• 日期: 2027-02-17
  • 标签: 常规

以下是简化后的代码:

void OnRequestFinish(A2_Http_PokkeMsgPackAPI_TReq__TRes__o* api, Il2CppObject* o) { // 获取加密密钥 cryptoKey System_String_o* str = api->fields.__4__this->fields.SecretKey; System_Byte_array* cryptoKey = A2_Crypto_Hash__HashString(str, 16, 0LL);

// 解密数据 data
System_Byte_array* data = o->fields.bytes;
System_Byte_array* decryptedData = A2_Crypto_BasicCrypto__Decrypt_32630132(cryptoKey, data, 0LL);

// 将解密后的数据转化为对象
MsgPack_ObjectPacker_o* packer = (MsgPack_ObjectPacker_o*)sub_154ACB8(MsgPack_ObjectPacker_TypeInfo);
MsgPack_ObjectPacker___ctor(packer, 0LL);
struct A2_Http_PokkeMsgPackAPI_TReq__TRes__o* container = api;
__int64 obj = packer->klass->rgctx_data->_0_MsgPack_ObjectPacker_Unpack_PokkeResContainer_TRes__->methodPointer(packer, decryptedData);
container->fields.ResponseContainer = obj;

// 将解密后的数据作为响应负载
container->fields.ResponsePayload = *(_QWORD*)(obj + 40);

// 在主线程中运行回调函数
System_Action_o* callback = api->fields.__9__1;
if (callback == NULL)
{
    callback = (System_Action_o*)sub_154ACB8(System_Action_TypeInfo);
    System_Action___ctor(callback, (Il2CppObject*)api, (intptr_t)method->klass->rgctx_data->_4_A2_Http_PokkeMsgPackAPI___c__DisplayClass8_0_TReq__TRes___OnRequestFinish_b__1, 0LL);
    api->fields.__9__1 = callback;
}
A2_Coroutines_AriesCoroutine__RunInMainThread(callback, 0LL);

}

// 解密函数 System_Byte_array* A2_Crypto_BasicCrypto__Decrypt_32630132(System_String_o* cryptoKey, System_Byte_array* data, const MethodInfo* method) { // 将字符串密钥 cryptoKey 转化为字节数组 System_Text_Encoding_o* encoding = System_Text_Encoding__get_UTF8(0LL); System_Byte_array* keyBytes = (System_Byte_array*)encoding->klass->vtable._18_GetBytes.methodPtr(encoding, cryptoKey, encoding->klass->vtable._18_GetBytes.method);

// 使用 AES 算法解密数据
System_Byte_array* decryptedData = A2_Crypto_BasicCrypto__Decrypt_32629204(keyBytes, data, method);
return decryptedData;

}

解密函数 A2_Crypto_BasicCrypto__Decrypt_32630132 使用 AES 算法对 data 进行解密,使用 cryptoKey 作为密钥。解密后的数据被转化为对象,并将其作为响应负载。可能的密钥位置在 OnRequestFinish 函数中通过获取 api->fields.SecretKey 获得。

IDA 伪代码解密步骤详解:PokkeMsgPackAPI 中的加密与解密

原文地址: https://www.cveoy.top/t/topic/n6BI 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录