Reverse Engineering Asked by Maren Podarm on October 3, 2021
I am trying to extract assets from a Chinese game, I downloaded the apk file and unzipped it. I looked through the files and they are encrypted in some ways, the PNGs and LUAs are unviewable.
The engine the game used was called TerransForceEngine which does not show any results in Google Search. I had a look in the lib folder and decided to open up the libtpnsSecurity.so file because of its name. I opened it in IDA and found some strings that may suggest that the so file is the one containing the encrypting and decrypting algorithms.
Unfortunately I have no experience in using IDA. I have tried following other topics but they are usually about games which use Cocos2D and I couldn’t follow the steps provided in said topic.
The game’s server leaked its Directories and I downloaded a few files with wget, there are php files and one of them is xxtea.php which is just a source code of the algorithm. I attached leak files here: https://www.dropbox.com/s/wkxs4s3v9wwf5ym/leak.zip?dl=0
The .so file, lib folder containing others .so files, example lua and png files can be download here: https://www.dropbox.com/s/alj37ai7qd4lmqh/game.zip?dl=0
Next time please include the original apk in your question. Luckily I'm working on the same game so I can help somewhat.
Get the old apk (yzjlzl_2.80_1_20180918_170403_83de83.apk) from bilibili (google it) and use IDA to decompile it. This is an obvious solution to JNI_Onload obfuscation if you want to do static debugging.
One of the other way to do this is a Live Debugging with Frida, but I'm sure we're not interested into it bc we need the decryption schema.
Answered by Minh Nguyen on October 3, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP