search

nineteendo / pyvz2

PyVZ2 is a command line utility to modify PvZ2
GNU General Public License v3.0
44 stars 7 forks source link

Decryption and Encryption are not supported #7

Closed nineteendo closed 2 years ago

nineteendo commented 2 years ago

The smf files from the Chinese version of PVZ2 use encryption and I haven't figured out the key yet, until then you can only extract the encrypted section.

YingFengTingYu commented 2 years ago

First, find the key in .so Second, compute the md5 of the key as KEY (the md5 is the real key for Rijndael) Third, intercept a string with a length of 24 from the fifth character of the key as IV At last, use Rijndael to decrypt the RTON by KEY and IV (ZeroPadding)

nineteendo commented 2 years ago

Is it in libSrc.so? And what exactly am I searching for? Key, key? And is it stored as text, bytes, hex text?

YingFengTingYu commented 2 years ago

它是在 libSrc.so 吗?我到底在寻找什么?钥匙,钥匙?它是否存储为文本,字节,十六进制文本?

I'm sorry I can't tell you more info about it. But you need IDA Pro to help you find the answer.

nineteendo commented 2 years ago

Freeware version won't work? The processor type 'arm' is not included in the installed version of IDA. Please check our web site for information about ordering additional processor modules.

YingFengTingYu commented 2 years ago

免费软件版本不起作用?处理器类型"arm"不包括在已安装的 IDA 版本中。有关订购其他处理器模块的信息,请查看我们的网站。

I used IDA Pro 7.5 to find the key and the method to decrypt RTON.

nineteendo commented 2 years ago

Can I use Ghidra too? Because I'm not willing to buy an IDA Pro subscription. Also I'm not going to read though 19 million 543.360 lines on code ... any hint on what I'm searching for?

YingFengTingYu commented 2 years ago

我也可以使用吉德拉吗?因为我不愿意购买IDA Pro订阅。另外,我不打算阅读1900万543.360行代码...关于我正在寻找什么的任何提示?

Just a tool to disassemble .so is OK. But I'm sorry that any tips is not allowed. I can just tell you that the key is in libSrc.so.

nineteendo commented 2 years ago

Ok found it, now I can start implementing the encryption.

nineteendo commented 2 years ago

Implemented in beta 1.1.4, but really slow. Any help?

followthestar commented 1 year ago

我需要帮助,当我解包中文版的dynamic.rsb.smf文件时,显示No RTON,无法得到PACKAGE文件夹,我应该怎么做

nineteendo commented 1 year ago

我需要帮助,当我解包中文版的dynamic.rsb.smf文件时,显示No RTON,无法得到PACKAGE文件夹,我应该怎么做

What you need to do is follow the tutorial to get the encryption key, it is not provided: Q: How to get the encryption key This tutorial was made to allow getting the key on your own, not taking months like for me, Nice Zombies#9673.

  1. SHARE THIS MESSAGE TO SHARE THE KEY, DON'T LEAK THE STRING OR HASH! For help, contact me: https://discord.com/users/594184636389916720
  2. Extract the APK of the chinese version of pvz2: http://g.talkyun.com.cn/files/pvz2-tw.html?myos=android (Downloading takes a while)
  3. Open the file with DecryptString in a Hex editor.
  4. Take the md5 hash of a closely following string.
  5. Edit options/.--Unpack Packages (JSON)--Patch Packages (JSON).json: set encryptionKey to the MD5 hash you found.
  6. NO RTON means the key is incorrect, try again.
followthestar commented 1 year ago

我需要帮助,当我解包中文版的dynamic.rsb.smf文件时,显示No RTON,无法得到PACKAGE文件夹,我应该怎么做

您需要做的是按照教程获取加密密钥,它没有提供: 问:如何获取加密密钥 本教程是为了允许自己获取密钥,而不是像我一样花费几个月的时间,尼斯僵尸#9673。

  1. 分享此消息 分享密钥,不要泄露字符串或哈希!如需帮助,请与我联系:https://discord.com/users/594184636389916720
  2. 解压中文版pvz2的APK:http://g.talkyun.com.cn/files/pvz2-tw.html?myos=android(下载需要一段时间
  3. 在十六进制编辑器中打开文件。DecryptString
  4. 取紧随其后的字符串的 md5 哈希。
  5. 编辑 :设置为您找到的 MD5 哈希。options/.--Unpack Packages (JSON)--Patch Packages (JSON).json``encryptionKey
  6. NO RTON表示密钥不正确,请重试。

Thanks,I will have a try.

followthestar commented 1 year ago

对不起,我实在是太笨了,我不明白“Open the file with DecryptString in a Hex editor”的意思,“file”指的是哪一个文件呢?是libSrc.so吗,“DecryptString”又该如何获取呢?如果您能够再次指导,真是万分感谢!

nineteendo commented 1 year ago

Well, maybe it's that file ... You'll be opening the file with a Hex Editor and looking for the text "DecryptString", closely followed by the key.

followthestar commented 1 year ago

按照您说的所有步骤与方法,经过仔细核查,我仍然没能成功解包smf,或许是我的密匙找错了?不过我会继续找方法的。 现在,我想询问另一个问题,就是如何将解包后的零散文件重新打包成smf(指的是中文版)

nineteendo commented 1 year ago

It's weird it's not working, you could send me your option file (via e-mail or Discord such that I can verify you're not doing anything dumb)

"Repacking" the files is not possible, but the tool can "patch" the files using the original SMF as input, a new SMF as output and the unpacked SMF as patch directory.

followthestar commented 1 year ago

It's weird it's not working, you could send me your option file (via e-mail or Discord such that I can verify you're not doing anything dumb)

"Repacking" the files is not possible, but the tool can "patch" the files using the original SMF as input, a new SMF as output and the unpacked SMF as patch directory.

我通过邮件发送给您了,不知道您是否收到了?

nineteendo commented 1 year ago

Yeah, got it. I sent a reply, probably just an error in the json formatting.

followthestar commented 1 year ago

我又来了!我将中文版中的dynamic.rsb.smf解包后,仅仅修改了其中一个抽奖所需的钻石数量(将35改成350),接着利用patch.exe修补打包并替换了原来的文件,重新打开游戏就发生了闪退,按道理应该不会有这种现象,这是为什么呢?

nineteendo commented 1 year ago

我又来了!我将中文版中的dynamic.rsb.smf解包后,仅仅修改了其中一个抽奖所需的钻石数量(将35改成350),接着利用patch.exe修补打包并替换了原来的文件,重新打开游戏就发生了闪退,按道理应该不会有这种现象,这是为什么呢?

That's because I set Override Encryption to 2 in all templates. I thought that might work, but it doesn't. Set it to 1.

followthestar commented 1 year ago

Great!It worked.Thanks!

followthestar commented 1 year ago

我替换了smf中的wem音频文件,然后使用工具修补,但这一修改似乎并没有生效。目前只能修补与json/rton有关的内容吗?

nineteendo commented 1 year ago

Well, wem patching has no extra changes of the tool applied, just a file replacement. But it's possible the file replacement didn't work, you can check it by extracting the modified smf and comparing the files.

Note: create a new issue if it's not strictly related to encryption, thanks.