TransWikia.com

How to retrieve the encryption key from a dll file?

Reverse Engineering Asked by Sanders on April 27, 2021

I have a dll file that makes an http post request to a webserver , request looks something like this :

UmdUsFrEB3wGMuuAz1Znywuedx6+ee9cHDyzqM3Gc0FW8TxKFitPfkoC23aJeW39rPhAIpkg7vyzYzRwsloEfUM3y1LnehrJVR5tQuoZ8EUa6uFgzFauuaiP1Ea9+lRg5OU

i am not much of an expert but to me it looks like Base64 , but when i try and decode it using online decoders , most of them just gives an error that its not base64 format , and other decoders gives out Chinese characters,

and some gives results like this:

RgT°ZÄ|2ë€ÏVgËžw¾yï<³¨ÍÆsAVñ<J+O~JÛv‰ymý¬ø@"™ îü³c4p²Z}C7ËRçzÉUmBêðEêá`ÌV®¹¨ÔF½úT`äå

I am assuming that its been encrypted and then encoded ?
if so then is there a way to decrypt it ? i opened the dll file in JustDecompile and it does give me readable code , but i am not sure where to look for the encryption method or key in the code

i did find out a certain part of decompiled code somewhat interesting though :

    private byte[] (byte[] u0002, byte[] u0003)
    {
        byte[] numArray;
        byte[] numArray1 = new byte[89];
        ((Array)u0003).CopyTo((Array)numArray1, 0);
        ((Array)u0002).CopyTo((Array)numArray1, 16);
        if (0 == 0)
        {
            ((Array)Encoding.ASCII.GetBytes("MTRandom")).CopyTo(numArray1, 80);
        }
        do
        {
            numArray = (new MD5CryptoServiceProvider()).ComputeHash(numArray1);
        }
        while (3 == 0);
        return numArray;
    }

    private new unsafe void (byte[] u0002)
    {
        void* length = (void*)stackalloc IntPtr[9];
        this. = (ulong)0;
        *(length + 4) = this. <= 1101;
        if ((sbyte)(*(length + 4)) == 0)
        {
            . _u0001 = new .();
            byte[] numArray = base.(8);
            _u0001. = BitConverter.ToUInt16(numArray, 0);
            _u0001. = BitConverter.ToUInt16(numArray, 2);
            _u0001. = BitConverter.ToUInt16(numArray, 4);
            _u0001. = BitConverter.ToUInt16(numArray, 6);
            byte[] numArray1 = base.((int)_u0001.);
            byte[] numArray2 = this.(numArray1, u0002, _u0001);
            *length = null;
            while (true)
            {
                if (((int)(*length) >= (int)numArray2.Length ? true : (int)numArray2.Length - (int)(*length) < 8))
                {
                    return;
                }
                byte[] numArray3 = new byte[8];
                Array.Copy(numArray2, (int)(*length), numArray3, 0, 8);
                *length = (int)(*length) + 8;
                _u0001 = this.(numArray3, u0002);
                *(length + 5) = (int)numArray2.Length - (int)(*length) < _u0001.;
                if ((sbyte)(*(length + 5)) != 0)

is it possible that this part of the code is responsible for encryption or is it the case of barking at the wrong tree?

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP