2022-03-21 22:47:46 +00:00
|
|
|
#ifndef LAIKA_BOX_H
|
|
|
|
|
#define LAIKA_BOX_H
|
|
|
|
|
|
|
|
|
|
#include <inttypes.h>
|
|
|
|
|
|
|
|
|
|
#include "lvm.h"
|
|
|
|
|
|
|
|
|
|
/* Laika Box:
|
|
|
|
|
Laika Boxes are obfuscated storage mediums where data is only in memory for a very short amount of time.
|
|
|
|
|
Of course, this can be bypassed with a simple debugger and setting a breakpoint right after the data is 'unlocked',
|
|
|
|
|
but the game of obfuscation isn't to prevent the data from being seen, it's to slow the reverse engineer down.
|
|
|
|
|
|
|
|
|
|
2 main APIs are exposed here, laikaB_unlock() & laikaB_lock(). Both of which are inlined to make it more painful
|
|
|
|
|
for the reverse engineer to quickly dump boxes from memory, forcing them to set breakpoints across the executable.
|
|
|
|
|
Each box has its own VM, with it's own deobfuscation routine. This makes static analysis a painful route for string
|
|
|
|
|
dumping.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
struct sLaikaB_box {
|
|
|
|
|
uint8_t *data;
|
|
|
|
|
uint8_t *unlockedData;
|
2022-04-01 19:10:06 +00:00
|
|
|
struct sLaikaV_vm vm;
|
2022-03-21 22:47:46 +00:00
|
|
|
};
|
|
|
|
|
|
2022-04-04 17:12:37 +00:00
|
|
|
inline void laikaB_unlock(struct sLaikaB_box *box) {
|
2022-03-21 22:47:46 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* safely free's allocated buffer using libsodium's api for clearing sensitive data from memory */
|
2022-04-04 17:12:37 +00:00
|
|
|
inline void laikaB_lock(struct sLaikaB_box *box) {
|
2022-03-21 22:47:46 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
