ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Sun Jan 24, 2021 12:46 pm

All times are UTC




Post new topic  Reply to topic  [ 4 posts ] 
Author Message
 Post subject: LuaQ with new library
PostPosted: Sun Dec 27, 2020 4:04 am 

Joined: Sun Dec 27, 2020 3:26 am
Posts: 3
Need help to decompile LuaQ with new library.
Previously using the standard library, dev changed it after an update.
Here the lua file and dll library, spotted with my poor coding knowledge.



Game: 九陰真經 (Age of Wushu - Taiwan Version)


Attachments:
LuaQ.rar [257.54 KiB]
Downloaded 27 times
Top
   
PostPosted: Sun Dec 27, 2020 8:21 pm 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 200
Looks like the scripts are xor'd with the key: 'snailgame'

Usage 1:
Code:
void *__cdecl sub_10005E10(int a1, int a2, size_t Size, int a4)
{
  size_t v4; // esi
  void *v5; // ebp
  _BYTE *v6; // ecx
  int v7; // edi

  v4 = 0;
  if ( dword_10091020 >= Size )
  {
    v5 = Block;
  }
  else
  {
    if ( Block )
      free(Block);
    v5 = malloc(Size);
    Block = v5;
    dword_10091020 = Size;
  }
  if ( Size )
  {
    v6 = v5;
    v7 = a2 - (_DWORD)v5;
    do
    {
      if ( a4 )
        *v6 = v6[v7] ^ byte_10075AD4[v4 % 9];
      else
        *v6 = v6[v7];
      ++v4;
      ++v6;
    }
    while ( v4 < Size );
  }
  return v5;
}


Usage 2:
Code:
char __cdecl sub_10005EA0(int a1, int a2, unsigned int a3, int a4)
{
  unsigned int v4; // ecx
  char result; // al

  v4 = 0;
  if ( a4 && a3 )
  {
    do
    {
      result = byte_10075AD4[v4 % 9];
      *(_BYTE *)(v4 + a2) ^= result;
      ++v4;
    }
    while ( v4 < a3 );
  }
  return result;
}


byte_10075AD4 points to a small byte array holding the word: snailgame

This is how the game is writing and reading the blocks.

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Tue Dec 29, 2020 11:05 am 

Joined: Sun Dec 27, 2020 3:26 am
Posts: 3
Can i apply the code directly using quickbms or need to link any library inside the code?, sorry I no knowledge on how to decompile apart the standard unluac.jar method.


Top
   
PostPosted: Sun Jan 03, 2021 8:18 am 

Joined: Sun Dec 27, 2020 3:26 am
Posts: 3
atom0s wrote:
Looks like the scripts are xor'd with the key: 'snailgame'

Usage 1:
Code:
void *__cdecl sub_10005E10(int a1, int a2, size_t Size, int a4)
{
  size_t v4; // esi
  void *v5; // ebp
  _BYTE *v6; // ecx
  int v7; // edi

  v4 = 0;
  if ( dword_10091020 >= Size )
  {
    v5 = Block;
  }
  else
  {
    if ( Block )
      free(Block);
    v5 = malloc(Size);
    Block = v5;
    dword_10091020 = Size;
  }
  if ( Size )
  {
    v6 = v5;
    v7 = a2 - (_DWORD)v5;
    do
    {
      if ( a4 )
        *v6 = v6[v7] ^ byte_10075AD4[v4 % 9];
      else
        *v6 = v6[v7];
      ++v4;
      ++v6;
    }
    while ( v4 < Size );
  }
  return v5;
}


Usage 2:
Code:
char __cdecl sub_10005EA0(int a1, int a2, unsigned int a3, int a4)
{
  unsigned int v4; // ecx
  char result; // al

  v4 = 0;
  if ( a4 && a3 )
  {
    do
    {
      result = byte_10075AD4[v4 % 9];
      *(_BYTE *)(v4 + a2) ^= result;
      ++v4;
    }
    while ( v4 < a3 );
  }
  return result;
}


byte_10075AD4 points to a small byte array holding the word: snailgame

This is how the game is writing and reading the blocks.


Hi, any solution to decompile with quickbms?


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 4 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited