Solved how to decrypt lua files without key?

[xxbuffyxx]

hi
i have a lua file it have no key and in ida cant find the key.
its looks like self made decrypted.
Maybe someone can decrypt it.

notice_window

 

[Yaskashije]

We will know how to decrypt it just by seeing the encrypted file; no need to know the apk; we will imagine the library and it's disassembly too.

 

[Sbyky]

We will know how to decrypt it just by seeing the encrypted file; no need to know the apk; we will imagine the library and it's disassembly too.

Hi I'm Trying To Mod Initial Gold Per Every Level In Kingdom Rush - Tower Defense Game v5.7.15, But Apparently That Data Is In Lua Files Which Are Encrypted And The Encryption Key Is Hidden In liblove.so File, I Tried A Lot via Google Searching, Trial & Errors, IDA Pro Inspection, To The Best Of My Abilities, But Since I Don't Possess Any Knowledge Of The Programming Languages, I Failed, And Decided To Ask For Help From Someone Who Knows And Are Passionate About This Kind Of Stuff, I Had Seen Mika Cybertron Encryption & Decryption Tools So I Came Here, I Hope You'd Help. It's Not About Getting The Mod, Mods Are Already Available On The Web, It's About Learning New Things And Making New Kind Of Mod Or Mods. Thank You.

liblove.so main.lua Apk File

 

[noobbb]

Hi I'm Trying To Mod Initial Gold Per Every Level In Kingdom Rush - Tower Defense Game v5.7.15, But Apparently That Data Is In Lua Files Which Are Encrypted And The Encryption Key Is Hidden In liblove.so File, I Tried A Lot via Google Searching, Trial & Errors, IDA Pro Inspection, To The Best Of My Abilities, But Since I Don't Possess Any Knowledge Of The Programming Languages, I Failed, And Decided To Ask For Help From Someone Who Knows And Are Passionate About This Kind Of Stuff, I Had Seen Mika Cybertron Encryption & Decryption Tools So I Came Here, I Hope You'd Help. It's Not About Getting The Mod, Mods Are Already Available On The Web, It's About Learning New Things And Making New Kind Of Mod Or Mods. Thank You.

liblove.so main.lua Apk File

Try hook lual_ loadbuffer

 

[Sbyky]

Try hook lual_ loadbuffer

I Don't Know How To Hook Something & By The Looks Of It, It Ain't Something That's Easily Done.

 

[Sbyky]

Try hook lual_ loadbuffer

I Am Trying To Hook It Using This Tutorial To Get The Decryption Key, Now Kindly Tell Me How I Should Edit This Hook's main.cpp File To Achieve That

Spoiler

#include <jni.h>
//#include <android/log.h>
#include "libs/KittyMemory/MemoryPatch.h"
#include <libs/Substrate/CydiaSubstrate.h>
#include <memory.h>
#include <dlfcn.h>
#include <cstdio>
#include <cstdlib>
#import "include/Utils.h"

//Struct for patches
struct My_Patches {

MemoryPatch GodMode, BypassAnticheat;

} my_cool_Patches;

float (*old_Player_getSkillCooldown)(void *instance);
float (Player_getSkillCooldown)(void *instance) {
if(instance!=NULL) {
return 0;
}
return old_Player_getSkillCooldown(instance);
}

int (*old_Player_getWeaponDamage)(void *instance);
int Player_getWeaponDamage(void *instance) {
if(instance!=NULL) {
return 1000000;
}
return old_Player_getWeaponDamage(instance);
}

__attribute__((constructor))
void libhook_main() {

while(libBase == 0) {
libBase = get_libBase(libName);
sleep(1);
}

//KittyMemory patch example.
my_cool_Patches.GodMode = MemoryPatch(libName, 0x1A2F7F4, "\xfa\x0f\xa0\xe3\x1e\xff\x2f\xe1", 8); //mov r0, #0x3e8 bx lr
my_cool_Patches.GodMode.Modify();

my_cool_Patches.BypassAnticheat = MemoryPatch(libName, 0xF0458A5, "\x1e\xff\x2f\xe1", 4); //bx lr
my_cool_Patches.BypassAnticheat.Modify();

//Usual Hook example.
MSHookFunction((void *)getRealOffset(0x1A2E30A), (void *)Player_getSkillCooldown, (void **) &old_Player_getSkillCooldown);
MSHookFunction((void *)getRealOffset(0x1A2EF90), (void *)Player_getWeaponDamage, (void **) &old_Player_getWeaponDamage);
}

This Is What You Pointed Out, From The Target liblove.so File

Spoiler

.text:001D0894 ; =============== S U B R O U T I N E =======================================
.text:001D0894
.text:001D0894
.text:001D0894 EXPORT luaL_loadbuffer
.text:001D0894 luaL_loadbuffer ; CODE XREF: love::filesystem::w_load(lua_State *)+68p
.text:001D0894 ; luaopen_love_graphics+B2p ...
.text:001D0894
.text:001D0894 var_10 = -0x10
.text:001D0894 var_4 = -4
.text:001D0894
.text:001D0894 STR LR, [SP,#var_4]!
.text:001D0898 SUB SP, SP, #0xC
.text:001D089C MOV R12, #0
.text:001D08A0 STR R12, [SP,#0x10+var_10]
.text:001D08A4 BL luaL_loadbufferx
.text:001D08A8 ADD SP, SP, #0xC
.text:001D08AC LDR PC, [SP+4+var_4],#4
.text:001D08AC ; End of function luaL_loadbuffer
.text:001D08AC
.text:001D08B0
.text:001D08B0 ; =============== S U B R O U T I N E =======================================
.text:001D08B0
.text:001D08B0
.text:001D08B0 EXPORT luaL_loadstring
.text:001D08B0 luaL_loadstring
.text:001D08B0 STMFD SP!, {R4-R6,LR}
.text:001D08B4 MOV R5, R0
.text:001D08B8 MOV R0, R1 ; s
.text:001D08BC MOV R4, R1
.text:001D08C0 BL strlen
.text:001D08C4 MOV R1, R4
.text:001D08C8 MOV R3, R4
.text:001D08CC MOV R2, R0
.text:001D08D0 MOV R0, R5
.text:001D08D4 LDMFD SP!, {R4-R6,LR}
.text:001D08D8 B luaL_loadbuffer
.text:001D08D8 ; End of function luaL_loadstring
.text:001D08D8

Thank You For Your Time, I Appreciate It.

 

[noobbb]

I Am Trying To Hook It Using This Tutorial To Get The Decryption Key, Now Kindly Tell Me How I Should Edit This Hook's main.cpp File To Achieve That

Spoiler

#include <jni.h>
//#include <android/log.h>
#include "libs/KittyMemory/MemoryPatch.h"
#include <libs/Substrate/CydiaSubstrate.h>
#include <memory.h>
#include <dlfcn.h>
#include <cstdio>
#include <cstdlib>
#import "include/Utils.h"

//Struct for patches
struct My_Patches {

MemoryPatch GodMode, BypassAnticheat;

} my_cool_Patches;

float (*old_Player_getSkillCooldown)(void *instance);
float (Player_getSkillCooldown)(void *instance) {
if(instance!=NULL) {
return 0;
}
return old_Player_getSkillCooldown(instance);
}

int (*old_Player_getWeaponDamage)(void *instance);
int Player_getWeaponDamage(void *instance) {
if(instance!=NULL) {
return 1000000;
}
return old_Player_getWeaponDamage(instance);
}

__attribute__((constructor))
void libhook_main() {

while(libBase == 0) {
libBase = get_libBase(libName);
sleep(1);
}

//KittyMemory patch example.
my_cool_Patches.GodMode = MemoryPatch(libName, 0x1A2F7F4, "\xfa\x0f\xa0\xe3\x1e\xff\x2f\xe1", 8); //mov r0, #0x3e8 bx lr
my_cool_Patches.GodMode.Modify();

my_cool_Patches.BypassAnticheat = MemoryPatch(libName, 0xF0458A5, "\x1e\xff\x2f\xe1", 4); //bx lr
my_cool_Patches.BypassAnticheat.Modify();

//Usual Hook example.
MSHookFunction((void *)getRealOffset(0x1A2E30A), (void *)Player_getSkillCooldown, (void **) &old_Player_getSkillCooldown);
MSHookFunction((void *)getRealOffset(0x1A2EF90), (void *)Player_getWeaponDamage, (void **) &old_Player_getWeaponDamage);
}

This Is What You Pointed Out, From The Target liblove.so File

Spoiler

.text:001D0894 ; =============== S U B R O U T I N E =======================================
.text:001D0894
.text:001D0894
.text:001D0894 EXPORT luaL_loadbuffer
.text:001D0894 luaL_loadbuffer ; CODE XREF: love::filesystem::w_load(lua_State *)+68p
.text:001D0894 ; luaopen_love_graphics+B2p ...
.text:001D0894
.text:001D0894 var_10 = -0x10
.text:001D0894 var_4 = -4
.text:001D0894
.text:001D0894 STR LR, [SP,#var_4]!
.text:001D0898 SUB SP, SP, #0xC
.text:001D089C MOV R12, #0
.text:001D08A0 STR R12, [SP,#0x10+var_10]
.text:001D08A4 BL luaL_loadbufferx
.text:001D08A8 ADD SP, SP, #0xC
.text:001D08AC LDR PC, [SP+4+var_4],#4
.text:001D08AC ; End of function luaL_loadbuffer
.text:001D08AC
.text:001D08B0
.text:001D08B0 ; =============== S U B R O U T I N E =======================================
.text:001D08B0
.text:001D08B0
.text:001D08B0 EXPORT luaL_loadstring
.text:001D08B0 luaL_loadstring
.text:001D08B0 STMFD SP!, {R4-R6,LR}
.text:001D08B4 MOV R5, R0
.text:001D08B8 MOV R0, R1 ; s
.text:001D08BC MOV R4, R1
.text:001D08C0 BL strlen
.text:001D08C4 MOV R1, R4
.text:001D08C8 MOV R3, R4
.text:001D08CC MOV R2, R0
.text:001D08D0 MOV R0, R5
.text:001D08D4 LDMFD SP!, {R4-R6,LR}
.text:001D08D8 B luaL_loadbuffer
.text:001D08D8 ; End of function luaL_loadstring
.text:001D08D8

Thank You For Your Time, I Appreciate It.

int abc=1;
void * (*old_lual_loadbuffer)(void * L, const char * buff, size_t size, string name);
void * lual_loadbuffer(void * L, const char * buff, size_t size, string name){
const char* b = std::to_string(abc).c_str();
const char *url_v1 = "/data/user/0/com.romanzone.sevensphere.qooapp/";
string const& cc = string(url_v1) +string(b);
const char *nmb = cc.c_str();
//dump lua
FILE* v1=fopen(nmb,"w+");
fwrite((void *)buff,size,1,v1);
fclose(v1);
abc=abc+1;
return old_lual_loadbuffer( L,buff, size, name);
}

 

[sdaslk;dksd]

e

 

[Sbyky]

int abc=1;
void * (*old_lual_loadbuffer)(void * L, const char * buff, size_t size, string name);
void * lual_loadbuffer(void * L, const char * buff, size_t size, string name){
const char* b = std::to_string(abc).c_str();
const char *url_v1 = "/data/user/0/com.romanzone.sevensphere.qooapp/";
string const& cc = string(url_v1) +string(b);
const char *nmb = cc.c_str();
//dump lua
FILE* v1=fopen(nmb,"w+");
fwrite((void *)buff,size,1,v1);
fclose(v1);
abc=abc+1;
return old_lual_loadbuffer( L,buff, size, name);
}

I Tried This Code In The main.cpp As

#include <jni.h>
//#include <android/log.h>
#include "libs/KittyMemory/MemoryPatch.h"
#include <libs/Substrate/CydiaSubstrate.h>
#include <memory.h>
#include <dlfcn.h>
#include <cstdio>
#include <cstdlib>
#import "include/Utils.h"

int abc=1;
void * (*old_lual_loadbuffer)(void * L, const char * buff, size_t size, string name);
void * lual_loadbuffer(void * L, const char * buff, size_t size, string name){
    const char* b = std::to_string(abc).c_str();
    const char *url_v1 = "/data/user/0/com.ironhidegames.android.kingdomrush/";
    string const& cc = string(url_v1) +string(b);
    const char *nmb = cc.c_str();
    //dump lua
    FILE* v1=fopen(nmb,"w+");
    fwrite((void *)buff,size,1,v1);
    fclose(v1);
    abc=abc+1;
    return old_lual_loadbuffer( L,buff, size, name);
}

__attribute__((constructor))
void libhook_main() {

    while(libBase == 0) {
        libBase = get_libBase(libName);
        sleep(1);
    }   
    
    MSHookFunction((void *)getRealOffset(0x1D0894), (void *)lual_loadbuffer, (void **) &old_lual_loadbuffer);
}

And Got These Errors When I Executed Build.bat File To Make The libstring.so File

ndk path: C:\Hooking\android-ndk-r16b
C:\Hooking\Hooking-and-Patching-android-template-master
project path: C:\Hooking\Hooking-and-Patching-android-template-master

What architecture do you need ?
1. armeabi-v7a 2. arm64-v8a 3. All
Enter choice: 1

APP_OPTIM is release ...
[armeabi-v7a] Compile++ thumb: string <= main.cpp
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:12:
73: error:
      unknown type name 'string'; did you mean 'jstring'?
  ...* L, const char * buff, size_t size, string name);
                                          ^~~~~~
                                          jstring
C:/Hooking/android-ndk-r16b/build//../sysroot/usr/include\jni.h:64:25: note:
      'jstring' declared here
typedef _jstring*       jstring;
                        ^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:13:
66: error:
      unknown type name 'string'; did you mean 'jstring'?
void * lual_loadbuffer(void * L, const char * buff, size_t size, string name){
                                                                 ^~~~~~
                                                                 jstring
C:/Hooking/android-ndk-r16b/build//../sysroot/usr/include\jni.h:64:25: note:
      'jstring' declared here
typedef _jstring*       jstring;
                        ^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:14:
23: error:
      no member named 'to_string' in namespace 'std'
        const char* b = std::to_string(abc).c_str();
                        ~~~~~^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:16:
2: error:
      use of undeclared identifier 'string'; did you mean 'stdin'?
        string const& cc = string(url_v1) +string(b);
        ^~~~~~
        stdin
C:/Hooking/android-ndk-r16b/build//../sysroot/usr/include\stdio.h:62:14: note:
      'stdin' declared here
extern FILE* stdin __INTRODUCED_IN(23);
             ^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:16:
8: error:
      expected ';' after expression
        string const& cc = string(url_v1) +string(b);
              ^
              ;
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:16:
16: error:
      C++ requires a type specifier for all declarations
        string const& cc = string(url_v1) +string(b);
               ~~~~~  ^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:16:
21: error:
      use of undeclared identifier 'string'
        string const& cc = string(url_v1) +string(b);
                           ^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:16:
2: warning:
      expression result unused [-Wunused-value]
        string const& cc = string(url_v1) +string(b);
        ^~~~~~
1 warning and 7 errors generated.
make: *** [C:\Hooking\Hooking-and-Patching-android-template-master\x32/obj/local
/armeabi-v7a/objs/string/src/main.o] Error 1
Build failed.

Press any key to continue . . .

I Had Tried With The Original Dummy main.cpp File That Came In The Zip, And It Makes The libstring.so File Without Any Errors, I'm Just Saying This To Illustrate That All Other Settings Are Okay, I Have Already Said This But I Will Repeat That I Do Not Possess Any Programming Knowledge Other Than That Which I'm In Need Of And Is Provided By The Internet Or Someone On The Internet. Thank You.

 

[Kaorin333]

I Tried This Code In The main.cpp As

#include <jni.h>
//#include <android/log.h>
#include "libs/KittyMemory/MemoryPatch.h"
#include <libs/Substrate/CydiaSubstrate.h>
#include <memory.h>
#include <dlfcn.h>
#include <cstdio>
#include <cstdlib>
#import "include/Utils.h"

int abc=1;
void * (*old_lual_loadbuffer)(void * L, const char * buff, size_t size, string name);
void * lual_loadbuffer(void * L, const char * buff, size_t size, string name){
    const char* b = std::to_string(abc).c_str();
    const char *url_v1 = "/data/user/0/com.ironhidegames.android.kingdomrush/";
    string const& cc = string(url_v1) +string(b);
    const char *nmb = cc.c_str();
    //dump lua
    FILE* v1=fopen(nmb,"w+");
    fwrite((void *)buff,size,1,v1);
    fclose(v1);
    abc=abc+1;
    return old_lual_loadbuffer( L,buff, size, name);
}

__attribute__((constructor))
void libhook_main() {

    while(libBase == 0) {
        libBase = get_libBase(libName);
        sleep(1);
    }  
   
    MSHookFunction((void *)getRealOffset(0x1D0894), (void *)lual_loadbuffer, (void **) &old_lual_loadbuffer);
}

And Got These Errors When I Executed Build.bat File To Make The libstring.so File

ndk path: C:\Hooking\android-ndk-r16b
C:\Hooking\Hooking-and-Patching-android-template-master
project path: C:\Hooking\Hooking-and-Patching-android-template-master

What architecture do you need ?
1. armeabi-v7a 2. arm64-v8a 3. All
Enter choice: 1

APP_OPTIM is release ...
[armeabi-v7a] Compile++ thumb: string <= main.cpp
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:12:
73: error:
      unknown type name 'string'; did you mean 'jstring'?
  ...* L, const char * buff, size_t size, string name);
                                          ^~~~~~
                                          jstring
C:/Hooking/android-ndk-r16b/build//../sysroot/usr/include\jni.h:64:25: note:
      'jstring' declared here
typedef _jstring*       jstring;
                        ^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:13:
66: error:
      unknown type name 'string'; did you mean 'jstring'?
void * lual_loadbuffer(void * L, const char * buff, size_t size, string name){
                                                                 ^~~~~~
                                                                 jstring
C:/Hooking/android-ndk-r16b/build//../sysroot/usr/include\jni.h:64:25: note:
      'jstring' declared here
typedef _jstring*       jstring;
                        ^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:14:
23: error:
      no member named 'to_string' in namespace 'std'
        const char* b = std::to_string(abc).c_str();
                        ~~~~~^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:16:
2: error:
      use of undeclared identifier 'string'; did you mean 'stdin'?
        string const& cc = string(url_v1) +string(b);
        ^~~~~~
        stdin
C:/Hooking/android-ndk-r16b/build//../sysroot/usr/include\stdio.h:62:14: note:
      'stdin' declared here
extern FILE* stdin __INTRODUCED_IN(23);
             ^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:16:
8: error:
      expected ';' after expression
        string const& cc = string(url_v1) +string(b);
              ^
              ;
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:16:
16: error:
      C++ requires a type specifier for all declarations
        string const& cc = string(url_v1) +string(b);
               ~~~~~  ^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:16:
21: error:
      use of undeclared identifier 'string'
        string const& cc = string(url_v1) +string(b);
                           ^
C:/Hooking/Hooking-and-Patching-android-template-master/x32/jni/src/main.cpp:16:
2: warning:
      expression result unused [-Wunused-value]
        string const& cc = string(url_v1) +string(b);
        ^~~~~~
1 warning and 7 errors generated.
make: *** [C:\Hooking\Hooking-and-Patching-android-template-master\x32/obj/local
/armeabi-v7a/objs/string/src/main.o] Error 1
Build failed.

Press any key to continue . . .

I Had Tried With The Original Dummy main.cpp File That Came In The Zip, And It Makes The libstring.so File Without Any Errors, I'm Just Saying This To Illustrate That All Other Settings Are Okay, I Have Already Said This But I Will Repeat That I Do Not Possess Any Programming Knowledge Other Than That Which I'm In Need Of And Is Provided By The Internet Or Someone On The Internet. Thank You.

i dont wanna offend you, and i really like topics about lua. But please stop writting like someone who is a retard.

 

[Vector4]

This is bytecode from LuaJIT's modified Lua VM. There are decompilers available for LuaJIT, and the one I used (not perfect, has some errors) gave me this result.

 

[Sbyky]

i dont wanna offend you, and i really like topics about lua. But please stop writting like someone who is a retard.

i sure am offended but then again everyone's definition of a retard is different, if it's causing you so much discomfort, i will change my writing style.

 

[Sbyky]

This is bytecode from LuaJIT's modified Lua VM. There are decompilers available for LuaJIT, and the one I used (not perfect, has some errors) gave me this result.

thank you so much LuaJIT Raw-Bytecode Decompiler (LJD) worked like a charm and decompiled the .lua files successfully, thank you everyone for your sincere efforts to help, i really really appreciate it, thank you.

 

[DaRealPanDa]

@xxbuffyxx
Is the question solved for you?
if you don't anwer within this week i will close this thread and set it to "solved".
You can always ask to reopen the thread after that.