Flare-On Task 12 - string decoder

main.cpp

#include <stdio.h>
#include <windows.h>

#include <peconv.h>

#define EXE_PATH "Z:\\flare\\m.dll"

__int64 (__fastcall *ini_ctx)(BYTE *ctx, BYTE *key, int key_size) = nullptr;
__int64 (__fastcall *decrypt_buf)(BYTE *ctx, BYTE *in_buf, BYTE *out_buf, unsigned int size) = nullptr;

size_t decrypt_string(BYTE *key, unsigned int key_size, BYTE *buf, unsigned int buf_size)
{
    BYTE ctx[0x255] = { 0 };
    ini_ctx(ctx, key, 4u);
    const size_t out_len = decrypt_buf(ctx, buf, buf, buf_size);
    return out_len;
}

int main(int argc, char *argv[])
{
    size_t v_size = 0;
    BYTE *my_exe = peconv::load_pe_executable(EXE_PATH, v_size);//(BYTE*)LoadLibraryA(EXE_PATH);//
    if (!my_exe) {
        std::cerr << "Loading failed!\n";
        return -1;
    }

    ini_ctx = (__int64(__fastcall *)(BYTE *, BYTE *, int ))((ULONG_PTR)my_exe + 0x4010);
    decrypt_buf = (__int64(__fastcall *)(BYTE *, BYTE *, BYTE *, unsigned int ))((ULONG_PTR)my_exe + 0x4120);

    BYTE key[4] = { 0x77, 0x46, 0x8Fu, 7 };
    BYTE buf[] = { 0xB5u, 0x4A, 0xC8u, 0xB2u, 0x2C, 0xCBu, 0xBEu, 0xB, 0xDBu,0xBDu, 0x6C, 0};

    size_t res = decrypt_string(key, 4, buf, 0xB);
    if (!res) {
        std::cerr << "Decryption failed!\n";
        return -2;
    }
    std::cout << (char*)buf << "\n";
    return 0;
}