MSI Afterburner trivially obfuscates a couple config/definition files in their program folder used to define different models and the such.
At a high level:
- Generate the CRC32 of MSIAfterburner.exe
- Use said CRC32 hash as the initial seed
- XOR a byte then rotate.
Roughly:
def rolling_xor(data, initial):
state = initial
result = bytearray(data)
for idx in range(len(result)):
# XOR with current keystream byte
result[idx] ^= state & 0xFF
# Update keystream state
rotated = ror32(state, idx % 32)
state = (idx + rotated) & 0xFFFFFFFF
return bytes(result)
The unobfuscated file should start with ; and a 3 letter extension such as OEM or DAT.
Have fun.