quickbms rotor

chrrox · Post by **chrrox** » Sun Jun 09, 2019 2:35 pm

I see in the read me of quickbms supports rotor encryption how would I translate this into quickbms.

import marshal
import zlib

def init_rotor():
    asdf_dn = 'j2h56ogodh3se'
    asdf_dt = '=dziaq.'
    asdf_df = '|os=5v7!"-234'
    asdf_tm = asdf_dn * 4 + (asdf_dt + asdf_dn + asdf_df) * 5 + '!' + '#' + asdf_dt * 7 + asdf_df * 2 + '*' + '&' + "'"
    import rotor
    rot = rotor.newrotor(asdf_tm)
    return rot


def _reverse_string(s):
    l = list(s)
    l = map(lambda x: chr(ord(x) ^ 154), l[0:128]) + l[128:]
    l.reverse()
    return ''.join(l)


class NpkImporter(object):
    rotor = init_rotor()
    ext = '.nxs'

    def __init__(self, path):
        self._path = path

    def find_module(self, fullname, path = None):
        import C_file
        if path is None:
            path = self._path
        fullname = fullname.replace('.', '/')
        pkg_name = fullname + '/__init__' + NpkImporter.ext
        if C_file.find_file(pkg_name, path):
            return self
        else:
            fullname += NpkImporter.ext
            if C_file.find_file(fullname, path):
                return self
            return

    def load_module(self, fullname):
        import C_file
        is_pkg = True
        mod_path = fullname.replace('.', '/') + '/__init__'
        mod_name = fullname
        if not C_file.find_file(mod_path + NpkImporter.ext, self._path):
            is_pkg = False
            mod_path = fullname.replace('.', '/')
            mod_name = fullname
        data = C_file.get_file(mod_path + NpkImporter.ext, self._path)
        data = NpkImporter.rotor.decrypt(data)
        data = zlib.decompress(data)
        data = _reverse_string(data)
        data = marshal.loads(data)
        path = None
        if is_pkg:
            path = [self._path]
        m = C_file.new_module(mod_name, data, path)
        return m


import sys
sys.path_hooks.append(NpkImporter)

aluigi · Post by **aluigi** » Mon Jun 10, 2019 4:13 pm

QuickBMS uses the rotor implementation available in Python.

rotorobj_new(int num_rotors, char *key, int keysz)

Where num_rotors is 12 by default and can be set with ivec.

As far as I can see you only need to use asdf_tm as key and that's all.

Code: Select all

encryption rotor "j2h56ogodh3sej2h56ogodh3sej2h56ogodh3sej2h56ogodh3se=dziaq.j2h56ogodh3se|os=5v7!\"-234=dziaq.j2h56ogodh3se|os=5v7!\"-234=dziaq.j2h56ogodh3se|os=5v7!\"-234=dziaq.j2h56ogodh3se|os=5v7!\"-234=dziaq.j2h56ogodh3se|os=5v7!\"-234!#=dziaq.=dziaq.=dziaq.=dziaq.=dziaq.=dziaq.=dziaq.|os=5v7!\"-234|os=5v7!\"-234*&'"
comtype zlib_noerror
get SIZE asize
clog "dump.dat" 0 SIZE SIZE

Probably it's better to use just Log instead of CLog the first time for testing.

chrrox · Post by **chrrox** » Mon Jun 10, 2019 6:00 pm

The rotor works in python I can't get it to work in quickbms.
i tried putting the key directly in quickbms but it gives an error.

Code: Select all

j2h56ogodh3sej2h56ogodh3sej2h56ogodh3sej2h56ogodh3se=dziaq.j2h56ogodh3se|os=5v7!"-234=dziaq.j2h56ogodh3se|os=5v7!"-234=dziaq.j2h56ogodh3se|os=5v7!"-234=dziaq.j2h56ogodh3se|os=5v7!"-234=dziaq.j2h56ogodh3se|os=5v7!"-234!#=dziaq.=dziaq.=dziaq.=dziaq.=dziaq.=dziaq.=dziaq.|os=5v7!"-234|os=5v7!"-234*&\'

aluigi · Post by **aluigi** » Mon Jun 10, 2019 7:57 pm

Set the ivec to 6 and it will work.

Apparently the default rotor_number is 6 instead of 12... mah, I'm sure it was 12 in the past.
I will update it in the next version since it's confirmed to be 6 in the docs

chrrox · Post by **chrrox** » Tue Jun 11, 2019 2:16 am

That worked is there a way to reverse a file it needs to be reversed.

aluigi · Post by **aluigi** » Tue Jun 11, 2019 8:51 am

Encryption reverse ""

ZenHAX

quickbms rotor

quickbms rotor

Re: quickbms rotor

Re: quickbms rotor

Re: quickbms rotor

Re: quickbms rotor

Re: quickbms rotor