-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathlibtersafe2_str_decrypt.py
More file actions
140 lines (124 loc) · 3.48 KB
/
libtersafe2_str_decrypt.py
File metadata and controls
140 lines (124 loc) · 3.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
import idc,idaapi,idautils
g_sum = -1
g_formula = []
g_result = []
def parse_inst(ea,target):
global g_formula
#pop add ldr
inst = idc.GetDisasm(ea)
# print "inst : 0x%x -> %s" % (ea,inst)
m = idc.GetMnem(ea)
if m == 'POP':
# POP {R0}
op_Rd = idc.GetOpnd(ea,0)
if target == op_Rd[1:-1]:
op_Rd = idc.GetOpnd(ea,0)
if target in op_Rd:
# print "valid inst : 0x%x -> %s" % (ea,inst)
# print "target change to PUSH"
return 'PUSH'
elif m == 'PUSH' and target == 'PUSH':
# PUSH {R4}
op_Rd = idc.GetOpnd(ea,0)
# print "valid inst : 0x%x -> %s" % (ea,inst)
# print "target change to %s" % op_Rd[1:-1]
return op_Rd[1:-1]
elif m == 'LDR':
op_Rd = idc.GetOpnd(ea,0)
if op_Rd == target:
Rn_type = idc.GetOpType(ea,1)
# print "Rn_type : %d" % Rn_type
if Rn_type == 2: #o_mem
# LDR R0,=0xB5F
mem_addr = idc.GetOperandValue(ea,1)
g_formula.append({'=':idc.Dword(mem_addr)})
# print "valid inst : 0x%x -> %s" % (ea,inst)
return None
elif Rn_type == 4: #o_displ
#LDR R5, [SP,#0x188+var_18]
op_Rn = GetOpnd(ea, 1)
# print "valid inst : 0x%x -> %s" % (ea,inst)
# print "target change to %s" % op_Rn
return op_Rn
elif m == 'ADDS':
# ADDS R0,#0x28
op_Rd = idc.GetOpnd(ea,0)
if op_Rd == target:
Rn_type = idc.GetOpType(ea,1)
# print "Rn_type : %d" % Rn_type
if Rn_type == 5:#o_imm
# print "valid inst : 0x%x -> %s" % (ea,inst)
imm = idc.GetOperandValue(ea,1)
g_formula.append({'+':imm})
elif m == 'STR':
#STR R0, [SP,#0x188+var_18]
op_Rn = idc.GetOpnd(ea,1)
if op_Rn == target:
op_Rd = GetOpnd(ea, 0)
# print "valid inst : 0x%x -> %s" % (ea,inst)
# print "target change to %s" % op_Rd
return op_Rd
elif m == 'MOVS':
op_Rd = idc.GetOpnd(ea,0)
if op_Rd == target:
Rn_type = idc.GetOpType(ea,1)
if Rn_type == 5:#o_imm
imm = idc.GetOperandValue(ea,1)
g_formula.append({'=':imm})
return None
elif m == 'LSLS':
#0xa4560
op_Rd = idc.GetOpnd(ea,0)
if op_Rd == target:
Rm_type = idc.GetOpType(ea,1)
op_Rm = idc.GetOpnd(ea,1)
Rs_type = idc.GetOpType(ea,2)
if Rm_type == 1 and Rs_type == 5:#o_reg/o_imm
imm = idc.GetOperandValue(ea,2)
g_formula.append({'*':(2 ** imm)})
# print "valid inst : 0x%x -> %s" % (ea,inst)
# print "target change to %s" % op_Rm
return op_Rm
else:
print "error, inst : 0x%x -> %s" % (ea,inst)
return target
def calu_r0(ea):
global g_sum,g_formula
inst_addr = idc.PrevHead(ea)
cur_func = idaapi.get_func(ea)
target = 'R0'
g_sum = -1
g_formula = []
while (inst_addr != idc.BADADDR) and (inst_addr > cur_func.startEA):
target = parse_inst(inst_addr,target)
if target == None:
break
inst_addr = idc.PrevHead(inst_addr)
for idx,operator_dic in enumerate(reversed(g_formula)) :
key = operator_dic.keys()[0]
value = operator_dic[key]
if idx == 0:
if key == '=':
g_sum = value
else:
#0xd617e
print "error, first operator is not ="
break
elif idx > 0:
if key == '+':
g_sum += value
elif key == '*':
g_sum *= value
print "finish, g_sum : %d " % g_sum
if g_sum != -1:
d = {ea:g_sum}
g_result.append(d)
# calu_r0(idc.ScreenEA())
addr = idc.LocByName("StrDecrypt")
print "addr : 0x%x" % addr
for ea in idautils.CodeRefsTo(addr, 0):
# if 0x203C3A < ea < 0x20468C:
# continue
print "start ea : 0x%x" % ea
calu_r0(ea)
# print g_result