Created
January 28, 2019 18:48
-
-
Save iGio90/fe8fef97f2c57bcb97339fd157444452 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Process.setExceptionHandler(function (details) { | |
| console.log(base); | |
| console.log(JSON.stringify(details)); | |
| }); | |
| Memory.protect(m.base, m.size, 'rwx'); | |
| var svc_send = Memory.scanSync(m.base, m.size, '14 70 9F E5 00 00 00 EF'); | |
| var svc_recv = Memory.scanSync(m.base, m.size, '49 7F A0 E3 00 00 00 EF'); | |
| Interceptor.attach(svc_send[0]['address'], function () { | |
| send('o', Memory.readByteArray(this.context.r1, parseInt(this.context.r2))); | |
| if (sw(Memory.readUShort(this.context.r1)) === 10101) { | |
| var pkey = ba2hex(Memory.readByteArray(this.context.r1.add(7), 32)); | |
| console.log('[+] bruting private key.... it will take some seconds :S <3'); | |
| var r = Process.enumerateRangesSync('rw-'); | |
| for (var k in r) { | |
| if (typeof r[k]['file'] === 'undefined') { | |
| var res = Memory.scanSync(r[k].base, r[k].size, | |
| pkey); | |
| if (res.length > 0) { | |
| for (var t in res) { | |
| send('tk', Memory.readByteArray(res[t].address.add(32), 32)); | |
| } | |
| } | |
| } | |
| } | |
| } | |
| }); | |
| var buf; | |
| var len; | |
| Interceptor.attach(svc_recv[0]['address'], function () { | |
| buf = this.context.r1; | |
| len = parseInt(this.context.r2); | |
| }); | |
| Interceptor.attach(svc_recv[0]['address'].add(8), function () { | |
| if (len === 7) { | |
| send('ih', Memory.readByteArray(this.context.r1, len)); | |
| } else { | |
| send('ip', Memory.readByteArray(this.context.r1, len)); | |
| } | |
| }); | |
| function sw(val) { | |
| return ((val & 0xFF) << 8) | ((val >> 8) & 0xFF); | |
| } | |
| function ba2hex(bufArray) { | |
| var uint8arr = new Uint8Array(bufArray); | |
| if (!uint8arr) { | |
| return ''; | |
| } | |
| var hexStr = ''; | |
| for (var i = 0; i < uint8arr.length; i++) { | |
| var hex = (uint8arr[i] & 0xff).toString(16); | |
| hex = (hex.length === 1) ? '0' + hex : hex; | |
| if (hexStr.length > 0) { | |
| hexStr += ' '; | |
| } | |
| hexStr += hex; | |
| } | |
| return hexStr.toUpperCase(); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
what this actually does? does the patern still works in new versions of the game?