How to De code/crypt RSA Encrypted Lua Files

J

JarMan

New User
1
07/25/19
0
Thread Author
i decompiled an android game called Tap Tap heroes and i found that all of the Lua files inside were encrypted. After looking through the lib for any way as to how it has been encrypted i opened up libcocos2dlua using IDA and went to the ApplicationDidFinishLaunching and found that the files were most likely encrypted using RSA as RSA_Encode and Decode is set within the ApplicationDidFinishLaunching function.

The game is called TapTap Heroes and i was wondering if anybody here could help me find the key to be able to decrypt the Lua Files.

Code: 
bool __fastcall AppDelegate::applicationDidFinishLaunching(int a1, int a2, bool a3)
{
  cocos2d::Director *v3; // r0
  int v4; // r0
  cocos2d::FileUtils *v5; // r0
  int v6; // r0
  cocos2d::UserDefault *v7; // r0
  const char *v8; // r0
  cocos2d::LuaEngine *v9; // r0
  cocos2d::ScriptEngineManager *v10; // r0
  cocos2d::ScriptEngineManager *v11; // r4
  int v12; // r0
  cocos2d::LuaEngine *v13; // r0
  BuglyLuaAgent *v14; // r0
  cocos2d::LuaEngine *v15; // r1
  int v16; // r6
  cocos2d::LuaEngine *v17; // r0
  int v18; // r5
  int v19; // r6
  int v20; // r5
  int v21; // r1
  int v22; // ST0C_4
  int v23; // r1
  int v24; // r5
  int v25; // r1
  int v26; // r1
  unsigned int v27; // r4
  int v29; // [sp+Ch] [bp-84h]
  char v30; // [sp+1Ch] [bp-74h]
  char v31; // [sp+20h] [bp-70h]
  char v32; // [sp+24h] [bp-6Ch]
  char v33; // [sp+28h] [bp-68h]
  int v34; // [sp+2Ch] [bp-64h]
  int v35; // [sp+30h] [bp-60h]
  int v36; // [sp+34h] [bp-5Ch]
  int v37; // [sp+38h] [bp-58h]
  int v38; // [sp+3Ch] [bp-54h]
  int v39; // [sp+40h] [bp-50h]
  int v40; // [sp+44h] [bp-4Ch]
  int v41; // [sp+48h] [bp-48h]
  int v42; // [sp+4Ch] [bp-44h]
  int v43; // [sp+50h] [bp-40h]
  int v44; // [sp+54h] [bp-3Ch]
  int v45; // [sp+58h] [bp-38h]
  int v46; // [sp+5Ch] [bp-34h]
  int v47; // [sp+60h] [bp-30h]
  int v48; // [sp+64h] [bp-2Ch]
  int v49; // [sp+68h] [bp-28h]
  int v50; // [sp+6Ch] [bp-24h]
  int v51; // [sp+70h] [bp-20h]
  int v52; // [sp+74h] [bp-1Ch]

  v3 = (cocos2d::Director *)CrashReport::initCrashReport((CrashReport *)"f8860ba075", 0, a3);
  v4 = cocos2d::Director::getInstance(v3);
  v5 = (cocos2d::FileUtils *)(*(int (**)(void))(*(_DWORD *)v4 + 12))();
  v6 = cocos2d::FileUtils::getInstance(v5);
  v7 = (cocos2d::UserDefault *)(*(int (__fastcall **)(char *, int))(*(_DWORD *)v6 + 64))(&v32, v6);
  v8 = (const char *)cocos2d::UserDefault::getInstance(v7);
  v9 = (cocos2d::LuaEngine *)cocos2d::UserDefault::getStringForKey((cocos2d::UserDefault *)&v33, v8);
  v10 = (cocos2d::ScriptEngineManager *)cocos2d::LuaEngine::getInstance(v9);
  v11 = v10;
  v12 = cocos2d::ScriptEngineManager::getInstance(v10);
  v13 = (cocos2d::LuaEngine *)cocos2d::ScriptEngineManager::setScriptEngine(v12, v11);
  v14 = (BuglyLuaAgent *)cocos2d::LuaEngine::getInstance(v13);
  BuglyLuaAgent::registerLuaExceptionHandler(v14, v15);
  v16 = *(_DWORD *)(*((_DWORD *)v11 + 1) + 20);
  lua_module_register(v16);
  v17 = (cocos2d::LuaEngine *)package_quick_register();
  v18 = *(_DWORD *)(*(_DWORD *)(cocos2d::LuaEngine::getInstance(v17) + 4) + 20);
  luaopen_protobuf_c(v18);
  j_lua_pushcclosure(v18, &unk_403C83, 0);
  j_lua_setfield(v18, -10002, "bsReadFile");
  j_lua_pushcclosure(v18, sub_403C3E, 0);
  j_lua_setfield(v18, -10002, "luaRSAEncode");
  j_lua_pushcclosure(v18, sub_403C1C, 0);
  j_lua_setfield(v18, -10002, "luaRSADecode");
  j_lua_pushcclosure(v18, sub_404038, 0);
  j_lua_setfield(v18, -10002, "WX_sendMsgToFriend");
  j_lua_pushcclosure(v18, sub_404958, 0);
  j_lua_setfield(v18, -10002, "WX_sendScreenShot");
  j_lua_pushcclosure(v18, sub_403F54, 0);
  j_lua_setfield(v18, -10002, "WX_login");
  j_lua_pushcclosure(v18, sub_403FE0, 0);
  j_lua_setfield(v18, -10002, "LC_download_newversion");
  j_lua_pushcclosure(v18, sub_403EA4, 0);
  j_lua_setfield(v18, -10002, "WDCaptureScreenEx");
  j_lua_pushcclosure(v18, sub_404838, 0);
  j_lua_setfield(v18, -10002, "gameSeedRandom");
  j_lua_pushcclosure(v18, sub_404910, 0);
  j_lua_setfield(v18, -10002, "gameRandom");
  j_lua_pushcclosure(v18, sub_403BC8, 0);
  j_lua_setfield(v18, -10002, "isSimulator");
  register_gamehelper(v16);
  v19 = *((_DWORD *)v11 + 1);
  sub_6C5660(&v34, &unk_B09F38, &v30);
  v44 = 896;
  v45 = 914;
  v46 = 915;
  v47 = 827;
  v48 = 756;
  v49 = 630;
  v50 = 499;
  v51 = 369;
  v52 = 252;
  v20 = 0;
  v21 = 666;
  do
  {
    v22 = *(&v44 + v20);
    sub_6C5700(&v34, (signed int)((((unsigned int)(*(&v44 + v20) - v21) >> 31) + *(&v44 + v20) - v21) << 23) >> 24);
    v23 = v22 - v20++;
    v21 = v23 - 222;
  }
  while ( v20 != 9 );
  sub_6C5660(&v35, &unk_B09F38, &v31);
  v36 = 1118;
  v37 = 1247;
  v38 = 1359;
  v39 = 1410;
  v40 = 1498;
  v41 = 1613;
  v42 = 1633;
  v43 = 1628;
  v24 = 0;
  v25 = 888;
  do
  {
    v29 = *(&v36 + v24);
    sub_6C5700(&v35, (signed int)((((unsigned int)(*(&v36 + v24) - v25) >> 31) + *(&v36 + v24) - v25) << 23) >> 24);
    v26 = v29 - v24++;
    v25 = v26 - 111;
  }
  while ( v24 != 8 );
  (*(void (__fastcall **)(int, int, _DWORD, int, _DWORD))(*(_DWORD *)v19 + 116))(
    v19,
    v34,
    *(_DWORD *)(v34 - 12),
    v35,
    *(_DWORD *)(v35 - 12));
  v27 = (*(int (__fastcall **)(cocos2d::ScriptEngineManager *, const char *))(*(_DWORD *)v11 + 28))(v11, "src/main.lua");
  sub_6C5674(&v35);
  sub_6C5674(&v34);
  sub_6C5674(&v33);
  sub_6C5674(&v32);
  return v27 <= 0;
}
 
i've decrypt all lua files..but can't find right value.
most of them server side.
anyone interest?
 
moonShop.webp


not really..i only can decode the files..
in this image is values for MOON SHOP HERO..
i tried to modify the values, encrypt file back, and still failed.
the game cross check the value with the original value..
i cant find the right code to change value..
please..anyone can help or interest ??
 
rai88kau said:
[Attachment removed from Quotes]

not really..i only can decode the files..
in this image is values for MOON SHOP HERO..
i tried to modify the values, encrypt file back, and still failed.
the game cross check the value with the original value..
i cant find the right code to change value..
please..anyone can help or interest ??
Click to expand...
Might as well ask devs to stop checking real values so mod will work :(
 
Hi,
NOT a form of encryption. Encryption hides the content of a message without access to a key. Encoding merely changes the representation of a thing: anyone, anywhere can de-encode it without any difficulty to see the original representation. It is not private, not secure, and not even a vague barrier.

Regards..
 
Last edited:
shamsmehra90 said:
Hi,
NOT a form of encryption. Encryption hides the content of a message without access to a key. Encoding merely changes the representation of a thing: anyone, anywhere can de-encode it without any difficulty to see the original representation. It is not private, not secure, and not even a vague barrier.
Click to expand...

so,, can you help with this game,please?
i can provide lua files..
 
You must log in or register to reply here.
Back
Top Bottom