因为不会ida分析,xxtea没有hook到密钥,所以我尝试猜测加密方式,运气比较好,这个让我猜出来了,sign是sign_123 ,然后4个字节异或密钥key_,之后都异或456key_就可以成功解密了。代码如下,记得换下路径
import os
def xor_decrypt(path, key):
for root, dirs, files in os.walk(path):
for file in files:
if file.endswith("png"):
file_path = os.path.join(root,file)
with open(file_path, 'rb') as file:
encrypted_data = file.read()
if encrypted_data[0:8] == b'sign_123':
encrypted_data = encrypted_data[12:]
decrypted_data = bytearray()
key_len = len(key)
for i, byte in enumerate(encrypted_data):
decrypted_data.append(byte ^ key[i % key_len])
with open(file_path, 'wb') as file:
file.write(b'\x89\x50\x4E\x47')
file.write(decrypted_data)
print("正在解密文件",file.name)
else :
file_path = os.path.join(root,file)
with open(file_path, 'rb') as file:
encrypted_data = file.read()
if encrypted_data[0:8] == b'sign_123':
encrypted_data = encrypted_data[8:]
offset_data = encrypted_data[0:4]
encrypted_data = encrypted_data[4:]
offset_key = b'key_'
offset_data = bytes([offset_data[i] ^ offset_key[i % 4] for i in range(4)])
decrypted_data = bytearray()
key_len = len(key)
for i, byte in enumerate(encrypted_data):
decrypted_data.append(byte ^ key[i % key_len])
with open(file_path, 'wb') as file:
file.write(offset_data)
file.write(decrypted_data)
print("正在解密文件",file.name)
if __name__ == '__main__':
path = r"C:\Users\zjbook\Desktop\天命女神"
key = b'456key_'
xor_decrypt(path,key)
之后获得的内容为uuid的形式 需要再次恢复文件名称 看论坛里面的这个文章 里面有还原思路有什么方法能从cocos creator构建的游戏里还原出live2d或spine动画资源?