MSI Afterburner file obfuscation
MSI Afterburner trivially obfuscates a couple config/definition files in their program folder used to define different models and the such. At a high level: Generate the CRC32 of MSIAfterburner.exe Use said CRC32 hash as the initial seed XOR a byte then rotate. Roughly: def rolling_xor(data, initial): state = initial result = bytearray(data) for idx in range(len(result)): # XOR with current keystream byte result[idx] ^= state & 0xFF # Update keystream state rotated = ror32(state, idx % 32) state = (idx + rotated) & 0xFFFFFFFF return bytes(result) The unobfuscated file should start with ; and a 3 letter extension such as OEM or DAT. ...