-
-
未解决
求大神反汇编一个apk包
1000.00雪花
-
发表于:
2017-4-18 10:00
2586
-
未解决 求大神反汇编一个apk包
1000.00雪花
该apk包里边包含luac文件,但是通过luadec解析失败,求教大神帮忙。
分析了libcocos2dlua.so,找到里边的一个核心代码,但下面不知道怎么继续了。
现在问题应该是opcode被修改了,但是如何还原opcode不会弄。
int __fastcall cocos2d::LuaStack::luaLoadBuffer(int a1, int a2, const char *a3, int a4, const char *a5)
{
int result; // r0@13
int v6; // [sp+10h] [bp-2Ch]@1
char *s1; // [sp+14h] [bp-28h]@1
int v8; // [sp+18h] [bp-24h]@1
int v9; // [sp+1Ch] [bp-20h]@1
int v10; // [sp+20h] [bp-1Ch]@3
int v11; // [sp+24h] [bp-18h]@1
void *ptr; // [sp+28h] [bp-14h]@3
int v13; // [sp+2Ch] [bp-10h]@1
v9 = a1;
v8 = a2;
s1 = (char *)a3;
v6 = a4;
v13 = _stack_chk_guard;
v11 = 0;
if ( *(_BYTE *)(a1 + 28) && !strncmp(a3, *(const char **)(a1 + 40), *(_DWORD *)(a1 + 44)) )
{
v10 = 0;
ptr = (void *)xxtea_decrypt(
(int)&s1[*(_DWORD *)(v9 + 44)],
v6 - *(_DWORD *)(v9 + 44),
*(_DWORD *)(v9 + 32),
*(_DWORD *)(v9 + 36),
&v10);
v11 = luaL_loadbuffer(v8, (int)ptr, v10);
free(ptr);
}
else
{
v11 = luaL_loadbuffer(v8, (int)s1, v6);
}
if ( v11 )
{
switch ( v11 )
{
case 4:
cocos2d::log((cocos2d *)"[LUA ERROR] load \"%s\", error: memory allocation error.", a5);
break;
case 6:
cocos2d::log((cocos2d *)"[LUA ERROR] load \"%s\", error: cannot open/read file.", a5);
break;
case 3:
cocos2d::log((cocos2d *)"[LUA ERROR] load \"%s\", error: syntax error during pre-compilation.", a5);
break;
default:
cocos2d::log((cocos2d *)"[LUA ERROR] load \"%s\", error: unknown.", a5);
break;
}
}
result = v11;
if ( v13 != _stack_chk_guard )
_stack_chk_fail(v11);
return result;
}
[课程]Linux pwn 探索篇!
