search
HomeOperation and MaintenanceSafetyHow idaPro analyzes app decryption lua script

Taking the previous IDAPRO or HOOK, we can get XXTEA decrypting key. For SIGN, we can directly open the original file:

How idaPro analyzes app decryption lua script

This can see the SIGN value: byds. Therefore, we can try to use the xxtea decryption tool (by getting the source code on GitHub and compiling it) to decrypt

How idaPro analyzes app decryption lua script        

Take index.luac as an example, let’s look at index.luac decryption Changes before and after:

How idaPro analyzes app decryption lua script

We see that the lua script decrypted by xxtea is still not clear text! We previously determined that the xxtea encryption was used based on the cocos2d framework source code and the master apk decoding result, and the app's Lua script also has a signature value, which also confirms that it is the xxtea encryption method, but the result we decrypted is still not plain text, which shows that we The decryption may not be complete. You have to go back to idapro to find out.

Open libgame.so with IDAPRO, search for Byds in the Export window, find the byds_d function, double -click in:

How idaPro analyzes app decryption lua script

# direct F5 will display the editor code:

                      How idaPro analyzes app decryption lua script

There is nothing special about this, it is equivalent to the code in our framework source code. If the decryption is not completed, the upper level of this function should be called again to continue the decryption process. Let's jump xrefs to track this function call: One is the got table, which is definitely not the case. Let’s double-click the first one:

How idaPro analyzes app decryption lua script

is just a wrapper function, let’s continue tracking:

How idaPro analyzes app decryption lua scriptDouble-click to enter:

        

How idaPro analyzes app decryption lua script We see that the name of this function is the same as the call to xxtea_decrypt in the source code. We also included this function in the breach at the beginning. Now you can clearly see that after the script has been decrypted by byds_d, it has been decompressed again. It should be basically clear now. The lua script should be compressed and encrypted, so if you want to restore it, you should first decrypt it with xxtea and then decrypt it. compression. You can find a script to decompress zlib on GitHub, which can be used to decompress the decrypted text

     

How idaPro analyzes app decryption lua scriptThen look at index.lua:

      

How idaPro analyzes app decryption lua script You can see that it has become clear text now.

The above is the detailed content of How idaPro analyzes app decryption lua script. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:亿速云. If there is any infringement, please contact admin@php.cn delete

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Best Graphic Settings
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. How to Fix Audio if You Can't Hear Anyone
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
WWE 2K25: How To Unlock Everything In MyRise
1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

DVWA

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools

VSCode Windows 64-bit Download

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool