Şu anda şifreleme anahtarını bulma aşamasına geldim.
C:
undefined4
rsl_sys_decryptCfg(void *param_1,int param_2,int param_3,undefined4 *param_4,int *param_5)
{
bool bVar1;
int iVar2;
undefined4 uVar3;
int iVar4;
undefined1 *puVar5;
char *pcVar6;
uint uVar7;
size_t __n;
uint uVar8;
void *pvVar9;
undefined4 local_30;
undefined4 local_2c;
pvVar9 = (void *)((int)param_1 + param_2);
local_30 = 0;
local_2c = 0;
memset(pvVar9,0,param_3 - param_2);
FUN_0042ae84(&local_30);
iVar2 = cen_desMinDo(param_1,param_2,pvVar9,param_3 - param_2,&local_30,0);
if (iVar2 == 0) {
cdbg_printf(8,"rsl_sys_decryptCfg",0x78f,"DES decrypt error\n");
uVar3 = 1;
}
else {
iVar4 = (int)pvVar9 + iVar2;
for (uVar8 = 0;
((pcVar6 = (char *)(iVar4 + -1), iVar4 = iVar4 + -1, *pcVar6 == '\0' && (iVar2 != 0)) &&
(uVar8 != 8)); uVar8 = uVar8 + 1) {
iVar2 = iVar2 + -1;
}
puVar5 = (undefined1 *)((int)pvVar9 + iVar2);
*puVar5 = 0;
if (iVar2 + 1U < 0x11) {
cdbg_printf(8,"rsl_sys_decryptCfg",0x7a9,"File size %d is too small\n",iVar2 + 1U);
}
else {
__n = iVar2 - 0xf;
if (param_3 - 0x41830U < __n) {
cdbg_printf(8,"rsl_sys_decryptCfg",0x7b3,
"Compress data is too long, available size is %d bytes, now is %d bytes",
param_3 - 0x41830U,__n);
return 0x1194;
}
uVar7 = 0;
while (bVar1 = uVar7 < uVar8, uVar7 = uVar7 + 1, bVar1) {
puVar5 = puVar5 + 1;
iVar2 = cen_md5VerifyDigest(pvVar9,(void *)((int)pvVar9 + 0x10),__n);
if (iVar2 != 0) {
memcpy(param_1,(void *)((int)pvVar9 + 0x10),__n);
pvVar9 = (void *)((int)param_1 + __n);
memset(pvVar9,0,param_3 - __n);
iVar2 = cen_uncompressBuff(param_1,pvVar9,param_3 - __n);
if (iVar2 != 0) {
*param_4 = pvVar9;
*param_5 = iVar2;
return 0;
}
pcVar6 = "uncompress data error!\n";
uVar3 = 0x7e8;
goto LAB_0042b1c4;
}
*puVar5 = 0;
__n = __n + 1;
}
pcVar6 = "Config file MD5 check fail\n";
uVar3 = 0x7c9;
LAB_0042b1c4:
cdbg_printf(8,"rsl_sys_decryptCfg",uVar3,pcVar6);
}
uVar3 = 0x1195;
}
return uVar3;
}
C:
void FUN_0042ae84(byte *param_1)
{
byte bVar1;
int iVar2;
byte *__s;
undefined4 local_9c0;
undefined4 local_9bc;
undefined1 auStack_9b8 [16];
byte local_9a8 [2184];
undefined4 local_120;
local_9bc = 0xf93e2dcf;
local_9c0 = 0x748da50b;
local_9a8[0] = 0;
local_9a8[1] = 0;
local_9a8[2] = 0;
local_9a8[3] = 0;
local_9a8[4] = 0;
local_9a8[5] = 0;
local_9a8[6] = 0;
local_9a8[7] = 0;
local_9a8[8] = 0;
local_9a8[9] = 0;
local_9a8[10] = 0;
local_9a8[0xb] = 0;
local_9a8[0xc] = 0;
local_9a8[0xd] = 0;
local_9a8[0xe] = 0;
local_9a8[0xf] = 0;
memcpy(auStack_9b8,&DAT_0053498c,0xe);
iVar2 = dm_getObj(2,auStack_9b8,0x988,local_9a8 + 0x10);
if (iVar2 == 0) {
memcpy(param_1,&local_9c0,8);
__s = local_9a8;
snprintf((char *)__s,0x10,"%08x",local_120);
do {
bVar1 = *__s;
__s = __s + 1;
*param_1 = bVar1 ^ *param_1;
param_1 = param_1 + 1;
} while (__s != local_9a8 + 8);
}
else {
cdbg_printf(8,"getBackNRestoreK",0x136,"Get dev info for BNR key failed");
}
return;
}
C:
undefined4 dm_getObj(undefined2 param_1,ushort *param_2,uint param_3,void *param_4)
{
undefined2 *puVar1;
int iVar2;
undefined4 uVar3;
void *__src;
uint __n;
puVar1 = (undefined2 *)dm_getObjNode(param_1);
if (puVar1 == (undefined2 *)0x0) {
cdbg_printf(8,"dm_getObj",0x294,"Get object information failed. object oid = %d",param_1);
uVar3 = 0x264c;
}
else {
__n = (uint)(ushort)puVar1[3];
if (param_3 < __n) {
cdbg_printf(8,"dm_getObj",0x29d,
"Object buffer may exceed, object(%s) size is %u, object buf size is %u",
*(undefined4 *)(puVar1 + 4),__n,param_3);
uVar3 = 0x2650;
}
else {
uVar3 = 0x2653;
if ((*(byte *)(puVar1 + 1) & 0x10) == 0) {
if (*param_2 == (ushort)*(byte *)((int)puVar1 + 3)) {
memset(param_4,0,__n);
if (*(byte *)((int)puVar1 + 3) == 0) {
__src = *(void **)(puVar1 + 0x10);
if (__src == (void *)0x0) {
cdbg_printf(8,"dm_getObj",0x2b3,"error!, object(%s oid = %d) data is NULL!",
*(undefined4 *)(puVar1 + 4),*puVar1);
return 0x232a;
}
}
else {
if (((*(byte *)(puVar1 + 1) & 1) != 0) &&
(*param_2 != (ushort)*(byte *)((int)puVar1 + 3))) {
cdbg_printf(8,"dm_getObj",0x2cb,
"Error object infomation or error numStack information. object name = %s",
*(undefined4 *)(puVar1 + 4));
return 1;
}
iVar2 = dm_getInstDesc(puVar1,param_2,0);
if (iVar2 == 0) {
cdbg_printf(8,"dm_getObj",0x2bd,"Get instance description failed. object name = %s",
*(undefined4 *)(puVar1 + 4));
return 0x264d;
}
__src = *(void **)(iVar2 + 0x18);
if (__src == (void *)0x0) {
return 0x264d;
}
}
memcpy(param_4,__src,(uint)(ushort)puVar1[3]);
uVar3 = 0;
}
else {
cdbg_printf(8,"dm_getObj",0x2aa,
"numStack.currDepth(%u) != object\'s instance depth(%u). object name = %s, oid = %u"
,*param_2,(ushort)*(byte *)((int)puVar1 + 3),*(undefined4 *)(puVar1 + 4),
param_1);
uVar3 = 0x232b;
}
}
}
}
return uVar3;
}
Son düzenleme:
