ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Mon Oct 26, 2020 3:25 am

All times are UTC




Post new topic  Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Mon Aug 24, 2020 7:24 pm 

Joined: Fri Aug 21, 2020 9:54 pm
Posts: 5
If I understand correctly clog is the defacto way to decompress. However in my case I need to first decrypt a chunk of the file and then decrypt it.

How can I do that with QuickBMS?

To be clear I cannot use the pattern

Quote:
encryption aes_128_cbc "\x32\x1F\x2A\xEE\xAA\x58\x4A\xB4\x9A\x6C\x9E\x09\xD5\x9E\x9C\x6F"
log MEMORY_FILE OFFSET SIZE
encryption "" ""


I have a custom decrypting function that is not supported in QuickBMS I am using a calldll function on a buffer loaded by log

Quote:
log NAME CHUNK_OFFSET CHUNK_SIZE 0 CHUNK_XSIZE
log NAME2 CHUNK_OFFSET CHUNK_SIZE 0 CHUNK_XSIZE
if ENCRYPTED != 0
calldll MEMORY_FILE100 "decryptAll" "tcc" RET AES_KEY NAME2 NAME CHUNK_SIZE
endif


How can I decompress the NAME buffer after decrypting?


Top
   
PostPosted: Mon Aug 24, 2020 9:31 pm 

Joined: Fri Aug 21, 2020 9:54 pm
Posts: 5
Ok I read the docs more carefully and solved my question

encryption calldll MEMORY_FILE100 "decryptAll" "tcc" RET AES_KEY #INPUT# #OUTPUT# #INPUT_SIZE#
log MEMORY_FILE OFFSET SIZE
encryption "" ""


Top
   
PostPosted: Mon Aug 24, 2020 9:57 pm 

Joined: Fri Aug 21, 2020 9:54 pm
Posts: 5
Now hitting another weird issue. The same code works with a simple calldll but NOT if the calldll is inside the encryption bit.

This works

log MEMORY_FILE10 OFFSET SIZE
log MEMORY_FILE11 OFFSET SIZE
calldll MEMORY_FILE100 "decryptAll" "tcc" RET AES_KEY MEMORY_FILE11 MEMORY_FILE10 SIZE

This does not

encryption calldll MEMORY_FILE100 "decryptAll" "tcc" RET AES_KEY #INPUT# #OUTPUT# #INPUT_SIZE#
log MEMORY_FILE10 OFFSET SIZE
encryption "" ""

I get a weird error that seems to be compiling related


- c_structs (20): "V" "50" "A7" "F4" "51" "V" "53" "65" "41" "7E" "V" "C3" "A4" "17" "1A" "V" "96" "5E" "27" "3A" "\"
Error: invalid command "V" or arguments -1 at line 488

The code works with the top calldll though

Here is the code I use

set MEMORY_FILE100 string "
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned long uint32_t;
#define RT \
\
V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
#define V(a,b,c,d) 0x##d##c##b##a
static const uint32_t RT0[256] = { RT };
#undef V
#define V(a,b,c,d) 0x##a##d##c##b
static const uint32_t RT1[256] = { RT };
#undef V
#define V(a,b,c,d) 0x##b##a##d##c
static const uint32_t RT2[256] = { RT };
#undef V
#define V(a,b,c,d) 0x##c##b##a##d
static const uint32_t RT3[256] = { RT };
#undef V
#undef RT
static uint8_t s_box[256] = {
// 0 1 2 3 4 5 6 7 8 9 a b c d e f
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, // 0
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, // 1
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, // 2
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, // 3
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, // 4
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, // 5
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, // 6
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, // 7
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, // 8
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, // 9
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, // a
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, // b
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, // c
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, // d
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, // e
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 };// f
static uint8_t inv_s_box[256] = {
// 0 1 2 3 4 5 6 7 8 9 a b c d e f
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, // 0
0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, // 1
0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, // 2
0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, // 3
0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, // 4
0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, // 5
0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, // 6
0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, // 7
0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, // 8
0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, // 9
0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, // a
0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, // b
0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, // c
0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, // d
0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, // e
0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d };// f
uint8_t rcon[] = { 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 };
void aes_key_expansion(uint8_t *key, uint8_t *w)
{
uint32_t *w32 = (uint32_t*)w;
for (uint8_t i = 0; i < 8; i++)
{
w32[i] = ((key[4 * i + 3] & 0x7) << 29) | (key[4 * i + 0] << 21) | (key[4 * i + 1] << 13) | (key[4 * i + 2] << 5) | (key[4 * i + 3] >> 3);
}
for (uint8_t i = 8; i < 60; i += 4)
{
if ((i % 8) == 0)
{
w[4 * i + 3] = s_box[w[4 * (i - 1) + 2]] ^ rcon[(i - 8) / 8];
w[4 * i + 2] = s_box[w[4 * (i - 1) + 1]];
w[4 * i + 1] = s_box[w[4 * (i - 1) + 0]];
w[4 * i + 0] = s_box[w[4 * (i - 1) + 3]];
}
else
{
w[4 * i + 3] = s_box[w[4 * (i - 1) + 3]];
w[4 * i + 2] = s_box[w[4 * (i - 1) + 2]];
w[4 * i + 1] = s_box[w[4 * (i - 1) + 1]];
w[4 * i + 0] = s_box[w[4 * (i - 1) + 0]];
}
w32[i] ^= w32[i - 8];
w32[i + 1] = w32[i] ^ w32[i + 1 - 8];
w32[i + 2] = w32[i + 1] ^ w32[i + 2 - 8];
w32[i + 3] = w32[i + 2] ^ w32[i + 3 - 8];
}
for (uint8_t l = 0; l < 7; l++)
{
for (int j = 0; j < 4; j++)
{
uint32_t temp = w32[l * 4 + j];
w32[l * 4 + j] = w32[4 * (14 - l) + j];
w32[4 * (14 - l) + j] = temp;
}
}
for (uint8_t l = 1; l < 14; l++)
{
for (uint8_t i = 0; i < 4; i++)
{
w32[l * 4 + i] = RT3[s_box[w[l * 16 + i * 4 + 0]]] ^ RT2[s_box[w[l * 16 + i * 4 + 1]]] ^ RT1[s_box[w[l * 16 + i * 4 + 2]]] ^ RT0[s_box[w[l * 16 + i * 4 + 3]]];
}
}
}
#define LOWORD(x) (*((uint16_t*)&(x))) // low word
uint8_t LOBYTE(uint32_t val) { return val & 0xFF; };
uint8_t BYTE1(uint32_t val) { return (val >> 8) & 0xFF; };
uint8_t BYTE2(uint32_t val) { return (val >> 16) & 0xFF; };
uint8_t HIBYTE(uint32_t val) { return (val >> 24) & 0xFF; };
uint32_t decrypt16(uint32_t* key, uint8_t *a3, uint8_t *a4)
{
int v11; // edx
uint32_t v12; // ebx
uint32_t v13; // edx
uint32_t v14; // ST18_4
uint32_t v15; // ecx
int v16; // ebx
uint32_t v17; // edx
uint32_t v18; // ebx
uint32_t v19; // ST14_4
uint32_t v20; // ecx
int v21; // edx
uint32_t v22; // ebx
uint32_t v23; // edx
uint32_t v24; // ST18_4
uint32_t v25; // ecx
uint32_t v26; // ebx
uint32_t v27; // ST14_4
int v28; // edx
uint32_t v29; // ebx
uint32_t v30; // edx
uint32_t v31; // ST18_4
uint32_t v32; // ecx
int v33; // ebx
uint32_t v34; // edx
uint32_t v35; // ebx
uint32_t v36; // ST14_4
uint32_t v37; // ecx
int v38; // edx
uint32_t v39; // ebx
uint32_t v40; // edx
uint32_t v41; // ecx
uint32_t v42; // esi
uint32_t v43; // ebx
uint32_t v44; // edi
uint32_t v45; // edx
int v46; // eax
int v47; // ecx
uint32_t v49; // ST18_4
uint32_t v50; // ebx
uint32_t v51; // esi
uint32_t v52; // edx
int v53; // eax
uint32_t v54; // edi
uint32_t v55; // eax
int v56; // ecx
int v57; // eax
uint32_t v58; // esi
uint32_t v59; // ST18_4
uint32_t v60; // ebx
uint32_t v61; // edx
uint32_t v62; // eax
uint32_t v63; // eax
int v64; // ecx
int v65; // eax
uint32_t *v66; // ebp
uint32_t v67; // ecx
uint32_t v68; // ecx
uint32_t v69; // ecx
uint32_t v70; // ecx
uint32_t result; // eax
uint32_t v72; // [esp+10h] [ebp-10h]
uint32_t v73; // [esp+14h] [ebp-Ch]
uint32_t v75; // [esp+24h] [ebp+4h]
uint32_t v76; // [esp+24h] [ebp+4h]
uint32_t v77; // [esp+24h] [ebp+4h]
uint32_t v78; // [esp+24h] [ebp+4h]
uint32_t v79; // [esp+24h] [ebp+4h]
uint32_t v80; // [esp+2Ch] [ebp+Ch]
uint32_t v81; // [esp+2Ch] [ebp+Ch]
uint32_t v82; // [esp+2Ch] [ebp+Ch]
uint32_t v83; // [esp+2Ch] [ebp+Ch]
uint32_t v84; // [esp+2Ch] [ebp+Ch]
uint32_t v5 = *key ^ a3[3] ^ ((a3[2] ^ ((a3[1] ^ (*a3 << 8)) << 8)) << 8);
int v6 = a3[9];
uint32_t v74 = key[1] ^ a3[7] ^ ((a3[6] ^ ((a3[5] ^ (a3[4] << 8)) << 8)) << 8);
uint32_t v7 = key[2] ^ a3[11] ^ ((a3[10] ^ ((v6 ^ (a3[8] << 8)) << 8)) << 8);
uint32_t v8 = key[3] ^ a3[15] ^ ((a3[14] ^ ((a3[13] ^ (a3[12] << 8)) << 8)) << 8);
uint32_t v9 = key[4] ^ RT3[v74&0xff] ^ RT0[v5 >> 24] ^ RT2[(uint16_t)(*((uint16_t *)key + 4) ^ a3[11] ^ (uint16_t)((a3[10] ^ (uint16_t)(((uint16_t)v6 ^ (uint16_t)(a3[8] << 8)) << 8)) << 8)) >> 8] ^ RT1[BYTE2(v8)];
a3[10];
v80 = key[5] ^ RT3[(uint8_t)(*((uint8_t*)key + 8) ^ a3[11])] ^ RT0[v74 >> 24] ^ RT1[BYTE2(v5)] ^ RT2[BYTE1(v8)];
uint32_t v10 = key[6] ^ RT3[(uint8_t)v8] ^ RT0[v7 >> 24] ^ RT2[BYTE1(v5)] ^ RT1[BYTE2(v74)];
v11 = RT0[v8 >> 24] ^ RT2[BYTE1(v74)] ^ RT1[BYTE2(v7)];
v12 = v10;
v13 = key[7] ^ RT3[(uint8_t)v5] ^ v11;
v14 = key[8] ^ RT3[(uint8_t)v80] ^ RT0[v9 >> 24] ^ RT2[BYTE1(v12)] ^ RT1[BYTE2(v13)];
v75 = key[9] ^ RT3[(uint8_t)v10] ^ RT0[v80 >> 24] ^ RT1[BYTE2(v9)] ^ RT2[BYTE1(v13)];
v15 = key[10] ^ RT3[(uint8_t)v13] ^ RT0[v10 >> 24] ^ RT2[BYTE1(v9)] ^ RT1[BYTE2(v80)];
v16 = RT0[v13 >> 24] ^ RT2[BYTE1(v80)] ^ RT1[BYTE2(v12)];
v17 = v15;
v18 = key[11] ^ RT3[(uint8_t)v9] ^ v16;
v19 = key[12] ^ RT3[(uint8_t)v75] ^ RT0[v14 >> 24] ^ RT2[BYTE1(v17)] ^ RT1[BYTE2(v18)];
v81 = key[13] ^ RT3[(uint8_t)v15] ^ RT0[v75 >> 24] ^ RT1[BYTE2(v14)] ^ RT2[BYTE1(v18)];
v20 = key[14] ^ RT3[(uint8_t)v18] ^ RT0[v15 >> 24] ^ RT2[BYTE1(v14)] ^ RT1[BYTE2(v75)];
v21 = RT0[v18 >> 24] ^ RT2[BYTE1(v75)] ^ RT1[BYTE2(v17)];
v22 = v20;
v23 = key[15] ^ RT3[(uint8_t)v14] ^ v21;
v24 = key[16] ^ RT3[(uint8_t)v81] ^ RT0[v19 >> 24] ^ RT2[BYTE1(v22)] ^ RT1[BYTE2(v23)];
v76 = key[17] ^ RT3[(uint8_t)v20] ^ RT0[v81 >> 24] ^ RT1[BYTE2(v19)] ^ RT2[BYTE1(v23)];
v25 = key[18] ^ RT3[(uint8_t)v23] ^ RT0[v20 >> 24] ^ RT2[BYTE1(v19)] ^ RT1[BYTE2(v81)];
v26 = key[19] ^ RT3[(uint8_t)v19] ^ RT0[v23 >> 24] ^ RT2[BYTE1(v81)] ^ RT1[BYTE2(v22)];
v27 = key[20] ^ RT3[(uint8_t)v76] ^ RT0[v24 >> 24] ^ RT2[BYTE1(v25)] ^ RT1[BYTE2(v26)];
v82 = key[21] ^ RT3[(uint8_t)v25] ^ RT0[v76 >> 24] ^ RT1[BYTE2(v24)] ^ RT2[BYTE1(v26)];
v28 = RT0[v26 >> 24] ^ RT2[BYTE1(v76)] ^ RT1[BYTE2(v25)];
v29 = key[22] ^ RT3[(uint8_t)v26] ^ RT0[v25 >> 24] ^ RT2[BYTE1(v24)] ^ RT1[BYTE2(v76)];
v30 = key[23] ^ RT3[(uint8_t)v24] ^ v28;
v31 = key[24] ^ RT3[(uint8_t)v82] ^ RT0[v27 >> 24] ^ RT2[BYTE1(v29)] ^ RT1[BYTE2(v30)];
v77 = key[25] ^ RT3[(uint8_t)v29] ^ RT0[v82 >> 24] ^ RT1[BYTE2(v27)] ^ RT2[BYTE1(v30)];
v32 = key[26] ^ RT3[(uint8_t)v30] ^ RT0[v29 >> 24] ^ RT2[BYTE1(v27)] ^ RT1[BYTE2(v82)];
v33 = RT0[v30 >> 24] ^ RT2[BYTE1(v82)] ^ RT1[BYTE2(v29)];
v34 = v32;
v35 = key[27] ^ RT3[(uint8_t)v27] ^ v33;
v36 = key[28] ^ RT3[(uint8_t)v77] ^ RT0[v31 >> 24] ^ RT2[BYTE1(v34)] ^ RT1[BYTE2(v35)];
v83 = key[29] ^ RT3[(uint8_t)v32] ^ RT0[v77 >> 24] ^ RT1[BYTE2(v31)] ^ RT2[BYTE1(v35)];
v37 = key[30] ^ RT3[(uint8_t)v35] ^ RT0[v32 >> 24] ^ RT2[BYTE1(v31)] ^ RT1[BYTE2(v77)];
v38 = RT0[v35 >> 24] ^ RT2[BYTE1(v77)] ^ RT1[BYTE2(v34)];
v39 = v37;
v40 = key[31] ^ RT3[(uint8_t)v31] ^ v38;
v78 = key[33] ^ RT3[(uint8_t)v37] ^ RT0[v83 >> 24] ^ RT1[BYTE2(v36)] ^ RT2[BYTE1(v40)];
v41 = key[34] ^ RT3[(uint8_t)v40] ^ RT0[v37 >> 24] ^ RT2[BYTE1(v36)] ^ RT1[BYTE2(v83)];
v42 = key[32] ^ RT3[(uint8_t)v83] ^ RT0[v36 >> 24] ^ RT2[BYTE1(v39)] ^ RT1[BYTE2(v40)];
v43 = key[35] ^ RT3[(uint8_t)v36] ^ RT0[v40 >> 24] ^ RT2[BYTE1(v83)] ^ RT1[BYTE2(v39)];
v84 = key[36] ^ RT3[(uint8_t)v78] ^ RT0[v42 >> 24] ^ RT2[BYTE1(v41)] ^ RT1[BYTE2(v43)];
v44 = key[37] ^ RT3[(uint8_t)v41] ^ RT0[v78 >> 24] ^ RT1[BYTE2(v42)] ^ RT2[BYTE1(v43)];
v73 = key[37] ^ RT3[(uint8_t)v41] ^ RT0[v78 >> 24] ^ RT1[BYTE2(v42)] ^ RT2[BYTE1(v43)];
v45 = v41 >> 16;
v46 = (uint8_t)v43;
v43 >>= 24;
v72 = key[38] ^ RT3[v46] ^ RT0[v41 >> 24] ^ RT2[BYTE1(v42)] ^ RT1[BYTE2(v78)];
v47 = key[39] ^ RT3[(uint8_t)v42] ^ RT0[v43] ^ RT2[BYTE1(v78)] ^ RT1[BYTE2(v41)];
v79 = key[39] ^ RT3[(uint8_t)v42] ^ RT0[v43] ^ RT2[BYTE1(v78)] ^ RT1[(uint8_t)v45];
v49 = key[41] ^ RT3[(uint8_t)v72] ^ RT0[v44 >> 24] ^ RT1[BYTE2(v84)] ^ RT2[BYTE1(v79)];
v50 = key[42] ^ RT3[(uint8_t)v79] ^ RT0[v72 >> 24] ^ RT2[BYTE1(v84)] ^ RT1[BYTE2(v44)];
v51 = key[40] ^ RT3[(uint8_t)v44] ^ RT0[v84 >> 24] ^ RT2[BYTE1(v72)] ^ RT1[BYTE2(v47)];
v52 = key[43] ^ RT3[(uint8_t)v84] ^ RT0[v79 >> 24] ^ RT2[BYTE1(v44)] ^ RT1[BYTE2(v72)];
v53 = key[43] ^ RT3[(uint8_t)v84] ^ RT0[v79 >> 24] ^ RT2[BYTE1(v44)] ^ RT1[BYTE2(v72)];
v84 = key[44] ^ RT3[(uint8_t)v49] ^ RT0[v51 >> 24] ^ RT2[(uint16_t)(*((uint16_t *)key + 84) ^ LOWORD(RT3[(uint8_t)v79]) ^ LOWORD(RT0[v72 >> 24]) ^ LOWORD(RT2[BYTE1(v84)]) ^ LOWORD(RT1[BYTE2(v44)])) >> 8] ^ RT1[(uint8_t)(v52 >> 16)];
v54 = key[45] ^ RT3[(uint8_t)v50] ^ RT0[v49 >> 24] ^ RT1[BYTE2(v51)] ^ RT2[BYTE1(v53)];
v73 = key[45] ^ RT3[(uint8_t)v50] ^ RT0[v49 >> 24] ^ RT1[BYTE2(v51)] ^ RT2[BYTE1(v53)];
v55 = v50 >> 24;
v50 >>= 16;
v56 = RT0[v55] ^ RT2[BYTE1(v51)] ^ RT1[BYTE2(v49)];
v57 = (uint8_t)v52;
v52 >>= 24;
v72 = key[46] ^ RT3[v57] ^ v56;
v47 = key[47] ^ RT3[(uint8_t)v51] ^ RT0[v52] ^ RT2[BYTE1(v49)] ^ RT1[(uint8_t)v50];
v79 = key[47] ^ RT3[(uint8_t)v51] ^ RT0[v52] ^ RT2[BYTE1(v49)] ^ RT1[(uint8_t)v50];
v58 = key[48] ^ RT3[(uint8_t)v54] ^ RT0[v84 >> 24] ^ RT2[BYTE1(v72)] ^ RT1[BYTE2(v47)];
v59 = key[49] ^ RT3[(uint8_t)v72] ^ RT0[v54 >> 24] ^ RT1[BYTE2(v84)] ^ RT2[BYTE1(v79)];
v60 = key[50] ^ RT3[(uint8_t)v79] ^ RT0[v72 >> 24] ^ RT2[BYTE1(v84)] ^ RT1[BYTE2(v54)];
v61 = key[51] ^ RT3[(uint8_t)v84] ^ RT0[v79 >> 24] ^ RT2[BYTE1(v54)] ^ RT1[BYTE2(v72)];
v62 = v61 >> 8;
v84 = key[52] ^ RT3[(uint8_t)v59] ^ RT0[v58 >> 24] ^ RT2[(uint16_t)(*((uint16_t *)key + 100) ^ LOWORD(RT3[(uint8_t)v79]) ^ LOWORD(RT0[v72 >> 24]) ^ LOWORD(RT2[BYTE1(v84)]) ^ LOWORD(RT1[BYTE2(v54)])) >> 8] ^ RT1[(uint8_t)(v61 >> 16)];
v73 = key[53] ^ RT3[(uint8_t)v60] ^ RT0[v59 >> 24] ^ RT1[BYTE2(v58)] ^ RT2[(uint8_t)v62];
v63 = v60 >> 24;
v60 >>= 16;
v64 = RT0[v63] ^ RT2[BYTE1(v58)] ^ RT1[BYTE2(v59)];
v65 = (uint8_t)v61;
v61 >>= 24;
v72 = key[54] ^ RT3[v65] ^ v64;
v47 = key[55] ^ RT3[(uint8_t)v58] ^ RT0[v61] ^ RT2[BYTE1(v59)] ^ RT1[(uint8_t)v60];
v79 = key[55] ^ RT3[(uint8_t)v58] ^ RT0[v61] ^ RT2[BYTE1(v59)] ^ RT1[(uint8_t)v60];
v66 = &key[4 * 14];
v67 = *v66 ^ LOBYTE(inv_s_box[(uint8_t)v73]) ^ (0x01010101 * inv_s_box[v84 >> 24]) & 0xFF000000 ^ (0x01010101 * inv_s_box[BYTE1(v72)]) & 0xFF00 ^ (0x01010101 * inv_s_box[BYTE2(v47)]) & 0xFF0000;
a4[3] = v67;
*a4 = HIBYTE(v67);
a4[1] = BYTE2(v67);
a4[2] = BYTE1(v67);
v68 = v66[1] ^ LOBYTE(inv_s_box[(uint8_t)v72]) ^ (0x01010101 * inv_s_box[v73 >> 24]) & 0xFF000000 ^ (0x01010101 * inv_s_box[BYTE1(v79)]) & 0xFF00 ^ (0x01010101 * inv_s_box[BYTE2(v84)]) & 0xFF0000;
a4[7] = *((uint8_t *)v66 + 4) ^ LOBYTE(inv_s_box[(uint8_t)v72]);
a4[4] = HIBYTE(v68);
a4[5] = BYTE2(v68);
a4[6] = BYTE1(v68);
v69 = v66[2] ^ LOBYTE(inv_s_box[(uint8_t)v79]) ^ (0x01010101 * inv_s_box[v72 >> 24]) & 0xFF000000 ^ (0x01010101 * inv_s_box[BYTE1(v84)]) & 0xFF00 ^ (0x01010101 * inv_s_box[BYTE2(v73)]) & 0xFF0000;
a4[11] = *((uint8_t *)v66 + 8) ^ LOBYTE(inv_s_box[(uint8_t)v79]);
a4[8] = HIBYTE(v69);
a4[9] = BYTE2(v69);
a4[10] = BYTE1(v69);
v70 = v66[3] ^ LOBYTE(inv_s_box[(uint8_t)v84]) ^ (0x01010101 * inv_s_box[v79 >> 24]) & 0xFF000000 ^ (0x01010101 * inv_s_box[BYTE1(v73)]) & 0xFF00 ^ (0x01010101 * inv_s_box[BYTE2(v72)]) & 0xFF0000;
a4[15] = *((uint8_t *)v66 + 12) ^ LOBYTE(inv_s_box[(uint8_t)v84]);
a4[12] = HIBYTE(v70);
a4[13] = BYTE2(v70);
result = v70 >> 8;
a4[14] = BYTE1(v70);
return result;
}
void decryptAll(uint8_t* key, uint8_t *inBuffer, uint8_t *outBuffer, uint32_t size)
{
uint8_t w[240];
aes_key_expansion(key, w);
uint32_t paddedLength = 16 * ((size + 15) >> 4);
uint8_t* tempEncrypted = (uint8_t*) malloc( paddedLength );
memcpy(tempEncrypted, inBuffer, size);
uint8_t* tempDecrypted = (uint8_t*) malloc( paddedLength );
for (uint32_t i = 0; i < paddedLength / 16; i++)
{
decrypt16((uint32_t*)w, &tempEncrypted[i * 16], &tempDecrypted[i * 16]);
}
memcpy(outBuffer,tempDecrypted, size);
free( tempDecrypted );
free( tempEncrypted );
}"


Top
   
PostPosted: Mon Aug 24, 2020 10:04 pm 

Joined: Fri Aug 21, 2020 9:54 pm
Posts: 5
Ok found the issue, you need different quotes when used with encryption

encryption calldll "MEMORY_FILE100 decryptAll tcc RET AES_KEY #INPUT# #OUTPUT# #INPUT_SIZE#"


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 4 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited