Encrypted lua files

[w6125991]

Thank you for visiting my post.

I am a beginner.These luac files puzzled me for a long time.They were encrypted, and I tried many things, but I couldn't.Including, unluac, luadec, IDA.

The file is encrypted, I can't find his sign and key from so library.I tried everything and failed.

I hope you can tell me how to do it, not just the result.

Thank you for your help.
Please change the suffix name of the file by yourself

[w6125991]

The attachment is repeated. Please download either one.

[LolHacksRule]

LJ header, may be compiled with LuaJit, the files don't look encrypted as they are partially readable, however, its obfuscated/compiled... If I knew what LUA version was used that can help... The library you provided also mentions LuaJit. https://github.com/bobsayshilol/luajit-decomp
https://github.com/NightNord/ljd try these...

[w6125991]

LOAD:0011225A aLuajitVersion2 DCB "luaJIT_version_2_0_3",0

This is found in the so library file

LUA version。5.1 or 5.1.4 maybe

Thanks for try.

[w6125991]

I tried. He might have worked.Let me see if I can solve the problem.
I need to learn so much that I can't imagine that a bat file can solve the problem that has puzzled me for a long time.
Thank you very much for your help.If I succeed, I will reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- BYTECODE -- APIMapConfig.luac:0-0
0001 GGET 1 0 ; "APIMapConfig"
0002 TGETV 1 1 0
0003 ISNEP 1 0
0004 JMP 2 => 0012
0005 GGET 2 1 ; "print"
0006 KSTR 3 2 ; "APIMapConfig没有id："
0007 MOV 4 0
0008 CAT 3 3 4
0009 CALL 2 1 2
0010 KPRI 2 0
0011 RET1 2 2
0012 => TGETS 2 1 3 ; "api"
0013 RET1 2 2

-- BYTECODE -- APIMapConfig.luac:0-0
0001 GGET 1 0 ; "APIMapConfig"
0002 TGETV 1 1 0
0003 ISNEP 1 0
0004 JMP 2 => 0012
0005 GGET 2 1 ; "print"
0006 KSTR 3 2 ; "APIMapConfig没有id："
0007 MOV 4 0
0008 CAT 3 3 4
0009 CALL 2 1 2
0010 KPRI 2 0
0011 RET1 2 2
0012 => TGETS 2 1 3 ; "key"
0013 RET1 2 2

-- BYTECODE -- APIMapConfig.luac:0-0
0001 GGET 1 0 ; "APIMapConfig"
0002 TGETV 1 1 0
0003 ISNEP 1 0
0004 JMP 2 => 0012
0005 GGET 2 1 ; "print"
0006 KSTR 3 2 ; "APIMapConfig没有id："
0007 MOV 4 0
0008 CAT 3 3 4
0009 CALL 2 1 2
0010 KPRI 2 0
0011 RET1 2 2
0012 => TGETS 2 1 3 ; "name"
0013 RET1 2 2

-- BYTECODE -- APIMapConfig.luac:0-0
0001 TNEW 0 0
0002 GGET 1 0 ; "pairs"
0003 GGET 2 1 ; "APIMapConfig"
0004 CALL 1 4 2
0005 ISNEXT 4 => 0016
0006 => GGET 6 2 ; "type"
0007 MOV 7 5
0008 CALL 6 2 2
0009 ISEQS 6 3 ; "function"
0010 JMP 6 => 0016
0011 GGET 6 4 ; "table"
0012 TGETS 6 6 5 ; "insert"
0013 MOV 7 0
0014 MOV 8 4
0015 CALL 6 1 3
0016 => ITERN 4 3 3
0017 ITERL 4 => 0006
0018 RET1 0 2

-- BYTECODE -- APIMapConfig.luac:0-0
0001 TNEW 0 0
0002 GSET 0 0 ; "APIMapConfig"
0003 GGET 0 0 ; "APIMapConfig"
0004 TDUP 1 2
0005 TSETS 1 0 1 ; ""
0006 GGET 0 0 ; "APIMapConfig"
0007 FNEW 1 4 ; APIMapConfig.luac:0
0008 TSETS 1 0 3 ; "api"
0009 GGET 0 0 ; "APIMapConfig"
0010 FNEW 1 6 ; APIMapConfig.luac:0
0011 TSETS 1 0 5 ; "key"
0012 GGET 0 0 ; "APIMapConfig"
0013 FNEW 1 8 ; APIMapConfig.luac:0
0014 TSETS 1 0 7 ; "name"
0015 GGET 0 0 ; "APIMapConfig"
0016 FNEW 1 10 ; APIMapConfig.luac:0
0017 TSETS 1 0 9 ; "getIds"
0018 RET0 0 1

[w6125991]

.text:0048DD14 luaopen_base ADD R1, PC, R1 ; "Lua 5.1"
.text:00495878 ; "LuaJIT 2.0.3"
I'm so stupid, I don't even know how to change the opcode order

Can you teach me?step-by-step

version： lua 5.1 luajit 2.0.3

[LolHacksRule]

I'll decompile the files for you if I can...

[w6125991]

thanks。Any attempt will help me。

[w6125991]

I am trying to get his key sign and key through dynamic debugging of so library.If I can get it.I can use an off-the-shelf decryption tool to encode this encrypted file.

[w6125991]

; _DWORD __fastcall cocos2d::LuaStack::setXXTEAKeyAndSign(cocos2d::LuaStack *this, const char *, int, const char *, int)
.text:00327538 EXPORT _ZN7cocos2d8LuaStack18setXXTEAKeyAndSignEPKciS2_i
.text:00327538 _ZN7cocos2d8LuaStack18setXXTEAKeyAndSignEPKciS2_i
.text:00327538 ; DATA XREF: LOAD:00002FA8↑o
.text:00327538 ; .data.rel.ro:00A603E0↓o
.text:00327538
.text:00327538 arg_0 = 0
.text:00327538
.text:00327538 ; __unwind {
.text:00327538 PUSH.W {R4-R8,LR}
.text:0032753C MOV R4, R0
.text:0032753E MOV R7, R1
.text:00327540 LDR R0, [R4]
.text:00327542 MOV R5, R3
.text:00327544 MOV R6, R2
.text:00327546 LDR R1, [R0,#0x7C]
.text:00327548 MOV R0, R4
.text:0032754A BLX R1
.text:0032754C CMP R7, #0
.text:0032754E IT NE
.text:00327550 CMPNE R6, #0
.text:00327552 BEQ loc_327562
.text:00327554 CMP R5, #0
.text:00327556 ITT NE
.text:00327558 LDRNE.W R8, [SP,#0x18+arg_0]
.text:0032755C CMPNE.W R8, #0
.text:00327560 BNE loc_327566
.text:00327562
.text:00327562 loc_327562 ; CODE XREF: cocos2d::LuaStack::setXXTEAKeyAndSign(char const*,int,char const*,int)+1A↑j
.text:00327562 MOVS R0, #0
.text:00327564 B loc_32758E
.text:00327566 ; ---------------------------------------------------------------------------
.text:00327566
.text:00327566 loc_327566 ; CODE XREF: cocos2d::LuaStack::setXXTEAKeyAndSign(char const*,int,char const*,int)+28↑j
.text:00327566 MOV R0, R6 ; size
.text:00327568 BLX malloc
.text:0032756C MOV R1, R7
.text:0032756E MOV R2, R6
.text:00327570 STR R0, [R4,#0x2C]
.text:00327572 BLX __aeabi_memcpy
.text:00327576 MOV R0, R8 ; size
.text:00327578 STR R6, [R4,#0x30]
.text:0032757A BLX malloc
.text:0032757E MOV R1, R5
.text:00327580 MOV R2, R8
.text:00327582 STR R0, [R4,#0x34]
.text:00327584 BLX __aeabi_memcpy
.text:00327588 STR.W R8, [R4,#0x38]
.text:0032758C MOVS R0, #1
.text:0032758E
.text:0032758E loc_32758E ; CODE XREF: cocos2d::LuaStack::setXXTEAKeyAndSign(char const*,int,char const*,int)+2C↑j
.text:0032758E STRB.W R0, [R4,#0x28]
.text:00327592 POP.W {R4-R8,PC}
.text:00327592 ; End of function cocos2d::LuaStack::setXXTEAKeyAndSign(char const*,int,char const*,int)
.text:00327592
.text:00327592 ; ---------------------------------------------------------------------------
.text:00327596 ALIGN 4
.text:00327596 ; } // starts at 327538

[w6125991]

The information comes from IDA

[w6125991]

signed int __fastcall AppDelegate::applicationDidFinishLaunching(AppDelegate *this)
{
int v1; // r0
cocos2d::Director *v2; // r0
int v3; // r0
cocos2d::LuaEngine *v4; // r0
cocos2d::ScriptEngineManager *v5; // r0
cocos2d::ScriptEngineProtocol *v6; // r4
cocos2d::ScriptEngineManager *v7; // r0
int v8; // r5
int v9; // r5
int v10; // r2
int v11; // ST00_4
cocos2d::FileUtils *v12; // r0
int v13; // r5
int *v14; // r0
int v15; // r4
signed int result; // r0
char v17; // [sp+4h] [bp-4Ch]
int v18; // [sp+8h] [bp-48h]
char v19; // [sp+Ch] [bp-44h]
int v20; // [sp+10h] [bp-40h]
int v21; // [sp+14h] [bp-3Ch]
int v22; // [sp+18h] [bp-38h]
int v23; // [sp+1Ch] [bp-34h]
int v24; // [sp+20h] [bp-30h]
char v25; // [sp+24h] [bp-2Ch]
int v26; // [sp+28h] [bp-28h]
char v27; // [sp+2Ch] [bp-24h]
int v28; // [sp+30h] [bp-20h]
char v29; // [sp+34h] [bp-1Ch]

v1 = cocos2d::Director::getInstance(this);
v2 = (cocos2d::Director *)(*(int (**)(void))(*(_DWORD *)v1 + 36))();
v3 = cocos2d::Director::getInstance(v2);
v4 = (cocos2d::LuaEngine *)cocos2d::Director::setProjection(v3, 0);
v5 = (cocos2d::ScriptEngineManager *)cocos2d::LuaEngine::getInstance(v4);
v6 = v5;
v7 = (cocos2d::ScriptEngineManager *)cocos2d::ScriptEngineManager::getInstance(v5);
cocos2d::ScriptEngineManager::setScriptEngine(v7, v6);
v8 = *(_DWORD *)(*((_DWORD *)v6 + 1) + 32);
lua_module_register(*(_DWORD *)(*((_DWORD *)v6 + 1) + 32));
luaopen_pack(v8);
luaopen_bit(v8);
luaopen_socketevent(v8);
v9 = *((_DWORD *)v6 + 1);
sub_87B510(&v28, "doudizhuverkey", &v27);
sub_87B510(&v26, "gamesign", &v25);
v10 = *(_DWORD *)(v28 - 12);
v11 = *(_DWORD *)(v26 - 12);
v12 = (cocos2d::FileUtils *)(*(int (__fastcall **)(int))(*(_DWORD *)v9 + 120))(v9);
v13 = cocos2d::FileUtils::getInstance(v12);
(*(void (__fastcall **)(int *, int))(*(_DWORD *)v13 + 68))(&v23, v13);
v14 = (int *)sub_87A9E0(&v23, "/update/", 8);
v24 = *v14;
*v14 = (int)&unk_AB8A18;
sub_879C00(v23 - 12, &v29);
sub_87ADBC(&v22, &v24);
sub_87A9E0(&v22, "src", 3);
cocos2d::FileUtils::addSearchPath(v13, &v22, 0);
sub_879C00(v22 - 12, &v29);
sub_87ADBC(&v21, &v24);
sub_87A9E0(&v21, "res", 3);
cocos2d::FileUtils::addSearchPath(v13, &v21, 0);
sub_879C00(v21 - 12, &v29);
cocos2d::FileUtils::addSearchPath(v13, &v24, 0);
sub_87B510(&v20, "src", &v19);
cocos2d::FileUtils::addSearchPath(v13, &v20, 0);
sub_879C00(v20 - 12, &v29);
sub_87B510(&v18, "res", &v17);
cocos2d::FileUtils::addSearchPath(v13, &v18, 0);
sub_879C00(v18 - 12, &v29);
v15 = (*(int (__fastcall **)(cocos2d::ScriptEngineProtocol *, const char *))(*(_DWORD *)v6 + 52))(v6, "mainentry.lua");
sub_879C00(v24 - 12, &v29);
sub_879C00(v26 - 12, &v29);
sub_879C00(v28 - 12, &v29);
result = 0;
if ( !v15 )
result = 1;
return result;
}