ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Fri Oct 30, 2020 3:38 am

All times are UTC




Post new topic  Reply to topic  [ 18 posts ] 
Author Message
PostPosted: Tue Oct 13, 2020 3:16 pm 

Joined: Wed Oct 10, 2018 5:54 am
Posts: 17
Hello, everyone. When I was trying to extract a game made , the Config file extracted was wrong.
I am learning game hacking and will not use resources for business.



--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Statement:

Since the problem has been solved, and the game I used to learn reverse is a commercial game, in order to avoid some legal problems, I decided to delete the relevant game link and relevant documents, which does not involve the reply of others. I am sorry that I only learn reverse as a hobby, and I do not want to use this learning result for any business activities.

Thanks again for your help, thank you!


Last edited by x-tiger on Thu Oct 22, 2020 2:52 pm, edited 11 times in total.

Top
   
PostPosted: Sun Oct 18, 2020 1:13 am 

Joined: Wed Oct 10, 2018 5:54 am
Posts: 17
Can someone help me?Thank you so much!


Top
   
PostPosted: Sun Oct 18, 2020 4:46 pm 
User avatar

Joined: Fri Apr 20, 2018 12:41 am
Posts: 699
Looks like a binary format with base64 data too.

_________________
Hacking Angry Birds since 2016


Top
   
PostPosted: Mon Oct 19, 2020 12:56 am 

Joined: Wed Oct 10, 2018 5:54 am
Posts: 17
LolHacksRule wrote:
Looks like a binary format with base64 data too.

I tried to decode it in Base64, but found it messy. :o


Top
   
PostPosted: Tue Oct 20, 2020 2:46 am 

Joined: Wed Oct 10, 2018 5:54 am
Posts: 17
The problem has been solved


Last edited by x-tiger on Thu Oct 22, 2020 2:33 pm, edited 1 time in total.

Top
   
PostPosted: Tue Oct 20, 2020 10:09 am 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 311
StringObfuscatorPassword
Code:
\xC3\x9D\xC3\xBA\x62\x55\x75\x10\xC2\x8B\xC2\xB8\x43\xC3\x81\xC3\x82\xC2\xA7\x2A\x34\x13\x50\xC3\x9A\xC2\xA9\x2D\xC3\xA1\xC2\xA9\xC2\xBE\x40\x54\x36\x44\xC2\x89\x6C\x0F\xC2\xB1\xC2\x91\xC3\x92\x57\xC3\xA2\x75\x7A\xC3\x85\x6D\x34\x47\xC3\x90\xC3\xB3\x19\xC3\x98\x24\x3D\xC3\x8D\x20\x67\x2C\xC2\xA5\x51\xC2\x83\x09\xC3\xAB\xC2\xAE\x69\x4B\x45\xC3\x9F\x20\x72\xC2\xA1\x19\xC2\x9F\xC3\x97\x36\x16\x30\xC3\x8D\x74\x20\xC2\x90\x34\xC3\xB6\xC3\x83\xC2\x93\x7E\x5E\xC2\xAB\x1C\x79\x03\x3A\xC2\x90\xC2\x96\xC3\x88\x64\x10\xC2\x8F\x31\x1A\x3C\x51\xC2\x8F\xC2\x99\xC3\x9B\xC3\x9D\xC3\xBA\x62\x55\x75\x10\xC2\x8B\xC2\xB8\x43\xC3\x81\xC3\x82\xC2\xA7\x2A\x34\x13\x50\xC3\x9A\xC2\xA9\x2D\xC3\xA1\xC2\xA9\xC2\xBE\x40\x54\x36\x44\xC2\x89\x6C\x0F\xC2\xB1\xC2\x91\xC3\x92\x57\xC3\xA2\x75\x7A\xC3\x85\x6D\x34\x47\xC3\x90\xC3\xB3\x19\xC3\x98\x24\x3D\xC3\x8D\x20\x67\x2C\xC2\xA5\x51\xC2\x83\x09\xC3\xAB\xC2\xAE\x69\x4B\x45\xC3\x9F\x20\x72\xC2\xA1\x19\xC2\x9F\xC3\x97\x36\x16\x30\xC3\x8D\x74\x20\xC2\x90\x34\xC3\xB6\xC3\x83\xC2\x93\x7E\x5E\xC2\xAB\x1C\x79\x03\x3A\xC2\x90\xC2\x96\xC3\x88\x64


This is the xor decode function.

Code:
System_String_o *__cdecl I2_Loc_StringObfucator__XoREncode(System_String_o *NormalString, const MethodInfo *method)
{
  int v2; // r2
  int v3; // r3
  System_String_o *v4; // r4
  I2_Loc_StringObfucator_c *v5; // r0
  struct System_Char_array *v6; // r10
  System_Char_array *v7; // r4
  il2cpp_array_size_t v8; // r0
  uint16_t *v9; // r5
  signed int v10; // r6
  int v11; // r0
  int v12; // r1
  int v13; // r0
  char v14; // r9
  int v15; // r0
  unsigned __int8 v16; // r0
  signed int v18; // [sp+4h] [bp-24h]
  signed int v19; // [sp+8h] [bp-20h]

  v4 = NormalString;
  if ( !byte_17C6649 )
  {
    sub_30504C(18958);
    byte_17C6649 = 1;
  }
  v5 = I2_Loc_StringObfucator_TypeInfo;
  if ( I2_Loc_StringObfucator_TypeInfo->_2.bitflags2 & 2 && !I2_Loc_StringObfucator_TypeInfo->_2.cctor_started )
  {
    il2cpp_runtime_class_init_0(I2_Loc_StringObfucator_TypeInfo, 0, v2, v3);
    v5 = I2_Loc_StringObfucator_TypeInfo;
  }
  v6 = v5->static_fields->StringObfuscatorPassword;
  if ( !v4 )
    sub_332720();
  v7 = System_String__ToCharArray(v4, 0);
  if ( !v6 )
    sub_332720();
  v18 = v6->max_length;
  if ( !v7 )
    sub_332720();
  v19 = v7->max_length;
  if ( v19 >= 1 )
  {
    v8 = v7->max_length;
    v9 = v7->m_Items;
    v10 = 0;
    while ( 1 )
    {
      if ( v8 <= v10 )
      {
        v11 = sub_3337C4();
        sub_332674(v11);
      }
      v12 = v10 % v18;
      if ( v6->max_length <= v10 % v18 )
      {
        v13 = sub_3337C4();
        sub_332674(v13);
      }
      v14 = -51;
      if ( !(v10 & 1) )
        v14 = 23;
      if ( v7->max_length <= v10 )
      {
        v15 = sub_3337C4();
        sub_332674(v15);
      }
      v16 = v14 * v10++;
      *v9 = v16 ^ (unsigned __int16)(v6->m_Items[v12] ^ *v9);
      if ( v10 >= v19 )
        break;
      v8 = v7->max_length;
      ++v9;
    }
  }
  return System_String__CreateString_8594264(0, v7, 0);


Called by string decoder.

Code:
System_String_o *__cdecl I2_Loc_StringObfucator__Decode(System_String_o *ObfucatedString, const MethodInfo *method)
{
  int v2; // r2
  int v3; // r3
  System_String_o *v4; // r4
  uint32_t v5; // r1
  System_String_o *v6; // r0
  const MethodInfo *v7; // r1

  v4 = ObfucatedString;
  if ( !byte_17C6646 )
  {
    sub_30504C(18954);
    byte_17C6646 = 1;
  }
  v5 = I2_Loc_StringObfucator_TypeInfo->_2.bitflags2;
  if ( v5 & 2 )
  {
    v5 = I2_Loc_StringObfucator_TypeInfo->_2.cctor_started;
    if ( !v5 )
      il2cpp_runtime_class_init_0(I2_Loc_StringObfucator_TypeInfo, 0, v2, v3);
  }
  v6 = I2_Loc_StringObfucator__FromBase64(v4, (const MethodInfo *)v5);
  return I2_Loc_StringObfucator__XoREncode(v6, v7);
}


Top
   
PostPosted: Tue Oct 20, 2020 3:55 pm 

Joined: Wed Oct 10, 2018 5:54 am
Posts: 17
My God, thank you so much.I cannot express my words, in my heart, you are God!
Thank you for having a teacher like you on the way of learning reverse. Thank you very much!


Top
   
PostPosted: Tue Oct 20, 2020 4:00 pm 

Joined: Wed Oct 10, 2018 5:54 am
Posts: 17
I'm sorry.
I have a new problem.
How is StringObfuscatorPassword obtained?


Top
   
PostPosted: Tue Oct 20, 2020 4:56 pm 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 311
its a string literal defined in the initialization of the string function.


Top
   
PostPosted: Tue Oct 20, 2020 9:12 pm 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 188
Some tools that help with this kind of thing:
- https://github.com/djkaty/Il2CppInspector
- https://github.com/Perfare/Il2CppDumper

Both can generate IDA python scripts to remap the il2cpp file back to actual named information from the global-metadata.dat file included with things that have used il2cpp.

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Wed Oct 21, 2020 7:49 am 

Joined: Wed Oct 10, 2018 5:54 am
Posts: 17
chrrox wrote:
its a string literal defined in the initialization of the string function.

First of all, thank you very much for your reply.
I'm sorry, I don't get the meaning of this sentence.
I've only been with game hackers for three weeks, and I'm not familiar with reverse engineering yet.

---------------------------------------------------------------------------------------
What is the process by which the cipher text of this initialization string function definition is obtained, or where can the string function be found?
1/ Use IDA static analysis to view SO file for password?
2/ Use other tools to view the encrypted config file to get the password?
3/ Using IDA to dynamically debug APK fetch?
4 / other?


In addition, I would like to ask whether I should use one of the following processes if I need to change the encrypted confused config file into a normal text file:
1/ First decode Config file with BASE64 decoder.Then decrypt the BASE64 decoded file using the password and related functions listed above?
Can the XOR decryption function be decrypted using the generic XOR decryption tool?
2/ Decrypt XOR using the above password and related functions. Then BASE64 decode?-- Process reversal

I'm sorry, But I have a lot of questions.
But, thank you very much for your help, thank you! :?


Top
   
PostPosted: Wed Oct 21, 2020 7:50 am 

Joined: Wed Oct 10, 2018 5:54 am
Posts: 17
atom0s wrote:
Some tools that help with this kind of thing:
- https://github.com/djkaty/Il2CppInspector
- https://github.com/Perfare/Il2CppDumper

Both can generate IDA python scripts to remap the il2cpp file back to actual named information from the global-metadata.dat file included with things that have used il2cpp.

Thank you for your reply! :D


Top
   
PostPosted: Wed Oct 21, 2020 7:04 pm 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 188
In this game's case, it's broken into two separate apk's within the main xapk.
- bettles.puzzle.solitaire.apk
- config.armeabi_v7a.apk

The config.armeabi_v7a.apk contains the actual libraries/game code files while the other contains the game assets, Unity runtime, and general app-related information.

The two main important files for this kind of thing are:
- bettles.puzzle.solitaire.apk > assets\bin\Data\Managed\Metadata\global-metadata.dat
- config.armeabi_v7a.apk > lib\armeabi-v7a\libil2cpp.so

This game makes use of il2cpp, which compiles the C# code down into native code. That is what the il2cpp file is. The global-metadata.dat file is the symbol map file for the il2cpp file, which contains all the symbol information (class/object/function names, static initialization data values, etc.) Tools like the ones I linked above can take the global-metadata.dat file and recreate a script for various tools to remap its content to the actual il2cpp file. (For tools like IDA/Ghidra and such where static analysis is performed.)

Once you remap the data and apply it to the il2cpp file, you can see the naming and object data for everything. Along with the object holding the xor key. You can follow/trace back in a tool like IDA or Ghidra to where that object is initialized, in this case its in a static constructor, and get its original value.

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Thu Oct 22, 2020 3:12 am 

Joined: Wed Oct 10, 2018 5:54 am
Posts: 17
atom0s wrote:
In this game's case, it's broken into two separate apk's within the main xapk.
- bettles.puzzle.solitaire.apk
- config.armeabi_v7a.apk

The config.armeabi_v7a.apk contains the actual libraries/game code files while the other contains the game assets, Unity runtime, and general app-related information.

The two main important files for this kind of thing are:
- bettles.puzzle.solitaire.apk > assets\bin\Data\Managed\Metadata\global-metadata.dat
- config.armeabi_v7a.apk > lib\armeabi-v7a\libil2cpp.so

This game makes use of il2cpp, which compiles the C# code down into native code. That is what the il2cpp file is. The global-metadata.dat file is the symbol map file for the il2cpp file, which contains all the symbol information (class/object/function names, static initialization data values, etc.) Tools like the ones I linked above can take the global-metadata.dat file and recreate a script for various tools to remap its content to the actual il2cpp file. (For tools like IDA/Ghidra and such where static analysis is performed.)

Once you remap the data and apply it to the il2cpp file, you can see the naming and object data for everything. Along with the object holding the xor key. You can follow/trace back in a tool like IDA or Ghidra to where that object is initialized, in this case its in a static constructor, and get its original value.


Thank you for your reply. These are the tools I used in the screenshots above.
What I don't understand is, where does the StringObfuscatorPassword data that Chrrox gives us come from
And this is what he said:
its a string literal defined in the initialization of the string function.
1. This function is where I'm going to find, from which tool to obtain this function and StringObfuscatorPassword.
2. How should I use the pseudo-code copied from IDA he gave?
I do not know pseudo code, and my programming ability and game hacking skills are poor, I just began to learn, I do not know the process.
Of course, anyway, thank you very much for your reply, you are a good person.


Top
   
PostPosted: Thu Oct 22, 2020 8:51 am 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 188
Quote:
What I don't understand is, where does the StringObfuscatorPassword data that Chrrox gives us come from


Quote:
I do not know pseudo code, and my programming ability and game hacking skills are poor, I just began to learn, I do not know the process.


This is where understanding some basic level of coding will help, as well as understanding how C# (and .NET in general) works.

The pseudo-code generated by HexRays (the IDA plugin which chrrox's post used) is C/C++ syntax. C# is similar to it so once you have a basic understanding of C# or C/C++, you should be able to understand the basic jist of things. (I'd recommend understanding C/C++ more to fully understand what IDA / Ghidra generates for pseudo-code like this though as things like pointers, structures, etc. will be a bit hard to understand in these contexts if all you know is C#.)

As a quick rundown though, il2cpp converts the Assembly-CSharp.dll to native code.
It's essentially the same thing, just built into native code and wrapped around Mono calls to recreate the same things.

In C#, a class object has the ability to have to 'constructors' which initialize data of the object itself when an instance of it is created or a static instance is referenced. Static variables are initialized in a separate constructor called a 'static constructor'. This is signified via a '.cctor' function in the class when decompiled/disassembled. (Whereas a normal constructor is just a '.ctor' or will just be the same name as the class object itself.)

If you use il2cppDumper, it will gen both the IDA/Ghidra script needed and a dummy Assembly-CSharp.dll you can look at to see some useful information on how the object is setup. In this case, the object is:
Assembly-CSharp.dll -> I2.Loc -> StringObfucastor

Here you will see the layout of the class:
Image

So we know it has a static constructor due to .cctor and we can see the methods and members of the class. If you click on 'StringObfuscatorPassword', you'll see its a static char array (char[]).
Code:
// I2.Loc.StringObfucator
// Token: 0x04000D8E RID: 3470
[Token(Token = "0x4000B95")]
[FieldOffset(Offset = "0x0")]
public static char[] StringObfuscatorPassword;


Next, if you load up the il2cpp.so in IDA, then apply the il2cppDumper script data to it, you can go to the function "StringObfucastor" and see the usage. You can also see the static constructor in IDA, which is:
Code:
int I2_Loc_StringObfucator___cctor()
{
  int v0; // r0
  int result; // r0

  if ( !byte_17C664A )
  {
    sub_30504C(18959);
    byte_17C664A = 1;
  }
  v0 = StringLiteral_8584;
  if ( !StringLiteral_8584 )
  {
    sub_332720(0);
    v0 = StringLiteral_8584;
  }
  result = System_String__ToCharArray(v0, 0);
  **(_DWORD **)(I2_Loc_StringObfucator_TypeInfo + 92) = result;
  return result;
}


Here the base password is being prepared by being initialized into a character array.

Code:
StringLiteral_8584


Would be the variable that holds the base character array. Following that in IDA will show you a comment that holds the real value of the data, that you can then match up and copy from the 'stringliteral.json' file that il2cppDumper creates. Which looks like this:
Image

Code:
  {
    "value": "ÝúbUu\u0010‹¸CÁ§*4\u0013PÚ©-᩾@T6D‰l\u000f±‘ÒWâuzÅm4GÐó\u0019Ø$=Í g,¥Qƒ\të®iKEß r¡\u0019Ÿ×6\u00160Ít 4öÓ~^«\u001cy\u0003:–Èd\u00101\u001a<Q™ÛÝúbUu\u0010‹¸CÁ§*4\u0013PÚ©-᩾@T6D‰l\u000f±‘ÒWâuzÅm4GÐó\u0019Ø$=Í g,¥Qƒ\të®iKEß r¡\u0019Ÿ×6\u00160Ít 4öÓ~^«\u001cy\u0003:–Èd",
    "address": "0x17C548C"
  },


(You can lookup and confirm the data/value by its address seen in IDA and the address field here in the json file.)

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Thu Oct 22, 2020 1:28 pm 

Joined: Wed Oct 10, 2018 5:54 am
Posts: 17
atom0s wrote:
Quote:
What I don't understand is, where does the StringObfuscatorPassword data that Chrrox gives us come from


Quote:
I do not know pseudo code, and my programming ability and game hacking skills are poor, I just began to learn, I do not know the process.


This is where understanding some basic level of coding will help, as well as understanding how C# (and .NET in general) works.

The pseudo-code generated by HexRays (the IDA plugin which chrrox's post used) is C/C++ syntax. C# is similar to it so once you have a basic understanding of C# or C/C++, you should be able to understand the basic jist of things. (I'd recommend understanding C/C++ more to fully understand what IDA / Ghidra generates for pseudo-code like this though as things like pointers, structures, etc. will be a bit hard to understand in these contexts if all you know is C#.)

As a quick rundown though, il2cpp converts the Assembly-CSharp.dll to native code.
It's essentially the same thing, just built into native code and wrapped around Mono calls to recreate the same things.

In C#, a class object has the ability to have to 'constructors' which initialize data of the object itself when an instance of it is created or a static instance is referenced. Static variables are initialized in a separate constructor called a 'static constructor'. This is signified via a '.cctor' function in the class when decompiled/disassembled. (Whereas a normal constructor is just a '.ctor' or will just be the same name as the class object itself.)

If you use il2cppDumper, it will gen both the IDA/Ghidra script needed and a dummy Assembly-CSharp.dll you can look at to see some useful information on how the object is setup. In this case, the object is:
Assembly-CSharp.dll -> I2.Loc -> StringObfucastor

Here you will see the layout of the class:
Image

So we know it has a static constructor due to .cctor and we can see the methods and members of the class. If you click on 'StringObfuscatorPassword', you'll see its a static char array (char[]).
Code:
// I2.Loc.StringObfucator
// Token: 0x04000D8E RID: 3470
[Token(Token = "0x4000B95")]
[FieldOffset(Offset = "0x0")]
public static char[] StringObfuscatorPassword;


Next, if you load up the il2cpp.so in IDA, then apply the il2cppDumper script data to it, you can go to the function "StringObfucastor" and see the usage. You can also see the static constructor in IDA, which is:
Code:
int I2_Loc_StringObfucator___cctor()
{
  int v0; // r0
  int result; // r0

  if ( !byte_17C664A )
  {
    sub_30504C(18959);
    byte_17C664A = 1;
  }
  v0 = StringLiteral_8584;
  if ( !StringLiteral_8584 )
  {
    sub_332720(0);
    v0 = StringLiteral_8584;
  }
  result = System_String__ToCharArray(v0, 0);
  **(_DWORD **)(I2_Loc_StringObfucator_TypeInfo + 92) = result;
  return result;
}


Here the base password is being prepared by being initialized into a character array.

Code:
StringLiteral_8584


Would be the variable that holds the base character array. Following that in IDA will show you a comment that holds the real value of the data, that you can then match up and copy from the 'stringliteral.json' file that il2cppDumper creates. Which looks like this:
Image

Code:
  {
    "value": "ÝúbUu\u0010‹¸CÁ§*4\u0013PÚ©-᩾@T6D‰l\u000f±‘ÒWâuzÅm4GÐó\u0019Ø$=Í g,¥Qƒ\të®iKEß r¡\u0019Ÿ×6\u00160Ít 4öÓ~^«\u001cy\u0003:–Èd\u00101\u001a<Q™ÛÝúbUu\u0010‹¸CÁ§*4\u0013PÚ©-᩾@T6D‰l\u000f±‘ÒWâuzÅm4GÐó\u0019Ø$=Í g,¥Qƒ\të®iKEß r¡\u0019Ÿ×6\u00160Ít 4öÓ~^«\u001cy\u0003:–Èd",
    "address": "0x17C548C"
  },


(You can lookup and confirm the data/value by its address seen in IDA and the address field here in the json file.)

Wow, thanks for the tutorial, it cleared up a bit of my confusion.
Thank you very much. I've learned a lot from it.
However, I still have some doubts that the value of 0x17C548C above is still confused, these real values that look confused, how can I use it or make it normal to read.
Finally, how do I use these passwords to make the encrypted Config file I exported from AssetStudio normally readable?


Top
   
PostPosted: Thu Oct 22, 2020 7:31 pm 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 188
chrrox's post with the key is just encoded differently, but is the same data. If you take his key and convert it back to Unicode in C#, like this:
Code:
            var stringXorPassword = new byte[] {
                0xC3, 0x9D, 0xC3, 0xBA, 0x62, 0x55, 0x75, 0x10, 0xC2, 0x8B, 0xC2, 0xB8, 0x43, 0xC3, 0x81, 0xC3, 0x82, 0xC2,
                0xA7, 0x2A, 0x34, 0x13, 0x50, 0xC3, 0x9A, 0xC2, 0xA9, 0x2D, 0xC3, 0xA1, 0xC2, 0xA9, 0xC2, 0xBE, 0x40, 0x54,
                0x36, 0x44, 0xC2, 0x89, 0x6C, 0x0F, 0xC2, 0xB1, 0xC2, 0x91, 0xC3, 0x92, 0x57, 0xC3, 0xA2, 0x75, 0x7A, 0xC3,
                0x85, 0x6D, 0x34, 0x47, 0xC3, 0x90, 0xC3, 0xB3, 0x19, 0xC3, 0x98, 0x24, 0x3D, 0xC3, 0x8D, 0x20, 0x67, 0x2C,
                0xC2, 0xA5, 0x51, 0xC2, 0x83, 0x09, 0xC3, 0xAB, 0xC2, 0xAE, 0x69, 0x4B, 0x45, 0xC3, 0x9F, 0x20, 0x72, 0xC2,
                0xA1, 0x19, 0xC2, 0x9F, 0xC3, 0x97, 0x36, 0x16, 0x30, 0xC3, 0x8D, 0x74, 0x20, 0xC2, 0x90, 0x34, 0xC3, 0xB6,
                0xC3, 0x83, 0xC2, 0x93, 0x7E, 0x5E, 0xC2, 0xAB, 0x1C, 0x79, 0x03, 0x3A, 0xC2, 0x90, 0xC2, 0x96, 0xC3, 0x88,
                0x64, 0x10, 0xC2, 0x8F, 0x31, 0x1A, 0x3C, 0x51, 0xC2, 0x8F, 0xC2, 0x99, 0xC3, 0x9B, 0xC3, 0x9D, 0xC3, 0xBA,
                0x62, 0x55, 0x75, 0x10, 0xC2, 0x8B, 0xC2, 0xB8, 0x43, 0xC3, 0x81, 0xC3, 0x82, 0xC2, 0xA7, 0x2A, 0x34, 0x13,
                0x50, 0xC3, 0x9A, 0xC2, 0xA9, 0x2D, 0xC3, 0xA1, 0xC2, 0xA9, 0xC2, 0xBE, 0x40, 0x54, 0x36, 0x44, 0xC2, 0x89,
                0x6C, 0x0F, 0xC2, 0xB1, 0xC2, 0x91, 0xC3, 0x92, 0x57, 0xC3, 0xA2, 0x75, 0x7A, 0xC3, 0x85, 0x6D, 0x34, 0x47,
                0xC3, 0x90, 0xC3, 0xB3, 0x19, 0xC3, 0x98, 0x24, 0x3D, 0xC3, 0x8D, 0x20, 0x67, 0x2C, 0xC2, 0xA5, 0x51, 0xC2,
                0x83, 0x09, 0xC3, 0xAB, 0xC2, 0xAE, 0x69, 0x4B, 0x45, 0xC3, 0x9F, 0x20, 0x72, 0xC2, 0xA1, 0x19, 0xC2, 0x9F,
                0xC3, 0x97, 0x36, 0x16, 0x30, 0xC3, 0x8D, 0x74, 0x20, 0xC2, 0x90, 0x34, 0xC3, 0xB6, 0xC3, 0x83, 0xC2, 0x93,
                0x7E, 0x5E, 0xC2, 0xAB, 0x1C, 0x79, 0x03, 0x3A, 0xC2, 0x90, 0xC2, 0x96, 0xC3, 0x88, 0x64
            };

            var unicode = new String(System.Text.Encoding.UTF8.GetChars(stringXorPassword));


Image

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Fri Oct 23, 2020 3:41 am 

Joined: Wed Oct 10, 2018 5:54 am
Posts: 17
atom0s wrote:
chrrox's post with the key is just encoded differently, but is the same data. If you take his key and convert it back to Unicode in C#, like this:
Code:
            var stringXorPassword = new byte[] {
                0xC3, 0x9D, 0xC3, 0xBA, 0x62, 0x55, 0x75, 0x10, 0xC2, 0x8B, 0xC2, 0xB8, 0x43, 0xC3, 0x81, 0xC3, 0x82, 0xC2,
                0xA7, 0x2A, 0x34, 0x13, 0x50, 0xC3, 0x9A, 0xC2, 0xA9, 0x2D, 0xC3, 0xA1, 0xC2, 0xA9, 0xC2, 0xBE, 0x40, 0x54,
                0x36, 0x44, 0xC2, 0x89, 0x6C, 0x0F, 0xC2, 0xB1, 0xC2, 0x91, 0xC3, 0x92, 0x57, 0xC3, 0xA2, 0x75, 0x7A, 0xC3,
                0x85, 0x6D, 0x34, 0x47, 0xC3, 0x90, 0xC3, 0xB3, 0x19, 0xC3, 0x98, 0x24, 0x3D, 0xC3, 0x8D, 0x20, 0x67, 0x2C,
                0xC2, 0xA5, 0x51, 0xC2, 0x83, 0x09, 0xC3, 0xAB, 0xC2, 0xAE, 0x69, 0x4B, 0x45, 0xC3, 0x9F, 0x20, 0x72, 0xC2,
                0xA1, 0x19, 0xC2, 0x9F, 0xC3, 0x97, 0x36, 0x16, 0x30, 0xC3, 0x8D, 0x74, 0x20, 0xC2, 0x90, 0x34, 0xC3, 0xB6,
                0xC3, 0x83, 0xC2, 0x93, 0x7E, 0x5E, 0xC2, 0xAB, 0x1C, 0x79, 0x03, 0x3A, 0xC2, 0x90, 0xC2, 0x96, 0xC3, 0x88,
                0x64, 0x10, 0xC2, 0x8F, 0x31, 0x1A, 0x3C, 0x51, 0xC2, 0x8F, 0xC2, 0x99, 0xC3, 0x9B, 0xC3, 0x9D, 0xC3, 0xBA,
                0x62, 0x55, 0x75, 0x10, 0xC2, 0x8B, 0xC2, 0xB8, 0x43, 0xC3, 0x81, 0xC3, 0x82, 0xC2, 0xA7, 0x2A, 0x34, 0x13,
                0x50, 0xC3, 0x9A, 0xC2, 0xA9, 0x2D, 0xC3, 0xA1, 0xC2, 0xA9, 0xC2, 0xBE, 0x40, 0x54, 0x36, 0x44, 0xC2, 0x89,
                0x6C, 0x0F, 0xC2, 0xB1, 0xC2, 0x91, 0xC3, 0x92, 0x57, 0xC3, 0xA2, 0x75, 0x7A, 0xC3, 0x85, 0x6D, 0x34, 0x47,
                0xC3, 0x90, 0xC3, 0xB3, 0x19, 0xC3, 0x98, 0x24, 0x3D, 0xC3, 0x8D, 0x20, 0x67, 0x2C, 0xC2, 0xA5, 0x51, 0xC2,
                0x83, 0x09, 0xC3, 0xAB, 0xC2, 0xAE, 0x69, 0x4B, 0x45, 0xC3, 0x9F, 0x20, 0x72, 0xC2, 0xA1, 0x19, 0xC2, 0x9F,
                0xC3, 0x97, 0x36, 0x16, 0x30, 0xC3, 0x8D, 0x74, 0x20, 0xC2, 0x90, 0x34, 0xC3, 0xB6, 0xC3, 0x83, 0xC2, 0x93,
                0x7E, 0x5E, 0xC2, 0xAB, 0x1C, 0x79, 0x03, 0x3A, 0xC2, 0x90, 0xC2, 0x96, 0xC3, 0x88, 0x64
            };

            var unicode = new String(System.Text.Encoding.UTF8.GetChars(stringXorPassword));


Image

Great! Thank you very much for your reply!


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 18 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited