program.GetRandom() % 6])
{
case 0:
rc = program.Emit (CxByteCode.PUSH_ECX) // 0x51
&& program.Emit (CxByteCode.MOV_ECX_EBX, 2) // 0x89 0xd9
&& program.Emit (CxByteCode.AND_ECX_0F, 3) // 0x83 0xe1 0x0f
&& program.Emit (CxByteCode.SHR_EAX_CL, 2) // 0xd3 0xe8
&& program.Emit (CxByteCode.POP_ECX); // 0x59
break;
case 1:
rc = program.Emit (CxByteCode.PUSH_ECX) // 0x51
&& program.Emit (CxByteCode.MOV_ECX_EBX, 2) // 0x89 0xd9
&& program.Emit (CxByteCode.AND_ECX_0F, 3) // 0x83 0xe1 0x0f
&& program.Emit (CxByteCode.SHL_EAX_CL, 2) // 0xd3 0xe0
&& program.Emit (CxByteCode.POP_ECX); // 0x59
break;
case 2:
rc = program.Emit (CxByteCode.ADD_EAX_EBX, 2); // 0x01 0xd8
break;
case 3:
rc = program.Emit (CxByteCode.NEG_EAX, 2) // 0xf7 0xd8
&& program.Emit (CxByteCode.ADD_EAX_EBX, 2); // 0x01 0xd8
break;
case 4:
rc = program.Emit (CxByteCode.IMUL_EAX_EBX, 3); // 0x0f 0xaf 0xc3
break;
case 5:
rc = program.Emit (CxByteCode.SUB_EAX_EBX, 2); // 0x29 0xd8
break;
}
return rc;
}
}
enum CxByteCode
{
NOP,
RETN,
MOV_EDI_ARG,
PUSH_EBX,
POP_EBX,
PUSH_ECX,
POP_ECX,
MOV_EAX_EBX,
MOV_EBX_EAX,
MOV_ECX_EBX,
MOV_EAX_CONTROL_BLOCK,
MOV_EAX_EDI,
MOV_EAX_INDIRECT,
ADD_EAX_EBX,
SUB_EAX_EBX,
IMUL_EAX_EBX,
AND_ECX_0F,
SHR_EBX_1,
SHL_EAX_1,
SHR_EAX_CL,
SHL_EAX_CL,
OR_EAX_EBX,
NOT_EAX,
NEG_EAX,
DEC_EAX,
INC_EAX,
IMMED = 0x100,
MOV_EAX_IMMED,
AND_EBX_IMMED,
AND_EAX_IMMED,
XOR_EAX_IMMED,
ADD_EAX_IMMED,
SUB_EAX_IMMED,
}
internal class CxProgram
{
public const int LengthLimit = 0x80;
private List m_code = new List (LengthLimit);
private uint[] m_ControlBlock;
private int m_length;
protected uint m_seed;
class Context
{
public uint eax;
public uint ebx;
public uint ecx;
public uint edi;
public Stack stack = new Stack();
}
public CxProgram (uint seed, uint[] control_block)
{
m_seed = seed;
m_length = 0;
m_ControlBlock = control_block;
}
public uint Execute (uint hash)
{
var context = new Context();
using (var iterator = m_code.GetEnumerator())
{
uint immed = 0;
while (iterator.MoveNext())
{
var bytecode = (CxByteCode)iterator.Current;
if (CxByteCode.IMMED == (bytecode & CxByteCode.IMMED))
{
if (!iterator.MoveNext())
throw new CxProgramException ("Incomplete IMMED bytecode in CxEncryption program");
immed = iterator.Current;
}
switch (bytecode)
{
case CxByteCode.NOP: break;
case CxByteCode.IMMED: break;
case CxByteCode.MOV_EDI_ARG: context.edi = hash; break;
case CxByteCode.PUSH_EBX: context.stack.Push (context.ebx); break;
case CxByteCode.POP_EBX: context.ebx = context.stack.Pop(); break;
case CxByteCode.PUSH_ECX: context.stack.Push (context.ecx); break;
case CxByteCode.POP_ECX: context.ecx = context.stack.Pop(); break;
case CxByteCode.MOV_EBX_EAX: context.ebx = context.eax; break;
case CxByteCode.MOV_EAX_EDI: context.eax = context.edi; break;
case CxByteCode.MOV_ECX_EBX: context.ecx = context.ebx; break;
case CxByteCode.MOV_EAX_EBX: context.eax = context.ebx; break;
case CxByteCode.AND_ECX_0F: context.ecx &= 0x0f; break;
case CxByteCode.SHR_EBX_1: context.ebx >>= 1; break;
case CxByteCode.SHL_EAX_1: context.eax <<= 1; break;
case CxByteCode.SHR_EAX_CL: context.eax >>= (int)context.ecx; break;
case CxByteCode.SHL_EAX_CL: context.eax <<= (int)context.ecx; break;
case CxByteCode.OR_EAX_EBX: context.eax |= context.ebx; break;
case CxByteCode.NOT_EAX: context.eax = ~context.eax; break;
case CxByteCode.NEG_EAX: context.eax = (uint)-context.eax; break;
case CxByteCode.DEC_EAX: context.eax--; break;
case CxByteCode.INC_EAX: context.eax++; break;
case CxByteCode.ADD_EAX_EBX: context.eax += context.ebx; break;
case CxByteCode.SUB_EAX_EBX: context.eax -= context.ebx; break;
case CxByteCode.IMUL_EAX_EBX: context.eax *= context.ebx; break;
case CxByteCode.ADD_EAX_IMMED: context.eax += immed; break;
case CxByteCode.SUB_EAX_IMMED: context.eax -= immed; break;
case CxByteCode.AND_EBX_IMMED: context.ebx &= immed; break;
case CxByteCode.AND_EAX_IMMED: context.eax &= immed; break;
case CxByteCode.XOR_EAX_IMMED: context.eax ^= immed; break;
case CxByteCode.MOV_EAX_IMMED: context.eax = immed; break;
case CxByteCode.MOV_EAX_INDIRECT:
if (context.eax >= m_ControlBlock.Length)
throw new CxProgramException ("Index out of bounds in CxEncryption program");
context.eax = ~m_ControlBlock[context.eax];
break;
case CxByteCode.RETN:
if (context.stack.Count > 0)
throw new CxProgramException ("Imbalanced stack in CxEncryption program");
return context.eax;
default:
throw new CxProgramException ("Invalid bytecode in CxEncryption program");
}
}
}
throw new CxProgramException ("CxEncryption program without RETN bytecode");
}
public void Clear ()
{
m_length = 0;
m_code.Clear();
}
public bool EmitNop (int count)
{
if (m_length + count > LengthLimit)
return false;
m_length += count;
return true;
}
public bool Emit (CxByteCode code, int length = 1)
{
if (m_length + length > LengthLimit)
return false;
m_length += length;
m_code.Add ((uint)code);
return true;
}
public bool EmitUInt32 (uint x)
{
if (m_length + 4 > LengthLimit)
return false;
m_length += 4;
m_code.Add (x);
return true;
}
public bool EmitRandom ()
{
return EmitUInt32 (GetRandom());
}
public virtual uint GetRandom ()
{
uint seed = m_seed;
m_seed = 1103515245 * seed + 12345;
return m_seed ^ (seed << 16) ^ (seed >> 16);
}
}
internal class CxProgramNana : CxProgram
{
protected uint m_random_seed;
public CxProgramNana (uint seed, uint random_seed, uint[] control_block) : base (seed, control_block)
{
m_random_seed = random_seed;
}
public override uint GetRandom ()
{
uint s = m_seed ^ (m_seed << 17);
s ^= (s << 18) | (s >> 15);
m_seed = ~s;
uint r = m_random_seed ^ (m_random_seed << 13);
r ^= r >> 17;
m_random_seed = r ^ (r << 5);
return m_seed ^ m_random_seed;
}
}
/* CxEncryption base branch order
OddBranchOrder
{
case 0: SHR_EAX_CL
case 1: SHL_EAX_CL
case 2: ADD_EAX_EBX
case 3: NEG_EAX; ADD_EAX_EBX
case 4: IMUL_EAX_EBX
case 5: SUB_EAX_EBX
}
EvenBranchOrder
{
case 0: NOT_EAX
case 1: DEC_EAX
case 2: NEG_EAX
case 3: INC_EAX
case 4: MOV_EAX_INDIRECT
case 5: OR_EAX_EBX
case 6: XOR_EAX_IMMED
case 7: ADD_EAX_IMMED
}
*/
}