-
-
Save mengxipeng1122/bb1eea530a665a5cb6560d72c85d1509 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
extern "C" int test(void* baseaddress, char* outdir) | |
{ | |
#ifdef __arm__ // for 32-bit ARM | |
LOG_INFO(0x100,"arch armeabi "); | |
#else | |
#ifdef __aarch64__ // 64-bit ARM | |
LOG_INFO(0x100,"arch aach64 "); | |
#else | |
#error "unsupported architecture " | |
#endif | |
#endif | |
// get a list of all encrypt files | |
std::vector<std::string> encryptFiles; | |
{ | |
// print some info for debug | |
#ifdef __arm__ | |
LOG_INFO(0x100, "sizeof(int) %d", sizeof(int)); | |
LOG_INFO(0x100, "sizeof(long) %d", sizeof(long)); | |
LOG_INFO(0x100, "sizeof(void*) %d", sizeof(void*)); | |
#else | |
#ifdef __aarch64__ // 64-bit ARM | |
LOG_INFO(0x100, "sizeof(int) %ld", sizeof(int)); | |
LOG_INFO(0x100, "sizeof(long) %ld", sizeof(long)); | |
LOG_INFO(0x100, "sizeof(void*) %ld", sizeof(void*)); | |
#else | |
#error "unsupported architecture " | |
#endif | |
#endif | |
#ifdef __arm__ | |
cocos2d::ZipFile* pzipfile = (cocos2d::ZipFile*)*(void**)&(((unsigned char*)baseaddress)[0x608E68]); | |
#else | |
#ifdef __aarch64__ // 64-bit ARM | |
cocos2d::ZipFile* pzipfile = (cocos2d::ZipFile*)*(void**)&(((unsigned char*)baseaddress)[0x9223A0]); | |
#else | |
#error "unsupported architecture " | |
#endif | |
#endif | |
// ZipFilePrivate *_data; | |
// typedef std::map<std::string, struct ZipEntryInfo> FileListContainer; | |
//FileListContainer fileList; | |
#ifdef __arm__ | |
void* _data = *(void**)(&((unsigned char*)pzipfile)[4]); | |
void* fileList = (void*)(&((unsigned char*)_data)[4]); | |
#else | |
#ifdef __aarch64__ | |
void* _data = *(void**)(&((unsigned char*)pzipfile)[8]); | |
void* fileList = (void*)(&((unsigned char*)_data)[8]); | |
#else | |
#error "unsupported architecture " | |
#endif | |
#endif | |
typedef std::map<std::string, void*> FileListContainer; | |
typedef std::map<std::string, void*>::iterator FileListContainerIterator; | |
FileListContainer* filelistContainer= (FileListContainer*) fileList; | |
for(FileListContainerIterator it = filelistContainer->begin(); it!=filelistContainer->end(); it ++) | |
{ | |
#if TEST_VERION | |
bool exit=false; | |
#endif | |
const char* fname = it->first.c_str(); | |
std::string name(fname); | |
unsigned long datalen=0l; | |
unsigned char* data = pzipfile->getFileData(name, &datalen); | |
if(data!=NULL){ | |
// _frida_hexdump(data, 0x20); | |
if(!memcmp(data, "\xfe\xfe\xfe\xfe", 4)){ | |
encryptFiles.push_back(it->first); | |
LOG_INFO(0x100,"add %s %lu ", fname, datalen); | |
#if TEST_VERION | |
exit=true; | |
#endif | |
} | |
free(data); | |
} | |
#if TEST_VERION | |
if(exit) break; | |
#endif | |
} | |
pzipfile =NULL; | |
} | |
// try to decrypt files | |
{ | |
cocos2d::CCFileUtilsAndroid* pFileUtils = (cocos2d::CCFileUtilsAndroid*)cocos2d::CCFileUtils::sharedFileUtils(); | |
if(pFileUtils==NULL) LOG_ERR(0x100, " can not get pFileUtils "); | |
LOG_INFO(0x100, "%p",pFileUtils); | |
for(std::vector<std::string>::iterator it = encryptFiles.begin(); it!=encryptFiles.end(); it++) | |
{ | |
const char* fname = it->c_str(); | |
unsigned long datalen=0l; | |
void* data = pFileUtils->getFileData(fname, "rb", &datalen); | |
if(data!=NULL){ | |
_frida_hexdump(data, 0x20); | |
char outputname[0x100]; | |
snprintf(outputname, 0x100, "%s/%s", outdir, fname); | |
char *dname = dirname(outputname); | |
// create folder for output file if need | |
if(xis_dir(dname)!=1){ | |
// create folder | |
//LOG_INFO(0x200," create folder %s for file %s", dname, outputname); | |
mkpath(dname, 0777); | |
} | |
// write file | |
{ | |
LOG_INFO(0x200," %s => %s ", fname, outputname); | |
writeDataToFile(outputname, (unsigned char*)data, datalen); | |
} | |
free(data); | |
} | |
#if TEST_VERION | |
break; | |
#endif | |
} | |
} | |
LOG_INFO(0x100, "go here , test ok"); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment