Skip to content

Commit

Permalink
extractUpdaterFromExe
Browse files Browse the repository at this point in the history
  • Loading branch information
@Azq2
Azq2 committed Aug 23, 2024
1 parent f967a45 commit 65c591f
Showing 1 changed file with 29 additions and 2 deletions.
31 changes: 29 additions & 2 deletions src/exe.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,22 @@ export function extractFromExe(buffer) {
return false;
}

export function extractUpdaterFromExe(buffer) {
switch (detectExeType(buffer)) {
case "update":
debug('Detected type: xbi update (SAG_UDT)');
return extractFromUpdateExe(buffer, true);

case "service":
debug('Detected type: xbi service (SAG_JK_WH)');
let exeFormatVersion = detectServiceExeVersion(buffer);
debug(`exeFormatVersion=${exeFormatVersion}`);
return extractFromServiceExe(buffer, exeFormatVersion, true);
}
debug('Unknown type of EXE!');
return false;
}

function detectServiceExeVersion(buffer) {
for (let ptr of SERVICE_EXE_VERSIONS) {
let offset = buffer.length - SAG_JK_WH.length - 5;
Expand All @@ -54,7 +70,7 @@ function detectServiceExeVersion(buffer) {
}

// From WinSwup
function extractFromServiceExe(buffer, version) {
function extractFromServiceExe(buffer, version, extractExe = false) {
let blocks = [];
let offset;
let size;
Expand Down Expand Up @@ -103,6 +119,12 @@ function extractFromServiceExe(buffer, version) {
debug(`cipherKeyLength=${cipherKeyLength}`);
}

if (extractExe) {
let minOffset = Math.min(...blocks.filter((b) => b.size > 0).map((b) => b.offset));
debug(`Updater exe size: ${minOffset}`);
return Buffer.from(buffer.subarray(0, minOffset));
}

// Extract blocks
let payloads = [];
for (let i = 0; i < blocks.length; i++) {
Expand Down Expand Up @@ -130,7 +152,7 @@ function readBits(ptr) {
return Number(result);
}

function extractFromUpdateExe(buffer) {
function extractFromUpdateExe(buffer, extractExe = false) {
let aes = findAesKeys(buffer) || findAesKeysV2(buffer);
if (!aes) {
debug("Can't find AES KEY & IV in exe!");
Expand Down Expand Up @@ -162,6 +184,11 @@ function extractFromUpdateExe(buffer) {
return false;
}

if (extractExe) {
debug(`Updater exe size: ${payloadOffset}`);
return Buffer.from(buffer.subarray(0, payloadOffset));
}

let payload = buffer.slice(payloadOffset, payloadOffset + payloadSize);
let signTime = payload.readUInt32BE(0);
let signSize = payload.readUInt32BE(4);
Expand Down

0 comments on commit 65c591f

Please sign in to comment.