How to anti obfuscate Unity3D game file?(.bytes)
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
How to anti obfuscate Unity3D game file?(.bytes)
Hello, everyone. When I was trying to extract a game made , the Config file extracted was wrong.
I am learning game hacking and will not use resources for business.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Statement:
Since the problem has been solved, and the game I used to learn reverse is a commercial game, in order to avoid some legal problems, I decided to delete the relevant game link and relevant documents, which does not involve the reply of others. I am sorry that I only learn reverse as a hobby, and I do not want to use this learning result for any business activities.
Thanks again for your help, thank you!
I am learning game hacking and will not use resources for business.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Statement:
Since the problem has been solved, and the game I used to learn reverse is a commercial game, in order to avoid some legal problems, I decided to delete the relevant game link and relevant documents, which does not involve the reply of others. I am sorry that I only learn reverse as a hobby, and I do not want to use this learning result for any business activities.
Thanks again for your help, thank you!
Last edited by x-tiger on Sun Nov 08, 2020 3:39 pm, edited 12 times in total.
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
Re: What encryption is used for this game configuration file?, please help me.
Can someone help me?Thank you so much!
-
- Posts: 865
- Joined: Fri Apr 20, 2018 12:41 am
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)
Looks like a binary format with base64 data too.
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)
LolHacksRule wrote:Looks like a binary format with base64 data too.
I tried to decode it in Base64, but found it messy.
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)
The problem has been solved
Last edited by x-tiger on Thu Oct 22, 2020 2:33 pm, edited 1 time in total.
-
- Posts: 388
- Joined: Thu Aug 07, 2014 10:28 pm
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)--updated
StringObfuscatorPassword
This is the xor decode function.
Called by string decoder.
Code: Select all
\xC3\x9D\xC3\xBA\x62\x55\x75\x10\xC2\x8B\xC2\xB8\x43\xC3\x81\xC3\x82\xC2\xA7\x2A\x34\x13\x50\xC3\x9A\xC2\xA9\x2D\xC3\xA1\xC2\xA9\xC2\xBE\x40\x54\x36\x44\xC2\x89\x6C\x0F\xC2\xB1\xC2\x91\xC3\x92\x57\xC3\xA2\x75\x7A\xC3\x85\x6D\x34\x47\xC3\x90\xC3\xB3\x19\xC3\x98\x24\x3D\xC3\x8D\x20\x67\x2C\xC2\xA5\x51\xC2\x83\x09\xC3\xAB\xC2\xAE\x69\x4B\x45\xC3\x9F\x20\x72\xC2\xA1\x19\xC2\x9F\xC3\x97\x36\x16\x30\xC3\x8D\x74\x20\xC2\x90\x34\xC3\xB6\xC3\x83\xC2\x93\x7E\x5E\xC2\xAB\x1C\x79\x03\x3A\xC2\x90\xC2\x96\xC3\x88\x64\x10\xC2\x8F\x31\x1A\x3C\x51\xC2\x8F\xC2\x99\xC3\x9B\xC3\x9D\xC3\xBA\x62\x55\x75\x10\xC2\x8B\xC2\xB8\x43\xC3\x81\xC3\x82\xC2\xA7\x2A\x34\x13\x50\xC3\x9A\xC2\xA9\x2D\xC3\xA1\xC2\xA9\xC2\xBE\x40\x54\x36\x44\xC2\x89\x6C\x0F\xC2\xB1\xC2\x91\xC3\x92\x57\xC3\xA2\x75\x7A\xC3\x85\x6D\x34\x47\xC3\x90\xC3\xB3\x19\xC3\x98\x24\x3D\xC3\x8D\x20\x67\x2C\xC2\xA5\x51\xC2\x83\x09\xC3\xAB\xC2\xAE\x69\x4B\x45\xC3\x9F\x20\x72\xC2\xA1\x19\xC2\x9F\xC3\x97\x36\x16\x30\xC3\x8D\x74\x20\xC2\x90\x34\xC3\xB6\xC3\x83\xC2\x93\x7E\x5E\xC2\xAB\x1C\x79\x03\x3A\xC2\x90\xC2\x96\xC3\x88\x64
This is the xor decode function.
Code: Select all
System_String_o *__cdecl I2_Loc_StringObfucator__XoREncode(System_String_o *NormalString, const MethodInfo *method)
{
int v2; // r2
int v3; // r3
System_String_o *v4; // r4
I2_Loc_StringObfucator_c *v5; // r0
struct System_Char_array *v6; // r10
System_Char_array *v7; // r4
il2cpp_array_size_t v8; // r0
uint16_t *v9; // r5
signed int v10; // r6
int v11; // r0
int v12; // r1
int v13; // r0
char v14; // r9
int v15; // r0
unsigned __int8 v16; // r0
signed int v18; // [sp+4h] [bp-24h]
signed int v19; // [sp+8h] [bp-20h]
v4 = NormalString;
if ( !byte_17C6649 )
{
sub_30504C(18958);
byte_17C6649 = 1;
}
v5 = I2_Loc_StringObfucator_TypeInfo;
if ( I2_Loc_StringObfucator_TypeInfo->_2.bitflags2 & 2 && !I2_Loc_StringObfucator_TypeInfo->_2.cctor_started )
{
il2cpp_runtime_class_init_0(I2_Loc_StringObfucator_TypeInfo, 0, v2, v3);
v5 = I2_Loc_StringObfucator_TypeInfo;
}
v6 = v5->static_fields->StringObfuscatorPassword;
if ( !v4 )
sub_332720();
v7 = System_String__ToCharArray(v4, 0);
if ( !v6 )
sub_332720();
v18 = v6->max_length;
if ( !v7 )
sub_332720();
v19 = v7->max_length;
if ( v19 >= 1 )
{
v8 = v7->max_length;
v9 = v7->m_Items;
v10 = 0;
while ( 1 )
{
if ( v8 <= v10 )
{
v11 = sub_3337C4();
sub_332674(v11);
}
v12 = v10 % v18;
if ( v6->max_length <= v10 % v18 )
{
v13 = sub_3337C4();
sub_332674(v13);
}
v14 = -51;
if ( !(v10 & 1) )
v14 = 23;
if ( v7->max_length <= v10 )
{
v15 = sub_3337C4();
sub_332674(v15);
}
v16 = v14 * v10++;
*v9 = v16 ^ (unsigned __int16)(v6->m_Items[v12] ^ *v9);
if ( v10 >= v19 )
break;
v8 = v7->max_length;
++v9;
}
}
return System_String__CreateString_8594264(0, v7, 0);
Called by string decoder.
Code: Select all
System_String_o *__cdecl I2_Loc_StringObfucator__Decode(System_String_o *ObfucatedString, const MethodInfo *method)
{
int v2; // r2
int v3; // r3
System_String_o *v4; // r4
uint32_t v5; // r1
System_String_o *v6; // r0
const MethodInfo *v7; // r1
v4 = ObfucatedString;
if ( !byte_17C6646 )
{
sub_30504C(18954);
byte_17C6646 = 1;
}
v5 = I2_Loc_StringObfucator_TypeInfo->_2.bitflags2;
if ( v5 & 2 )
{
v5 = I2_Loc_StringObfucator_TypeInfo->_2.cctor_started;
if ( !v5 )
il2cpp_runtime_class_init_0(I2_Loc_StringObfucator_TypeInfo, 0, v2, v3);
}
v6 = I2_Loc_StringObfucator__FromBase64(v4, (const MethodInfo *)v5);
return I2_Loc_StringObfucator__XoREncode(v6, v7);
}
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)--updated
My God, thank you so much.I cannot express my words, in my heart, you are God!
Thank you for having a teacher like you on the way of learning reverse. Thank you very much!
Thank you for having a teacher like you on the way of learning reverse. Thank you very much!
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)--updated
I'm sorry.
I have a new problem.
How is StringObfuscatorPassword obtained?
I have a new problem.
How is StringObfuscatorPassword obtained?
-
- Posts: 388
- Joined: Thu Aug 07, 2014 10:28 pm
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)--updated
its a string literal defined in the initialization of the string function.
-
- Posts: 250
- Joined: Sat Dec 27, 2014 8:49 pm
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)--updated
Some tools that help with this kind of thing:
- https://github.com/djkaty/Il2CppInspector
- https://github.com/Perfare/Il2CppDumper
Both can generate IDA python scripts to remap the il2cpp file back to actual named information from the global-metadata.dat file included with things that have used il2cpp.
- https://github.com/djkaty/Il2CppInspector
- https://github.com/Perfare/Il2CppDumper
Both can generate IDA python scripts to remap the il2cpp file back to actual named information from the global-metadata.dat file included with things that have used il2cpp.
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)--updated
chrrox wrote:its a string literal defined in the initialization of the string function.
First of all, thank you very much for your reply.
I'm sorry, I don't get the meaning of this sentence.
I've only been with game hackers for three weeks, and I'm not familiar with reverse engineering yet.
---------------------------------------------------------------------------------------
What is the process by which the cipher text of this initialization string function definition is obtained, or where can the string function be found?
1/ Use IDA static analysis to view SO file for password?
2/ Use other tools to view the encrypted config file to get the password?
3/ Using IDA to dynamically debug APK fetch?
4 / other?
In addition, I would like to ask whether I should use one of the following processes if I need to change the encrypted confused config file into a normal text file:
1/ First decode Config file with BASE64 decoder.Then decrypt the BASE64 decoded file using the password and related functions listed above?
Can the XOR decryption function be decrypted using the generic XOR decryption tool?
2/ Decrypt XOR using the above password and related functions. Then BASE64 decode?-- Process reversal
I'm sorry, But I have a lot of questions.
But, thank you very much for your help, thank you!
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)--updated
atom0s wrote:Some tools that help with this kind of thing:
- https://github.com/djkaty/Il2CppInspector
- https://github.com/Perfare/Il2CppDumper
Both can generate IDA python scripts to remap the il2cpp file back to actual named information from the global-metadata.dat file included with things that have used il2cpp.
Thank you for your reply!
-
- Posts: 250
- Joined: Sat Dec 27, 2014 8:49 pm
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)--updated
In this game's case, it's broken into two separate apk's within the main xapk.
- bettles.puzzle.solitaire.apk
- config.armeabi_v7a.apk
The config.armeabi_v7a.apk contains the actual libraries/game code files while the other contains the game assets, Unity runtime, and general app-related information.
The two main important files for this kind of thing are:
- bettles.puzzle.solitaire.apk > assets\bin\Data\Managed\Metadata\global-metadata.dat
- config.armeabi_v7a.apk > lib\armeabi-v7a\libil2cpp.so
This game makes use of il2cpp, which compiles the C# code down into native code. That is what the il2cpp file is. The global-metadata.dat file is the symbol map file for the il2cpp file, which contains all the symbol information (class/object/function names, static initialization data values, etc.) Tools like the ones I linked above can take the global-metadata.dat file and recreate a script for various tools to remap its content to the actual il2cpp file. (For tools like IDA/Ghidra and such where static analysis is performed.)
Once you remap the data and apply it to the il2cpp file, you can see the naming and object data for everything. Along with the object holding the xor key. You can follow/trace back in a tool like IDA or Ghidra to where that object is initialized, in this case its in a static constructor, and get its original value.
- bettles.puzzle.solitaire.apk
- config.armeabi_v7a.apk
The config.armeabi_v7a.apk contains the actual libraries/game code files while the other contains the game assets, Unity runtime, and general app-related information.
The two main important files for this kind of thing are:
- bettles.puzzle.solitaire.apk > assets\bin\Data\Managed\Metadata\global-metadata.dat
- config.armeabi_v7a.apk > lib\armeabi-v7a\libil2cpp.so
This game makes use of il2cpp, which compiles the C# code down into native code. That is what the il2cpp file is. The global-metadata.dat file is the symbol map file for the il2cpp file, which contains all the symbol information (class/object/function names, static initialization data values, etc.) Tools like the ones I linked above can take the global-metadata.dat file and recreate a script for various tools to remap its content to the actual il2cpp file. (For tools like IDA/Ghidra and such where static analysis is performed.)
Once you remap the data and apply it to the il2cpp file, you can see the naming and object data for everything. Along with the object holding the xor key. You can follow/trace back in a tool like IDA or Ghidra to where that object is initialized, in this case its in a static constructor, and get its original value.
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)--updated
atom0s wrote:In this game's case, it's broken into two separate apk's within the main xapk.
- bettles.puzzle.solitaire.apk
- config.armeabi_v7a.apk
The config.armeabi_v7a.apk contains the actual libraries/game code files while the other contains the game assets, Unity runtime, and general app-related information.
The two main important files for this kind of thing are:
- bettles.puzzle.solitaire.apk > assets\bin\Data\Managed\Metadata\global-metadata.dat
- config.armeabi_v7a.apk > lib\armeabi-v7a\libil2cpp.so
This game makes use of il2cpp, which compiles the C# code down into native code. That is what the il2cpp file is. The global-metadata.dat file is the symbol map file for the il2cpp file, which contains all the symbol information (class/object/function names, static initialization data values, etc.) Tools like the ones I linked above can take the global-metadata.dat file and recreate a script for various tools to remap its content to the actual il2cpp file. (For tools like IDA/Ghidra and such where static analysis is performed.)
Once you remap the data and apply it to the il2cpp file, you can see the naming and object data for everything. Along with the object holding the xor key. You can follow/trace back in a tool like IDA or Ghidra to where that object is initialized, in this case its in a static constructor, and get its original value.
Thank you for your reply. These are the tools I used in the screenshots above.
What I don't understand is, where does the StringObfuscatorPassword data that Chrrox gives us come from
And this is what he said:
its a string literal defined in the initialization of the string function.
1. This function is where I'm going to find, from which tool to obtain this function and StringObfuscatorPassword.
2. How should I use the pseudo-code copied from IDA he gave?
I do not know pseudo code, and my programming ability and game hacking skills are poor, I just began to learn, I do not know the process.
Of course, anyway, thank you very much for your reply, you are a good person.
-
- Posts: 250
- Joined: Sat Dec 27, 2014 8:49 pm
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)--updated
What I don't understand is, where does the StringObfuscatorPassword data that Chrrox gives us come from
I do not know pseudo code, and my programming ability and game hacking skills are poor, I just began to learn, I do not know the process.
This is where understanding some basic level of coding will help, as well as understanding how C# (and .NET in general) works.
The pseudo-code generated by HexRays (the IDA plugin which chrrox's post used) is C/C++ syntax. C# is similar to it so once you have a basic understanding of C# or C/C++, you should be able to understand the basic jist of things. (I'd recommend understanding C/C++ more to fully understand what IDA / Ghidra generates for pseudo-code like this though as things like pointers, structures, etc. will be a bit hard to understand in these contexts if all you know is C#.)
As a quick rundown though, il2cpp converts the Assembly-CSharp.dll to native code.
It's essentially the same thing, just built into native code and wrapped around Mono calls to recreate the same things.
In C#, a class object has the ability to have to 'constructors' which initialize data of the object itself when an instance of it is created or a static instance is referenced. Static variables are initialized in a separate constructor called a 'static constructor'. This is signified via a '.cctor' function in the class when decompiled/disassembled. (Whereas a normal constructor is just a '.ctor' or will just be the same name as the class object itself.)
If you use il2cppDumper, it will gen both the IDA/Ghidra script needed and a dummy Assembly-CSharp.dll you can look at to see some useful information on how the object is setup. In this case, the object is:
Assembly-CSharp.dll -> I2.Loc -> StringObfucastor
Here you will see the layout of the class:
So we know it has a static constructor due to .cctor and we can see the methods and members of the class. If you click on 'StringObfuscatorPassword', you'll see its a static char array (char[]).
Code: Select all
// I2.Loc.StringObfucator
// Token: 0x04000D8E RID: 3470
[Token(Token = "0x4000B95")]
[FieldOffset(Offset = "0x0")]
public static char[] StringObfuscatorPassword;
Next, if you load up the il2cpp.so in IDA, then apply the il2cppDumper script data to it, you can go to the function "StringObfucastor" and see the usage. You can also see the static constructor in IDA, which is:
Code: Select all
int I2_Loc_StringObfucator___cctor()
{
int v0; // r0
int result; // r0
if ( !byte_17C664A )
{
sub_30504C(18959);
byte_17C664A = 1;
}
v0 = StringLiteral_8584;
if ( !StringLiteral_8584 )
{
sub_332720(0);
v0 = StringLiteral_8584;
}
result = System_String__ToCharArray(v0, 0);
**(_DWORD **)(I2_Loc_StringObfucator_TypeInfo + 92) = result;
return result;
}
Here the base password is being prepared by being initialized into a character array.
Code: Select all
StringLiteral_8584
Would be the variable that holds the base character array. Following that in IDA will show you a comment that holds the real value of the data, that you can then match up and copy from the 'stringliteral.json' file that il2cppDumper creates. Which looks like this:
Code: Select all
{
"value": "ÝúbUu\u0010¸CÁ§*4\u0013PÚ©-᩾@T6Dl\u000f±ÒWâuzÅm4GÐó\u0019Ø$=Í g,¥Q\të®iKEß r¡\u0019×6\u00160Ít 4öÃ~^«\u001cy\u0003:Èd\u00101\u001a<QÛÝúbUu\u0010¸CÁ§*4\u0013PÚ©-᩾@T6Dl\u000f±ÒWâuzÅm4GÐó\u0019Ø$=Í g,¥Q\të®iKEß r¡\u0019×6\u00160Ít 4öÃ~^«\u001cy\u0003:Èd",
"address": "0x17C548C"
},
(You can lookup and confirm the data/value by its address seen in IDA and the address field here in the json file.)
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
Re: How to anti obfuscate Unity3D game Config file?(config.bytes)--updated
atom0s wrote:What I don't understand is, where does the StringObfuscatorPassword data that Chrrox gives us come fromI do not know pseudo code, and my programming ability and game hacking skills are poor, I just began to learn, I do not know the process.
This is where understanding some basic level of coding will help, as well as understanding how C# (and .NET in general) works.
The pseudo-code generated by HexRays (the IDA plugin which chrrox's post used) is C/C++ syntax. C# is similar to it so once you have a basic understanding of C# or C/C++, you should be able to understand the basic jist of things. (I'd recommend understanding C/C++ more to fully understand what IDA / Ghidra generates for pseudo-code like this though as things like pointers, structures, etc. will be a bit hard to understand in these contexts if all you know is C#.)
As a quick rundown though, il2cpp converts the Assembly-CSharp.dll to native code.
It's essentially the same thing, just built into native code and wrapped around Mono calls to recreate the same things.
In C#, a class object has the ability to have to 'constructors' which initialize data of the object itself when an instance of it is created or a static instance is referenced. Static variables are initialized in a separate constructor called a 'static constructor'. This is signified via a '.cctor' function in the class when decompiled/disassembled. (Whereas a normal constructor is just a '.ctor' or will just be the same name as the class object itself.)
If you use il2cppDumper, it will gen both the IDA/Ghidra script needed and a dummy Assembly-CSharp.dll you can look at to see some useful information on how the object is setup. In this case, the object is:
Assembly-CSharp.dll -> I2.Loc -> StringObfucastor
Here you will see the layout of the class:
So we know it has a static constructor due to .cctor and we can see the methods and members of the class. If you click on 'StringObfuscatorPassword', you'll see its a static char array (char[]).Code: Select all
// I2.Loc.StringObfucator
// Token: 0x04000D8E RID: 3470
[Token(Token = "0x4000B95")]
[FieldOffset(Offset = "0x0")]
public static char[] StringObfuscatorPassword;
Next, if you load up the il2cpp.so in IDA, then apply the il2cppDumper script data to it, you can go to the function "StringObfucastor" and see the usage. You can also see the static constructor in IDA, which is:Code: Select all
int I2_Loc_StringObfucator___cctor()
{
int v0; // r0
int result; // r0
if ( !byte_17C664A )
{
sub_30504C(18959);
byte_17C664A = 1;
}
v0 = StringLiteral_8584;
if ( !StringLiteral_8584 )
{
sub_332720(0);
v0 = StringLiteral_8584;
}
result = System_String__ToCharArray(v0, 0);
**(_DWORD **)(I2_Loc_StringObfucator_TypeInfo + 92) = result;
return result;
}
Here the base password is being prepared by being initialized into a character array.Code: Select all
StringLiteral_8584
Would be the variable that holds the base character array. Following that in IDA will show you a comment that holds the real value of the data, that you can then match up and copy from the 'stringliteral.json' file that il2cppDumper creates. Which looks like this:Code: Select all
{
"value": "ÝúbUu\u0010¸CÁ§*4\u0013PÚ©-᩾@T6Dl\u000f±ÒWâuzÅm4GÐó\u0019Ø$=Í g,¥Q\të®iKEß r¡\u0019×6\u00160Ít 4öÃ~^«\u001cy\u0003:Èd\u00101\u001a<QÛÝúbUu\u0010¸CÁ§*4\u0013PÚ©-᩾@T6Dl\u000f±ÒWâuzÅm4GÐó\u0019Ø$=Í g,¥Q\të®iKEß r¡\u0019×6\u00160Ít 4öÃ~^«\u001cy\u0003:Èd",
"address": "0x17C548C"
},
(You can lookup and confirm the data/value by its address seen in IDA and the address field here in the json file.)
Wow, thanks for the tutorial, it cleared up a bit of my confusion.
Thank you very much. I've learned a lot from it.
However, I still have some doubts that the value of 0x17C548C above is still confused, these real values that look confused, how can I use it or make it normal to read.
Finally, how do I use these passwords to make the encrypted Config file I exported from AssetStudio normally readable?
-
- Posts: 250
- Joined: Sat Dec 27, 2014 8:49 pm
Re: How to anti obfuscate Unity3D game file?(.bytes)--update
chrrox's post with the key is just encoded differently, but is the same data. If you take his key and convert it back to Unicode in C#, like this:
Code: Select all
var stringXorPassword = new byte[] {
0xC3, 0x9D, 0xC3, 0xBA, 0x62, 0x55, 0x75, 0x10, 0xC2, 0x8B, 0xC2, 0xB8, 0x43, 0xC3, 0x81, 0xC3, 0x82, 0xC2,
0xA7, 0x2A, 0x34, 0x13, 0x50, 0xC3, 0x9A, 0xC2, 0xA9, 0x2D, 0xC3, 0xA1, 0xC2, 0xA9, 0xC2, 0xBE, 0x40, 0x54,
0x36, 0x44, 0xC2, 0x89, 0x6C, 0x0F, 0xC2, 0xB1, 0xC2, 0x91, 0xC3, 0x92, 0x57, 0xC3, 0xA2, 0x75, 0x7A, 0xC3,
0x85, 0x6D, 0x34, 0x47, 0xC3, 0x90, 0xC3, 0xB3, 0x19, 0xC3, 0x98, 0x24, 0x3D, 0xC3, 0x8D, 0x20, 0x67, 0x2C,
0xC2, 0xA5, 0x51, 0xC2, 0x83, 0x09, 0xC3, 0xAB, 0xC2, 0xAE, 0x69, 0x4B, 0x45, 0xC3, 0x9F, 0x20, 0x72, 0xC2,
0xA1, 0x19, 0xC2, 0x9F, 0xC3, 0x97, 0x36, 0x16, 0x30, 0xC3, 0x8D, 0x74, 0x20, 0xC2, 0x90, 0x34, 0xC3, 0xB6,
0xC3, 0x83, 0xC2, 0x93, 0x7E, 0x5E, 0xC2, 0xAB, 0x1C, 0x79, 0x03, 0x3A, 0xC2, 0x90, 0xC2, 0x96, 0xC3, 0x88,
0x64, 0x10, 0xC2, 0x8F, 0x31, 0x1A, 0x3C, 0x51, 0xC2, 0x8F, 0xC2, 0x99, 0xC3, 0x9B, 0xC3, 0x9D, 0xC3, 0xBA,
0x62, 0x55, 0x75, 0x10, 0xC2, 0x8B, 0xC2, 0xB8, 0x43, 0xC3, 0x81, 0xC3, 0x82, 0xC2, 0xA7, 0x2A, 0x34, 0x13,
0x50, 0xC3, 0x9A, 0xC2, 0xA9, 0x2D, 0xC3, 0xA1, 0xC2, 0xA9, 0xC2, 0xBE, 0x40, 0x54, 0x36, 0x44, 0xC2, 0x89,
0x6C, 0x0F, 0xC2, 0xB1, 0xC2, 0x91, 0xC3, 0x92, 0x57, 0xC3, 0xA2, 0x75, 0x7A, 0xC3, 0x85, 0x6D, 0x34, 0x47,
0xC3, 0x90, 0xC3, 0xB3, 0x19, 0xC3, 0x98, 0x24, 0x3D, 0xC3, 0x8D, 0x20, 0x67, 0x2C, 0xC2, 0xA5, 0x51, 0xC2,
0x83, 0x09, 0xC3, 0xAB, 0xC2, 0xAE, 0x69, 0x4B, 0x45, 0xC3, 0x9F, 0x20, 0x72, 0xC2, 0xA1, 0x19, 0xC2, 0x9F,
0xC3, 0x97, 0x36, 0x16, 0x30, 0xC3, 0x8D, 0x74, 0x20, 0xC2, 0x90, 0x34, 0xC3, 0xB6, 0xC3, 0x83, 0xC2, 0x93,
0x7E, 0x5E, 0xC2, 0xAB, 0x1C, 0x79, 0x03, 0x3A, 0xC2, 0x90, 0xC2, 0x96, 0xC3, 0x88, 0x64
};
var unicode = new String(System.Text.Encoding.UTF8.GetChars(stringXorPassword));
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
Re: How to anti obfuscate Unity3D game file?(.bytes)--update
atom0s wrote:chrrox's post with the key is just encoded differently, but is the same data. If you take his key and convert it back to Unicode in C#, like this:Code: Select all
var stringXorPassword = new byte[] {
0xC3, 0x9D, 0xC3, 0xBA, 0x62, 0x55, 0x75, 0x10, 0xC2, 0x8B, 0xC2, 0xB8, 0x43, 0xC3, 0x81, 0xC3, 0x82, 0xC2,
0xA7, 0x2A, 0x34, 0x13, 0x50, 0xC3, 0x9A, 0xC2, 0xA9, 0x2D, 0xC3, 0xA1, 0xC2, 0xA9, 0xC2, 0xBE, 0x40, 0x54,
0x36, 0x44, 0xC2, 0x89, 0x6C, 0x0F, 0xC2, 0xB1, 0xC2, 0x91, 0xC3, 0x92, 0x57, 0xC3, 0xA2, 0x75, 0x7A, 0xC3,
0x85, 0x6D, 0x34, 0x47, 0xC3, 0x90, 0xC3, 0xB3, 0x19, 0xC3, 0x98, 0x24, 0x3D, 0xC3, 0x8D, 0x20, 0x67, 0x2C,
0xC2, 0xA5, 0x51, 0xC2, 0x83, 0x09, 0xC3, 0xAB, 0xC2, 0xAE, 0x69, 0x4B, 0x45, 0xC3, 0x9F, 0x20, 0x72, 0xC2,
0xA1, 0x19, 0xC2, 0x9F, 0xC3, 0x97, 0x36, 0x16, 0x30, 0xC3, 0x8D, 0x74, 0x20, 0xC2, 0x90, 0x34, 0xC3, 0xB6,
0xC3, 0x83, 0xC2, 0x93, 0x7E, 0x5E, 0xC2, 0xAB, 0x1C, 0x79, 0x03, 0x3A, 0xC2, 0x90, 0xC2, 0x96, 0xC3, 0x88,
0x64, 0x10, 0xC2, 0x8F, 0x31, 0x1A, 0x3C, 0x51, 0xC2, 0x8F, 0xC2, 0x99, 0xC3, 0x9B, 0xC3, 0x9D, 0xC3, 0xBA,
0x62, 0x55, 0x75, 0x10, 0xC2, 0x8B, 0xC2, 0xB8, 0x43, 0xC3, 0x81, 0xC3, 0x82, 0xC2, 0xA7, 0x2A, 0x34, 0x13,
0x50, 0xC3, 0x9A, 0xC2, 0xA9, 0x2D, 0xC3, 0xA1, 0xC2, 0xA9, 0xC2, 0xBE, 0x40, 0x54, 0x36, 0x44, 0xC2, 0x89,
0x6C, 0x0F, 0xC2, 0xB1, 0xC2, 0x91, 0xC3, 0x92, 0x57, 0xC3, 0xA2, 0x75, 0x7A, 0xC3, 0x85, 0x6D, 0x34, 0x47,
0xC3, 0x90, 0xC3, 0xB3, 0x19, 0xC3, 0x98, 0x24, 0x3D, 0xC3, 0x8D, 0x20, 0x67, 0x2C, 0xC2, 0xA5, 0x51, 0xC2,
0x83, 0x09, 0xC3, 0xAB, 0xC2, 0xAE, 0x69, 0x4B, 0x45, 0xC3, 0x9F, 0x20, 0x72, 0xC2, 0xA1, 0x19, 0xC2, 0x9F,
0xC3, 0x97, 0x36, 0x16, 0x30, 0xC3, 0x8D, 0x74, 0x20, 0xC2, 0x90, 0x34, 0xC3, 0xB6, 0xC3, 0x83, 0xC2, 0x93,
0x7E, 0x5E, 0xC2, 0xAB, 0x1C, 0x79, 0x03, 0x3A, 0xC2, 0x90, 0xC2, 0x96, 0xC3, 0x88, 0x64
};
var unicode = new String(System.Text.Encoding.UTF8.GetChars(stringXorPassword));
Great! Thank you very much for your reply!
-
- Posts: 19
- Joined: Wed Oct 10, 2018 5:54 am
Re: How to anti obfuscate Unity3D game file?(.bytes)--update
This post was invalidated because I didn't know how to use the password to decrypt it.
So, I gave up.Thanks to everyone who helped me.
So, I gave up.Thanks to everyone who helped me.