// Borland C++ V3.1 - UnforgiveN - I.C.A , mailto :icagrp@bigfoot.com

#include <stdio.h>
#include <stdlib.h>
#include <dos.h>
#include <io.h>
#include <fcntl.h>
#include <sys\stat.h>
#include <sys\timeb.h>
#include <conio.h>
#include <string.h>
#include <mem.h>

#define MIN 10
#define MAX 1


void main(int argc,char *argv[])
{
   int fh1,fh2;
   unsigned char *buffer;
   unsigned char header[32],xorb,versionflag=0,rolb;
   unsigned long filepos,base;
   unsigned int  decrease,dcfrom,dcto,i;
   unsigned int  j,xor,offs;
   struct timeb filet;

   textmode(BW80);
   textmode(C80);
   i=strlen(argv[0]);
   while(argv[0][i]!='\\') i--;
   i++;
   strcpy(header,&argv[0][i]);
   if(strcmpi(header,"CCUICA.COM"))
   {
	 printf("\nRename this file to CCUICA.COM to run ...\n");
	 exit(0);
   }

   clrscr();
   printf("Copy Control Shell Protection Remover.\n\n");
   printf("Version  : %-1d.%-2d\n",MAX,MIN);
   printf("CopyLeft : Un4giv3N - I.C.A\n");
   printf("Contact  : icagrp@bigfoot.com\n");
   if (argc<2)
   {
	  printf("\nUsage : CCUICA <File Name>\n");
	  exit(0);
   }

   chmod(argv[1],S_IREAD | S_IWRITE);
   fh1=open(argv[1],O_RDWR | O_BINARY,S_IREAD|S_IWRITE );
   if (fh1<1)
   {
	 printf("\nError : Couldn't Open Input File.\n");
     exit(0);
   }
   buffer = (unsigned char *) malloc(0x1000);
   if (buffer==NULL)
   {
     printf("\n Error : Not enough memory to run.\n");
     close(fh1);
   }
   getftime(fh1,&filet);
   read(fh1,header,30);
   if (strnicmp(&header[0],"MZ",2))
   {
       printf("\nError : Only DOS-EXE supported in this version.\n");
       close(fh1);
       exit(0);
   }
   filepos = (*(unsigned int *)(header+0x16) +
   *(unsigned int *)(header+8)) * 0x10L + *(unsigned int *)(header+0x14) ;
   lseek(fh1,filepos,SEEK_SET);
   read(fh1,buffer,0x20);
   if (!memcmp(buffer,"\x8B\xEC\x50\xBF",4))
   {
	  versionflag++;
	  lseek(fh1,filepos+2L,SEEK_SET);
	  read(fh1,buffer,0x20);
   }

   decrease=*(unsigned int *) (header+0x14) - *(unsigned int *) (buffer+2);
   buffer[2]=buffer[3]=buffer[7]=buffer[8]='\0';
   buffer[12]=buffer[13]=buffer[14]=buffer[18]='\0';
   buffer[19]=buffer[20]=buffer[21]='\0';
   if(memcmp(buffer,"\x50\xBF\0\0\x2E\x8C\x06\0\0\x2E\xC6\x06\0\0\0",15))
   {
		 printf("\nError : CopyControl Signature not found. \n");
		 close(fh1);
		 exit(0);
   }
   if(versionflag)
	  printf("\nCopyControl Version > 3.01 Detected ...\n");

   filepos=filepos-(unsigned long) decrease;
   lseek(fh1,filepos,SEEK_SET);
   read(fh1,buffer,0x20);
   printf("\nShell Specification");
   printf("\n-------------------");
   printf("\nCopy Control Version : %01d.%02d",buffer[0],buffer[1]);
   xor=*(unsigned int * ) (buffer+5);
   printf("\nChild Serial Number  : %-5u",xor);
   printf("\nMaster Serial Number : %-5u",*(unsigned int * ) (buffer+30));
   printf("\nShell Product Code   : %-8s\n",&buffer[7]);

   lseek(fh1,127L,SEEK_CUR);
   read(fh1,buffer,0x300);
   if (*(unsigned int *)(buffer)!=1792)
   {
	   printf("\nError : Unshell is not Supported !");
	   close(fh1);
	   exit(0);
   }
   xor=xor&255;
   printf("File is Crypted By   : 0x%02X\n\n",xor);
   printf("Please Wait , Unshell in progress...");
   i=0;
   offs=1;
   base = *(unsigned int *)(header+8) * 0x10L ;
   while (offs!=0)
   {
	  dcfrom = *(unsigned int *) (buffer+2+i*4);
	  dcto   = *(unsigned int *) (buffer+4+i*4);
	  if (!dcfrom) offs=0;
	  else
	  {
	     rolb=xor+i;
	     if (versionflag)
	     {
		rolb=rolb|1;
		asm push cx
		asm push dx
		asm mov  dx,dcfrom
		asm xor  cx,cx
		asm mov  cl,rolb
		asm rol  dx,cl
		asm mov  dcfrom,dx

		asm mov  dx,dcto
		asm xor  cx,cx
		asm mov  cl,rolb
		asm ror  dx,cl
		asm mov  dcto,dx
		asm pop  dx
		asm pop  cx
		j=dcfrom;
		dcfrom=dcto;
		dcto=j;
	     }

	    offs=dcto-dcfrom;
	    filepos=base+(unsigned long) dcfrom;
	    lseek(fh1,filepos,SEEK_SET);
	    read(fh1,buffer+0x310,offs);
	    xorb=xor;
	    for(j=0;j<offs;j++)
	    {
		buffer[0x310+j]=buffer[0x310+j]^xorb;
	    }
	    lseek(fh1,filepos,SEEK_SET);
	    write(fh1,buffer+0x310,offs);
	 }
	 i++;
   }
   i=i*4+1;
   filepos = (*(unsigned int *)(header+0x16) +
   *(unsigned int *)(header+8)) * 0x10L + 50L;
   chsize(fh1,filepos);
   filepos=lseek(fh1,0L,SEEK_END);
   *(unsigned *)(header + 0x2) = (unsigned) (filepos % 0x200L);
   *(unsigned *)(header + 0x4) = (unsigned) (filepos / 0x200L)+1;

   header[0x14]=buffer[i  ]^xor;
   header[0x15]=buffer[i+1]^xor;
   header[0x16]=buffer[i+2]^xor;
   header[0x17]=buffer[i+3]^xor;
   header[0x0E]=buffer[i+21]^xor;
   header[0x0F]=buffer[i+22]^xor;
   header[0x10]=buffer[i+23]^xor;
   header[0x11]=buffer[i+24]^xor;
   lseek(fh1,0L,SEEK_SET);
   write(fh1,header,30);
   strcpy(buffer,"CopyControl UNSHELL by CCUICA - Un4giv3N - I.C.A      ");
   lseek(fh1,-50L,SEEK_END);
   write(fh1,buffer,50);
   setftime(fh1,&filet);
   close(fh1);
   printf("\rSHELL removed !                             \n \
	\nFeel Free to send your comments to us.\n");
   free(buffer);
   return;
}