Analysis of three-kingdoms kill string Encryption algorithm

Source: Internet
Author: User
Tags base64 key string

Analysis of three-kingdoms kill string Encryption algorithm
"article title": Three Kingdoms Kill string encryption algorithm
"article author": Ericky
"Author blog": http://blog.csdn.net/hk9259
"": Baidu Download
"Protected Mode": String encryption
"Author's statement": My level is limited, if there are deficiencies in the wrong place, please the warrior.

Introduction to 0x1

It is said that the old version of the game can be directly modified in the corresponding string to a civet cat for the prince, thus bypassing the test and to achieve the effect of the inside purchase, now after a year, the game in order to prevent tampering or other, strengthen the encryption of their own, especially to some key string protection, strength is worth the test of time , let's explore.

0x2 positioning

Open libgame.so, follow the previous idea, find the encrypted string in the vast string as follows:

The classes that are located in the red box are as follows:

0x3 Analysis

Analysis

Continue down Analysis:

Follow up following:

Base64 is the standard method of decryption.
The following function is an XOR-coded function, regardless of what we continue to follow:

Here is a circular decryption, the key function is 70004C.
Follow up and go on. sub_7be950 This function:

The decrypted string is then used for the call inside the so.

0x4 Write decryption Encryption program

Restore the encryption code as follows:

//Encrypt stringBYTE arry[] ="Classes.dea";//Encryption KeyConstuint32_t Key =0x9f;//Initializeunsigned Charxorout[ -] ="";Charbase64out[ -]="";Constsize_t lens =sizeof(Arry); for(size_t i =0; I < lens-1; i++) {Xorout[i] = Arry[i] ^ (key+i);} Base64_encode (Xorout, Base64out, lens-1);printf("%s\n", base64out);Char* Base64_encode (Const unsigned Char* Bindata,Char* Base64,intBinlength) {intI, J;unsigned CharCurrent for(i =0, j =0; i < binlength; i + =3) {current = (Bindata[i] >>2) ; Current &= (unsigned Char)0x3F; Base64[j++] = base64char[(int) current]; Current = ((unsigned Char) (Bindata[i] <<4)) & ((unsigned Char)0x30) ;if(i +1>= binlength) {base64[j++] = base64char[(int) current]; Base64[j++] =' = '; Base64[j++] =' = '; Break; } Current |= ((unsigned Char) (bindata[i+1] >>4)) & ((unsigned Char)0x0F); Base64[j++] = base64char[(int) current]; Current = ((unsigned Char) (bindata[i+1] <<2)) & ((unsigned Char)0x3C) ;if(i +2>= binlength) {base64[j++] = base64char[(int) current]; Base64[j++] =' = '; Break; } Current |= ((unsigned Char) (bindata[i+2] >>6)) & ((unsigned Char)0x03); Base64[j++] = base64char[(int) current]; Current = ((unsigned Char) bindata[i+2]) & ((unsigned Char)0x3F) ; Base64[j++] = base64char[(int) current]; } Base64[j] =' + ';returnBase64;}

Restore the decryption code as follows:

//******************* Decryption//keyConstuint32_t Key2 =0X9f;//Decrypt stringConst Charbase64in[]="7cxszdbwxspuhsbf3w==";Constsize_t Lens2 = (sizeof(base64in)-1)*3/4-2;//base64 and store after decryptionunsigned CharXorin[] ="";//base64 DecryptionBase64_decode (base64in, Xorin);//xor and store after decryptionCharbase64outd[ -] ="";//xor Decryption for(size_t i =0;  i < lens2; i++) {Base64outd[i] = Xorin[i] ^ (key2+i);}printf("%s\n", BASE64OUTD);intBase64_decode (Const Char* Base64,unsigned Char* Bindata) {intI, J;unsigned CharKunsigned Chartemp[4]; for(i =0, j =0; Base64[i]! =' + '; i + =4)    {memset(Temp,0xFF,sizeof(temp)); for(k =0; K < -; K + +) {if(Base64char[k] = = Base64[i]) temp[0]= K; } for(k =0; K < -; K + +) {if(Base64char[k] = = base64[i+1]) temp[1]= K; } for(k =0; K < -; K + +) {if(Base64char[k] = = base64[i+2]) temp[2]= K; } for(k =0; K < -; K + +) {if(Base64char[k] = = base64[i+3]) temp[3]= K; } bindata[j++] = ((unsigned Char)(((unsigned Char) (temp[0] <<2)) &0xFC)) | ((unsigned Char)((unsigned Char) (temp[1]>>4) &0x03));if(base64[i+2] ==' = ') Break; Bindata[j++] = ((unsigned Char)(((unsigned Char) (temp[1] <<4)) &0xF0)) | ((unsigned Char)((unsigned Char) (temp[2]>>2) &0x0F));if(base64[i+3] ==' = ') Break; Bindata[j++] = ((unsigned Char)(((unsigned Char) (temp[2] <<6)) &0xF0)) | ((unsigned Char) (temp[3]&0x3F)); }returnJ;}
0x5 test Results


7cxszdbwxspuhsbf3w==--–> Resources.out

88ndjclwympgyscfx8xpyc7d1jza2w==--–> lib/armeabi/libgame.so

88ndjclwympgysch3zvmgcpz09xs2dcyxnc=--–> lib/armeabi-v7a/libgame.so

/mza0ddb1ojdzde=--–> Classes.dex

0x6 Summary
Need full patience to analyze the algorithm, very exercise people, sleep.

2015.7.26
by Ericky

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Three Kingdoms Kill string encryption algorithm analysis

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.