@caoyang131 大佬,我最近在研究_info.psb.m&_body.bin的解包,是new game的,我发现你之前有研究过这种打包方式,然后我又通过外面得知了key,但是当我尝试使用exm2lib.cpp编译一个exe的时候,报错缺少好几个头文件,请问你之前是怎么解压的
(他给的链接失效了)
(他给的链接失效了)
百影虱子吧 关注:7贴子:162
- 19回复贴,共1页
首先,类似于_info.psb.m&_body.bin的PSB引擎早已由number201724在github开源的psbfile所解决。
但是psbfile只能解决解密后的psb,对于掌机来说psb还有一层加密壳。今天我就告诉你如何加解密:
其实加解密psb的算法也在很久就由feitiange给出来了(在研究了exm2lib源码之后)
具体我也记得不大清了,只记得是用了md5和著名的MT19937算法变种(貌似?当时本人研究都要吐了)
算了直接贴本人的python源码:
import hashlib,struct,zlib,os,glob,io
key = 'a9231213e7231' # 这里换成你的key
repeatLen = 0x83 # 默认都是0x83
N = 624
M = 397
MATRIX_A = 0x9908b0df
UPPER_MASK = 0x80000000
LOWER_MASK = 0x7fffffff
mt = [1]*N
mti = N+1
def init_genrand(s):
global mti
mt[0] = s&0xffffffff
for i in range(1,N):
mt[i] = (1812433253*(mt[i-1]^(mt[i-1]>>30))+i);
mt[i] &= 0xffffffff
mti = N
def init_by_array(init_key,key_length):
init_genrand(19650218)
i=1
j=0
if N>key_length:
k = N
else:
k = key_length
for x in range(k):
mt[i] = (mt[i] ^ ((mt[i-1] ^ (mt[i-1] >> 30)) * 1664525))+ init_key[j] + j
mt[i] &=0xffffffff
i+=1
j+=1
if i>=N:
mt[0] = mt[N-1]
i = 1
if j>=key_length:
j=0
k = N-1
while k!=0:
k-=1
mt[i] = (mt[i] ^ ((mt[i-1] ^ (mt[i-1] >> 30)) * 1566083941))- i
mt[i] &= 0xffffffff
i += 1
if i>=N:
mt[0] = mt[N-1]
i = 1
mt[0] = 0x80000000
def genrand_int32():
mag01 = [0x0,MATRIX_A]
global mti
if mti >= N:
if mti == N+1:
init_genrand(5489)
for kk in range(N-M):
y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK)
mt[kk] = mt[kk+M] ^ (y >> 1) ^ mag01[y & 0x1]
for kk in range(N-M,N-1):
y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK)
mt[kk] = mt[kk+(M-N)] ^ (y >> 1) ^ mag01[y & 0x1]
y = (mt[N-1]&UPPER_MASK)|(mt[0]&LOWER_MASK)
mt[N-1] = mt[M-1] ^ (y >> 1) ^ mag01[y & 0x1]
mti = 0
y = mt[mti]
mti += 1
y ^= (y>>11)
y ^= (y & 0xff3a58ad) << 7
y &= 0xffffffff
y ^= (y & 0xffffdf8c) <<15
y &= 0xffffffff
y ^= (y >> 18)
return y
# 关键点
# 把所有的m文件丢到src目录下,第一部要获取解密的m
files = glob.iglob('src\\*.m')
# 创建dec文件夹
if os.path.exists('dec\\') == False:
os.makedirs('dec\\')
for src in files:
dirname = os.path.dirname(src)
filename = os.path.basename(src)
String = key+filename
#print(String)
seed = hashlib.md5(String.encode('ascii')).digest()
num =[0]*4
for i in range(4):
tmp = seed[i*4:(i+1)*4]
num[i] = struct.unpack('<I',tmp)[0]
init_by_array(num,4)
repeattime = 0
if repeatLen%4 == 0:
repeattime = repeatLen //4
else:
repeattime = repeatLen //4 +1
array = [b'\x00']*(repeattime*4)
k=0
for i in range(repeattime):
arraypack = genrand_int32()
arraytmp = struct.pack('<I',arraypack)
for x in range(4):
array[k] = arraytmp[x]
k += 1
f = open(dirname+'\\'+filename,'rb')
basename,extname = os.path.splitext(filename)
fw = open('dec\\'+basename,'wb')
f.seek(8)
print(filename)
bytebuf = f.read()
k = 0
newbuf = io.BytesIO()
#print(hex(array[k]))
for chr in bytebuf:
x = chr ^ array[k]
newbuf.write(struct.pack('B',x))
k = (k+1) % repeatLen
try:
hehe = zlib.decompress(newbuf.getvalue())
#print('OK')
except:
hehe = newbuf.getvalue()
print('NO')
fw.write(hehe)
fw.flush()
fw.close()
f.close()
但是psbfile只能解决解密后的psb,对于掌机来说psb还有一层加密壳。今天我就告诉你如何加解密:
其实加解密psb的算法也在很久就由feitiange给出来了(在研究了exm2lib源码之后)
具体我也记得不大清了,只记得是用了md5和著名的MT19937算法变种(貌似?当时本人研究都要吐了)
算了直接贴本人的python源码:
import hashlib,struct,zlib,os,glob,io
key = 'a9231213e7231' # 这里换成你的key
repeatLen = 0x83 # 默认都是0x83
N = 624
M = 397
MATRIX_A = 0x9908b0df
UPPER_MASK = 0x80000000
LOWER_MASK = 0x7fffffff
mt = [1]*N
mti = N+1
def init_genrand(s):
global mti
mt[0] = s&0xffffffff
for i in range(1,N):
mt[i] = (1812433253*(mt[i-1]^(mt[i-1]>>30))+i);
mt[i] &= 0xffffffff
mti = N
def init_by_array(init_key,key_length):
init_genrand(19650218)
i=1
j=0
if N>key_length:
k = N
else:
k = key_length
for x in range(k):
mt[i] = (mt[i] ^ ((mt[i-1] ^ (mt[i-1] >> 30)) * 1664525))+ init_key[j] + j
mt[i] &=0xffffffff
i+=1
j+=1
if i>=N:
mt[0] = mt[N-1]
i = 1
if j>=key_length:
j=0
k = N-1
while k!=0:
k-=1
mt[i] = (mt[i] ^ ((mt[i-1] ^ (mt[i-1] >> 30)) * 1566083941))- i
mt[i] &= 0xffffffff
i += 1
if i>=N:
mt[0] = mt[N-1]
i = 1
mt[0] = 0x80000000
def genrand_int32():
mag01 = [0x0,MATRIX_A]
global mti
if mti >= N:
if mti == N+1:
init_genrand(5489)
for kk in range(N-M):
y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK)
mt[kk] = mt[kk+M] ^ (y >> 1) ^ mag01[y & 0x1]
for kk in range(N-M,N-1):
y = (mt[kk]&UPPER_MASK)|(mt[kk+1]&LOWER_MASK)
mt[kk] = mt[kk+(M-N)] ^ (y >> 1) ^ mag01[y & 0x1]
y = (mt[N-1]&UPPER_MASK)|(mt[0]&LOWER_MASK)
mt[N-1] = mt[M-1] ^ (y >> 1) ^ mag01[y & 0x1]
mti = 0
y = mt[mti]
mti += 1
y ^= (y>>11)
y ^= (y & 0xff3a58ad) << 7
y &= 0xffffffff
y ^= (y & 0xffffdf8c) <<15
y &= 0xffffffff
y ^= (y >> 18)
return y
# 关键点
# 把所有的m文件丢到src目录下,第一部要获取解密的m
files = glob.iglob('src\\*.m')
# 创建dec文件夹
if os.path.exists('dec\\') == False:
os.makedirs('dec\\')
for src in files:
dirname = os.path.dirname(src)
filename = os.path.basename(src)
String = key+filename
#print(String)
seed = hashlib.md5(String.encode('ascii')).digest()
num =[0]*4
for i in range(4):
tmp = seed[i*4:(i+1)*4]
num[i] = struct.unpack('<I',tmp)[0]
init_by_array(num,4)
repeattime = 0
if repeatLen%4 == 0:
repeattime = repeatLen //4
else:
repeattime = repeatLen //4 +1
array = [b'\x00']*(repeattime*4)
k=0
for i in range(repeattime):
arraypack = genrand_int32()
arraytmp = struct.pack('<I',arraypack)
for x in range(4):
array[k] = arraytmp[x]
k += 1
f = open(dirname+'\\'+filename,'rb')
basename,extname = os.path.splitext(filename)
fw = open('dec\\'+basename,'wb')
f.seek(8)
print(filename)
bytebuf = f.read()
k = 0
newbuf = io.BytesIO()
#print(hex(array[k]))
for chr in bytebuf:
x = chr ^ array[k]
newbuf.write(struct.pack('B',x))
k = (k+1) % repeatLen
try:
hehe = zlib.decompress(newbuf.getvalue())
#print('OK')
except:
hehe = newbuf.getvalue()
print('NO')
fw.write(hehe)
fw.flush()
fw.close()
f.close()
IP属地:上海
3楼2019-04-27 09:16
3楼2019-04-27 09:16收起回复
现在变成不知道怎么拼合了。。。
扫二维码下载贴吧客户端
下载贴吧APP
看高清直播、视频!
看高清直播、视频!
贴吧热议榜
- 1林诗栋4-1战胜王楚钦晋级决赛1594140
- 2T1晋级S141440459
- 3LOL全球总决赛规则公布1134868
- 4美国将花16亿美元抹黑中国921969
- 5孙颖莎4比2张本美和862914
- 6Scout经纪公司回应EDG857400
- 7崩坏3联动星穹铁道777216
- 8Deft第四次缺席全球总决赛562258
- 9今年的月饼怎么就卖不动了?428450
- 10《刺客信条影》演示现中国乐器埙381318
