Audition 2 SF Decrypting (Need some Help)
I'm trying write unpacker for this game but need any help. All resource's contained in *.SF archives. They encrypted with custom algorithm. After hour debugging (****ing xTrap -> xCrap) i found algo :
PHP Code:
; int __usercall A2Decrypt<eax>(int a1, int a2)
A2Decrypt proc near
arg_0 = dword ptr 4
push ebx
push ebp
push esi
push edi
mov edi, eax
mov ecx, edi
and ecx, 0FF00h
mov edx, edi
shl edx, 10h
or ecx, edx
shl ecx, 8
movzx edx, di
or ecx, edx
xor ecx, 0B11924E1h
movsx esi, cl
mov edx, ecx
shr edx, 8
movsx edx, dl
mov ebx, esi
mov ebp, [esp+10h+arg_0]
shl ebx, 5
add ebx, esi
add edx, ebx
mov esi, edx
shl esi, 5
add esi, edx
mov edx, ecx
shr edx, 10h
movsx edx, dl
add esi, edx
shr ecx, 18h
mov edx, esi
shl edx, 5
add edx, esi
movsx ecx, cl
mov ebx, edi
and ebx, 3
mov eax, 96438AF7h
lea ecx, [edx+ecx+7C5D0F85h]
mov [esp+10h+arg_0], ebx
jz short loc_401645
mov esi, ebp
jmp short loc_401600
; ---------------------------------------------------------------------------
db 8Dh, 0A4h, 24h, 4 dup(0)
; ---------------------------------------------------------------------------
jmp short loc_401600
; ---------------------------------------------------------------------------
align 10h
loc_401600:
mov edx, ecx
and edx, 0FFh
add eax, A2Key[edx*4]
mov ebp, ecx
not ebp
shl ebp, 15h
mov dl, al
add dl, cl
xor dl, [esi]
add ebp, 2611501h
shr ecx, 0Bh
or ecx, ebp
mov ebp, eax
shl ebp, 5
add ebp, eax
movzx eax, dl
mov [esi], dl
add esi, 1
sub ebx, 1
lea eax, [eax+ebp+3]
jnz short loc_401600
sub edi, [esp+10h+arg_0]
mov ebp, esi
loc_401645:
test edi, edi
mov esi, ebp
jz short loc_40168B
jmp short loc_401650
; ---------------------------------------------------------------------------
align 10h
loc_401650:
mov edx, ecx
and edx, 0FFh
add eax, A2Key[edx*4]
mov ebx, ecx
not ebx
shl ebx, 15h
lea edx, [ecx+eax]
xor edx, [esi]
add ebx, 3938731h
shr ecx, 0Bh
or ecx, ebx
mov ebx, eax
shl ebx, 5
add ebx, edx
mov [esi], edx
add esi, 4
sub edi, 4
lea eax, [eax+ebx+3]
jnz short loc_401650
loc_40168B:
pop edi
pop esi
pop ebp
pop ebx
retn
A2Decrypt endp
a1 - size (or length) , a2 - buffer ...
A2Key (1024)
PHP Code:
static unsigned char A2Key[1024] = {
0xD2, 0x2F, 0xCF, 0x9C, 0x60, 0x29, 0x54, 0x91, 0xDC, 0xE2, 0xA7, 0x22, 0x39, 0x29, 0x5F,
0x2F, 0xE4, 0x1B, 0xDF, 0x86, 0xBA, 0x90, 0xD2, 0xF1, 0x97, 0x87, 0xC2, 0x5D, 0x04, 0xD8,
0x4A, 0x78, 0xE2, 0xFE, 0x43, 0x13, 0xBD, 0x92, 0xA9, 0xBE, 0x89, 0xF8, 0xB0, 0x9E, 0xC0,
0x4B, 0x34, 0xB2, 0xCA, 0xFF, 0xA9, 0x3E, 0x53, 0xC8, 0x8E, 0x80, 0x0B, 0x69, 0x28, 0xC0,
0x14, 0xEA, 0xAF, 0xAD, 0xA7, 0xCA, 0x68, 0x01, 0x93, 0x39, 0x7A, 0x9E, 0xB9, 0xC8, 0x7C,
0x3A, 0xA9, 0x62, 0x60, 0x4C, 0xEC, 0x88, 0x59, 0xEC, 0xDB, 0xC9, 0xD3, 0x20, 0x00, 0x20,
0x37, 0xA9, 0x52, 0x1A, 0x52, 0x66, 0x9C, 0xED, 0x17, 0x99, 0x73, 0x8A, 0x0B, 0x41, 0xEF,
0x86, 0x30, 0xC5, 0x63, 0xBC, 0x33, 0x75, 0x06, 0x68, 0xAD, 0x9B, 0x3D, 0x73, 0xA7, 0xFA,
0xDB, 0x03, 0xE6, 0xAF, 0x38, 0x2B, 0xFE, 0xE6, 0xDE, 0x88, 0x62, 0x87, 0x4A, 0xCF, 0x2A,
0xCC, 0x73, 0x42, 0xA0, 0x58, 0x06, 0x35, 0x92, 0x2D, 0x7E, 0xFE, 0x58, 0x1F, 0x7D, 0xAF,
0xA6, 0xB4, 0x13, 0x08, 0x01, 0xC1, 0x66, 0x96, 0x22, 0xD8, 0x0D, 0x90, 0x24, 0xA3, 0x56,
0x6F, 0x05, 0x11, 0x47, 0x70, 0x84, 0x83, 0x4D, 0x41, 0x87, 0xD0, 0x68, 0x92, 0x44, 0x76,
0xC8, 0x27, 0xFA, 0xFE, 0xBD, 0xAF, 0x83, 0xAD, 0xE2, 0xED, 0x88, 0xCC, 0xE6, 0x1A, 0xF6,
0xA8, 0xAD, 0xE1, 0x6A, 0xA0, 0x9D, 0xBF, 0x87, 0x1D, 0x65, 0x82, 0x8B, 0xC3, 0x23, 0x3E,
0x40, 0x10, 0xC1, 0xE5, 0x55, 0x41, 0xFD, 0xC8, 0x23, 0xDF, 0x11, 0xE3, 0x14, 0x10, 0xD6,
0xDA, 0x91, 0x7D, 0x6F, 0xAB, 0xE5, 0xE9, 0x12, 0x2F, 0x03, 0x80, 0xF4, 0xB8, 0x35, 0xA3,
0x66, 0xDC, 0x35, 0x43, 0x62, 0xAA, 0x76, 0x60, 0x21, 0x44, 0x39, 0xB3, 0xE8, 0x33, 0x1C,
0xB5, 0xA9, 0x21, 0x8D, 0x77, 0xBA, 0x5F, 0x67, 0x04, 0x67, 0x4A, 0x33, 0x85, 0x62, 0x59,
0xA1, 0x6E, 0xC5, 0xFA, 0xB0, 0xA8, 0xDD, 0x97, 0x1F, 0x48, 0x61, 0x30, 0xD0, 0x45, 0xC4,
0xCB, 0x30, 0x67, 0xBA, 0xB8, 0x44, 0xE8, 0xB2, 0x4C, 0x10, 0xE2, 0x37, 0x67, 0xB0, 0x2D,
0x9A, 0x6E, 0x8E, 0x88, 0xD6, 0x78, 0x7A, 0x61, 0xE2, 0xEA, 0xDC, 0x93, 0x3A, 0xE1, 0x59,
0x0E, 0x38, 0x2D, 0x43, 0xA7, 0xE2, 0x03, 0x97, 0xC2, 0x5E, 0xA8, 0xCF, 0x0B, 0xD1, 0x78,
0x3C, 0x36, 0x55, 0xD0, 0x0F, 0xAC, 0x8F, 0x3C, 0xD2, 0x9E, 0xA4, 0xA0, 0x38, 0x4D, 0xB8,
0xA7, 0x7E, 0xD1, 0x03, 0x1A, 0x76, 0xA5, 0x57, 0x48, 0x57, 0x50, 0xF4, 0x76, 0x4C, 0xAB,
0x34, 0x98, 0x19, 0xED, 0xD8, 0x68, 0xE5, 0x6E, 0xFF, 0xF2, 0x6F, 0xF2, 0x16, 0x32, 0x31,
0x75, 0x71, 0x96, 0x5F, 0xFE, 0x6C, 0x47, 0x02, 0xB4, 0x42, 0xDA, 0x2B, 0xD3, 0xAC, 0x0F,
0xAE, 0x27, 0x03, 0x37, 0xFC, 0x95, 0xE2, 0x9E, 0x9B, 0x36, 0xD3, 0xDC, 0xE7, 0xCC, 0x99,
0x71, 0x2C, 0xA1, 0xDE, 0x7B, 0x47, 0x27, 0x6A, 0xCC, 0x2D, 0xA3, 0xC3, 0x42, 0x13, 0x6A,
0x78, 0x54, 0x1F, 0x0F, 0xD9, 0xFB, 0x87, 0xF9, 0xF6, 0x95, 0x76, 0x2A, 0x83, 0x98, 0xFA,
0x0E, 0x2D, 0x1B, 0x2F, 0x5A, 0x67, 0xE7, 0x27, 0x5F, 0xB7, 0xF0, 0x80, 0xAA, 0x01, 0x09,
0x72, 0xF6, 0x04, 0x66, 0xD3, 0x7E, 0x7E, 0xF8, 0x95, 0xED, 0xB5, 0xC4, 0x71, 0x59, 0xB0,
0x59, 0x8B, 0x32, 0x0B, 0x6B, 0xE0, 0x4A, 0x88, 0xF6, 0xAF, 0x6F, 0x8D, 0x64, 0xA4, 0x85,
0x9D, 0x0A, 0x8B, 0x81, 0xB2, 0x83, 0x96, 0x04, 0x50, 0x42, 0xC1, 0x96, 0xF9, 0x44, 0x73,
0x2A, 0x20, 0x21, 0x0D, 0x4C, 0x8F, 0x41, 0xE5, 0x0C, 0xB5, 0xD2, 0xAA, 0xE6, 0x6B, 0xAE,
0x2F, 0x8E, 0xCD, 0xD1, 0x44, 0xBB, 0x98, 0x95, 0xF5, 0xF1, 0x87, 0x43, 0xB4, 0xE5, 0xAD,
0xAB, 0x95, 0x9D, 0x3D, 0x06, 0xAB, 0x86, 0xE1, 0x0F, 0x0F, 0x06, 0x6F, 0xC4, 0x13, 0xE3,
0xA9, 0xC5, 0xA1, 0xA4, 0xE8, 0xF3, 0xA2, 0xFC, 0x49, 0x7D, 0x3F, 0xF3, 0x46, 0xD7, 0x2A,
0x7A, 0x9A, 0x79, 0x50, 0x0F, 0xD9, 0xAC, 0x37, 0xAD, 0xA4, 0x89, 0x03, 0x20, 0x16, 0x32,
0x12, 0xA9, 0x87, 0x01, 0x2B, 0xFB, 0x7D, 0x45, 0x62, 0x88, 0x5D, 0x8E, 0x7D, 0xCF, 0xDE,
0x2A, 0xC9, 0xDC, 0x03, 0xE6, 0xB3, 0x7D, 0x1C, 0x2E, 0xF2, 0xE3, 0x12, 0xE4, 0x0B, 0x2B,
0x64, 0xD0, 0x95, 0x57, 0x9D, 0x04, 0x7C, 0x5B, 0xD4, 0x97, 0xCB, 0x7C, 0x4B, 0x4D, 0xDB,
0x8D, 0xBA, 0x63, 0x9C, 0x2A, 0xA0, 0xC4, 0x5F, 0x7D, 0x9D, 0x84, 0xF6, 0x53, 0xDD, 0xDD,
0x45, 0x70, 0xCB, 0x83, 0x1E, 0x8E, 0x71, 0xC0, 0x0B, 0x02, 0x7D, 0x11, 0x5E, 0x1F, 0x7A,
0x5E, 0xA1, 0x10, 0x8F, 0x0F, 0x86, 0x71, 0x0F, 0xA8, 0x2C, 0x82, 0xE5, 0xFF, 0xDD, 0xE6,
0x27, 0xB1, 0x80, 0x16, 0xF1, 0x0B, 0x06, 0x94, 0xE2, 0xA6, 0x3B, 0x11, 0xE9, 0x46, 0xF7,
0xF6, 0x6E, 0xEE, 0x79, 0xEB, 0x15, 0x48, 0x3A, 0x55, 0xB8, 0x9C, 0x26, 0xAF, 0x29, 0x42,
0xE3, 0xF6, 0x59, 0x41, 0x94, 0x7E, 0x88, 0xBE, 0x38, 0x48, 0x29, 0x2E, 0xB9, 0xB3, 0x68,
0xE6, 0x79, 0xAC, 0xC4, 0xB6, 0x9F, 0xAB, 0x06, 0x34, 0xCB, 0xA7, 0xCC, 0xDB, 0x2F, 0x4F,
0x67, 0x0B, 0x42, 0xBA, 0x3B, 0x1C, 0xCE, 0x78, 0x8E, 0x0A, 0x6D, 0xED, 0x8F, 0x6C, 0xD9,
0xBC, 0xA5, 0xC0, 0xF1, 0xB2, 0xDD, 0x34, 0x73, 0x2F, 0x64, 0x5D, 0x8D, 0x66, 0x8D, 0x45,
0xDA, 0x30, 0xCB, 0x57, 0x6E, 0x0B, 0x1F, 0xF9, 0x00, 0x00, 0x09, 0xA0, 0x02, 0xC4, 0x53,
0xE8, 0x8D, 0xC4, 0xFA, 0x04, 0xAB, 0x89, 0xB5, 0x39, 0xE0, 0x7F, 0x02, 0xCF, 0x83, 0xED,
0xFF, 0xBA, 0x00, 0xD5, 0xB1, 0xCB, 0xDD, 0x66, 0x7B, 0x3D, 0xAE, 0x77, 0x11, 0x1C, 0x28,
0x3E, 0x5C, 0xFF, 0xFD, 0xAD, 0x7F, 0x50, 0x5A, 0xBA, 0xAA, 0xC9, 0x28, 0xD5, 0x0A, 0x4C,
0x32, 0x55, 0x77, 0x1A, 0x66, 0x77, 0xA1, 0xAA, 0x0D, 0x5E, 0x91, 0xE9, 0x85, 0x24, 0xF4,
0x02, 0x26, 0x8D, 0x2B, 0x9C, 0x9B, 0x96, 0xC0, 0x71, 0x4B, 0x82, 0xB5, 0xF6, 0x25, 0x4F,
0x54, 0x7A, 0x84, 0xEC, 0xBB, 0xC1, 0xB9, 0x68, 0x65, 0xF0, 0x56, 0xC7, 0x3A, 0x81, 0xEE,
0x6D, 0xE0, 0x3E, 0x7C, 0x6D, 0x82, 0xD7, 0xE5, 0xC3, 0x1A, 0x44, 0x80, 0x96, 0x08, 0x3E,
0xEE, 0xF7, 0xD3, 0xDE, 0xE3, 0x41, 0xA5, 0x60, 0x10, 0x9F, 0x39, 0x11, 0x6B, 0x86, 0x08,
0x5E, 0xA9, 0x51, 0x6C, 0x79, 0x29, 0x74, 0x8A, 0x36, 0xA7, 0xC2, 0xC4, 0xCB, 0xA3, 0x31,
0x16, 0x8A, 0x90, 0x1E, 0xA9, 0xE1, 0xE9, 0x3F, 0x75, 0xE8, 0xA7, 0xB1, 0x76, 0x8F, 0x59,
0x14, 0x7D, 0xB5, 0xAA, 0x27, 0x9F, 0x25, 0x4A, 0x4C, 0x2B, 0xDC, 0x33, 0xBF, 0x3A, 0x34,
0x19, 0x70, 0x4E, 0x74, 0xB3, 0x07, 0x49, 0xE8, 0x8B, 0xE6, 0x9E, 0x5D, 0x48, 0x93, 0x22,
0x62, 0x8E, 0x8C, 0x94, 0x4C, 0xE2, 0x15, 0x0D, 0x7A, 0xCC, 0x61, 0x1F, 0x75, 0x31, 0xB9,
0xF8, 0xB6, 0x1A, 0x9C, 0x0A, 0xBE, 0x7E, 0x73, 0x2F, 0x2B, 0xAD, 0xC4, 0xF1, 0x99, 0x84,
0xE7, 0x61, 0x08, 0x69, 0x02, 0x37, 0x28, 0x60, 0xB1, 0x09, 0xAE, 0x30, 0x9E, 0xBC, 0xB3,
0xBB, 0x23, 0x41, 0xF7, 0x94, 0xEB, 0x4F, 0x14, 0x2F, 0xB1, 0xD2, 0xB1, 0xDA, 0x49, 0x15,
0x07, 0xAD, 0x22, 0x1A, 0xDD, 0x88, 0x95, 0x1D, 0xC0, 0x0B, 0x81, 0x4A, 0x38, 0x7A, 0x4A,
0x74, 0xA9, 0x8F, 0xB7};
IDA PseudoCode
PHP Code:
typedef unsigned char _BYTE;
typedef unsigned int _DWORD;
int __usercall A2Decrypt(int a1, int a2)
{
int v2; // edi@1
int v3; // ebp@1
int v4; // edx@1
int v5; // ecx@1
bool v6; // zf@1
int v7; // ebx@1
int result; // eax@1
int v9; // ecx@1
int v10; // esi@2
int v11; // eax@3
unsigned __int8 v12; // dl@3
int i; // esi@5
int v14; // eax@6
int v15; // edx@6
int v16; // [sp+14h] [bp+4h]@1
v2 = a1;
v3 = a2;
v4 = 33
* ((char)((((unsigned __int16)a1 | (((a1 << 16) | (unsigned __int16)(a1 & 0xFF00)) << 8)) ^ 0xB11924E1u) >> 16)
+ 33
* (33 * (char)((unsigned __int8)a1 ^ 0xE1) + (char)((unsigned __int16)((a1 | ((a1 & 0xFF00) << 8)) ^ 0x24E1) >> 8)));
v5 = (char)((((unsigned __int16)a1 | (((a1 << 16) | (unsigned __int16)(a1 & 0xFF00)) << 8)) ^ 0xB11924E1u) >> 24);
v7 = a1 & 3;
v6 = (a1 & 3) == 0;
result = -1773958409;
v9 = v4 + v5 + 2086473605;
v16 = v7;
if ( !v6 )
{
v10 = v3;
do
{
v11 = A2Key[(unsigned __int8)v9] + result;
v12 = *(_BYTE *)v10 ^ (v9 + (_BYTE)v11);
v9 = ((~v9 << 21) + 39916801) | ((unsigned int)v9 >> 11);
*(_BYTE *)v10++ = v12;
--v7;
result = v12 + 33 * v11 + 3;
}
while ( v7 );
v2 -= v16;
v3 = v10;
}
for ( i = v3; v2; result = v14 + v15 + 32 * v14 + 3 )
{
v14 = A2Key[(unsigned __int8)v9] + result;
v15 = *(_DWORD *)i ^ (v9 + v14);
v9 = ((~v9 << 21) + 60000049) | ((unsigned int)v9 >> 11);
*(_DWORD *)i = v15;
i += 4;
v2 -= 4;
}
return result;
}
Trying to use but something wrong. For example first 12 bytes after decrypt should be 4C494643535953454D4554 (LIFCSYSEMET) -> CFILESYSTEM. My unreadable crap -> 2BCF7277CAE9088660E11E33 :nope:
Here sweet code :pardon:
PHP Code:
FILE * fi = fopen(argv[1], "rb");
fseek(fi, 0, SEEK_END);
size_t size = ftell(fi);
fseek(fi, 0, SEEK_SET);
char * buffer = (char *)malloc(size);
size_t read = fread(buffer, 1, size, fi);
A2Decrypt((int)buffer,size);
fclose(fi);
here example PseudoCode (how use it game)
PHP Code:
signed int __thiscall sub_411FA0(void *this, const char *Filename)
{
void *v2; // ebx@1
FILE *v3; // eax@1
int *v4; // edi@2
char *v5; // esi@2
signed int v6; // ecx@2
bool v7; // zf@2
char DstBuf; // [sp+8h] [bp-14h]@1
unsigned int v10; // [sp+18h] [bp-4h]@1
v10 = (unsigned int)&DstBuf ^ dword_41E3D4; // 4C494643535953454D4554 (LIFCSYSEMET) -> CFILESYSTEM
v2 = this;
(*(void (**)(void))(*(_DWORD *)this + 4))();
v3 = fopen(Filename, "r+bc");
*((_DWORD *)v2 + 136) = v3;
if ( !v3 )
return 0;
fread(&DstBuf, 0xCu, 1u, v3);
A2Decrypt(12, (int)&DstBuf);
v4 = &dword_419E54;
v5 = &DstBuf;
v6 = 12;
v7 = 1;
do
{
if ( !v6 )
break;
v7 = *v5++ == *(_BYTE *)v4;
v4 = (int *)((char *)v4 + 1);
--v6;
}
while ( v7 );
if ( !v7 )
{
fclose(*((FILE **)v2 + 136));
*((_DWORD *)v2 + 136) = 0;
return 0;
}
(*(void (__thiscall **)(void *, _DWORD))(*(_DWORD *)v2 + 76))(v2, "/");
return 1;
}
Can someone tell whats wrong and how correct use it?
[Only registered and activated users can see links. Click Here To Register...] Example archive and C++ project
:help: