下载将APK解压后发现assets\res文件夹下的PNG图片都被加密,发现文件头都是“UF”,在lib文件夹下找到名为“libcocos2dlua.so”文件。
通过了解得知是cocos2d的,同时发现有lua文件,通过搜索网上相关拆包教程后尝试通过IDA读取,进而得知是“luaJIT 2.1.0 beta3”,翻看各路大神文章后还是一筹莫展,在IDA中搜索文件头"UF"通过看了“https://bbs.kanxue.com/thread-268574.htm”这篇文章后在IDA中找到了疑似解密算法,但C水平太低没办法模仿这篇文章还原出解密程序,无奈只好发论坛求助各位大佬,希望有大佬有闲工夫帮忙看一下。下面是扒出来的疑似的解密算法,附上游戏libcocos2dlua.so文件和几个加密的图片。下载:https://wwzr.lanzout.com/iXY2U0ngpeqf 密码:b6ob
int fastcall cocos2d::FileUtils::decryptUF(
cocos2d::FileUtils *this,
unsigned int8 a2,
_DWORD a3,
int a4,
int a5,
int a6)
{
int v6; // r4
int v7; // r5
int v8; // r6
int v9; // r12
bool v10; // zf
int v11; // r12
int v12; // lr
int v13; // r3
int v14; // r12
unsigned __int8 v15; // r1
char v16; // r12
cocos2d::FileUtils v17; // r2
char v18; // t1
int result; // r0
int v20; // r5
cocos2d::FileUtils v21; // lr
char v22; // r4
cocos2d::FileUtils v23; // r0
int v24; // r5
char v25; // t1
unsigned int v26; // r3
unsigned int v27; // r12
char v28; // r11
unsigned __int8 v29; // r4
char v30; // r6
char v31; // r5
unsigned int8 *v32; // r8
unsigned int8 v33; // r12
unsigned __int8 v34; // r8
int v35; // r0
if ( (int)a2 (_BYTE )this != 85 || ((_BYTE )this + 1) != 70 )
return -2;
v9 = ((unsigned __int8 )this + 2);
v10 = v9 == 79;
if ( v9 == 79 )
{
v8 = ((unsigned __int8 )this + 3);
v11 = 4;
}
else
{
v11 = 2;
}
if ( v10 )
v12 = 5;
else
v12 = 3;
if ( v10 )
{
v7 = 6;
a4 = v8;
v6 = 1;
}
if ( !v10 )
{
v7 = 4;
v6 = 0;
}
a3 = ((unsigned __int8 )this + v11);
v13 = ((unsigned __int8 )this + v12);
if ( v13 == 1 )
{
v20 = ((unsigned __int8 )this + v7);
v15 = &a2[-v11 - 3];
if ( (int)v15 > 0 )
{
v21 = this;
v22 = (char )this + v11 + 2;
v23 = (cocos2d::FileUtils )&v15[(_DWORD)this];
v24 = v20 - (_DWORD)v21;
do
{
v25 = ++v22;
(_BYTE )v21 = v25 ^ byte_1533EB8[((int)v21 + v24) % 33];
v21 = (cocos2d::FileUtils )((char )v21 + 1);
}
while ( v21 != v23 );
}
}
else if ( v13 == 2 )
{
v26 = ((unsigned int8 )this + v7);
v27 = v11 + 3;
v15 = &a2[-v27];
v28 = byte_1533EB8[(int)(v26 + 1) % 33 + 36];
(_BYTE )this = v15[(_DWORD)this] ^ byte_1533EB8[v26 % 0x21 + 36];
v29 = &v15[(_DWORD)this];
((_BYTE )this + 1) = v28 ^ v15[(_DWORD)this + 1];
v30 = byte_1533EB8[(int)(v26 + 3) % 33 + 36];
((_BYTE )this + 2) = byte_1533EB8[(int)(v26 + 2) % 33 + 36] ^ v15[(_DWORD)this + 2];
v31 = byte_1533EB8[(int)(v26 + 4) % 33 + 36];
((_BYTE )this + 3) = v30 ^ v15[(_DWORD)this + 3];
((_BYTE )this + 4) = v31 ^ v15[(_DWORD)this + 4];
if ( v27 != 5 )
{
((_BYTE )this + 5) = v29[5] ^ byte_1533EB8[(int)(v26 + 5) % 33 + 36];
if ( v27 == 7 )
((_BYTE *)this + 6) = v29[6] ^ byte_1533EB8[(int)(v26 + 6) % 33 + 36];
}
if ( (int)&v15[-v27] > 95 )
v32 = (unsigned int8 )(v27 + 95);
else
v32 = v15;
if ( v27 )this + v27;
v34 = &v32[(_DWORD)this];
v35 = v26 - (_DWORD)this;
do
{
v33 ^= byte_1533EB8[(int)&v33[v35] % 33 + 36];
++v33;
}
while ( v33 != v34 );
}
}
else
{
if ( v6 )
v14 = 7;
else
v14 = 5;
v15 = &a2[-v14];
if ( (int)v15 > 0 )
{
v16 = (char )this + v14;
v17 = (cocos2d::FileUtils )&v15[(_DWORD)this];
do
{
v18 = v16++;
(_BYTE )this = v18;
this = (cocos2d::FileUtils )((char )this + 1);
}
while ( this != v17 );
}
}
result = 0;
*a5 = (int)v15;
return result;
}
