• 日期: 2027-01-03
  • 标签: 常规

以下是尽可能易懂的代码:

// 解密函数,接收一个数据和一个密钥 System_Byte_array* A2_Crypto_BasicCrypto__Decrypt(System_Byte_array* data, const MethodInfo* method) { // 获取 ICryptoConfig 实例 Il2CppObject* icc = A2_Common_DefaultContainer__Resolve_object_((const MethodInfo_2450F58*)Method_A2_Common_DefaultContainer_Resolve_ICryptoConfig___); if (!icc) { sub_153CD44(); } // 获取 ICryptoConfig 的 klass Il2CppClass* iccClass = icc->klass; // 获取 ICryptoConfig 的 vtable _QWORD* iccVtable = iccClass->vtable; // 获取解密密钥 __int64 keyPtr = iccVtable[3](icc, iccVtable[2]); // 获取 UTF-8 编码器 System_Text_Encoding_o* utf8 = System_Text_Encoding__get_UTF8(0LL); if (!utf8) { sub_153CD44(); } // 将解密密钥转换为字节数组 System_Byte_array* key = (System_Byte_array*)utf8->klass->vtable._18_GetBytes.methodPtr(utf8, keyPtr, utf8->klass->vtable._18_GetBytes.method); // 调用解密函数进行解密 return A2_Crypto_BasicCrypto__Decrypt_32629204(key, data, method); }

// 解密函数,接收一个解密密钥和一个数据 System_Byte_array* A2_Crypto_BasicCrypto__Decrypt_32629204(System_Byte_array* cryptoKey, System_Byte_array* data, const MethodInfo* method) { // 创建一个新的字节数组,用于存储解密后的数据 System_Byte_array* result = il2cpp_array_new_specific_0(byte___TypeInfo, (int)cryptoKey->max_length, method); // 创建一个 RijndaelManaged 实例 System_Security_Cryptography_RijndaelManaged_o* rijndael = (System_Security_Cryptography_RijndaelManaged_o*)sub_154ACB8(System_Security_Cryptography_RijndaelManaged_TypeInfo); // 设置 RijndaelManaged 的属性 rijndael->klass->vtable._7_set_BlockSize.methodPtr(rijndael, 8 * (unsigned int)cryptoKey->max_length, rijndael->klass->vtable._7_set_BlockSize.method); rijndael->klass->vtable._15_set_KeySize.methodPtr(rijndael, 8 * (unsigned int)cryptoKey->max_length, rijndael->klass->vtable._15_set_KeySize.method); rijndael->klass->vtable._10_set_IV.methodPtr(rijndael, (__int64)cryptoKey, rijndael->klass->vtable._10_set_IV.method); rijndael->klass->vtable._12_set_Key.methodPtr(rijndael, cryptoKey, rijndael->klass->vtable._12_set_Key.method); rijndael->klass->vtable._17_set_Mode.methodPtr(rijndael, 1LL, rijndael->klass->vtable._17_set_Mode.method); rijndael->klass->vtable._19_set_Padding.methodPtr(rijndael, 2LL, rijndael->klass->vtable._19_set_Padding.method); // 创建解密器 _QWORD* decryptor = (_QWORD*)rijndael->klass->vtable._22_CreateDecryptor.methodPtr(rijndael, rijndael->klass->vtable._22_CreateDecryptor.method); // 解密数据 result = (System_Byte_array*)decryptor[0](decryptor, (__int64)data, 0LL, (unsigned int)data->max_length, decryptor[2]); // 释放资源 decryptor[3](decryptor, decryptor[2]); rijndael->klass->vtable._1_Finalize.methodPtr(rijndael); // 返回解密结果 return result; }

// 解密函数,接收一个解密密钥字符串和一个数据 System_Byte_array* A2_Crypto_BasicCrypto__Decrypt_32630132(System_String_o* cryptoKey, System_Byte_array* data, const MethodInfo* method) { // 获取 UTF-8 编码器 System_Text_Encoding_o* utf8 = System_Text_Encoding__get_UTF8(0LL); if (!utf8) { sub_153CD44(); } // 将解密密钥字符串转换为字节数组 System_Byte_array* key = (System_Byte_array*)utf8->klass->vtable._18_GetBytes.methodPtr(utf8, cryptoKey, utf8->klass->vtable._18_GetBytes.method); // 调用解密函数进行解密 return A2_Crypto_BasicCrypto__Decrypt_32629204(key, data, method); }

解密步骤:

  1. 获取 ICryptoConfig 实例
  2. 获取解密密钥
  3. 获取 UTF-8 编码器
  4. 将解密密钥转换为字节数组
  5. 创建一个 RijndaelManaged 实例
  6. 设置 RijndaelManaged 的属性
  7. 创建解密器
  8. 解密数据
  9. 释放资源

可能的密钥位置在第二步中获取解密密钥的过程中。具体的密钥生成算法无法确定,需要进一步分析代码。

IDA 伪代码解密分析:解析步骤和密钥位置

原文地址: https://www.cveoy.top/t/topic/n6AA 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录