Version: 1.0.0.1
Generated Key: 1ad894691092f45281f9e7a7ef8019f1
Decoded Company Name: TianJi Information Technology Inc.
1 个赞
arm64-v8a2 这个目录的 能在给抓下吗 感谢
发游戏链接这个函数结构不一样不确定能不能解密
Version: 2.1.0.0
Generated Key: bb0f5f0ae9d8d5fcb996b5d8d1aefec9
Decoded Company Name: TianJiTianJi Information Technology Inc.
Version: 2.1.0.0
Generated Key: f43599a8c6bf152329ac7e4a18d62b2a
Decoded Company Name: TianJi Information Technology Inc.
两个密钥试试先
就算能解密也发一下游戏链接这个函数的结构还有一些细节不大一样短名也被加密了
记得之前有个dmm的游戏拼接的两个字符串和这个一样
1 个赞
libcocos2dlua.zip (5.2 MB)
大佬,这也有一个TJ的但和之前的不太一样,找不到前缀后缀日期,帮看看,谢谢
游戏地址http://pocket.kaka.mba:84/
void __usercall cocostudio::FlatBuffersSerialize::serializeFlatBuffersWithXMLFile(
cocos2d::FileUtils *a1@<X0>,
__int64 a2@<X1>,
__int64 a3@<X2>,
__int64 a4@<X8>)
{
__int64 Instance; // x0
cocos2d::FileUtils *v9; // x0
__int64 v10; // x0
cocos2d::FileUtils *v11; // x0
__int64 v12; // x0
__int64 v13; // x0
tinyxml2::XMLDocument *v14; // x22
const char *v15; // x1
tinyxml2::XMLNode *ChildElement; // x0
__int64 SiblingElement; // x0
char *v18; // x22
tinyxml2::XMLNode *v19; // x23
tinyxml2::StrPair *v20; // x28
const char *Str; // x0
_QWORD *v22; // x21
const char *v23; // x0
char *v24; // x21
size_t v25; // x0
const char *v26; // x0
char *v27; // x0
flatbuffers::FlatBufferBuilder *v28; // x0
flatbuffers::FlatBufferBuilder *v29; // x24
_QWORD *v30; // x25
unsigned int v31; // w24
tinyxml2::XMLNode *i; // x27
int AnimationInfo; // w0
char *v34; // x8
char *v35; // x21
size_t v36; // x0
char v37; // w21
unsigned __int64 v38; // x8
char *v39; // x0
char *v40; // x0
size_t v41; // x24
char *v42; // x26
char *v43; // x27
unsigned __int64 v44; // x21
const char *v45; // x27
size_t v46; // x0
size_t v47; // x26
char *v48; // x28
unsigned __int64 v49; // x21
unsigned __int64 v50; // x9
const void *v51; // x0
char *v52; // x0
_QWORD *v53; // x21
const char *v54; // x0
char *v55; // x0
unsigned __int64 v56; // x8
__int64 v57; // x25
bool v58; // zf
unsigned __int64 v59; // x8
const char *v60; // x1
unsigned __int64 v61; // x2
__int64 v62; // x21
flatbuffers::FlatBufferBuilder *v63; // x26
__int64 v64; // x23
__int64 v65; // x22
unsigned int v66; // w26
__int64 v67; // x21
flatbuffers::FlatBufferBuilder *v68; // x27
__int64 v69; // x23
__int64 v70; // x22
unsigned int v71; // w27
unsigned int *v72; // x21
flatbuffers::FlatBufferBuilder *v73; // x28
unsigned __int64 v74; // x22
unsigned __int64 v75; // x23
unsigned __int64 v76; // x23
unsigned int v77; // w0
unsigned int CSParseBinary; // w0
cocos2d::FileUtils *v79; // x0
__int64 v80; // x9
__int64 v81; // x0
void *v82; // x8
char *v83; // x21
unsigned __int64 v84; // x9
int v85; // w10
size_t v86; // x22
char *v87; // x23
__int64 v88; // x0
bool v89; // w4
__int64 v90; // x9
const char *v91; // x1
int v92; // w12
int v93; // w9
flatbuffers *v94; // x0
char *v95; // x0
size_t v96; // x21
const void *v97; // x22
char *v98; // x23
char v99; // w10
char *v100; // x0
unsigned int NodeAction; // [xsp+10h] [xbp-150h]
unsigned int String; // [xsp+18h] [xbp-148h]
__int64 v103; // [xsp+20h] [xbp-140h]
cocostudio::FlatBuffersSerialize *v104; // [xsp+28h] [xbp-138h]
__int128 v105; // [xsp+30h] [xbp-130h] BYREF
void *v106; // [xsp+40h] [xbp-120h]
void *v107[2]; // [xsp+50h] [xbp-110h] BYREF
void *v108; // [xsp+60h] [xbp-100h]
int v109; // [xsp+68h] [xbp-F8h] BYREF
__int128 v110; // [xsp+70h] [xbp-F0h] BYREF
void *v111; // [xsp+80h] [xbp-E0h]
unsigned __int64 v112; // [xsp+90h] [xbp-D0h] BYREF
size_t v113; // [xsp+98h] [xbp-C8h]
void *v114; // [xsp+A0h] [xbp-C0h]
void *v115; // [xsp+A8h] [xbp-B8h] BYREF
char *v116; // [xsp+B0h] [xbp-B0h]
char *v117; // [xsp+B8h] [xbp-A8h]
__int128 v118; // [xsp+C0h] [xbp-A0h] BYREF
char *v119; // [xsp+D0h] [xbp-90h]
_QWORD v120[2]; // [xsp+D8h] [xbp-88h] BYREF
char *v121; // [xsp+E8h] [xbp-78h]
_QWORD v122[4]; // [xsp+F0h] [xbp-70h] BYREF
v122[3] = *(_QWORD *)(_ReadStatusReg(TPIDR_EL0) + 40);
Instance = cocos2d::FileUtils::getInstance(a1);
v9 = (cocos2d::FileUtils *)(*(_QWORD *(__fastcall **)(_QWORD *__return_ptr, __int64, __int64))(*(_QWORD *)Instance
+ 48LL))(
v122,
Instance,
a2);
v10 = cocos2d::FileUtils::getInstance(v9);
v11 = (cocos2d::FileUtils *)(*(__int64 (__fastcall **)(__int64, _QWORD *))(*(_QWORD *)v10 + 264LL))(v10, v122);
if ( ((unsigned __int8)v11 & 1) == 0 )
{
*(_QWORD *)(a4 + 8) = 0;
*(_QWORD *)(a4 + 16) = 0;
*(_QWORD *)a4 = 0;
v27 = (char *)operator new(0x20u);
*(_QWORD *)(a4 + 16) = v27;
*(_OWORD *)a4 = xmmword_CBD830;
strcpy(v27, ".csd file does not exist.");
if ( (v122[0] & 1) == 0 )
return;
LABEL_24:
operator delete((void *)v122[2]);
return;
}
v12 = cocos2d::FileUtils::getInstance(v11);
cocos2d::FileUtils::getStringFromFile(v120, v12, v122);
v13 = operator new(0x280u, (const std::nothrow_t *)&std::nothrow);
v14 = (tinyxml2::XMLDocument *)v13;
if ( v13 )
tinyxml2::XMLDocument::XMLDocument(v13, 1, 0);
if ( (v120[0] & 1) != 0 )
v15 = v121;
else
v15 = (char *)v120 + 1;
tinyxml2::XMLDocument::Parse(v14, v15, 0xFFFFFFFFFFFFFFFFLL);
ChildElement = (tinyxml2::XMLNode *)tinyxml2::XMLNode::FirstChildElement(v14, 0);
v103 = a3;
v104 = a1;
SiblingElement = tinyxml2::XMLNode::FirstChildElement(ChildElement, 0);
v119 = 0;
v118 = 0u;
if ( !SiblingElement )
goto LABEL_20;
v18 = (char *)a1 + 72;
while ( 1 )
{
v19 = (tinyxml2::XMLNode *)SiblingElement;
v20 = (tinyxml2::StrPair *)(SiblingElement + 24);
Str = (const char *)tinyxml2::StrPair::GetStr((tinyxml2::StrPair *)(SiblingElement + 24));
if ( !strcmp("PropertyGroup", Str) )
{
v22 = (_QWORD *)*((_QWORD *)v19 + 12);
if ( v22 )
{
while ( 1 )
{
v23 = (const char *)tinyxml2::StrPair::GetStr((tinyxml2::StrPair *)(v22 + 1));
if ( !strcmp("Version", v23) )
break;
v22 = (_QWORD *)v22[7];
if ( !v22 )
goto LABEL_15;
}
v24 = (char *)tinyxml2::StrPair::GetStr((tinyxml2::StrPair *)(v22 + 4));
v25 = strlen(v24);
std::string::assign((int)v18, v24, v25);
}
LABEL_15:
std::string::assign((int)v18, "2.1.0.0", 7u);
}
v26 = (const char *)tinyxml2::StrPair::GetStr(v20);
if ( !strcmp("Content", v26) && !*((_QWORD *)v19 + 12) )
break;
SiblingElement = tinyxml2::XMLNode::FirstChildElement(v19, 0);
if ( !SiblingElement )
{
SiblingElement = tinyxml2::XMLNode::NextSiblingElement(v19, 0);
if ( !SiblingElement )
goto LABEL_20;
}
}
std::string::assign((int)&v118, "NodeObjectData", 0xEu);
v28 = (flatbuffers::FlatBufferBuilder *)operator new(0x68u, (const std::nothrow_t *)&std::nothrow);
v29 = v28;
if ( v28 )
flatbuffers::FlatBufferBuilder::FlatBufferBuilder(v28, 0x400u, 0);
*((_QWORD *)v104 + 7) = v29;
v116 = 0;
v117 = 0;
v115 = 0;
v30 = (_QWORD *)tinyxml2::XMLNode::FirstChildElement(v19, 0);
if ( v30 )
{
v31 = 0;
NodeAction = 0;
while ( 1 )
{
v45 = (const char *)tinyxml2::StrPair::GetStr((tinyxml2::StrPair *)(v30 + 3));
v113 = 0;
v114 = 0;
v112 = 0;
v46 = strlen(v45);
v47 = v46;
if ( v46 >= 0xFFFFFFFFFFFFFFF0LL )
std::__basic_string_common<true>::__throw_length_error(&v112);
if ( v46 >= 0x17 )
break;
v48 = (char *)&v112 + 1;
LOBYTE(v112) = 2 * v46;
if ( v46 )
goto LABEL_70;
LABEL_71:
v48[v47] = 0;
v50 = v113;
if ( (v112 & 1) == 0 )
v50 = (unsigned __int64)(unsigned __int8)v112 >> 1;
switch ( v50 )
{
case 0xDuLL:
if ( (v112 & 1) != 0 )
v55 = (char *)v114;
else
v55 = (char *)&v112 + 1;
if ( !memcmp(v55, "AnimationList", 0xDu) )
{
for ( i = (tinyxml2::XMLNode *)tinyxml2::XMLNode::FirstChildElement((tinyxml2::XMLNode *)v30, 0);
i;
i = (tinyxml2::XMLNode *)tinyxml2::XMLNode::NextSiblingElement(i, 0) )
{
AnimationInfo = cocostudio::FlatBuffersSerialize::createAnimationInfo(v104, i);
v34 = v116;
v109 = AnimationInfo;
if ( v116 == v117 )
{
std::vector<flatbuffers::Offset<flatbuffers::AnimationInfo>>::__push_back_slow_path<flatbuffers::Offset<flatbuffers::AnimationInfo> const&>(
&v115,
&v109);
}
else
{
*(_DWORD *)v116 = AnimationInfo;
v116 = v34 + 4;
}
}
}
break;
case 0xAuLL:
if ( (v112 & 1) != 0 )
v52 = (char *)v114;
else
v52 = (char *)&v112 + 1;
if ( !memcmp(v52, "ObjectData", 0xAu) )
{
v53 = (_QWORD *)v30[12];
if ( v53 )
{
while ( 1 )
{
v54 = (const char *)tinyxml2::StrPair::GetStr((tinyxml2::StrPair *)(v53 + 1));
if ( !strcmp("ctype", v54) )
break;
v53 = (_QWORD *)v53[7];
if ( !v53 )
goto LABEL_40;
}
v35 = (char *)tinyxml2::StrPair::GetStr((tinyxml2::StrPair *)(v53 + 4));
v36 = strlen(v35);
std::string::assign((int)&v118, v35, v36);
}
LABEL_40:
v37 = v118;
v38 = *((_QWORD *)&v118 + 1);
if ( (v118 & 1) == 0 )
v38 = (unsigned __int64)(unsigned __int8)v118 >> 1;
if ( v38 == 19 )
{
if ( (v118 & 1) != 0 )
v40 = v119;
else
v40 = (char *)&v118 + 1;
if ( !memcmp(v40, "GameLayerObjectData", 0x13u) )
{
LABEL_53:
std::string::assign((int)&v118, "NodeObjectData", 0xEu);
v37 = v118;
}
}
else if ( v38 == 18 )
{
v39 = (v118 & 1) != 0 ? v119 : (char *)&v118 + 1;
if ( !memcmp(v39, "GameNodeObjectData", 0x12u) )
goto LABEL_53;
}
v111 = 0;
v110 = 0u;
if ( (v37 & 1) == 0 )
{
v111 = v119;
v110 = v118;
goto LABEL_63;
}
v41 = *((_QWORD *)&v118 + 1);
if ( *((_QWORD *)&v118 + 1) >= 0xFFFFFFFFFFFFFFF0LL )
std::__basic_string_common<true>::__throw_length_error(&v110);
v42 = v119;
if ( *((_QWORD *)&v118 + 1) >= 0x17u )
{
v44 = (*((_QWORD *)&v118 + 1) + 16LL) & 0xFFFFFFFFFFFFFFF0LL;
v43 = (char *)operator new(v44);
*((_QWORD *)&v110 + 1) = v41;
v111 = v43;
*(_QWORD *)&v110 = v44 | 1;
}
else
{
v43 = (char *)&v110 + 1;
LOBYTE(v110) = 2 * BYTE8(v118);
if ( !*((_QWORD *)&v118 + 1) )
goto LABEL_62;
}
memcpy(v43, v42, v41);
LABEL_62:
v43[v41] = 0;
LABEL_63:
v31 = cocostudio::FlatBuffersSerialize::createNodeTree(v104, v30, &v110);
if ( (v110 & 1) != 0 )
operator delete(v111);
}
break;
case 9uLL:
v51 = (v112 & 1) != 0 ? v114 : (char *)&v112 + 1;
if ( !memcmp(v51, "Animation", 9u) )
NodeAction = cocostudio::FlatBuffersSerialize::createNodeAction(v104, (const tinyxml2::XMLElement *)v30);
break;
}
v30 = (_QWORD *)tinyxml2::XMLNode::NextSiblingElement((tinyxml2::XMLNode *)v30, 0);
if ( (v112 & 1) != 0 )
operator delete(v114);
if ( !v30 )
goto LABEL_96;
}
v49 = (v46 + 16) & 0xFFFFFFFFFFFFFFF0LL;
v48 = (char *)operator new(v49);
v113 = v47;
v114 = v48;
v112 = v49 | 1;
LABEL_70:
memcpy(v48, v45, v47);
goto LABEL_71;
}
v31 = 0;
NodeAction = 0;
LABEL_96:
v56 = *((unsigned __int8 *)v104 + 72);
v57 = *((_QWORD *)v104 + 7);
v58 = (v56 & 1) == 0;
v59 = v56 >> 1;
if ( v58 )
v60 = v18 + 1;
else
v60 = (const char *)*((_QWORD *)v104 + 11);
if ( v58 )
v61 = v59;
else
v61 = *((_QWORD *)v104 + 10);
String = flatbuffers::FlatBufferBuilder::CreateString(*((flatbuffers::FlatBufferBuilder **)v104 + 7), v60, v61);
v62 = *(_QWORD *)v104;
v63 = (flatbuffers::FlatBufferBuilder *)*((_QWORD *)v104 + 7);
v64 = *((_QWORD *)v104 + 1) - *(_QWORD *)v104;
flatbuffers::FlatBufferBuilder::StartVector(v63, v64 >> 2, 4u);
if ( v64 >> 2 )
{
v65 = (v64 >> 2) - 1;
do
flatbuffers::FlatBufferBuilder::PushElement<flatbuffers::String>(v63, *(unsigned int *)(v62 + 4 * v65--));
while ( v65 != -1 );
}
v66 = flatbuffers::FlatBufferBuilder::PushElement<unsigned int>(v63, (unsigned __int64)v64 >> 2);
v67 = *((_QWORD *)v104 + 3);
v68 = (flatbuffers::FlatBufferBuilder *)*((_QWORD *)v104 + 7);
v69 = *((_QWORD *)v104 + 4) - v67;
flatbuffers::FlatBufferBuilder::StartVector(v68, v69 >> 2, 4u);
if ( v69 >> 2 )
{
v70 = (v69 >> 2) - 1;
do
flatbuffers::FlatBufferBuilder::PushElement<flatbuffers::String>(v68, *(unsigned int *)(v67 + 4 * v70--));
while ( v70 != -1 );
}
v71 = flatbuffers::FlatBufferBuilder::PushElement<unsigned int>(v68, (unsigned __int64)v69 >> 2);
v72 = (unsigned int *)v115;
v73 = (flatbuffers::FlatBufferBuilder *)*((_QWORD *)v104 + 7);
v74 = v116 - (_BYTE *)v115;
v75 = (v116 - (_BYTE *)v115) >> 2;
flatbuffers::FlatBufferBuilder::StartVector(v73, v75, 4u);
if ( v75 )
{
v76 = v75 - 1;
do
flatbuffers::FlatBufferBuilder::PushElement<flatbuffers::AnimationInfo>(v73, v72[v76--]);
while ( v76 != -1 );
}
v77 = flatbuffers::FlatBufferBuilder::PushElement<unsigned int>(v73, v74 >> 2);
CSParseBinary = flatbuffers::CreateCSParseBinary(v57, String, v66, v71, v31, NodeAction, v77);
v79 = (cocos2d::FileUtils *)flatbuffers::FlatBufferBuilder::Finish<flatbuffers::CSParseBinary>(
*((_QWORD *)v104 + 7),
CSParseBinary,
0);
v80 = *((_QWORD *)v104 + 3);
*((_QWORD *)v104 + 1) = *(_QWORD *)v104;
*((_QWORD *)v104 + 4) = v80;
v81 = cocos2d::FileUtils::getInstance(v79);
(*(void (__fastcall **)(void **__return_ptr, __int64, __int64))(*(_QWORD *)v81 + 48LL))(v107, v81, v103);
if ( ((__int64)v107[0] & 1) != 0 )
v82 = v107[1];
else
v82 = (void *)((unsigned __int64)LOBYTE(v107[0]) >> 1);
if ( ((__int64)v107[0] & 1) != 0 )
v83 = (char *)v108;
else
v83 = (char *)v107 + 1;
if ( v82 )
{
v84 = (unsigned __int64)v82;
while ( v84 )
{
v85 = (unsigned __int8)v83[--v84];
if ( v85 == 46 )
goto LABEL_123;
}
}
v84 = -1;
LABEL_123:
if ( (unsigned __int64)v82 >= v84 )
v86 = v84;
else
v86 = (size_t)v82;
v113 = 0;
v114 = 0;
v112 = 0;
if ( v86 >= 0xFFFFFFFFFFFFFFF0LL )
std::__basic_string_common<true>::__throw_length_error(&v112);
if ( v86 >= 0x17 )
{
v87 = (char *)operator new((v86 + 16) & 0xFFFFFFFFFFFFFFF0LL);
v113 = v86;
v114 = v87;
v112 = (v86 + 16) & 0xFFFFFFFFFFFFFFF0LL | 1;
goto LABEL_131;
}
v87 = (char *)&v112 + 1;
LOBYTE(v112) = 2 * v86;
if ( v86 )
LABEL_131:
memcpy(v87, v83, v86);
v87[v86] = 0;
v88 = std::string::append((int)&v112, ".csb", 4u);
v106 = 0;
v105 = 0u;
if ( (*(_BYTE *)v88 & 1) == 0 )
{
v106 = *(void **)(v88 + 16);
v105 = *(_OWORD *)v88;
if ( (v112 & 1) == 0 )
goto LABEL_135;
goto LABEL_134;
}
v96 = *(_QWORD *)(v88 + 8);
if ( v96 >= 0xFFFFFFFFFFFFFFF0LL )
std::__basic_string_common<true>::__throw_length_error(&v105);
v97 = *(const void **)(v88 + 16);
if ( v96 >= 0x17 )
{
v98 = (char *)operator new((v96 + 16) & 0xFFFFFFFFFFFFFFF0LL);
*((_QWORD *)&v105 + 1) = v96;
v106 = v98;
*(_QWORD *)&v105 = (v96 + 16) & 0xFFFFFFFFFFFFFFF0LL | 1;
goto LABEL_152;
}
v98 = (char *)&v105 + 1;
LOBYTE(v105) = 2 * v96;
if ( v96 )
LABEL_152:
memcpy(v98, v97, v96);
v98[v96] = 0;
if ( (v112 & 1) != 0 )
LABEL_134:
operator delete(v114);
LABEL_135:
v90 = *((_QWORD *)v104 + 7);
v91 = *(const char **)(v90 + 24);
v92 = *(_DWORD *)(v90 + 8);
v93 = *(_DWORD *)(v90 + 16);
if ( (v105 & 1) != 0 )
v94 = (flatbuffers *)v106;
else
v94 = (flatbuffers *)((char *)&v105 + 1);
if ( (flatbuffers::SaveFile(v94, v91, (const char *)(unsigned int)(v92 - (_DWORD)v91 + v93), 1u, v89) & 1) != 0 )
{
cocostudio::FlatBuffersSerialize::deleteFlatBufferBuilder(v104);
if ( (v105 & 1) != 0 )
{
operator delete(v106);
if ( ((__int64)v107[0] & 1) == 0 )
{
LABEL_141:
v95 = (char *)v115;
if ( !v115 )
goto LABEL_20;
goto LABEL_163;
}
}
else if ( ((__int64)v107[0] & 1) == 0 )
{
goto LABEL_141;
}
operator delete(v108);
v95 = (char *)v115;
if ( !v115 )
{
LABEL_20:
*(_QWORD *)(a4 + 8) = 0;
*(_QWORD *)(a4 + 16) = 0;
*(_QWORD *)a4 = 0;
goto LABEL_21;
}
LABEL_163:
v116 = v95;
operator delete(v95);
goto LABEL_20;
}
v99 = v105;
*(_QWORD *)(a4 + 8) = 0;
*(_QWORD *)(a4 + 16) = 0;
*(_QWORD *)a4 = 0;
strcpy((char *)a4, "(couldn't save files!");
if ( (v99 & 1) == 0 )
{
if ( ((__int64)v107[0] & 1) == 0 )
goto LABEL_149;
LABEL_156:
operator delete(v108);
v100 = (char *)v115;
if ( !v115 )
goto LABEL_21;
goto LABEL_157;
}
operator delete(v106);
if ( ((__int64)v107[0] & 1) != 0 )
goto LABEL_156;
LABEL_149:
v100 = (char *)v115;
if ( !v115 )
{
LABEL_21:
if ( (v118 & 1) == 0 )
goto LABEL_22;
goto LABEL_158;
}
LABEL_157:
v116 = v100;
operator delete(v100);
if ( (v118 & 1) == 0 )
{
LABEL_22:
if ( (v120[0] & 1) == 0 )
goto LABEL_23;
goto LABEL_159;
}
LABEL_158:
operator delete(v119);
if ( (v120[0] & 1) == 0 )
{
LABEL_23:
if ( (v122[0] & 1) == 0 )
return;
goto LABEL_24;
}
LABEL_159:
operator delete(v121);
if ( (v122[0] & 1) != 0 )
goto LABEL_24;
}
你这个应该是新版的
密钥在
cocos2d::FileUtils::jdksojhks
生成
可以尝试hook获取cocos2d::FileUtils::s_xxteaKey
1 个赞
你这个和他们上面的不一样
import hashlib, xxtea, lz4.block, sys
class RC4:
def __init__(self, key: bytes):
if isinstance(key, str):
key = key.encode()
self._S = list(range(256))
j = 0
for i in range(256):
j = (j + self._S[i] + key[i % len(key)]) % 256
self._S[i], self._S[j] = self._S[j], self._S[i]
def crypt(self, d: bytes) -> bytes:
i, j, r = 0, 0, bytearray()
for b in d:
i = (i + 1) % 256
j = (j + self._S[i]) % 256
self._S[i], self._S[j] = self._S[j], self._S[i]
r.append(b ^ self._S[(self._S[i] + self._S[j]) % 256])
return bytes(r)
if __name__ == "__main__":
with open(sys.argv[1], "rb") as f:
d = f.read()
ft = d[2]
p = b""
if ft in (0x21, 0x65):
enc = d[23:]
pl = (4 - (len(enc) % 4)) % 4
if pl > 0:
enc += b"\x00" * pl
df = xxtea.decrypt(
enc,
bytes(
a ^ b
for a, b in zip(
bytes.fromhex("a4799014170a71a9b4e9ed087960e997"), d[3:19]
)
),
padding=False,
)
ol = int.from_bytes(df[-4:], "little")
p = df[:ol]
elif ft == 0x7A:
p = d[7:]
if ft in (0x21, 0x7A):
p = lz4.block.decompress(
p[4:], uncompressed_size=int.from_bytes(p[:4], "little")
)
if ft in (0x21, 0x65):
fd = RC4(hashlib.md5("52ds5d21".encode()).hexdigest().encode("ascii")).crypt(
p
)
else:
fd = p
with open("dec", 'wb') as f:
f.write(fd)
3 个赞
感谢
链接:百度网盘 请输入提取码
提取码:xug2
是这个 第二个秘钥可以解 和365之前关服的 欲望少女 基本无差的
so.zip (5.6 MB)
顺便能方便在看看这个秘钥么
Version: 2.1.0.0
Generated Key: be4add21cbfc33896be4afc311695496
Decoded Company Name: TianJi Information Technology Inc.
so.rar (4.2 MB)
大佬 在帮忙看下这个 最近突然出现好多这样的游戏
发url好让其他人遇到一样的游戏方便解
1 个赞
https://pan.qingyuji.cn/f/0Mv4i8/lzjd.apk 这里 他是直链的。。 没官网
。。。记得带上游戏名:龙珠激斗(Dragonball Mobile)
import sys
import struct
import lz4.block
S_XXTEA_KEY = b"\x1a\xa3\x4b\xac\x2c\x85\xb1\x8e\x9a\xd0\xa2\xc3\x0f\x97\x62\xf4"
def to_words(d):
nw = (len(d) + 3) // 4
return list(struct.unpack(f"<{nw}I", d.ljust(nw * 4, b"\0")))
def to_bytes(words):
return struct.pack(f"<{len(words)}I", *words)
def xxtea_decrypt(d, dk):
DELTA = 0x9E3779B9
SUM_OFFSET = 0xB54CDA56
v = to_words(d)
k = to_words(dk)
n = len(v)
if n <= 1:
return to_bytes(v)
sv = (52 // n * DELTA + SUM_OFFSET) & 0xFFFFFFFF
y = v[0]
while sv != 0:
e = (sv >> 2) & 3
p = n - 1
while p > 0:
z = v[p - 1]
mx = ((z >> 5 ^ y << 2) + (y >> 3 ^ z << 4)) & 0xFFFFFFFF
dk = ((sv ^ y) + (k[(p & 3) ^ e] ^ z)) & 0xFFFFFFFF
v[p] = (v[p] - (mx ^ dk)) & 0xFFFFFFFF
y = v[p]
p -= 1
z = v[n - 1]
mx = ((z >> 5 ^ y << 2) + (y >> 3 ^ z << 4)) & 0xFFFFFFFF
dk = ((sv ^ y) + (k[(p & 3) ^ e] ^ z)) & 0xFFFFFFFF
v[0] = (v[0] - (mx ^ dk)) & 0xFFFFFFFF
y = v[0]
sv = (sv - DELTA) & 0xFFFFFFFF
return to_bytes(v)
def decrypt(i, o):
with open(i, "rb") as f:
enc = f.read()
s = enc[2]
es = struct.unpack("<I", enc[19:23])[0]
if s == 33:
km = enc[3:19]
dk = bytes([S_XXTEA_KEY[i] ^ km[i] for i in range(16)])
ed = enc[23:]
xd = xxtea_decrypt(ed, dk)
dec = lz4.block.decompress(
xd[4 : 4 + (struct.unpack("<I", xd[-4:])[0] - 4)], uncompressed_size=es
)
elif s == 101:
km = enc[3:19]
dk = bytes([S_XXTEA_KEY[i] ^ km[i] for i in range(16)])
ed = enc[23:]
dec = xxtea_decrypt(ed, dk)[:es]
if dec:
with open(o, "wb") as f:
f.write(dec)
if __name__ == "__main__":
decrypt(sys.argv[1], "dec")
各位大老们,有没有办法帮忙找一下xxtea的key
疑似有混淆,不知道如何下手算出來:
void __fastcall FTUtils::generateKey(unsigned __int8 *a1)
{
unsigned __int64 v1; // x22
char *v3; // x19
__int64 v4; // x0
__int64 v5; // x0
__int64 v6; // x0
__int64 v7; // x0
unsigned __int64 v8; // x8
bool v9; // zf
unsigned __int64 v10; // x8
unsigned __int8 *v11; // x1
unsigned __int64 v12; // x2
int v13; // w2
unsigned __int64 v14; // x8
unsigned __int64 v15; // x12
unsigned __int64 v16; // x16
signed __int64 v17; // x11
_BOOL4 v18; // w10
unsigned __int64 v19; // x13
unsigned __int64 v20; // x13
__int64 *v21; // x12
char v22; // w12
_BYTE *v23; // x8
unsigned __int64 v24; // x17
CCCrypto *v25; // x0
unsigned __int64 v26; // x1
__int64 v27; // x0
__int64 v28; // x20
cocos2d::LuaEngine *v29; // x0
_BYTE v30[15]; // [xsp+9h] [xbp-57h] BYREF
void *v31; // [xsp+18h] [xbp-48h]
__int64 v32; // [xsp+20h] [xbp-40h] BYREF
unsigned __int64 v33; // [xsp+28h] [xbp-38h]
void *v34; // [xsp+30h] [xbp-30h]
__int64 v35; // [xsp+38h] [xbp-28h]
v1 = _ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2));
v35 = *(_QWORD *)(v1 + 40);
v33 = 0LL;
v34 = 0LL;
v32 = 0LL;
v3 = (char *)operator new(0x30uLL);
*(_QWORD *)&v30[7] = 28160LL;
v31 = 0LL;
*(_QWORD *)v30 = *(_QWORD *)"#$@nvshen";
strcpy(v3, "72c159a24b3f969397bc29918a8ef15b");
v4 = std::string::append(&v32, v3, 32LL);
v5 = std::string::append(v4, "=", 1LL);
v6 = std::string::append(v5, v30, 9LL);
v7 = std::string::append(v6, "=", 1LL);
v8 = *a1;
v9 = (v8 & 1) == 0;
v10 = v8 >> 1;
if ( v9 )
v11 = a1 + 1;
else
v11 = (unsigned __int8 *)*((_QWORD *)a1 + 2);
if ( v9 )
v12 = v10;
else
v12 = *((_QWORD *)a1 + 1);
std::string::append(v7, v11, v12);
v14 = (unsigned __int8)v32;
v15 = v33;
v16 = (unsigned __int64)(unsigned __int8)v32 >> 1;
if ( (v32 & 1) != 0 )
v17 = v33;
else
v17 = (unsigned __int64)(unsigned __int8)v32 >> 1;
v18 = (v32 & 1) == 0;
if ( v17 >= 1 )
{
if ( (v32 & 1) != 0 )
v19 = v33;
else
v19 = (unsigned __int64)(unsigned __int8)v32 >> 1;
if ( !v19 )
LABEL_30:
std::__basic_string_common<true>::__throw_out_of_range(&v32);
v20 = 0LL;
while ( 1 )
{
if ( (v14 & 1) == 0 )
v15 = v16;
if ( v15 <= v20 )
std::__basic_string_common<true>::__throw_out_of_range(&v32);
v21 = v18 ? (__int64 *)((char *)&v32 + 1) : v34;
v22 = *((_BYTE *)v21 + v20);
v23 = (v14 & 1) != 0 ? v34 : (__int64 *)((char *)&v32 + 1);
v23[v20] = dword_1449014[(int)v20 % 5] ^ v22;
v14 = (unsigned __int8)v32;
v15 = v33;
++v20;
v18 = (v32 & 1) == 0;
if ( v17 <= (__int64)v20 )
break;
v16 = (unsigned __int64)(unsigned __int8)v32 >> 1;
if ( (v32 & 1) != 0 )
v24 = v33;
else
v24 = (unsigned __int64)(unsigned __int8)v32 >> 1;
if ( v24 <= v20 )
goto LABEL_30;
}
}
if ( v18 )
v25 = (CCCrypto *)((char *)&v32 + 1);
else
v25 = (CCCrypto *)v34;
if ( (v14 & 1) != 0 )
v26 = (unsigned int)v15;
else
v26 = (unsigned int)(v14 >> 1);
CCCrypto::MD5String(v25, (void *)v26, v13);
operator delete(v3);
if ( (v32 & 1) != 0 )
operator delete(v34);
if ( *(_QWORD *)(v1 + 40) != v35 )
{
v28 = sub_6ABEA0(v27);
operator delete(v3);
if ( (v32 & 1) != 0 )
operator delete(v34);
v29 = (cocos2d::LuaEngine *)sub_6CE4B0(v28);
FTUtils::decryptString(v29);
}
}
游戏名:食之契约
相关so档:(64位元的)
libcocos2dlua.zip (8.0 MB)
没必要PM。。。
又没人知道线下你是谁
发一个PM里的请求
密钥
f43599a8c6bf152329ac7e4a18d62b2a
2 个赞
你这也不是tj的加密啊,看了一下只有xxtea还有个ccz的加密
1 个赞
图片是xxtea
import xxtea
def decrypt(d, k):
with open(d, "rb") as f:
enc = f.read()
with open("dec", "wb") as f:
f.write(xxtea.decrypt(enc[10:], k, padding=False))
if __name__ == "__main__":
decrypt("card_draw_200017.png", b"99ca9249" + b"\x00" * 8)
还有个pvr.ccz加密的
import os
from PIL import Image
from ZipUtils import ZipUtils
def process(file: str, zip_utils: ZipUtils):
with open(file, "rb") as f:
d = f.read()
with open(os.path.splitext(file)[0], "wb") as f:
f.write(zip_utils.inflateCCZBuffer(d))
if __name__ == "__main__":
process("role_1.pvr.ccz", ZipUtils(0x72C159A2, 0x4B3F9693, 0x97BC2991, 0x8A8EF15B))
ZipUtils来自Script/Cocos/ZipUtils.py at master · PackageInstaller/Script · GitHub
2 个赞
…qqqqq…
新手刚入坑,对解密方式不是很熟悉…(慢慢补习中)…
总之,还是很感谢大佬的帮助。
您好,我按照这里的步骤操作了。
我得到了代码,但是解码仍然无法进行。
import hashlib
byte_D3A622 = [
0x15,0x28,0x69,0x79,0x7C,0x3E,0x0B,0x21,0x36,0x6F,0x66,0x4E,0x62,0x2D,0x77,0x60,0x73,0x2A,
0x29,0x0D,0x44,0x37,0x6B,0x5C,0x00,0x5A,0x0F,0x0C,0x5E,0x64,0x1A,0x65,0x57,0x6E,0x4D,
0x7A,0x47,0x74,0x40,0x43,0x02,0x72,0x45,0x18,0x5F,0x32,0x10,0x08,0x71,0x11,0x16,0x6C,
0x30,0x17,0x14,0x4B,0x05,0x63,0x25,0x35,0x7F,0x1E,0x3B,0x26,0x01,0x0E,0x6A,0x59,0x13,
0x09,0x2B,0x50,0x70,0x03,0x27,0x53,0x5B,0x5D,0x56,0x68,0x54,0x2F,0x23,0x6D,0x2C,0x46,
0x1B,0x4A,0x12,0x78,0x1C,0x4C,0x4F,0x61,0x75,0x51,0x3F,0x52,0x20,0x67,0x39,0x04,0x48,
0x24,0x55,0x34,0x31,0x33,0x3D,0x22,0x76,0x42,0x7D,0x1D,0x1F,0x06,0x7B,0x2E,0x3C,0x0A,
0x58,0x19,0x41,0x7E,0x38,0x3A,0x49,0x07
]
def confuse(s: str) -> str:
return s.upper().replace('_','+').replace('.', ';').replace('6',';')
def map_ver(version: str) -> str:
return ''.join(chr(byte_D3A622[ord(c)]) for c in version)
def generate_key(version="2.1.0.0"):
version_main = version.rsplit('.',1)[0]
phase1 = "hello,worldTianJi" + map_ver(version)
md5_1 = hashlib.md5(confuse(phase1).encode()).hexdigest()
phase2 = f"{md5_1}20140516{version_main}TianJi"
mix = confuse(phase2)[::-1]
return hashlib.md5(mix.encode()).hexdigest()
我使用了 tj_xxtea_decrypt.exe,但在解密过程中出现错误。
.rodata:0000000000D3A622 ; _BYTE byte_D3A622[142]
.rodata:0000000000D3A622 byte_D3A622 DCB 0x15, 0x28, 0x69, 0x79, 0x7C, 0x3E, 0xB, 0x21, 0x36
.rodata:0000000000D3A622 ; DATA XREF: sub_4B9340+198↑o
.rodata:0000000000D3A622 ; sub_4B9340+1A8↑o
.rodata:0000000000D3A62B DCB 0x6F, 0x66, 0x4E, 0x62, 0x2D, 0x77, 0x60, 0x73, 0x2A
.rodata:0000000000D3A634 DCB 0x29, 0xD, 0x44, 0x37, 0x6B, 0x5C, 0, 0x5A, 0xF, 0xC
.rodata:0000000000D3A63E DCB 0x5E, 0x64, 0x1A, 0x65, 0x57, 0x6E, 0x4D, 0x7A, 0x47
.rodata:0000000000D3A647 DCB 0x74, 0x40, 0x43, 2, 0x72, 0x45, 0x18, 0x5F, 0x32
.rodata:0000000000D3A650 DCB 0x10, 8, 0x71, 0x11, 0x16, 0x6C, 0x30, 0x17, 0x14
.rodata:0000000000D3A659 DCB 0x4B, 5, 0x63, 0x25, 0x35, 0x7F, 0x1E, 0x3B, 0x26
.rodata:0000000000D3A662 DCB 1, 0xE, 0x6A, 0x59, 0x13, 9, 0x2B, 0x50, 0x70, 3, 0x27
.rodata:0000000000D3A66D DCB 0x53, 0x5B, 0x5D, 0x56, 0x68, 0x54, 0x2F, 0x23, 0x6D
.rodata:0000000000D3A676 DCB 0x2C, 0x46, 0x1B, 0x4A, 0x12, 0x78, 0x1C, 0x4C, 0x4F
.rodata:0000000000D3A67F DCB 0x61, 0x75, 0x51, 0x3F, 0x52, 0x20, 0x67, 0x39, 4
.rodata:0000000000D3A688 DCB 0x48, 0x24, 0x55, 0x34, 0x31, 0x33, 0x3D, 0x22, 0x76
.rodata:0000000000D3A691 DCB 0x42, 0x7D, 0x1D, 0x1F, 6, 0x7B, 0x2E, 0x3C, 0xA, 0x58
.rodata:0000000000D3A69B DCB 0x19, 0x41, 0x7E, 0x38, 0x3A, 0x49, 7, 0, 0, 0, 0
.rodata:0000000000D3A6A6 DCB 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
虽然是同一家公司的产品,区别在于“公司名称”被分配给了另一个职能部门,不过没关系,我把它取下来了。