ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Sat Oct 19, 2019 10:21 pm

All times are UTC




Post new topic  Reply to topic  [ 1 post ] 
Author Message
PostPosted: Thu Jul 04, 2019 6:22 pm 

Joined: Tue Jul 02, 2019 6:55 pm
Posts: 1
Hello. I'm truing decrypt LUA scrpits from cocos2dx game (for wiki)
Links to files of game:
libhellolua.so (cocos2dx external library)
example encrypted LUA-scripts (*.abc files)

My attempts:
1 - read code of "libhellolua.so" in IDA PRO.
This library don't have mention "xxtea".
And i found function getEncyptedFileData. This function is not in the original source code of Cocos2d-x.
I think this function is related to decryption (since this function is called nearby with the variable "*.abc").
I can not understand the two lines in this function:
Code:
v5 = (*(int (__fastcall **)(cocos2d::CCFileUtils *, const char *, const char *, unsigned int *))(*(_DWORD *)this + 16))(this, a2, "rb", &v26);

Code:
v19 = (*(int (__cdecl **)(cocos2d::CCFileUtils *, _BYTE *))(*(_DWORD *)v21 + 24))(v21, v6);


Full HexRays Decompiled code:
Code:
int __fastcall cocos2d::CCFileUtils::getEncryptedFileData(cocos2d::CCFileUtils *this, const char *a2, unsigned int *a3)
{
  cocos2d::CCFileUtils *v3; // r5
  const char *v4; // r4
  int v5; // r7
  _BYTE *v6; // r6
  _BYTE *v7; // r10
  signed int v8; // r0
  int v9; // r7
  int v10; // r11
  int v11; // r4
  bool v12; // r0
  int v13; // r5
  unsigned int v14; // r8
  _BYTE *v15; // r9
  int v16; // r7
  unsigned int v17; // r10
  signed int v18; // r3
  int v19; // r4
  int result; // r0
  cocos2d::CCFileUtils *v21; // [sp+8h] [bp-D0h]
  int v22; // [sp+18h] [bp-C0h]
  int v23; // [sp+1Ch] [bp-BCh]
  char v24; // [sp+20h] [bp-B8h]
  int v25; // [sp+24h] [bp-B4h]
  unsigned int v26; // [sp+28h] [bp-B0h]
  char s; // [sp+30h] [bp-A8h]
  int v28; // [sp+B0h] [bp-28h]

  v3 = this;
  v4 = a2;
  v26 = 0;
  v5 = (*(int (__fastcall **)(cocos2d::CCFileUtils *, const char *, const char *, unsigned int *))(*(_DWORD *)this + 16))(
         this,
         a2,
         "rb",
         &v26);
  v6 = operator new[](v26);
  sub_546380(&v25, v4, (int)&v24);
  v7 = (_BYTE *)v5;
  v21 = v3;
  v8 = sub_5443DC(&v25, "/\\", 0xFFFFFFFF, -0xFFFFFFFE);
  if ( v8 == -1 )
  {
    cocos2d::CCLog((cocos2d *)"cocos2d: ERROR: getEncryptedFileData: Invalid filename %s", v4);
    v19 = 0;
  }
  else
  {
    sub_545E58((int)&v23, &v25, v8 + 1, -1u);
    sub_5440E4(&v25, &v23);
    sub_544A34((int *)(v23 - 12));
    v9 = 0;
    v10 = *(_DWORD *)(v25 - 12);
    while ( 1 )
    {
      v11 = dword_5D57A0[v9];
      if ( v26 % dword_5D57A0[v9] )
        break;
      if ( ++v9 > 6 )
      {
        v11 = 0;
        break;
      }
    }
    v12 = 0;
    v13 = v25;
    if ( v11 > 0 )
      v12 = 1;
    cc_assert_script_compatible(v12, "My file can't be that big!");
    if ( v11 <= 0 )
      _android_log_print(
        6,
        "cocos2d-x assert",
        "%s function:%s line:%d",
        "/Users/llt_version_pc/dgameVersion/dgame-global_sdk_test/Client/cocos2d-2.1rc0-x-2.1.2/samples/Lua/HelloLua/proj"
        ".android/../../../../cocos2dx/platform/CCFileUtils.cpp",
        "getEncryptedFileData",
        836);
    v14 = v26;
    v15 = v7;
    if ( v26 )
    {
      v16 = 0;
      v17 = 0;
      do
      {
        v6[(signed int)v17 * (signed __int64)v11 % (unsigned __int64)v14] = *(_BYTE *)(v13 + v16) ^ v15[v17];
        ++v17;
        v16 = (v16 + 1) % v10;
      }
      while ( v17 < v14 );
    }
    if ( v15 )
      operator delete[](v15);
    v18 = sub_5443DC(&v25, ".", 0xFFFFFFFF, 1u);
    if ( v18 != -1 )
    {
      sub_545E58((int)&v22, &v25, 0, v18);
      sub_5440E4(&v25, &v22);
      sub_544A34((int *)(v22 - 12));
    }
    sprintf(&s, "cocos2d: ERROR: Invalid filename %s", v25);
    v19 = (*(int (__cdecl **)(cocos2d::CCFileUtils *, _BYTE *))(*(_DWORD *)v21 + 24))(v21, v6);// Check this function. Function from CCFileUtils.
    operator delete[](v6);
  }
  sub_544A34((int *)(v25 - 12));
  result = _stack_chk_guard - v28;
  if ( _stack_chk_guard == v28 )
    result = v19;
  return result;
}

2 - using quickbms + comtype_scan2.bms.
Result: all output files are unreadable.

I hope you can help me. Thank you in advance.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 1 post ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited