====================================================================== Encryption/Obfuscation ====================================================================== Windows 1.x - 2.x Chained XOR. To decrypt, XOR the nth byte with the key, XOR the key with that decrypted byte and repeat until the EOF mark is hit. Initial key is the integer 77. Windows 3.0 Same as the above, except for the addition of a length word (stop decrypting once that number of bytes are decrypted). Same Initial key of 77. Key is 8 bits long so it can be easily brute forced, however finding the encrypted data is much harder than cracking the key. The key is in the decryption code. ====================================================================== Windows 1.0 ====================================================================== Very well hidden. Encrypted data located at the end of bitmap 1, even if the bitmap gets found (http://toastytech.com/guis/misc.html) the encrypted data won't. Functions given very misleading names and symbols for Easter egg data stripped. Double click on the ListBox to get smiley face background. 1.xx Keystrokes: Unknown... at least for now. Decrypted: https://pastebin.com/raw/UMXGjhUy Info: Not easy to reverse/understand. Patch 2 bytes instead. 1.01 - 1.03 Keystrokes: Alt down, Esc down, Alt up, Esc up, Esc, Esc, Backspace Decrypted: https://pastebin.com/raw/MDhyFk6J 1.04 Keystrokes: Alt down, Esc down, Alt up, Esc up, Esc, Esc, Backspace Decrypted: https://pastebin.com/raw/b83GHvK5 ====================================================================== Windows 2.x ====================================================================== Almost the same as Windows 1.x. The strings may have been too long so Microsoft's encryption tool failed to encrypt all bytes of it, leaving the first few bytes cut off. 2.01 (386) Keystrokes: F1, F5, F9, F4, Backspace Decrypted: https://pastebin.com/raw/tDq267FG 2.03 Keystrokes: F1, F5, F9, F4, Backspace Decrypted: https://pastebin.com/raw/Tf3EMrQZ 2.03 (386) Keystrokes: F1, F5, F9, F4, Backspace Decrypted: https://pastebin.com/raw/CUMMY0r3 2.10 - 2.11 (286/386) Keystrokes: F1, F5, F9, F4, Backspace Decrypted: https://pastebin.com/raw/Qd77UNxN ====================================================================== Windows 3.x ====================================================================== In build 55 the data might've been plaintext in resource 1 of the type "crstrs" (credit strings). That resource is not in build 55's user.exe itself unfortunately. Later builds store the encrypted data inside the "BITNAP" resource 1. It can be found very easily and the attempt to trick people into thinking that it's "BITMAP" failed. 3.0 build 55 Keystrokes: F8, F4, F8, F4, Backspace Decrypted: N/A Info: Code for Easter egg is there but no data ("crstrs" 1) sadly. 3.0 RC2 - RC6 Keystrokes: W, I, N, 3, F3 down, Backspace Decrypted: https://pastebin.com/raw/ZwesMg7g 3.0 Keystrokes: W, I, N, 3, F3 down, Backspace Decrypted: https://pastebin.com/raw/44xRbVpP