encryption - Assistance in Decrypting Lua script that is obfuscated with Base64 > SSL -

-

can on here me on decrypting ssl encryption protects lua script linked @ end of topic? encoded base64 ssl, have no idea how ssl portion. used program called bot of legends, , told me possible break encryption dumping decryption function of said program , using ssl key, have no clue start on that. these scripts work connecting authentication server coded script, , have gotten few on own sniffing traffic auth server network packets server link , created own auth server apache, redirected network traffic goes server own script script validated response. scripts have stronger encryption, not easy , have source code remove coding runs auth server checks. until few days ago had no knowledge on how lua coding worked , how compute how auth server checks possible coding in simple text file due lua obfuscation. bear me, if can chime in , give me idea on can do.

regards,

chris

*** pastebin link script in question in raw format: http://pastebin.com/raw.php?i=bg0vqqgw

the base64 section first ssl section @ bottom.

print("ssl decoder version 2.0") print("copyright (c) 2015") print("decoding started...")  local infilename = select(1,...) local outfilename = select(2,...)  local infile = io.open(infilename, "r")  if not infile   error("failed open input file.") end  local intext = infile:read("*a")  infile:close()  local ssltabletext = intext:match("ssl%s*%(%s*%{([%s,0-9]*)%}%s*%)")  if not ssltabletext   error("could not find ssl table in source file.") end  local ssltable = load("return {"..ssltabletext.."}")()  if #ssltable < 255   error("ssl table short -- can't find table encryption key.") end  -- find decryption key ssl table local decrypt = {}  decrypt[0] = 0 = 1,255   local dec =   local enc = ssltable[i]   assert(decrypt[enc] == nil)   decrypt[enc] = dec end  -- decrypt ssl table = 256, #ssltable - 256 -- not sure last 256 bytes   ssltable[i] = decrypt[ssltable[i] ] end  -- if stack overflow, easy change dumb more robust local sslcode = string.char(table.unpack(ssltable, 256, #ssltable - 256))  -- interesting --  --print(sslcode)  local keyindex = sslcode:match("local key%s*=%s*'()") if not keyindex   error("could not find key in decoded ssl table.") end  local key = sslcode:sub(keyindex)  local length = 0 while true   local c = key:sub(length+1, length+1)   if c == ""     error("key string not terminated.")   elseif c == "'"     break   elseif c == "\\"     local c2 = key:sub(length+2, length+2)     if c2:match("%d")       local c3 = key:sub(length+3, length+3)       if c3:match("%d")         local c4 = key:sub(length+4, length+4)         if c4:match("%d")           length = length + 4         else           length = length + 3         end       else         length = length + 2       end     elseif c2 == "x"       length = length + 4     else       length = length + 2     end   else     length = length + 1   end end  key = key:sub(1, length)  if #key == 0   error("key empty") end  print("key found! > " .. key) print("decoding finished, outfile @ > " .. outfilename)  -- find base64 local b64 = intext:match("_g.scriptcode%s*=%s*base64decode%s*%(%s*\"([a-za-z0-9/+]*=*)\"%s*%)") if not b64   error("could not find base-64 encrypted code in source file.") end  -- base64 decode local b64val = {} = 0, 25       local letter = string.byte("a")     b64val[string.char(letter+i)] =   end       local letter = string.byte("a")     b64val[string.char(letter+i)] = + 26   end end = 0, 9   local numeral = string.byte("0")   b64val[string.char(numeral+i)] = + 52 end b64val["+"] = 62 b64val["/"] = 63 b64val["="] = 0  local encoded = b64:gsub("(.)(.)(.)(.)",function(a,b,c,d)   local n = b64val[a] * (64 * 64 * 64) + b64val[b] * (64 * 64) + b64val[c] * 64 + b64val[d]   local b1 = n % 256; n = (n - b1) / 256   local b2 = n % 256; n = (n - b2) / 256   local b3 = n   if d == "="     if c == "="       assert(b1 == 0 , b2 == 0)       return string.char(b3)     else       assert(b1 == 0)       return string.char(b3, b2)     end   else     return string.char(b3, b2, b1)   end end)  -- decode local decoded = encoded:gsub("()(.)", function(i, c)   local b = c:byte()   local ki = ((i - 1) % #key) + 1   local k = key:byte(ki,ki)   b = b - k   if b < 0 b = b + 256 end   return string.char(b) end)  -- verify local result, err = load(decoded) if not result   error("decoded file not loaded -- may corrupt... ("..tostring(err)..")") end  -- output local outfile = io.open(outfilename, "wb")  if not outfile   error("failed open output file.") end  outfile:write(decoded)  outfile:close()

this code extreme coders (https://reverseengineering.stackexchange.com/users/1413/extreme-coders)

how use , u need lua52.exe save code text file , name ssl.lua (for example) run cmd , type lua52 ssl yourscript.lua decryptedscript.lua run , decrypt it.


Comments

Post a Comment

Popular posts from this blog

c - Bitwise operation with (signed) enum value -

-
i using enumerator values flags: typedef enum { = 0x00, b = 0x01u, // u has no influence, expected c = 0x02u, // u has no influence, expected ... } enum_name; volatile unsigned char* reg = someaddress; *reg |= b; according misra-c:2004 bitwise operations shall not done signed type. unfortunately, compiler iar use signed int (or short or char) underlying type of enums, , option can find relates size, not signedness ("--enum-is-int"). according iar c/c++ development guide arm , pages 169 , 211, can define type of enum s if enable iar language extensions ( -e command-line option, or project > options > c/c++ compiler > language > allow iar extensions in ide). in particular, should define "sentinel" value, make sure compiler chooses correct type. prefers signed types, , uses smallest possible integer type, sentinel should largest positive integer corresponding unsigned integer type can describe. example, typedef enum
Read more

xslt - Unnest parent nodes by child node -

-
in xml there items 0-n attributes , item should copied each attribute new item 1 attribute. given xml this: <?xml version="1.0" encoding="utf-8" ?> <items> <item> <name>a</name> <attributes> <attribute> <key>attribute1</key> <value>1</value> </attribute> </attributes> </item> <item> <name>b</name> </item> <item> <name>c</name> <attributes> <attribute> <key>attribute1</key> <value>5</value> </attribute> <attribute> <key>attribute2</key> <value>2</value> </attribute> <attribute> <key>attri
Read more

YouTubePlayerFragment cannot be cast to android.support.v4.app.Fragment -

-
im stuck on 3 days , have tried have come across after lots of searching ,this post last resort, im trying open youtubeplayerfragment using navigation drawer youtubeplayerfragment cannot cast android.support.v4.app.fragment problem edit question : have updated code have used youtubeplayersupportfragment instead of youtubeplayerfragment ,i error in displayview method (case 4: fragment = new youtube(); break;) in main activity saying cannot convert youtube fragment , cannot logcat since cant run it edit question 2: code updated again have runtime problem ,heres logcat 07-22 22:15:09.782: e/androidruntime(20603): fatal exception: main 07-22 22:15:09.782: e/androidruntime(20603): process: net.frankandwalters, pid: 20603 07-22 22:15:09.782: e/androidruntime(20603): java.lang.nullpointerexception: attempt invoke virtual method 'void com.google.android.youtube.player.youtubeplayerview.a()' on null object reference 07-22 22:15:09.782: e/androidruntime(20603): @ com.goog
Read more