Hugging Face's logo

MattyMroz
/
oneocr

Model card Files
xet
Community
oneocr
File size: 2,697 Bytes 
ce847d4
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
import re

data = open(r"c:\Users\MattyMroz\Desktop\PROJECTS\ONEOCR\ocr_data\oneocr.dll", "rb").read()

# Find ALL BCrypt function occurrences
print("=== All BCrypt function references ===")
for m in re.finditer(b'BCrypt\w+', data):
    offset = m.start()
    name = m.group().decode('ascii')
    print(f"  [0x{offset:08x}] {name}")

# Search for BCryptGenerateSymmetricKey and BCryptImportKey specifically
print()
for fn in [b"BCryptGenerateSymmetricKey", b"BCryptImportKey", b"BCryptCreateHash"]:
    pos = data.find(fn)
    print(f"  {fn.decode()}: {'FOUND at 0x' + format(pos, '08x') if pos != -1 else 'NOT FOUND'}")

# Look for MAGIC_NUMBER constant value
print()
print("=== Looking for MAGIC_NUMBER = 1 constant context ===")
for pattern in [b"magic_number == MAGIC_NUMBER"]:
    pos = data.find(pattern)
    while pos != -1:
        # Dump wider context
        ctx_start = max(0, pos - 100)
        ctx_end = min(len(data), pos + 100)
        ctx = data[ctx_start:ctx_end]
        # Find strings in context
        for m in re.finditer(b'[\x20-\x7e]{4,}', ctx):
            print(f"  [0x{ctx_start + m.start():08x}] {m.group().decode('ascii')}")
        pos = data.find(pattern, pos + 1)
        if pos == -1:
            break

# Look at the region right around the crypto strings for more context
print()
print("=== Extended crypto region dump 0x02724b00-0x02724d00 ===")
for i in range(0x02724b00, 0x02724d00, 16):
    chunk = data[i:i+16]
    hex_part = " ".join(f"{b:02x}" for b in chunk)
    ascii_part = "".join(chr(b) if 32 <= b < 127 else "." for b in chunk)
    print(f"  {i:08x}: {hex_part:<48s}  {ascii_part}")

# Check for constant values near magic_number assertion - look for "1" as uint32
# Find the code that references the magic_number string
print()
print("=== Finding code references to Crypto.cpp ===")
crypto_path = b"C:\\__w\\1\\s\\CoreEngine\\Native\\ModelParser\\Crypto.cpp"
pos = data.find(crypto_path)
if pos != -1:
    # This is in the .rdata section. Find cross-references to this address
    # In x64, look for LEA instructions referencing this RVA
    print(f"  Crypto.cpp string at: 0x{pos:08x}")
    
    # Look for the "block length" being set - find 16 as a byte constant near BlockLength string
    print()
    print("=== Looking for block length values near crypto code ===")
    bl_str = data.find(b"B\x00l\x00o\x00c\x00k\x00L\x00e\x00n\x00g\x00t\x00h\x00")
    if bl_str != -1:
        print(f"  BlockLength wide string at: 0x{bl_str:08x}")
    ml_str = data.find(b"M\x00e\x00s\x00s\x00a\x00g\x00e\x00B\x00l\x00o\x00c\x00k\x00L\x00e\x00n\x00g\x00t\x00h\x00")
    if ml_str != -1:
        print(f"  MessageBlockLength wide string at: 0x{ml_str:08x}")