Macintosh-SW
/
depace
mirror of https://github.com/barberd/depace.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
depace/decrypt/macwars-_-decrypt.py

181 lines
4.7 KiB
Python
Executable File
Raw Permalink Blame History

#!/usr/bin/env python3
import sys
ror = lambda val, r_bits, max_bits: \
((val & (2**max_bits-1)) >> r_bits%max_bits) | \
(val << (max_bits-(r_bits%max_bits)) & (2**max_bits-1))
rol = lambda val, r_bits, max_bits: \
(val << r_bits%max_bits) & (2**max_bits-1) | \
((val & (2**max_bits-1)) >> (max_bits-(r_bits%max_bits)))
def getkey1(start,end):
key = int("0x50414345",0)
i = start + 0x80
while(i<=(end + 0x80)):
fh.seek(i);
ib = int.from_bytes(fh.read(1),byteorder='big')
key+=ib
i+=1
return key
def get_bit(i):
i=i%8
return (0x1 << i)
def getkey2(key,start,end,inflag,obfuscator):
i = start
while(i<=end):
bitnum = 0x80
if inflag==0:
bitnum=0x1
fh.seek(i+0x80);
ib = int.from_bytes(fh.read(1),byteorder='big')
while True:
key = key << 1
test_mask=get_bit(bitnum)
if key<(2**32):
if((test_mask & ib)==0):
key = key ^ obfuscator
else:
key = key & 0xFFFFFFFF
if((test_mask & ib)!=0):
key = key ^ obfuscator
if (inflag!=0):
bitnum = ror(bitnum,1,8)
if ((bitnum & 0x80)!=0):
break
else:
bitnum = rol(bitnum,1,8)
if ((bitnum & 0x1)==0x1):
break
i+=1
return key
def write_decrypt1(start,end,key):
fh.seek(start+0x80)
inblock=bytearray(fh.read(end-start+1))
outblock=decrypt1(key,inblock[:])
fh.seek(start+0x80)
fh.write(bytes(outblock))
def decrypt1(key,block):
def rotate_key(d0,d1,d2):
if d2==0:
d0 = ror(d0,d1,32)
else:
d0 = rol(d0,d1,32)
return d0
i=0
while i<len(block):
key_lb = key&0xFF
i_lb = i&0xFF
if (i_lb&0x1 == 0):
key_lb = key_lb & 0xF
else:
key_lb = (key_lb >> 4) &0xFFFF
key = rotate_key(key,key_lb,0)
ib = block[i]
key_lb = key&0xFF
output = ib ^ key_lb
block[i]=output
i+=1
return block
def write_decrypt2(i,end,key,salt):
fh.seek(i+0x80)
block=fh.read(end-i+1)
fh.seek(i+0x80)
fh.write(decrypt2(block,key,salt))
def swap(inbyte):
in_th = inbyte>>16
in_bh = (inbyte & 0xFFFF)
out = (in_bh << 16) + in_th
return out
def decrypt2(block,key,salt):
blockarray=bytearray(block)
i=0
while(i<len(blockarray)):
d2=key
d4=key
d2=swap(d2)
key+=d2
key=key & 0xFFFF
d4=swap(d4)
d4=d4 & 0xFFFF0000
key+=d4
key=swap(key)
key+=salt
key=key&0xFFFFFFFF
ib = blockarray[i]
output=ib ^ (key & 0xFF)
blockarray[i]=output
i+=1
return bytes(blockarray)
def copybytes(source,target,count):
fh.seek(source+0x80)
block=fh.read(count)
fh.seek(target+0x80)
fh.write(block)
def savebytes(filename,start,end):
fh.seek(start+0x80)
oh=open(filename,"wb")
oh.write(fh.read(end-start+1))
oh.close()
fh = open("_.bin","r+b")
#round 1
key= getkey1(0xb504,0xb669)
key2 = getkey1(0xb504,0xd019)
write_decrypt1(0xb66a,0xd088-1,key)
#round 2
key= getkey2(0,0xb504,0xb9b5,0,0x8005)
key2 = (key2 + getkey2(0x50414345,0xb504,0xd019,0xFF,0x8005)) & 0xFFFFFFFF
write_decrypt2(0xb9b6,0xd080-1,key,0x776de01d)
#round 3
key= (getkey2(0xAAAAAAAA,0xb504,0xc835,0,0x1021) + 0x41BA) & 0xFFFFFFFF
key2 = (key2 + getkey2(0x50414345,0xb504,0xd019,0xFF,0x1021)) & 0xFFFFFFFF
write_decrypt2(0xc836,0xd07f-1,key,0xdddaac4d)
#round 4 (jump table and code tables)
key= getkey2(0x55555555,0xb66a,0xd019,0xFF,0x8005) & 0xFFFFFFFF
key = (key + key2 + getkey2(0x50414345,0xc836,0xd019,0x0,0x8005)) & 0xFFFFFFFF
copybytes(0xd08f,0x114,0xD-0x5)
write_decrypt2(0x114,0x784-1,key,0xd975bb1d)
#bruteforce the key. Use CODE1's first byte as the target.
i=0
fh.seek(0x788 + 0x80)
testblock=bytearray(fh.read(1))
while i<0xFF:
testkey = (key+i)&0xFFFFFFFF
outblock=decrypt2(testblock[:],testkey,0xad95322d)
if outblock[0]==0:
print("Key add:",hex(i),outblock)
break
i+=1
key=testkey
write_decrypt2(0x788,0x788+0x23A-1,key,0xad95322d) #CODE1
write_decrypt2(0x9c6,0x9c6+0x4bb0-1,key,0xad95322d) #CODE2
write_decrypt2(0x557a,0x557a+0x21ec-1,key,0xad95322d) #CODE3
write_decrypt2(0x776a,0x776a+0x3282-1,key,0xad95322d) #CODE4
write_decrypt2(0xa9f0,0xa9f0+0x352-1,key,0xad95322d) #CODE5
write_decrypt2(0xad46,0xad46+0x570-1,key,0xad95322d) #CODE6
write_decrypt2(0xb2ba,0xb2ba+0x5e-1,key,0xad95322d) #CODE255
fh.close()
Reference in New Issue View Git Blame Copy Permalink