search

OsOmE1 / Beebyte-Deobfuscator

A plugin for Il2CppInspector that performs quasi deobfuscation
GNU Affero General Public License v3.0
90 stars 15 forks source link

Why RegEx pattern of Garena Free Fire doesn't work for 1.60.X version ? #7

Closed MhmRdd closed 3 years ago

OsOmE1 commented 3 years ago

Maybe the pattern has changed I do not know you'd have to check it out yourself.

MhmRdd commented 3 years ago

i did but I can't create pattern for it , look like something unknown for methods names & other unknowns types for protected & voids How can i create pattern that match all these threads ?

MhmRdd commented 3 years ago

// Namespace: COW.GamePlay internal class Player : AttackableEntity, {KyDPR, AbDr, IReusableObjectOwner, YqufY|Y // TypeDefIndex: 4187 { // Fields protected Player.E[OnOQS PiBmKG; // 0x30 protected Dictionary<{QAb‚~u, Player.E[OnOQS> VPxEioq; // 0x34 protected GameObject ccil^Pm; // 0x38 protected ResourceID I~SVGJ}; // 0x3C protected GameObject JnkzhG; // 0x40 protected ResourceID wtqogCx; // 0x44 protected GameObject VId€gSg; // 0x48 private Dictionary<uint, int> gEdUxD; // 0x4C private Dictionary<int, GameObject> yCTQFjw; // 0x50 private EmoteLeaderCollider alJL^bk; // 0x54 protected bool v|jb}|u; // 0x58 private bool TPAHSnv; // 0x59 public Transform MainCameraTransform; // 0x5C private Player.Nn HeWICj; // 0x60 private uint Sdx}]mB; // 0x64 protected ulong K{HbwTy; // 0x68 protected {QAb‚~u [^[KJuA; // 0x70 protected ulong ‚gpofs€; // 0x88 [DebuggerBrowsableAttribute] // RVA: 0x4F6428 Offset: 0x4F6428 VA: 0xC312A428 [CompilerGeneratedAttribute] // RVA: 0x4F6428 Offset: 0x4F6428 VA: 0xC312A428 private int <NeRvlI>k__BackingField; // 0x90 public uint TeamModeID; // 0x94 public bool IsShowEquip; // 0x98 [CompilerGeneratedAttribute] // RVA: 0x4F645C Offset: 0x4F645C VA: 0xC312A45C [DebuggerBrowsableAttribute] // RVA: 0x4F645C Offset: 0x4F645C VA: 0xC312A45C private {QAb‚~u <H|‚Xsqq>k__BackingField; // 0xA0 [CompilerGeneratedAttribute] // RVA: 0x4F6490 Offset: 0x4F6490 VA: 0xC312A490 [DebuggerBrowsableAttribute] // RVA: 0x4F6490 Offset: 0x4F6490 VA: 0xC312A490 private uint <Hwz}fqg>k__BackingField; // 0xB8 [CompilerGeneratedAttribute] // RVA: 0x4F64C4 Offset: 0x4F64C4 VA: 0xC312A4C4 [DebuggerBrowsableAttribute] // RVA: 0x4F64C4 Offset: 0x4F64C4 VA: 0xC312A4C4 private string <yJTDZyl>k__BackingField; // 0xBC [CompilerGeneratedAttribute] // RVA: 0x4F64F8 Offset: 0x4F64F8 VA: 0xC312A4F8 [DebuggerBrowsableAttribute] // RVA: 0x4F64F8 Offset: 0x4F64F8 VA: 0xC312A4F8 private string <j]oC[W>k__BackingField; // 0xC0 [CompilerGeneratedAttribute] // RVA: 0x4F652C Offset: 0x4F652C VA: 0xC312A52C [DebuggerBrowsableAttribute] // RVA: 0x4F652C Offset: 0x4F652C VA: 0xC312A52C private uint <bPL]zQM>k__BackingField; // 0xC4 protected object pNLijU|; // 0xC8 protected string OciE~Hn; // 0xCC public bool IsClientBot; // 0xD0 protected bool IBmAirC; // 0xD1 [CompilerGeneratedAttribute] // RVA: 0x4F6560 Offset: 0x4F6560 VA: 0xC312A560 [DebuggerBrowsableAttribute] // RVA: 0x4F6560 Offset: 0x4F6560 VA: 0xC312A560 private bool <n]NAFKC>k__BackingField; // 0xD2 protected TBlackBoard SoK€FzB; // 0xD4 protected UserControlHandler LHE~Nq{; // 0xD8 protected CharacterController zoJf[H|; // 0xDC private bool DLsPfr; // 0xE0 private bool yoZJhug; // 0xE1 protected uint zvkppf[; // 0xE4 protected bool MdZCJjU; // 0xE8 protected uint AYi~zos; // 0xEC [CompilerGeneratedAttribute] // RVA: 0x4F6594 Offset: 0x4F6594 VA: 0xC312A594 [DebuggerBrowsableAttribute] // RVA: 0x4F6594 Offset: 0x4F6594 VA: 0xC312A594 private bool <eNPeRW>k__BackingField; // 0xF0 [DebuggerBrowsableAttribute] // RVA: 0x4F65C8 Offset: 0x4F65C8 VA: 0xC312A5C8 [CompilerGeneratedAttribute] // RVA: 0x4F65C8 Offset: 0x4F65C8 VA: 0xC312A5C8 private bool <s‚tXkzG>k__BackingField; // 0xF1 [CompilerGeneratedAttribute] // RVA: 0x4F65FC Offset: 0x4F65FC VA: 0xC312A5FC [DebuggerBrowsableAttribute] // RVA: 0x4F65FC Offset: 0x4F65FC VA: 0xC312A5FC private bool <IhEe}KL>k__BackingField; // 0xF2 [DebuggerBrowsableAttribute] // RVA: 0x4F6630 Offset: 0x4F6630 VA: 0xC312A630 [CompilerGeneratedAttribute] // RVA: 0x4F6630 Offset: 0x4F6630 VA: 0xC312A630 private bool <cC}]Swk>k__BackingField; // 0xF3 [DebuggerBrowsableAttribute] // RVA: 0x4F6664 Offset: 0x4F6664 VA: 0xC312A664 [CompilerGeneratedAttribute] // RVA: 0x4F6664 Offset: 0x4F6664 VA: 0xC312A664 private bool <NEK^xM>k__BackingField; // 0xF4 protected LevelAmmoBox elTRKJ}; // 0xF8 [CompilerGeneratedAttribute] // RVA: 0x4F6698 Offset: 0x4F6698 VA: 0xC312A698 [DebuggerBrowsableAttribute] // RVA: 0x4F6698 Offset: 0x4F6698 VA: 0xC312A698 private uint <WJM‚NDb>k__BackingField; // 0xFC public Vector3 TeamMapMark; // 0x100 public bool ShowMapMark; // 0x10C public uint CachedLastDriveVehicleObjID; // 0x110 public float InCount; // 0x114 public float UnCount; // 0x118 public uint GetCount; // 0x11C public uint AimCount; // 0x120 private Quaternion ZMVsBB; // 0x124 public float Speed; // 0x134 private float ‚Nrqa|F; // 0x138 private Queue<float> bZlKZD[; // 0x13C public float ACount; // 0x140 private bool rSgGTOj; // 0x144 private bool }y[Xmpc; // 0x145 private bool OxMqIFY; // 0x146 private bool [W~€bcj; // 0x147 private float kTmFfz~; // 0x148

MhmRdd commented 3 years ago

` // Methods

// RVA: 0x9F0390 Offset: 0x9F0390 VA: 0xC3624390
public void .ctor({QAb‚~u {NRRyd, float LR{cUe€, bool FexeocR = False) { }

// RVA: 0x9F096C Offset: 0x9F096C VA: 0xC362496C
public void yAM~bGB(float LR{cUe€) { }

// RVA: 0x9F1064 Offset: 0x9F1064 VA: 0xC3625064
public bool ALmmnH`() { }

// RVA: 0x9F10A4 Offset: 0x9F10A4 VA: 0xC36250A4
public {QAb‚~u MP‚`Y`X() { }

// RVA: 0x9F10BC Offset: 0x9F10BC VA: 0xC36250BC
public bool Bt^RO``() { }`
OsOmE1 commented 3 years ago

Looks like they are all relatively the same length lets take for example pNLijU| its 7 characters long and still looks to be the same regex pattern that is in the readme ^[A-Za-\u0082\[\]\^]{7}$ if you attach your files here I can take a look.

MhmRdd commented 3 years ago

But When I'm trying this pattern on the output of dump.cs in my device it's says 0 matches and methods names still same as they are Before using this beeByte Decrypter Plug-in

MhmRdd commented 3 years ago

I will reply you By The Dump.cs , please try find me RegEx Pattern I'm often better understanding Lua Patterns , it's great light weight language i can understand it better

MhmRdd commented 3 years ago

Hey if i make Lua Pattern that get All the encrypted ciphers , will you be able to decode them or make plugin similar to it , that decrypt the output of my Lua Script

MhmRdd commented 3 years ago

Because I'm Lua Developer

OsOmE1 commented 3 years ago

First please condense your idea to one or two posts in the future because this is not a chat. Second, I do not know where you got the idea of Lua from but Il2CppInspector plugins are strictly written in c# or vb so Lua is not an option. If you are trying to mod Garena Free Fire you might want to reassess as you say you are a Lua developer and android modding would require knowledge of reverse engineering and c++.

MhmRdd commented 3 years ago

I mean i don't understand RegEx Correctly because detection of the encrypted fields & methods aren't been done by your RegEx they're still encrypted in the dump.cs even they're not any new file in folder i wrote in it the dump, i said if i do detection of these encrypted fields by Lua , and dump it in file and upload it to Plug-in , it's could only decrypt it and replace it by real time in the dump.cs , that's could be great idea

OsOmE1 commented 3 years ago

If all is right you should be able to find the regex pattern yourself. Otherwise, refer to #6.

MhmRdd commented 3 years ago

But when i use that scheme it's doesn't work , it does only says Deobufscating & then when i open dump.cs , nothing chnages

MhmRdd commented 3 years ago

https://drive.google.com/file/d/1czbOPDjHYMqdzn3gaJ0a0fLRg_Lyl-65/view?usp=drivesdk