其实可以直接解密,而且不用加密回去,代码里面会自动判断是否加密并进行解密,否则就直接进行解析,加密算法为官方使用的xxtea算法,相关解密代码如下: [C] 纯文本查看 复制代码
[C] 纯文本查看 复制代码
void __fastcall JM::decrypt(JM *a1, unsigned __int8 *a2, int a3) { unsigned __int8 *v3; // r5 unsigned __int8 *v4; // r4 unsigned __int8 **v5; // r7 int v6; // r0 void *v7; // r6 int outlen; // [sp+10h] [bp-A0h] char v9; // [sp+14h] [bp-9Ch] v3 = (unsigned __int8 *)a1; v4 = a2; v5 = (unsigned __int8 **)a3; JM::isEncrypted(a1, a2, a3, _stack_chk_guard);// 判断是否加密 if ( v6 ) { JM::gdk(v3, (int)v4, (int)&v9, &outlen); // 判断加密方式获取对应的秘钥 xxtea_decrypt((int)&v3[outlen], (int)&v4[-outlen], (int)&v9, 128u, v5); } else { v7 = j_malloc((int)v4); j_memcpy((int)v7, (int)v3, (int)v4); *v5 = v4; } }[C] 纯文本查看 复制代码
void __fastcall JM::gdk(unsigned __int8 *inbuf, int inlen, int outkey, _DWORD *outlen) { int keybuf; // r4 int p; // r2 int t; // r0 char tmpbuf; // [sp+4h] [bp-5Ch] keybuf = outkey; if ( inbuf ) { p = *inbuf; if ( p == 'A' ) { if ( inbuf[1] == 'B' && inbuf[2] == 'C' && inbuf[3] == 'T' && inbuf[4] == 'J' && inbuf[5] == 'M' && keybuf )// 判断前缀ABCTJMT { *outlen = 6; j_memcpy((int)&tmpbuf, (int)&unk_BB9384, 64); j_memcpy(keybuf, (int)&unk_BB93C4, 64); t = keybuf + 64; LABEL_15: j_memcpy(t, (int)&tmpbuf, 64); return; } } else if ( p == 'T' && inbuf[1] == 'J' && inbuf[2] == 'M' && keybuf )// 判断前缀 TJM { *outlen = 3; j_memcpy((int)&tmpbuf, (int)&unk_BB9404, 64); j_memcpy(keybuf, (int)&unk_BB9444, 64); t = keybuf + 64; goto LABEL_15; } } }
