Decompressing after decrypting a chunk

[pipoman]

If I understand correctly clog is the defacto way to decompress. However in my case I need to first decrypt a chunk of the file and then decrypt it.

How can I do that with QuickBMS?

To be clear I cannot use the pattern

encryption aes_128_cbc "\x32\x1F\x2A\xEE\xAA\x58\x4A\xB4\x9A\x6C\x9E\x09\xD5\x9E\x9C\x6F"
log MEMORY_FILE OFFSET SIZE
encryption "" ""

I have a custom decrypting function that is not supported in QuickBMS I am using a calldll function on a buffer loaded by log

log NAME CHUNK_OFFSET CHUNK_SIZE 0 CHUNK_XSIZE
log NAME2 CHUNK_OFFSET CHUNK_SIZE 0 CHUNK_XSIZE
if ENCRYPTED != 0
calldll MEMORY_FILE100 "decryptAll" "tcc" RET AES_KEY NAME2 NAME CHUNK_SIZE
endif

How can I decompress the NAME buffer after decrypting?

[pipoman]

Ok I read the docs more carefully and solved my question

encryption calldll MEMORY_FILE100 "decryptAll" "tcc" RET AES_KEY #INPUT# #OUTPUT# #INPUT_SIZE#
log MEMORY_FILE OFFSET SIZE
encryption "" ""

[pipoman]

Now hitting another weird issue. The same code works with a simple calldll but NOT if the calldll is inside the encryption bit.

This works

log MEMORY_FILE10 OFFSET SIZE
log MEMORY_FILE11 OFFSET SIZE
calldll MEMORY_FILE100 "decryptAll" "tcc" RET AES_KEY MEMORY_FILE11 MEMORY_FILE10 SIZE

This does not

encryption calldll MEMORY_FILE100 "decryptAll" "tcc" RET AES_KEY #INPUT# #OUTPUT# #INPUT_SIZE#
log MEMORY_FILE10 OFFSET SIZE
encryption "" ""

I get a weird error that seems to be compiling related


- c_structs (20): "V" "50" "A7" "F4" "51" "V" "53" "65" "41" "7E" "V" "C3" "A4" "17" "1A" "V" "96" "5E" "27" "3A" "\"
Error: invalid command "V" or arguments -1 at line 488

The code works with the top calldll though

Here is the code I use

set MEMORY_FILE100 string "
typedef unsigned char uint8_t;
typedef unsigned short uint16_t;
typedef unsigned long uint32_t;
#define RT \
\
V(50,A7,F4,51), V(53,65,41,7E), V(C3,A4,17,1A), V(96,5E,27,3A), \
V(CB,6B,AB,3B), V(F1,45,9D,1F), V(AB,58,FA,AC), V(93,03,E3,4B), \
V(55,FA,30,20), V(F6,6D,76,AD), V(91,76,CC,88), V(25,4C,02,F5), \
V(FC,D7,E5,4F), V(D7,CB,2A,C5), V(80,44,35,26), V(8F,A3,62,B5), \
V(49,5A,B1,DE), V(67,1B,BA,25), V(98,0E,EA,45), V(E1,C0,FE,5D), \
V(02,75,2F,C3), V(12,F0,4C,81), V(A3,97,46,8D), V(C6,F9,D3,6B), \
V(E7,5F,8F,03), V(95,9C,92,15), V(EB,7A,6D,BF), V(DA,59,52,95), \
V(2D,83,BE,D4), V(D3,21,74,58), V(29,69,E0,49), V(44,C8,C9,8E), \
V(6A,89,C2,75), V(78,79,8E,F4), V(6B,3E,58,99), V(DD,71,B9,27), \
V(B6,4F,E1,BE), V(17,AD,88,F0), V(66,AC,20,C9), V(B4,3A,CE,7D), \
V(18,4A,DF,63), V(82,31,1A,E5), V(60,33,51,97), V(45,7F,53,62), \
V(E0,77,64,B1), V(84,AE,6B,BB), V(1C,A0,81,FE), V(94,2B,08,F9), \
V(58,68,48,70), V(19,FD,45,8F), V(87,6C,DE,94), V(B7,F8,7B,52), \
V(23,D3,73,AB), V(E2,02,4B,72), V(57,8F,1F,E3), V(2A,AB,55,66), \
V(07,28,EB,B2), V(03,C2,B5,2F), V(9A,7B,C5,86), V(A5,08,37,D3), \
V(F2,87,28,30), V(B2,A5,BF,23), V(BA,6A,03,02), V(5C,82,16,ED), \
V(2B,1C,CF,8A), V(92,B4,79,A7), V(F0,F2,07,F3), V(A1,E2,69,4E), \
V(CD,F4,DA,65), V(D5,BE,05,06), V(1F,62,34,D1), V(8A,FE,A6,C4), \
V(9D,53,2E,34), V(A0,55,F3,A2), V(32,E1,8A,05), V(75,EB,F6,A4), \
V(39,EC,83,0B), V(AA,EF,60,40), V(06,9F,71,5E), V(51,10,6E,BD), \
V(F9,8A,21,3E), V(3D,06,DD,96), V(AE,05,3E,DD), V(46,BD,E6,4D), \
V(B5,8D,54,91), V(05,5D,C4,71), V(6F,D4,06,04), V(FF,15,50,60), \
V(24,FB,98,19), V(97,E9,BD,D6), V(CC,43,40,89), V(77,9E,D9,67), \
V(BD,42,E8,B0), V(88,8B,89,07), V(38,5B,19,E7), V(DB,EE,C8,79), \
V(47,0A,7C,A1), V(E9,0F,42,7C), V(C9,1E,84,F8), V(00,00,00,00), \
V(83,86,80,09), V(48,ED,2B,32), V(AC,70,11,1E), V(4E,72,5A,6C), \
V(FB,FF,0E,FD), V(56,38,85,0F), V(1E,D5,AE,3D), V(27,39,2D,36), \
V(64,D9,0F,0A), V(21,A6,5C,68), V(D1,54,5B,9B), V(3A,2E,36,24), \
V(B1,67,0A,0C), V(0F,E7,57,93), V(D2,96,EE,B4), V(9E,91,9B,1B), \
V(4F,C5,C0,80), V(A2,20,DC,61), V(69,4B,77,5A), V(16,1A,12,1C), \
V(0A,BA,93,E2), V(E5,2A,A0,C0), V(43,E0,22,3C), V(1D,17,1B,12), \
V(0B,0D,09,0E), V(AD,C7,8B,F2), V(B9,A8,B6,2D), V(C8,A9,1E,14), \
V(85,19,F1,57), V(4C,07,75,AF), V(BB,DD,99,EE), V(FD,60,7F,A3), \
V(9F,26,01,F7), V(BC,F5,72,5C), V(C5,3B,66,44), V(34,7E,FB,5B), \
V(76,29,43,8B), V(DC,C6,23,CB), V(68,FC,ED,B6), V(63,F1,E4,B8), \
V(CA,DC,31,D7), V(10,85,63,42), V(40,22,97,13), V(20,11,C6,84), \
V(7D,24,4A,85), V(F8,3D,BB,D2), V(11,32,F9,AE), V(6D,A1,29,C7), \
V(4B,2F,9E,1D), V(F3,30,B2,DC), V(EC,52,86,0D), V(D0,E3,C1,77), \
V(6C,16,B3,2B), V(99,B9,70,A9), V(FA,48,94,11), V(22,64,E9,47), \
V(C4,8C,FC,A8), V(1A,3F,F0,A0), V(D8,2C,7D,56), V(EF,90,33,22), \
V(C7,4E,49,87), V(C1,D1,38,D9), V(FE,A2,CA,8C), V(36,0B,D4,98), \
V(CF,81,F5,A6), V(28,DE,7A,A5), V(26,8E,B7,DA), V(A4,BF,AD,3F), \
V(E4,9D,3A,2C), V(0D,92,78,50), V(9B,CC,5F,6A), V(62,46,7E,54), \
V(C2,13,8D,F6), V(E8,B8,D8,90), V(5E,F7,39,2E), V(F5,AF,C3,82), \
V(BE,80,5D,9F), V(7C,93,D0,69), V(A9,2D,D5,6F), V(B3,12,25,CF), \
V(3B,99,AC,C8), V(A7,7D,18,10), V(6E,63,9C,E8), V(7B,BB,3B,DB), \
V(09,78,26,CD), V(F4,18,59,6E), V(01,B7,9A,EC), V(A8,9A,4F,83), \
V(65,6E,95,E6), V(7E,E6,FF,AA), V(08,CF,BC,21), V(E6,E8,15,EF), \
V(D9,9B,E7,BA), V(CE,36,6F,4A), V(D4,09,9F,EA), V(D6,7C,B0,29), \
V(AF,B2,A4,31), V(31,23,3F,2A), V(30,94,A5,C6), V(C0,66,A2,35), \
V(37,BC,4E,74), V(A6,CA,82,FC), V(B0,D0,90,E0), V(15,D8,A7,33), \
V(4A,98,04,F1), V(F7,DA,EC,41), V(0E,50,CD,7F), V(2F,F6,91,17), \
V(8D,D6,4D,76), V(4D,B0,EF,43), V(54,4D,AA,CC), V(DF,04,96,E4), \
V(E3,B5,D1,9E), V(1B,88,6A,4C), V(B8,1F,2C,C1), V(7F,51,65,46), \
V(04,EA,5E,9D), V(5D,35,8C,01), V(73,74,87,FA), V(2E,41,0B,FB), \
V(5A,1D,67,B3), V(52,D2,DB,92), V(33,56,10,E9), V(13,47,D6,6D), \
V(8C,61,D7,9A), V(7A,0C,A1,37), V(8E,14,F8,59), V(89,3C,13,EB), \
V(EE,27,A9,CE), V(35,C9,61,B7), V(ED,E5,1C,E1), V(3C,B1,47,7A), \
V(59,DF,D2,9C), V(3F,73,F2,55), V(79,CE,14,18), V(BF,37,C7,73), \
V(EA,CD,F7,53), V(5B,AA,FD,5F), V(14,6F,3D,DF), V(86,DB,44,78), \
V(81,F3,AF,CA), V(3E,C4,68,B9), V(2C,34,24,38), V(5F,40,A3,C2), \
V(72,C3,1D,16), V(0C,25,E2,BC), V(8B,49,3C,28), V(41,95,0D,FF), \
V(71,01,A8,39), V(DE,B3,0C,08), V(9C,E4,B4,D8), V(90,C1,56,64), \
V(61,84,CB,7B), V(70,B6,32,D5), V(74,5C,6C,48), V(42,57,B8,D0)
#define V(a,b,c,d) 0x##d##c##b##a
static const uint32_t RT0[256] = { RT };
#undef V
#define V(a,b,c,d) 0x##a##d##c##b
static const uint32_t RT1[256] = { RT };
#undef V
#define V(a,b,c,d) 0x##b##a##d##c
static const uint32_t RT2[256] = { RT };
#undef V
#define V(a,b,c,d) 0x##c##b##a##d
static const uint32_t RT3[256] = { RT };
#undef V
#undef RT
static uint8_t s_box[256] = {
// 0 1 2 3 4 5 6 7 8 9 a b c d e f
0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, // 0
0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, // 1
0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, // 2
0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, // 3
0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, // 4
0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, // 5
0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, // 6
0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, // 7
0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, // 8
0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, // 9
0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, // a
0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, // b
0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, // c
0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, // d
0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, // e
0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 };// f
static uint8_t inv_s_box[256] = {
// 0 1 2 3 4 5 6 7 8 9 a b c d e f
0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, // 0
0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, // 1
0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, // 2
0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, // 3
0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, // 4
0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, // 5
0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, // 6
0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, // 7
0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, // 8
0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, // 9
0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, // a
0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, // b
0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, // c
0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, // d
0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, // e
0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d };// f
uint8_t rcon[] = { 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 };
void aes_key_expansion(uint8_t *key, uint8_t *w)
{
uint32_t *w32 = (uint32_t*)w;
for (uint8_t i = 0; i < 8; i++)
{
w32[i] = ((key[4 * i + 3] & 0x7) << 29) | (key[4 * i + 0] << 21) | (key[4 * i + 1] << 13) | (key[4 * i + 2] << 5) | (key[4 * i + 3] >> 3);
}
for (uint8_t i = 8; i < 60; i += 4)
{
if ((i % 8) == 0)
{
w[4 * i + 3] = s_box[w[4 * (i - 1) + 2]] ^ rcon[(i - 8) / 8];
w[4 * i + 2] = s_box[w[4 * (i - 1) + 1]];
w[4 * i + 1] = s_box[w[4 * (i - 1) + 0]];
w[4 * i + 0] = s_box[w[4 * (i - 1) + 3]];
}
else
{
w[4 * i + 3] = s_box[w[4 * (i - 1) + 3]];
w[4 * i + 2] = s_box[w[4 * (i - 1) + 2]];
w[4 * i + 1] = s_box[w[4 * (i - 1) + 1]];
w[4 * i + 0] = s_box[w[4 * (i - 1) + 0]];
}
w32[i] ^= w32[i - 8];
w32[i + 1] = w32[i] ^ w32[i + 1 - 8];
w32[i + 2] = w32[i + 1] ^ w32[i + 2 - 8];
w32[i + 3] = w32[i + 2] ^ w32[i + 3 - 8];
}
for (uint8_t l = 0; l < 7; l++)
{
for (int j = 0; j < 4; j++)
{
uint32_t temp = w32[l * 4 + j];
w32[l * 4 + j] = w32[4 * (14 - l) + j];
w32[4 * (14 - l) + j] = temp;
}
}
for (uint8_t l = 1; l < 14; l++)
{
for (uint8_t i = 0; i < 4; i++)
{
w32[l * 4 + i] = RT3[s_box[w[l * 16 + i * 4 + 0]]] ^ RT2[s_box[w[l * 16 + i * 4 + 1]]] ^ RT1[s_box[w[l * 16 + i * 4 + 2]]] ^ RT0[s_box[w[l * 16 + i * 4 + 3]]];
}
}
}
#define LOWORD(x) (*((uint16_t*)&(x))) // low word
uint8_t LOBYTE(uint32_t val) { return val & 0xFF; };
uint8_t BYTE1(uint32_t val) { return (val >> 8) & 0xFF; };
uint8_t BYTE2(uint32_t val) { return (val >> 16) & 0xFF; };
uint8_t HIBYTE(uint32_t val) { return (val >> 24) & 0xFF; };
uint32_t decrypt16(uint32_t* key, uint8_t *a3, uint8_t *a4)
{
int v11; // edx
uint32_t v12; // ebx
uint32_t v13; // edx
uint32_t v14; // ST18_4
uint32_t v15; // ecx
int v16; // ebx
uint32_t v17; // edx
uint32_t v18; // ebx
uint32_t v19; // ST14_4
uint32_t v20; // ecx
int v21; // edx
uint32_t v22; // ebx
uint32_t v23; // edx
uint32_t v24; // ST18_4
uint32_t v25; // ecx
uint32_t v26; // ebx
uint32_t v27; // ST14_4
int v28; // edx
uint32_t v29; // ebx
uint32_t v30; // edx
uint32_t v31; // ST18_4
uint32_t v32; // ecx
int v33; // ebx
uint32_t v34; // edx
uint32_t v35; // ebx
uint32_t v36; // ST14_4
uint32_t v37; // ecx
int v38; // edx
uint32_t v39; // ebx
uint32_t v40; // edx
uint32_t v41; // ecx
uint32_t v42; // esi
uint32_t v43; // ebx
uint32_t v44; // edi
uint32_t v45; // edx
int v46; // eax
int v47; // ecx
uint32_t v49; // ST18_4
uint32_t v50; // ebx
uint32_t v51; // esi
uint32_t v52; // edx
int v53; // eax
uint32_t v54; // edi
uint32_t v55; // eax
int v56; // ecx
int v57; // eax
uint32_t v58; // esi
uint32_t v59; // ST18_4
uint32_t v60; // ebx
uint32_t v61; // edx
uint32_t v62; // eax
uint32_t v63; // eax
int v64; // ecx
int v65; // eax
uint32_t *v66; // ebp
uint32_t v67; // ecx
uint32_t v68; // ecx
uint32_t v69; // ecx
uint32_t v70; // ecx
uint32_t result; // eax
uint32_t v72; // [esp+10h] [ebp-10h]
uint32_t v73; // [esp+14h] [ebp-Ch]
uint32_t v75; // [esp+24h] [ebp+4h]
uint32_t v76; // [esp+24h] [ebp+4h]
uint32_t v77; // [esp+24h] [ebp+4h]
uint32_t v78; // [esp+24h] [ebp+4h]
uint32_t v79; // [esp+24h] [ebp+4h]
uint32_t v80; // [esp+2Ch] [ebp+Ch]
uint32_t v81; // [esp+2Ch] [ebp+Ch]
uint32_t v82; // [esp+2Ch] [ebp+Ch]
uint32_t v83; // [esp+2Ch] [ebp+Ch]
uint32_t v84; // [esp+2Ch] [ebp+Ch]
uint32_t v5 = *key ^ a3[3] ^ ((a3[2] ^ ((a3[1] ^ (*a3 << 8)) << 8)) << 8);
int v6 = a3[9];
uint32_t v74 = key[1] ^ a3[7] ^ ((a3[6] ^ ((a3[5] ^ (a3[4] << 8)) << 8)) << 8);
uint32_t v7 = key[2] ^ a3[11] ^ ((a3[10] ^ ((v6 ^ (a3[8] << 8)) << 8)) << 8);
uint32_t v8 = key[3] ^ a3[15] ^ ((a3[14] ^ ((a3[13] ^ (a3[12] << 8)) << 8)) << 8);
uint32_t v9 = key[4] ^ RT3[v74&0xff] ^ RT0[v5 >> 24] ^ RT2[(uint16_t)(*((uint16_t *)key + 4) ^ a3[11] ^ (uint16_t)((a3[10] ^ (uint16_t)(((uint16_t)v6 ^ (uint16_t)(a3[8] << 8)) << 8)) << 8)) >> 8] ^ RT1[BYTE2(v8)];
a3[10];
v80 = key[5] ^ RT3[(uint8_t)(*((uint8_t*)key + 8) ^ a3[11])] ^ RT0[v74 >> 24] ^ RT1[BYTE2(v5)] ^ RT2[BYTE1(v8)];
uint32_t v10 = key[6] ^ RT3[(uint8_t)v8] ^ RT0[v7 >> 24] ^ RT2[BYTE1(v5)] ^ RT1[BYTE2(v74)];
v11 = RT0[v8 >> 24] ^ RT2[BYTE1(v74)] ^ RT1[BYTE2(v7)];
v12 = v10;
v13 = key[7] ^ RT3[(uint8_t)v5] ^ v11;
v14 = key[8] ^ RT3[(uint8_t)v80] ^ RT0[v9 >> 24] ^ RT2[BYTE1(v12)] ^ RT1[BYTE2(v13)];
v75 = key[9] ^ RT3[(uint8_t)v10] ^ RT0[v80 >> 24] ^ RT1[BYTE2(v9)] ^ RT2[BYTE1(v13)];
v15 = key[10] ^ RT3[(uint8_t)v13] ^ RT0[v10 >> 24] ^ RT2[BYTE1(v9)] ^ RT1[BYTE2(v80)];
v16 = RT0[v13 >> 24] ^ RT2[BYTE1(v80)] ^ RT1[BYTE2(v12)];
v17 = v15;
v18 = key[11] ^ RT3[(uint8_t)v9] ^ v16;
v19 = key[12] ^ RT3[(uint8_t)v75] ^ RT0[v14 >> 24] ^ RT2[BYTE1(v17)] ^ RT1[BYTE2(v18)];
v81 = key[13] ^ RT3[(uint8_t)v15] ^ RT0[v75 >> 24] ^ RT1[BYTE2(v14)] ^ RT2[BYTE1(v18)];
v20 = key[14] ^ RT3[(uint8_t)v18] ^ RT0[v15 >> 24] ^ RT2[BYTE1(v14)] ^ RT1[BYTE2(v75)];
v21 = RT0[v18 >> 24] ^ RT2[BYTE1(v75)] ^ RT1[BYTE2(v17)];
v22 = v20;
v23 = key[15] ^ RT3[(uint8_t)v14] ^ v21;
v24 = key[16] ^ RT3[(uint8_t)v81] ^ RT0[v19 >> 24] ^ RT2[BYTE1(v22)] ^ RT1[BYTE2(v23)];
v76 = key[17] ^ RT3[(uint8_t)v20] ^ RT0[v81 >> 24] ^ RT1[BYTE2(v19)] ^ RT2[BYTE1(v23)];
v25 = key[18] ^ RT3[(uint8_t)v23] ^ RT0[v20 >> 24] ^ RT2[BYTE1(v19)] ^ RT1[BYTE2(v81)];
v26 = key[19] ^ RT3[(uint8_t)v19] ^ RT0[v23 >> 24] ^ RT2[BYTE1(v81)] ^ RT1[BYTE2(v22)];
v27 = key[20] ^ RT3[(uint8_t)v76] ^ RT0[v24 >> 24] ^ RT2[BYTE1(v25)] ^ RT1[BYTE2(v26)];
v82 = key[21] ^ RT3[(uint8_t)v25] ^ RT0[v76 >> 24] ^ RT1[BYTE2(v24)] ^ RT2[BYTE1(v26)];
v28 = RT0[v26 >> 24] ^ RT2[BYTE1(v76)] ^ RT1[BYTE2(v25)];
v29 = key[22] ^ RT3[(uint8_t)v26] ^ RT0[v25 >> 24] ^ RT2[BYTE1(v24)] ^ RT1[BYTE2(v76)];
v30 = key[23] ^ RT3[(uint8_t)v24] ^ v28;
v31 = key[24] ^ RT3[(uint8_t)v82] ^ RT0[v27 >> 24] ^ RT2[BYTE1(v29)] ^ RT1[BYTE2(v30)];
v77 = key[25] ^ RT3[(uint8_t)v29] ^ RT0[v82 >> 24] ^ RT1[BYTE2(v27)] ^ RT2[BYTE1(v30)];
v32 = key[26] ^ RT3[(uint8_t)v30] ^ RT0[v29 >> 24] ^ RT2[BYTE1(v27)] ^ RT1[BYTE2(v82)];
v33 = RT0[v30 >> 24] ^ RT2[BYTE1(v82)] ^ RT1[BYTE2(v29)];
v34 = v32;
v35 = key[27] ^ RT3[(uint8_t)v27] ^ v33;
v36 = key[28] ^ RT3[(uint8_t)v77] ^ RT0[v31 >> 24] ^ RT2[BYTE1(v34)] ^ RT1[BYTE2(v35)];
v83 = key[29] ^ RT3[(uint8_t)v32] ^ RT0[v77 >> 24] ^ RT1[BYTE2(v31)] ^ RT2[BYTE1(v35)];
v37 = key[30] ^ RT3[(uint8_t)v35] ^ RT0[v32 >> 24] ^ RT2[BYTE1(v31)] ^ RT1[BYTE2(v77)];
v38 = RT0[v35 >> 24] ^ RT2[BYTE1(v77)] ^ RT1[BYTE2(v34)];
v39 = v37;
v40 = key[31] ^ RT3[(uint8_t)v31] ^ v38;
v78 = key[33] ^ RT3[(uint8_t)v37] ^ RT0[v83 >> 24] ^ RT1[BYTE2(v36)] ^ RT2[BYTE1(v40)];
v41 = key[34] ^ RT3[(uint8_t)v40] ^ RT0[v37 >> 24] ^ RT2[BYTE1(v36)] ^ RT1[BYTE2(v83)];
v42 = key[32] ^ RT3[(uint8_t)v83] ^ RT0[v36 >> 24] ^ RT2[BYTE1(v39)] ^ RT1[BYTE2(v40)];
v43 = key[35] ^ RT3[(uint8_t)v36] ^ RT0[v40 >> 24] ^ RT2[BYTE1(v83)] ^ RT1[BYTE2(v39)];
v84 = key[36] ^ RT3[(uint8_t)v78] ^ RT0[v42 >> 24] ^ RT2[BYTE1(v41)] ^ RT1[BYTE2(v43)];
v44 = key[37] ^ RT3[(uint8_t)v41] ^ RT0[v78 >> 24] ^ RT1[BYTE2(v42)] ^ RT2[BYTE1(v43)];
v73 = key[37] ^ RT3[(uint8_t)v41] ^ RT0[v78 >> 24] ^ RT1[BYTE2(v42)] ^ RT2[BYTE1(v43)];
v45 = v41 >> 16;
v46 = (uint8_t)v43;
v43 >>= 24;
v72 = key[38] ^ RT3[v46] ^ RT0[v41 >> 24] ^ RT2[BYTE1(v42)] ^ RT1[BYTE2(v78)];
v47 = key[39] ^ RT3[(uint8_t)v42] ^ RT0[v43] ^ RT2[BYTE1(v78)] ^ RT1[BYTE2(v41)];
v79 = key[39] ^ RT3[(uint8_t)v42] ^ RT0[v43] ^ RT2[BYTE1(v78)] ^ RT1[(uint8_t)v45];
v49 = key[41] ^ RT3[(uint8_t)v72] ^ RT0[v44 >> 24] ^ RT1[BYTE2(v84)] ^ RT2[BYTE1(v79)];
v50 = key[42] ^ RT3[(uint8_t)v79] ^ RT0[v72 >> 24] ^ RT2[BYTE1(v84)] ^ RT1[BYTE2(v44)];
v51 = key[40] ^ RT3[(uint8_t)v44] ^ RT0[v84 >> 24] ^ RT2[BYTE1(v72)] ^ RT1[BYTE2(v47)];
v52 = key[43] ^ RT3[(uint8_t)v84] ^ RT0[v79 >> 24] ^ RT2[BYTE1(v44)] ^ RT1[BYTE2(v72)];
v53 = key[43] ^ RT3[(uint8_t)v84] ^ RT0[v79 >> 24] ^ RT2[BYTE1(v44)] ^ RT1[BYTE2(v72)];
v84 = key[44] ^ RT3[(uint8_t)v49] ^ RT0[v51 >> 24] ^ RT2[(uint16_t)(*((uint16_t *)key + 84) ^ LOWORD(RT3[(uint8_t)v79]) ^ LOWORD(RT0[v72 >> 24]) ^ LOWORD(RT2[BYTE1(v84)]) ^ LOWORD(RT1[BYTE2(v44)])) >> 8] ^ RT1[(uint8_t)(v52 >> 16)];
v54 = key[45] ^ RT3[(uint8_t)v50] ^ RT0[v49 >> 24] ^ RT1[BYTE2(v51)] ^ RT2[BYTE1(v53)];
v73 = key[45] ^ RT3[(uint8_t)v50] ^ RT0[v49 >> 24] ^ RT1[BYTE2(v51)] ^ RT2[BYTE1(v53)];
v55 = v50 >> 24;
v50 >>= 16;
v56 = RT0[v55] ^ RT2[BYTE1(v51)] ^ RT1[BYTE2(v49)];
v57 = (uint8_t)v52;
v52 >>= 24;
v72 = key[46] ^ RT3[v57] ^ v56;
v47 = key[47] ^ RT3[(uint8_t)v51] ^ RT0[v52] ^ RT2[BYTE1(v49)] ^ RT1[(uint8_t)v50];
v79 = key[47] ^ RT3[(uint8_t)v51] ^ RT0[v52] ^ RT2[BYTE1(v49)] ^ RT1[(uint8_t)v50];
v58 = key[48] ^ RT3[(uint8_t)v54] ^ RT0[v84 >> 24] ^ RT2[BYTE1(v72)] ^ RT1[BYTE2(v47)];
v59 = key[49] ^ RT3[(uint8_t)v72] ^ RT0[v54 >> 24] ^ RT1[BYTE2(v84)] ^ RT2[BYTE1(v79)];
v60 = key[50] ^ RT3[(uint8_t)v79] ^ RT0[v72 >> 24] ^ RT2[BYTE1(v84)] ^ RT1[BYTE2(v54)];
v61 = key[51] ^ RT3[(uint8_t)v84] ^ RT0[v79 >> 24] ^ RT2[BYTE1(v54)] ^ RT1[BYTE2(v72)];
v62 = v61 >> 8;
v84 = key[52] ^ RT3[(uint8_t)v59] ^ RT0[v58 >> 24] ^ RT2[(uint16_t)(*((uint16_t *)key + 100) ^ LOWORD(RT3[(uint8_t)v79]) ^ LOWORD(RT0[v72 >> 24]) ^ LOWORD(RT2[BYTE1(v84)]) ^ LOWORD(RT1[BYTE2(v54)])) >> 8] ^ RT1[(uint8_t)(v61 >> 16)];
v73 = key[53] ^ RT3[(uint8_t)v60] ^ RT0[v59 >> 24] ^ RT1[BYTE2(v58)] ^ RT2[(uint8_t)v62];
v63 = v60 >> 24;
v60 >>= 16;
v64 = RT0[v63] ^ RT2[BYTE1(v58)] ^ RT1[BYTE2(v59)];
v65 = (uint8_t)v61;
v61 >>= 24;
v72 = key[54] ^ RT3[v65] ^ v64;
v47 = key[55] ^ RT3[(uint8_t)v58] ^ RT0[v61] ^ RT2[BYTE1(v59)] ^ RT1[(uint8_t)v60];
v79 = key[55] ^ RT3[(uint8_t)v58] ^ RT0[v61] ^ RT2[BYTE1(v59)] ^ RT1[(uint8_t)v60];
v66 = &key[4 * 14];
v67 = *v66 ^ LOBYTE(inv_s_box[(uint8_t)v73]) ^ (0x01010101 * inv_s_box[v84 >> 24]) & 0xFF000000 ^ (0x01010101 * inv_s_box[BYTE1(v72)]) & 0xFF00 ^ (0x01010101 * inv_s_box[BYTE2(v47)]) & 0xFF0000;
a4[3] = v67;
*a4 = HIBYTE(v67);
a4[1] = BYTE2(v67);
a4[2] = BYTE1(v67);
v68 = v66[1] ^ LOBYTE(inv_s_box[(uint8_t)v72]) ^ (0x01010101 * inv_s_box[v73 >> 24]) & 0xFF000000 ^ (0x01010101 * inv_s_box[BYTE1(v79)]) & 0xFF00 ^ (0x01010101 * inv_s_box[BYTE2(v84)]) & 0xFF0000;
a4[7] = *((uint8_t *)v66 + 4) ^ LOBYTE(inv_s_box[(uint8_t)v72]);
a4[4] = HIBYTE(v68);
a4[5] = BYTE2(v68);
a4[6] = BYTE1(v68);
v69 = v66[2] ^ LOBYTE(inv_s_box[(uint8_t)v79]) ^ (0x01010101 * inv_s_box[v72 >> 24]) & 0xFF000000 ^ (0x01010101 * inv_s_box[BYTE1(v84)]) & 0xFF00 ^ (0x01010101 * inv_s_box[BYTE2(v73)]) & 0xFF0000;
a4[11] = *((uint8_t *)v66 + 8) ^ LOBYTE(inv_s_box[(uint8_t)v79]);
a4[8] = HIBYTE(v69);
a4[9] = BYTE2(v69);
a4[10] = BYTE1(v69);
v70 = v66[3] ^ LOBYTE(inv_s_box[(uint8_t)v84]) ^ (0x01010101 * inv_s_box[v79 >> 24]) & 0xFF000000 ^ (0x01010101 * inv_s_box[BYTE1(v73)]) & 0xFF00 ^ (0x01010101 * inv_s_box[BYTE2(v72)]) & 0xFF0000;
a4[15] = *((uint8_t *)v66 + 12) ^ LOBYTE(inv_s_box[(uint8_t)v84]);
a4[12] = HIBYTE(v70);
a4[13] = BYTE2(v70);
result = v70 >> 8;
a4[14] = BYTE1(v70);
return result;
}
void decryptAll(uint8_t* key, uint8_t *inBuffer, uint8_t *outBuffer, uint32_t size)
{
uint8_t w[240];
aes_key_expansion(key, w);
uint32_t paddedLength = 16 * ((size + 15) >> 4);
uint8_t* tempEncrypted = (uint8_t*) malloc( paddedLength );
memcpy(tempEncrypted, inBuffer, size);
uint8_t* tempDecrypted = (uint8_t*) malloc( paddedLength );
for (uint32_t i = 0; i < paddedLength / 16; i++)
{
decrypt16((uint32_t*)w, &tempEncrypted[i * 16], &tempDecrypted[i * 16]);
}
memcpy(outBuffer,tempDecrypted, size);
free( tempDecrypted );
free( tempEncrypted );
}"

[pipoman]

Ok found the issue, you need different quotes when used with encryption

encryption calldll "MEMORY_FILE100 decryptAll tcc RET AES_KEY #INPUT# #OUTPUT# #INPUT_SIZE#"