LuaQ with new library

[Ziyan_555]

Need help to decompile LuaQ with new library.
Previously using the standard library, dev changed it after an update.
Here the lua file and dll library, spotted with my poor coding knowledge.



Game: 九陰真經 (Age of Wushu - Taiwan Version)

[atom0s]

Looks like the scripts are xor'd with the key: 'snailgame'

Usage 1:

Code: Select all

void *__cdecl sub_10005E10(int a1, int a2, size_t Size, int a4)
{
  size_t v4; // esi
  void *v5; // ebp
  _BYTE *v6; // ecx
  int v7; // edi

  v4 = 0;
  if ( dword_10091020 >= Size )
  {
    v5 = Block;
  }
  else
  {
    if ( Block )
      free(Block);
    v5 = malloc(Size);
    Block = v5;
    dword_10091020 = Size;
  }
  if ( Size )
  {
    v6 = v5;
    v7 = a2 - (_DWORD)v5;
    do
    {
      if ( a4 )
        *v6 = v6[v7] ^ byte_10075AD4[v4 % 9];
      else
        *v6 = v6[v7];
      ++v4;
      ++v6;
    }
    while ( v4 < Size );
  }
  return v5;
}

Usage 2:

Code: Select all

char __cdecl sub_10005EA0(int a1, int a2, unsigned int a3, int a4)
{
  unsigned int v4; // ecx
  char result; // al

  v4 = 0;
  if ( a4 && a3 )
  {
    do
    {
      result = byte_10075AD4[v4 % 9];
      *(_BYTE *)(v4 + a2) ^= result;
      ++v4;
    }
    while ( v4 < a3 );
  }
  return result;
}

byte_10075AD4 points to a small byte array holding the word: snailgame

This is how the game is writing and reading the blocks.

[Ziyan_555]

Can i apply the code directly using quickbms or need to link any library inside the code?, sorry I no knowledge on how to decompile apart the standard unluac.jar method.

[Ziyan_555]

Looks like the scripts are xor'd with the key: 'snailgame'

Usage 1:

Code: Select all

void *__cdecl sub_10005E10(int a1, int a2, size_t Size, int a4)
{
  size_t v4; // esi
  void *v5; // ebp
  _BYTE *v6; // ecx
  int v7; // edi

  v4 = 0;
  if ( dword_10091020 >= Size )
  {
    v5 = Block;
  }
  else
  {
    if ( Block )
      free(Block);
    v5 = malloc(Size);
    Block = v5;
    dword_10091020 = Size;
  }
  if ( Size )
  {
    v6 = v5;
    v7 = a2 - (_DWORD)v5;
    do
    {
      if ( a4 )
        *v6 = v6[v7] ^ byte_10075AD4[v4 % 9];
      else
        *v6 = v6[v7];
      ++v4;
      ++v6;
    }
    while ( v4 < Size );
  }
  return v5;
}

Usage 2:

Code: Select all

char __cdecl sub_10005EA0(int a1, int a2, unsigned int a3, int a4)
{
  unsigned int v4; // ecx
  char result; // al

  v4 = 0;
  if ( a4 && a3 )
  {
    do
    {
      result = byte_10075AD4[v4 % 9];
      *(_BYTE *)(v4 + a2) ^= result;
      ++v4;
    }
    while ( v4 < a3 );
  }
  return result;
}

byte_10075AD4 points to a small byte array holding the word: snailgame

This is how the game is writing and reading the blocks.

Hi, any solution to decompile with quickbms?

[atom0s]

Due to the number of people that have contacted me about this game/encryption, I have made a tool to do this. However, I will not be sharing said tool as I know it will just land up being resold or abused for sale elsewhere due to some forums already reselling other files for this game.

You can contact me via pm in regards to decrypting files for a fee.
You can also contact me via Discord: atom0s#0001

[bolunzai]

Came across this, any XOR-related compilers. I have created a working tool to strip the wrapper function and successfully decompiled it.

Contact me at Discord: YanTun#3937

[KnightAdol]

Due to the number of people that have contacted me about this game/encryption, I have made a tool to do this. However, I will not be sharing said tool as I know it will just land up being resold or abused for sale elsewhere due to some forums already reselling other files for this game.

You can contact me via pm in regards to decrypting files for a fee.
You can also contact me via Discord: atom0s#0001

Hello Atom0S.
Can you accept my invite on Discord?
My Discord ID: Hà Sỹ Long#0602

[atom0s]

Added, for anyone else interested, I am still offering a small fee service for decrypting this games files.
I just rewrote/updated my tool as well for this.