Reverse Engineering Asked by Azat Idrisov on October 3, 2021
I’m truing to decrypt LUA scrpits from cocos2dx game (for wiki).
Links to files of game:
libhellolua.so (cocos2dx external library)
example encrypted LUA-scripts (*.abc files)
I was reading a library in IDA Pro.
This library don’t have mention “xxtea”.
And i found function getEncyptedFileData:
pastebin getEncyptedFileData
This function is not in the original source code of Cocos2d-x.
I think this function is related to decryption (since this function is called nearby with the variable “*.abc”).
I can not understand the some lines in this function:
1: I think that this function CCFileUtils:getFileData.
v5 = (_BYTE *)(*(int (__fastcall **)(cocos2d::CCFileUtils *, const char *, const char *, unsigned int *))(*(_DWORD *)this + 16))(this, a2, "rb", &v26);
2: This loop not readeable. The result of the first line is used in this loop.
do
{
v6[(signed int)v17 * (signed __int64)v11 % (unsigned __int64)v14] = *(_BYTE *)(v13 + v16) ^ v15[v17];
++v17;
v16 = (v16 + 1) % v10;
}
while ( v17 < v14 );
3: function getEncyptedFileData return result of this line:
v19 = (*(int (__cdecl **)(cocos2d::CCFileUtils *, _BYTE *))(*(_DWORD *)v21 + 24))(v21, v6);
v5 = (_BYTE *)(*(int (__fastcall **)(cocos2d::CCFileUtils *, const char *, const char *, unsigned int *))(*(_DWORD *)this + 16))(
this,
a2,
"rb",
&v26);
This is a signature xxtea encryption with the sign rb. Now you need to find the xxtea encryption key in this method. You can either dig a little bit more from CCFileUtils or AppDelegate(As this article: https://boards.libre.io/threads/decrypt-xxtea-block-cipher-in-lua-file-from-cocos2d-lua-games.297552/)
Another way (my favorite way), is to use frida and hook to the method, print out this (arg[0]) using this guide: https://boards.libre.io/threads/decrypting-lua-files.238916/
Answered by Minh Nguyen on October 3, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP