首页
社区
课程
招聘
[下载]retdec ida7.5版,支持arm64,x86等等
发表于: 2021-7-12 15:27 8200

[下载]retdec ida7.5版,支持arm64,x86等等

2021-7-12 15:27
8200

用于ida7.5版本,比f5插件慢一些。但是反编译效果还算不错,可以拿进去再次编译回去,有函数声明,全局变量声明

 

把__asm_svc(0)去掉就行

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
//各种版权信息这里先略过,对于编译没啥用
 
#include <stdint.h>
 
// ------------------- Function Prototypes --------------------
 
int64_t decrypt_string(uint32_t param_index);
 
// --------------------- Global Variables ---------------------
 
char byte_96954[68]; // 0x96954
char global_string_region[2640]; // 0x95f04
int64_t hash_region = 0x272c302a2c28000a; // 0x94328
 
// ------------------------ Functions -------------------------
 
// Address range: 0x117e8 - 0x11a34
// Comment:       decrypt
int64_t decrypt_string(uint32_t param_index) {
    int64_t v1 = param_index; // 0x11810
    char * v2 = (char *)(v1 + (int64_t)&hash_region); // 0x11814
    unsigned char v3 = *v2; // 0x11814
    int64_t result; // 0x117e8
    int64_t v4; // 0x117e8
    if (v3 == 1) {
        unsigned char v5 = *(char *)(v1 + (int64_t)&global_string_region + 1); // 0x11830
        result = v1 + (int64_t)&global_string_region + 2;
        v4 = v5;
    } else {
        unsigned char v6 = *(char *)(v1 + (int64_t)&hash_region + 1) ^ v3;
        int64_t v7 = v6; // 0x11844
        int64_t v8 = v1 + (int64_t)&hash_region + 2; // 0x1184c
        int64_t v9 = v8; // 0x11854
        char v10 = -1; // 0x11854
        if (v6 != 0) {
            int64_t v11 = v7 - 1; // 0x11868
            int64_t v12 = 255 ^ (int64_t)*(char *)v9; // 0x1186c
            int64_t v13 = v12; // 0x11870
            int64_t v14 = v11; // 0x11870
            v9++;
            while (v11 != 0) {
                // 0x11864
                v11 = v14 - 1;
                v12 = v13 ^ (int64_t)*(char *)v9;
                v13 = v12;
                v14 = v11;
                v9++;
            }
            // 0x1187c
            v10 = v12;
        }
        int64_t v15 = v7 + 1;
        if (*(char *)(v15 + v8) != v10) {
            // 0x11890
            __asm_svc(0);
        }
        int64_t v16 = 49; // 0x118c8
        int64_t v17 = 1; // 0x118c8
        if (byte_96954[0] == 0) {
            *(char *)(v17 + (int64_t)&byte_96954) = (char)v16;
            int64_t v18 = v17 + 1; // 0x118e4
            v16 = v16 + 1 & 0xffffffff;
            v17 = v18;
            int64_t v19 = 0; // 0x118ec
            int64_t v20 = 65; // 0x118ec
            while (v18 != 10) {
                // 0x118dc
                *(char *)(v17 + (int64_t)&byte_96954) = (char)v16;
                v18 = v17 + 1;
                v16 = v16 + 1 & 0xffffffff;
                v17 = v18;
                v19 = 0;
                v20 = 65;
            }
            int64_t v21 = v19 + 1; // 0x118fc
            *(char *)(v19 + (int64_t)&byte_96954 + 10) = (char)v20;
            v19 = v21;
            v20 = v20 + 1 & 0xffffffff;
            while (v21 != 26) {
                // 0x118f8
                v21 = v19 + 1;
                *(char *)(v19 + (int64_t)&byte_96954 + 10) = (char)v20;
                v19 = v21;
                v20 = v20 + 1 & 0xffffffff;
            }
            // 0x11910
            byte_96954[0] = 48;
        }
        int64_t v22 = v1 + (int64_t)&global_string_region + 2; // 0x11918
        int64_t v23 = v22; // 0x1191c
        int64_t v24 = v8; // 0x1191c
        char v25 = -1; // 0x1191c
        if (v6 != 0) {
            uint64_t v26 = (int64_t)v3 % 256; // 0x11944
            char v27 = *(char *)((-36 * 0x38e38e39 * v26 / 0x800000000 + v26 & 0xffffffff) + (int64_t)&byte_96954); // 0x11958
            int64_t v28 = v7 + 0xffffffff; // 0x11960
            *(char *)v23 = v27 ^ *(char *)v24;
            v23++;
            v24++;
            int64_t v29 = v28 & 0xffffffff; // 0x1196c
            int64_t v30 = v26 + 1; // 0x1196c
            int64_t v31 = v22; // 0x1196c
            while ((int32_t)v28 != 0) {
                // 0x11944
                v26 = v30 % 256;
                v27 = *(char *)((-36 * 0x38e38e39 * v26 / 0x800000000 + v26 & 0xffffffff) + (int64_t)&byte_96954);
                v28 = v29 + 0xffffffff;
                *(char *)v23 = v27 ^ *(char *)v24;
                v23++;
                v24++;
                v29 = v28 & 0xffffffff;
                v30 = v26 + 1;
                v31 = v22;
            }
            int64_t v32 = v7 + 0xffffffff; // 0x11984
            int64_t v33 = 255 ^ (int64_t)*(char *)v31; // 0x11988
            int64_t v34 = v33; // 0x1198c
            v31++;
            int64_t v35 = v32 & 0xffffffff; // 0x1198c
            while ((int32_t)v32 != 0) {
                // 0x11980
                v32 = v35 + 0xffffffff;
                v33 = v34 ^ (int64_t)*(char *)v31;
                v34 = v33;
                v31++;
                v35 = v32 & 0xffffffff;
            }
            // 0x11998
            v25 = v33;
        }
        // 0x11998
        *(char *)(v15 + v22) = v25;
        int64_t v36 = (0x100000000 * (int64_t)param_index + 0x200000000 >> 32) + v7; // 0x119a8
        *(char *)(v36 + (int64_t)&global_string_region) = 0;
        *(char *)(v1 + (int64_t)&global_string_region) = 1;
        *(char *)(v1 + (int64_t)&global_string_region + 1) = v6;
        *(char *)(v36 + (int64_t)&hash_region) = 0;
        *v2 = 1;
        result = v22;
        v4 = v7;
    }
    int64_t v37 = 255; // 0x119c4
    int64_t v38 = v4; // 0x119c4
    int64_t v39 = result; // 0x119c4
    char v40 = -1; // 0x119c4
    if (v4 != 0) {
        v38--;
        v37 ^= (int64_t)*(char *)v39;
        v39++;
        while (v38 != 0) {
            // 0x119d0
            v38--;
            v37 ^= (int64_t)*(char *)v39;
            v39++;
        }
        // 0x119e0
        v40 = v37;
    }
    // 0x119e0
    if (*(char *)(result + 1 + v4) != v40) {
        // 0x119f4
        __asm_svc(0);
    }
    // 0x11a14
    return result;
}

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

注:下载本附件需支付 5雪币(note:5 points for downloading this attachment)
上传的附件:
收藏
免费 0
支持
分享
最新回复 (12)
雪    币: 2386
活跃值: (8785)
能力值: ( LV2,RANK:15 )
在线值:
发帖
回帖
粉丝
2
官网:https://retdec.com
Github:https://github.com/avast/retdec-idaplugin
2021-7-12 16:04
0
雪    币: 12502
活跃值: (3068)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
3
FleTime 官网:https://retdec.com Github:https://github.com/avast/retdec-idaplugin

官网直接下载有点问题,这个没啥问题。亲测。具体来说就是,arm64和x64,会卡好久好久。。。体验非常的不好。我的电脑是win10 i5-10代,8g内存,都卡的飞起。。。。。15分钟也反编译不完一个非常简单的函数。

最后于 2021-7-12 16:16 被白菜大哥编辑 ,原因:
2021-7-12 16:13
0
雪    币: 12502
活跃值: (5243)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4

下载两次都解压缩出错,.
2021-7-13 11:13
0
雪    币: 12502
活跃值: (3068)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
5
xie风腾 [em_5] 下载两次都解压缩出错,.
哥,你四个都下载,放在一起解压,这是个分卷压缩,单独解压是没有东西的。。其实我也不想分卷,但是论坛文件要求8M最大了。。
2021-7-13 12:08
0
雪    币: 12502
活跃值: (5243)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6

是4个一起解的,报错
2021-7-13 12:29
0
雪    币: 12502
活跃值: (5243)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
7
用 RAR 可以解吗?
2021-7-13 12:30
0
雪    币: 12502
活跃值: (3068)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
8
xie风腾 用 RAR 可以解吗?
我用的开源的7zip
2021-7-13 13:32
0
雪    币: 100
活跃值: (2493)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
9
试了反编译 so 响应速度还可以,但是实际用处一般只能做参考,可能我还没Get到点。
2021-7-13 14:07
0
雪    币: 277
活跃值: (3358)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
10
有啥优点,有大佬说明下么
2021-7-13 15:47
0
雪    币: 12502
活跃值: (5243)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
11
白菜大哥 我用的开源的7zip

打开了,多谢楼主分享
2021-7-13 17:39
0
雪    币: 516
活跃值: (1888)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
12
这东西可太牛逼了
2021-7-15 22:40
0
雪    币: 1922
活跃值: (4165)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
13
速度有点慢,效果挺不错,感谢分享
2021-8-6 09:10
0
游客
登录 | 注册 方可回帖
返回
//