之前问过相同的游戏但是也沉了
最近整理文件时候再次尝试了一下疑似找到了解密相关的代码
IDA伪代码
System_Byte_array *UnityEngine_ResourceManagement_ResourceProviders_AddressableEncryptHelp__Decrypt(
System_Byte_array *buffer,
System_String_o *fileName,
int32_t *outLength,
const MethodInfo *method)
{
unsigned int v5; // r13d
Il2CppClass *v6; // rdi
__int64 v7; // rsi
__int64 v8; // rax
__int64 v9; // rdx
unsigned int v10; // ecx
unsigned __int64 max_length_low; // rcx
__int64 v12; // rax
__int64 v13; // rbx
unsigned int v14; // eax
System_Text_Encoding_o *UTF8; // rax
__int64 v16; // rax
const MethodInfo *v17; // rcx
unsigned __int64 v18; // r8
if ( !byte_40A2849 )
{
sub_E9A730();
byte_40A2849 = 1;
}
v5 = UnityEngine_ResourceManagement_ResourceProviders_AddressableEncryptHelp__FormatStrHash(
fileName,
(const MethodInfo *)fileName);
v6 = byte___TypeInfo;
v7 = 4LL;
v8 = sub_E9A76C(byte___TypeInfo, 4LL);
if ( !v8 )
goto LABEL_28;
v10 = *(_DWORD *)(v8 + 24);
if ( !v10 )
goto LABEL_27;
*(_BYTE *)(v8 + 32) = HIBYTE(v5);
if ( v10 == 1 )
goto LABEL_27;
*(_BYTE *)(v8 + 33) = BYTE2(v5);
if ( v10 <= 2 )
goto LABEL_27;
*(_BYTE *)(v8 + 34) = BYTE1(v5);
if ( v10 == 3 )
goto LABEL_27;
*(_BYTE *)(v8 + 35) = v5;
if ( !buffer )
goto LABEL_28;
max_length_low = LODWORD(buffer->max_length);
if ( (__int64)(max_length_low << 32) > 0 )
{
v9 = (int)max_length_low;
v7 = 0LL;
while ( v7 < max_length_low )
{
v6 = (Il2CppClass *)(v7 & 3);
if ( (unsigned int)v6 >= *(_DWORD *)(v8 + 24) )
break;
buffer->m_Items[v7++] ^= *((_BYTE *)&v6->_1.byval_arg.data + v8);
if ( v7 >= (int)max_length_low )
goto LABEL_14;
}
LABEL_27:
sub_E9A96E(v6, v7, v9);
sub_E9A825();
}
LABEL_14:
v6 = byte___TypeInfo;
v7 = 4LL;
v12 = sub_E9A76C(byte___TypeInfo, 4LL);
if ( !v12 )
goto LABEL_28;
v13 = v12;
v14 = *(_DWORD *)(v12 + 24);
if ( !v14 )
goto LABEL_27;
*(_BYTE *)(v13 + 32) = v5;
v9 = HIWORD(v5);
if ( v14 == 1 )
goto LABEL_27;
*(_BYTE *)(v13 + 33) = BYTE1(v5);
if ( v14 <= 2 )
goto LABEL_27;
*(_BYTE *)(v13 + 34) = BYTE2(v5);
if ( v14 == 3 )
goto LABEL_27;
*(_BYTE *)(v13 + 35) = HIBYTE(v5);
v6 = 0LL;
UTF8 = System_Text_Encoding__get_UTF8(0LL);
if ( !UTF8
|| (v7 = StringLiteral_7933,
v6 = (Il2CppClass *)UTF8,
(v16 = ((__int64 (__fastcall *)(System_Text_Encoding_o *, _QWORD, const MethodInfo *))UTF8->klass->vtable._26_GetBytes.methodPtr)(
UTF8,
StringLiteral_7933,
UTF8->klass->vtable._26_GetBytes.method)) == 0) )
{
LABEL_28:
sub_E9A900(v6, v7);
}
v18 = *(unsigned int *)(v16 + 24);
if ( (__int64)(v18 << 32) > 0 )
{
v9 = (int)v18;
v7 = 0LL;
while ( v7 < v18 )
{
v6 = (Il2CppClass *)(v7 & 3);
if ( (unsigned int)v6 >= *(_DWORD *)(v13 + 24) )
break;
LOBYTE(v17) = *((_BYTE *)&v6->_1.byval_arg.data + v13);
*(_BYTE *)(v16 + v7++ + 32) ^= (unsigned __int8)v17;
if ( v7 >= (int)v18 )
return UnityEngine_ResourceManagement_ResourceProviders_AddressableEncryptHelp__DecryptXXTea(
buffer,
(System_Byte_array *)v16,
outLength,
v17);
}
goto LABEL_27;
}
return UnityEngine_ResourceManagement_ResourceProviders_AddressableEncryptHelp__DecryptXXTea(
buffer,
(System_Byte_array *)v16,
outLength,
v17);
}
疑似文件名hash作为密钥然后xor+xxtea