2

enter image description here

I am trying to decrypt luas files it use cocos2dx but its encrypted maybe aes encryption. With frida i can extract most lua files but not all. And with ida64 i cant find the key.

xbuyk987
  • 53
  • 4
  • As you are already using Frida, have you tried to identify the cryptographic functions and hook them to get the key and the crypto-/ and matching plaintext? – Robert Mar 28 '23 at 08:40
  • problem is ida64 is soo slow to debug with android device samsung s7 and with frida it dont trigger and xxtea and aes dont trigger so i must use ida64 to debug. And some times and it crash and wow i most restart from null – xbuyk987 Mar 28 '23 at 18:17
  • have someone a way how to decrypt aes encryptions? – xbuyk987 Mar 29 '23 at 10:04
  • You don't need Ida to debug. Just use IDA to identify the crypto functions and then write the frida code to hook them. – Robert Mar 29 '23 at 12:30
  • Mhh when i find the right crypto functions but know i found that some files have the same sign

    Here when you want to debug decompile... self http://bit.ly/3E3VACp PirateArena the newest version for 64bit and a dead game (the servers are live but discord is dead) here my discord when you want to talk Madara981#0086

     – xbuyk987 Mar 29 '23 at 13:02
  • 1
    ida64 open \lib\arm64-v8a\libcocos2dlua.so in function AppDelegate::applicationDidFinishLaunching. You can see IV and KEY for AES CBC mode algorithm.

    image

    IV: 08 C6 0B 9E 20 74 7B A1 8F 7E FA 81 12 BB 36 0C

    KEY: DC 6A D9 83 4A 8B AF 68 0C CB 2C 22 B1 FE 3B 22 03 97 AB E3 3D 2F 56 1E 61 CF EA A9 96 A6 94 4D

     – xax Mar 31 '23 at 15:49

0 Answers0