ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Thu Jan 21, 2021 1:35 am

All times are UTC




Post new topic  Reply to topic  [ 5 posts ] 
Author Message
 Post subject: call dll
PostPosted: Sun Dec 13, 2020 9:10 pm 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 333
I want to create this call dll function having some trouble with it.

Code:
  public static void Decrypt(
    ref byte[] data,
    int nStartOffset,
    int nSizeToDecrypt,
    char[] randomKey)
  {
    int oKey [16] = { 0x55, 0x52, 0x33, 0x48, 0x63, 0x6A, 0x37, 0x6E, 0x64, 0x68, 0x38, 0x59, 0x6E, 0x6F, 0x74, 0x39 };
    int num1 = 0;
    for (int index1 = nStartOffset; index1 < nStartOffset + nSizeToDecrypt; ++index1)
    {
      int index2 = num1 % oKey .Length;
      int index3 = num1 % randomKey.Length;
      byte num2 = (byte) ((uint) (byte) ((uint) data[index1] - (uint) (byte) randomKey[index3]) ^ (uint) (byte) oKey [index2]);
      data[index1] = num2;
      ++num1;
    }
  }


input should be

ref byte[] data, -- source file
int nStartOffset, -- 16
int nSizeToDecrypt, -- 64
char[] randomKey) -- first 16 bytes of the file

example

random key is E1 C9 16 93 99 04 7D 4F D5 43 28 57 E1 F4 DB 00
first few bytes of the file
DF E2 7D A3 DC

the function does this
(0xDF - 0xE1) ^ 0x55 = 0xAB
2nd byte
(0xE2 - 0xC9) ^ 0x52 = 0x4B


Top
   
 Post subject: Re: call dll
PostPosted: Mon Dec 14, 2020 1:58 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 11886
Code:
set MEMORY_FILE10 string "
typedef unsigned char   byte;
typedef unsigned int    uint;

void Decrypt(
    byte *data,
    int nStartOffset,
    int nSizeToDecrypt,
    char *randomKey)
  {
    int randomKey_Length = strlen(randomKey);
    int oKey [16] = { 0x55, 0x52, 0x33, 0x48, 0x63, 0x6A, 0x37, 0x6E, 0x64, 0x68, 0x38, 0x59, 0x6E, 0x6F, 0x74, 0x39 };
    int num1 = 0;
    for (int index1 = nStartOffset; index1 < nStartOffset + nSizeToDecrypt; ++index1)
    {
      int index2 = num1 % 16; //oKey_Length;
      int index3 = num1 % randomKey_Length;
      byte num2 = (byte) ((uint) (byte) ((uint) data[index1] - (uint) (byte) randomKey[index3]) ^ (uint) (byte) oKey [index2]);
      data[index1] = num2;
      ++num1;
    }
  }
"

get SIZE asize
log MEMORY_FILE 0 SIZE

set KEY binary "\xE1\xC9\x16\x93\x99\x04\x7D\x4F\xD5\x43\x28\x57\xE1\xF4\xDB"

calldll MEMORY_FILE10 "Decrypt" "tcc" RET MEMORY_FILE 16 64 KEY

log "dump.dat" 0 SIZE MEMORY_FILE

You can edit it very easily for adapting it to your needs.

Since randomKey was declared as "char" and your example had a NUL byte at the end I simply used strlen() to get its size, but I suppose all the keys are 16 bytes and I suggest you to replace randomKey_Length with 16 if you get any invalid data in the output.


Top
   
 Post subject: Re: call dll
PostPosted: Mon Dec 14, 2020 2:08 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 11886
An alternative can be the following:
Code:
math OFFSET = 16
math SIZE = 64
filerot "-0xE1 -0xC9 -0x16 -0x93 -0x99 -0x04 -0x7D -0x4F -0xD5 -0x43 -0x28 -0x57 -0xE1 -0xF4 -0xDB -0x00" OFFSET
encryption xor "\x55\x52\x33\x48\x63\x6A\x37\x6E\x64\x68\x38\x59\x6E\x6F\x74\x39"
log "dump.dat" OFFSET SIZE


Top
   
 Post subject: Re: call dll
PostPosted: Mon Dec 14, 2020 10:34 pm 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 333
The call dll worked perfect.
how would yo use the 2nd option with getting the key from the file?


Top
   
 Post subject: Re: call dll
PostPosted: Fri Dec 18, 2020 12:26 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 11886
Idea 1:
Code:
getdstring KEY 16
set STR string ""
for x = 0 < 16
    getvarchr TMP KEY x
    string STR + " -"
    string STR + TMP
next x
filerot STR


Idea 2:
Code:
getdstring KEY 16
for x = 0 < 16
    getvarchr TMP KEY x
    math TMP n TMP
    putvarchr KEY x TMP
next x
filerot KEY

Not sure what of the two solutions work better, feel free to test them.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 5 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited