re-蓝色鲸鱼 byCDM258
个人b站复现视频
https://www.bilibili.com/video/BV1fw41137rp/?vd_source=c2cbf1fb7b27180057fbc666e94417ad
re-牢大 byCDM258
主函数
/ GameManager
// Token: 0x06000005 RID: 5 RVA: 0x00002240 File Offset: 0x00000440
public void OnValueChanged(string ABBAAAABBBBAAABABBBABAAABAABAABBABBBBABAABAABAB)
{
uint[] str = new uint[]
{
286331153U,
286331153U,
286331153U,
286331153U
};
byte[] strBytes = Encoding.UTF8.GetBytes(ABBAAAABBBBAAABABBBABAAABAABAABBABBBBABAABAABAB);
int paddingCount = 8 - strBytes.Length % 8;
byte[] paddedArray = new byte[strBytes.Length + paddingCount];
Array.Copy(strBytes, paddedArray, strBytes.Length);
uint[] uintArray = new uint[paddedArray.Length / 4];
Buffer.BlockCopy(paddedArray, 0, uintArray, 0, paddedArray.Length);
uint[] encryptedData = new uint[0];
AAABAAABABABAAABBABBABAAAABBAABBAABABBBBBABAAAB str2 = new AAABAAABABABAAABBABBABAAAABBAABBAABABBBBBABAAAB(str);
for (int i = 0; i < uintArray.Length; i += 2)
{
encryptedData = encryptedData.Concat(str2.BABBBBBBAAAAAABABBBAAAABBABBBAABABAAABABBAAABBA(uintArray[i], uintArray[i + 1])).ToArray<uint>();
}
uint[] array = new uint[]
{
3363017039U,
1247970816U,
549943836U,
445086378U,
3606751618U,
1624361316U,
3112717362U,
705210466U,
3343515702U,
2402214294U,
4010321577U,
2743404694U
};
MonoBehaviour.print(array);
if (array.SequenceEqual(encryptedData))
{
this.BBBAAAAABABABABBABAAAAABBABBAABBABABABABBBABAAB = 5;
this.ABAABAAABABABABABBBBBAAABBAABBBBBAABAAAABBABABB("port");
this.BAABAABBABABABABBBABBBBABBBBBBBABABBAABBABABABB("牢大");
this.AAAABBABAAAABBAABAABAABAABBBAAABBBABBBBBAABABBA("哈哈,我没有变成耐摔王");
return;
}
this.BBBAAAAABABABABBABAAAAABBABBAABBABABABABBBABAAB = 5;
this.ABAABAAABABABABABBBBBAAABBAABBBBBAABAAAABBABABB("耐摔王");
this.BAABAABBABABABABBBABBBBABBBBBBBABABBAABBABABABB("狂暴牢大");
this.AAAABBABAAAABBAABAABAABAABBBAAABBBABBBBBAABABBA("获得成就“耐摔王”");
很明显的tea 这道题混淆了一百多个tea 我们这边直接从 encryptedData = encryptedData.Concat(str2.BABBBBBBAAAAAABABBBAAAABBABBBAABABAAABABBAAABBA(uintArray[i], uintArray[i + 1])).ToArray<uint>(); 这一段 跟进
正确tea加密
// Token: 0x060000AA RID: 170 RVA: 0x000058FC File Offset: 0x00003AFC
public uint[] BABBBBBBAAAAAABABBBAAAABBABBBAABABAAABABBAAABBA(uint ABBAABAAAAAABAAAABBBBBBABAABAAAABBBABBBAABBABBA, uint BAABBAAAAABABBAABBABBAABABABABABABAAABABBBABABA)
{
uint v0 = ABBAABAAAAAABAAAABBBBBBABAABAAAABBBABBBAABBABBA;
uint v = BAABBAAAAABABBAABBABBAABABABABABABAAABABBBABABA;
uint sum = 0U;
uint delta = 2654435769U;
uint[] str2 = this.BBABABBBABBABABAAABBBAABBAAAAAAABBBBBAABBAAAAAA;
for (int i = 0; i < 32; i++)
{
sum += delta;
v0 += ((v << 4) + str2[0] ^ v + sum ^ (v >> 5) + str2[1]);
v += ((v0 << 4) + str2[2] ^ v0 + sum ^ (v0 >> 5) + str2[3]);
}
return new uint[]
{
v0,
v
到这里这题基本上就结束了,找个tea模板套一下就行
#include<string.h>
#include <stdio.h>
int main()
{
unsigned int Data[12] = { 3363017039U,
1247970816U,
549943836U,
445086378U,
3606751618U,
1624361316U,
3112717362U,
705210466U,
3343515702U,
2402214294U,
4010321577U,
2743404694U };
unsigned int key[4] = { 286331153,
286331153,
286331153,
286331153 };
unsigned int tmp[2] = { 0 };
unsigned int sum = 0;
unsigned int delta = 0x9e3779b9;
for (int i = 0; i < 12; i += 2)
{
tmp[0] = Data[i];
tmp[1] = Data[i + 1];
sum = delta * 32;
for (int j = 0; j < 32; ++j)
{
tmp[1] -= ((tmp[0] << 4) + key[2]) ^ (tmp[0] + sum) ^ ((tmp[0] >> 5) + key[3]);
tmp[0] -= ((tmp[1] << 4) + key[0]) ^ (tmp[1] + sum) ^ ((tmp[1] >> 5) + key[1]);
sum -= delta;
}
Data[i] = tmp[0];
Data[i + 1] = tmp[1];
printf("%c%c%c%c%c%c%c%c", ((char*)&Data[i])[0], ((char*)&Data[i])[1], ((char*)&Data[i])[2], ((char*)&Data[i])[3], ((char*)&Data[i + 1])[0], ((char*)&Data[i + 1])[1], ((char*)&Data[i + 1])[2], ((char*)&Data[i + 1])[3]);
}
return 0;
}
OVER~