1+ using System ;
2+ using System . Collections . Generic ;
3+ using System . Diagnostics ;
4+ using System . IO ;
5+ using System . Linq ;
6+ using System . Reflection ;
7+ using System . Runtime . InteropServices ;
8+ using System . Security . Cryptography ;
9+ using System . Text ;
10+ using System . Text . RegularExpressions ;
11+ using System . Threading . Tasks ;
12+ using System . Windows . Forms ;
13+
14+ LicensePacker
15+ {
16+ static class Program
17+ {
18+ static string ProgramToDecrypt = "DecME" ;
19+ static string IV = "THISISIV" ;
20+
21+ [ DllImport ( "kernel32.dll" , SetLastError = true ) ]
22+ private static extern bool IsDebuggerPresent ( ) ;
23+
24+ [ DllImport ( "kernel32.dll" , SetLastError = true ) ]
25+ private static extern void CheckRemoteDebuggerPresent ( IntPtr Handle , ref bool IsPresent ) ;
26+
27+ [ DllImport ( "kernel32.dll" , SetLastError = true ) ]
28+ private static extern bool CloseHandle ( IntPtr Handle ) ;
29+
30+ [ DllImport ( "kernel32.dll" , SetLastError = true ) ]
31+ private static extern IntPtr GetModuleHandle ( string lib ) ;
32+
33+ [ DllImport ( "kernel32.dll" , SetLastError = true ) ]
34+ private static extern IntPtr GetProcAddress ( IntPtr Module , string Function ) ;
35+
36+ [ DllImport ( "kernel32.dll" , SetLastError = true ) ]
37+ private static extern bool WriteProcessMemory ( IntPtr ProcHandle , IntPtr BaseAddress , byte [ ] Buffer , uint size , int NumOfBytes ) ;
38+ private static string TqMIJUcgsXjVgxqJ ( string DataToDecrypt , string KeyToDecryptWith , string IVKeyToDecryptWith )
39+ {
40+ byte [ ] data = Convert . FromBase64String ( DataToDecrypt ) ;
41+ using ( SHA256CryptoServiceProvider SHA256 = new SHA256CryptoServiceProvider ( ) )
42+ {
43+ byte [ ] keys = SHA256 . ComputeHash ( UTF8Encoding . UTF8 . GetBytes ( KeyToDecryptWith ) ) ;
44+ using ( AesCryptoServiceProvider AES = new AesCryptoServiceProvider ( ) { Key = keys , Mode = CipherMode . CBC , Padding = PaddingMode . PKCS7 } )
45+ {
46+ string initVector = IVKeyToDecryptWith ;
47+ byte [ ] initVectorBytes = Encoding . ASCII . GetBytes ( initVector ) ;
48+ AES . IV = initVectorBytes ;
49+ ICryptoTransform transform = AES . CreateDecryptor ( ) ;
50+ byte [ ] results = transform . TransformFinalBlock ( data , 0 , data . Length ) ;
51+ string Result = UTF8Encoding . UTF8 . GetString ( results ) ;
52+ return Result ;
53+ }
54+ }
55+ }
56+
57+ private static bool CloseHandleAntiDebug ( )
58+ {
59+ try
60+ {
61+ CloseHandle ( ( IntPtr ) 0xDEADC0DE ) ;
62+ return false ;
63+ }
64+ catch ( Exception ex )
65+ {
66+ if ( ex . Message == "External component has thrown an exception." )
67+ {
68+ return true ;
69+ }
70+ }
71+ return false ;
72+ }
73+
74+ [ STAThread ]
75+ static void Main ( )
76+ {
77+ try
78+ {
79+ bool IsPresent = false ;
80+ CheckRemoteDebuggerPresent ( Process . GetCurrentProcess ( ) . Handle , ref IsPresent ) ;
81+ if ( Debugger . IsAttached || IsDebuggerPresent ( ) || IsPresent || CloseHandleAntiDebug ( ) )
82+ {
83+ Environment . Exit ( 0 ) ;
84+ }
85+ else
86+ {
87+ if ( ! File . Exists ( Environment . CurrentDirectory + @"\SOS13" ) )
88+ {
89+ MessageBox . Show ( "Please Make a SOS13 file in the current program directory and enter the program license to it to continue." , "License Not Found" , MessageBoxButtons . OKCancel , MessageBoxIcon . Warning ) ;
90+ }
91+ else
92+ {
93+ IntPtr NtdllModule = GetModuleHandle ( "ntdll.dll" ) ;
94+ IntPtr DbgUiRemoteBreakinAddress = GetProcAddress ( NtdllModule , "DbgUiRemoteBreakin" ) ;
95+ IntPtr DbgUiConnectToDbgAddress = GetProcAddress ( NtdllModule , "DbgUiConnectToDbg" ) ;
96+ byte [ ] Int3InvaildCode = { 0xCC } ;
97+ WriteProcessMemory ( Process . GetCurrentProcess ( ) . Handle , DbgUiRemoteBreakinAddress , Int3InvaildCode , 6 , 0 ) ;
98+ WriteProcessMemory ( Process . GetCurrentProcess ( ) . Handle , DbgUiConnectToDbgAddress , Int3InvaildCode , 6 , 0 ) ;
99+ string License = File . ReadAllText ( Environment . CurrentDirectory + @"\SOS13" ) ;
100+ if ( string . IsNullOrEmpty ( License ) )
101+ {
102+ Environment . Exit ( 0 ) ;
103+ }
104+ else
105+ {
106+ StringBuilder NewLicense = new StringBuilder ( ) ;
107+ for ( int c = 0 ; c < License . Length ; c ++ )
108+ NewLicense . Append ( ( char ) ( ( uint ) License [ c ] ^ ( uint ) Convert . FromBase64String ( "decryptkeyencryption" ) [ c % 4 ] ) ) ;
109+ StringBuilder ROT13Encoding = new StringBuilder ( ) ;
110+ Regex regex = new Regex ( "[A-Za-z]" ) ;
111+ foreach ( char KSXZ in NewLicense . ToString ( ) )
112+ {
113+ if ( regex . IsMatch ( KSXZ . ToString ( ) ) )
114+ {
115+ int C = ( ( KSXZ & 223 ) - 52 ) % 26 + ( KSXZ & 32 ) + 65 ;
116+ ROT13Encoding . Append ( ( char ) C ) ;
117+ }
118+ }
119+ StringBuilder sb = new StringBuilder ( ) ; foreach ( char c in ROT13Encoding . ToString ( ) . ToCharArray ( ) ) { sb . Append ( Convert . ToString ( c , 2 ) . PadLeft ( 8 , '0' ) ) ; }
120+ var GetTextToHEX = Encoding . Unicode . GetBytes ( sb . ToString ( ) ) ;
121+ var BuildHEX = new StringBuilder ( ) ;
122+ foreach ( var FinalHEX in GetTextToHEX )
123+ {
124+ BuildHEX . Append ( FinalHEX . ToString ( "X2" ) ) ;
125+ }
126+ string HashedKey = UTF8Encoding . UTF8 . GetString ( MD5 . Create ( ) . ComputeHash ( UTF8Encoding . UTF8 . GetBytes ( BuildHEX . ToString ( ) ) ) ) ;
127+ HMACMD5 HMACMD = new HMACMD5 ( ) ;
128+ HMACMD . Key = UTF8Encoding . UTF8 . GetBytes ( "LXSO12" ) ;
129+ string HashedKey2 = UTF8Encoding . UTF8 . GetString ( HMACMD . ComputeHash ( UTF8Encoding . UTF8 . GetBytes ( HashedKey ) ) ) ;
130+ string DecryptedProgram = TqMIJUcgsXjVgxqJ ( ProgramToDecrypt , HashedKey2 . ToString ( ) , IV ) ;
131+ byte [ ] ProgramToRun = Convert . FromBase64String ( DecryptedProgram ) ;
132+ Assembly RunInMemory = Assembly . Load ( ProgramToRun ) ;
133+ RunInMemory . EntryPoint . Invoke ( null , null ) ;
134+ }
135+ }
136+ }
137+ }
138+ catch ( CryptographicException )
139+ {
140+ MessageBox . Show ( "Sorry, but looks like your license key are invalid." , "Error" , MessageBoxButtons . OKCancel , MessageBoxIcon . Error ) ;
141+ }
142+ }
143+ }
144+ }
0 commit comments