From c3fa3cb361040ec5ddfd03f65f70939e34f7c4c0 Mon Sep 17 00:00:00 2001 From: MasOnShi Date: Mon, 4 Apr 2022 13:34:38 +0800 Subject: [PATCH 1/6] dev commits. --- auto-analysis/check_version.py | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/auto-analysis/check_version.py b/auto-analysis/check_version.py index d3d31da..1b4e195 100644 --- a/auto-analysis/check_version.py +++ b/auto-analysis/check_version.py @@ -1,13 +1,21 @@ -from utils import get_version, download_file, extract_file, log +from utils import get_version, download_file, extract_file, log, DOWNLOAD_LINK import os +BASE_DIR = os.path.dirname(__file__) + + +def win_x64_version(): + url = DOWNLOAD_LINK["win"]["x64"] + dir = os.path.join(BASE_DIR, "win/x64") + + download_path = os.path.join(dir, os.path.basename(url)) + download_file(url, download_path) + extract_file(download_path, dir) + version = get_version(dir) + + open(os.path.join(dir, "LATEST_VERSION"), "w").write(version) + + if __name__ == '__main__': - DOWNLOAD_URL = "https://typora.io/windows/typora-setup-x64.exe" - BASE_DIR = os.path.join(os.path.dirname(__file__), "win/x64") + win_x64_version() - download_path = os.path.join(BASE_DIR, os.path.basename(DOWNLOAD_URL)) - download_file(DOWNLOAD_URL, download_path) - extract_file(download_path, BASE_DIR) - version = get_version(BASE_DIR) - - open("LATEST_VERSION", "w").write(version) From f340eef89c43c33c37f189163a4e24c16317496d Mon Sep 17 00:00:00 2001 From: MasOnShi Date: Mon, 4 Apr 2022 13:51:22 +0800 Subject: [PATCH 2/6] dev commits. --- auto-analysis/check_version.py | 1 + 1 file changed, 1 insertion(+) diff --git a/auto-analysis/check_version.py b/auto-analysis/check_version.py index 1b4e195..92e55bc 100644 --- a/auto-analysis/check_version.py +++ b/auto-analysis/check_version.py @@ -14,6 +14,7 @@ def win_x64_version(): version = get_version(dir) open(os.path.join(dir, "LATEST_VERSION"), "w").write(version) + log.success(version) if __name__ == '__main__': From 937e3aa178bdff796c682ed486bbe63451377058 Mon Sep 17 00:00:00 2001 From: MasOnShi Date: Mon, 4 Apr 2022 14:55:19 +0800 Subject: [PATCH 3/6] add win x86 supports. --- auto-analysis/utils.py | 39 +++++++++++++-------------- auto-analysis/win/x64/analysis.py | 21 ++++++++------- auto-analysis/win/x86/analysis.py | 45 +++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+), 31 deletions(-) create mode 100644 auto-analysis/win/x86/analysis.py diff --git a/auto-analysis/utils.py b/auto-analysis/utils.py index 5007f6b..4061821 100644 --- a/auto-analysis/utils.py +++ b/auto-analysis/utils.py @@ -10,11 +10,8 @@ import subprocess import json import os -# Usage: -# innoextract -# -BASE_DIR = os.path.dirname(__file__) +BASE_DIR = os.path.dirname(__file__) DOWNLOAD_LINK = { "win": { "x86": "https://typora.io/windows/typora-setup-ia32.exe", @@ -57,10 +54,7 @@ def patch_file(_key, _iv, to_dir): open(patch_file_path, "w").write(content) -def win_x64_run(): - from win.x64 import analysis - basedir = os.path.join(BASE_DIR, "win/x64") - link = DOWNLOAD_LINK["win"]["x64"] +def scheduler(func, basedir, link): download_path = os.path.join(basedir, os.path.basename(link)) log.info(f"downloading from {link}") @@ -71,24 +65,27 @@ def win_x64_run(): log.info("preparation stage completed") main_node_path = os.path.join(basedir, "app/resources/app.asar.unpacked/main.node") log.info("auto analysis start") - key, iv = analysis.get_aes_key_and_iv(main_node_path) + key, iv = func.get_aes_key_and_iv(main_node_path) log.success("analysis done") patch_file(key.hex(), iv.hex(), basedir) log.success("patch done") +def win_x64_run(): + from win.x64 import analysis + dirs = os.path.join(BASE_DIR, "win/x64") + url = DOWNLOAD_LINK["win"]["x64"] + scheduler(func=analysis, basedir=dirs, link=url) + + +def win_x86_run(): + from win.x86 import analysis + dirs = os.path.join(BASE_DIR, "win/x86") + url = DOWNLOAD_LINK["win"]["x86"] + scheduler(func=analysis, basedir=dirs, link=url) + + if __name__ == '__main__': + win_x86_run() win_x64_run() - - # hashString = open("LATEST_VERSION", "r").read() - # if hashString == "": - # log.info("not history for typora version") - # exit() - - # basedir = os.path.dirname(__file__) - # for h1 in DOWNLOAD_LINK.keys(): - # h1dir = os.path.join(basedir, h1) - # for h2 in DOWNLOAD_LINK.get(h1).keys(): - # h2dir = os.path.join(h1dir, h2) - # print(h2dir) diff --git a/auto-analysis/win/x64/analysis.py b/auto-analysis/win/x64/analysis.py index 2390071..d9e3596 100644 --- a/auto-analysis/win/x64/analysis.py +++ b/auto-analysis/win/x64/analysis.py @@ -9,29 +9,30 @@ import struct import r2pipe +def regex_key_iv(asm_obj): + asm_regex = [] + for body in asm_obj: + if "=[4]" in body["esil"] and body['type'] == 'mov': + opcode, value = body["disasm"].split(", ") + if "0x" in value: + asm_regex.append({"opcode": opcode, "value": value}) + return asm_regex + + def get_aes_key_and_iv(file_path): r = r2pipe.open(file_path) - # auto analysis r.cmd("aaa") - # string "base64" x-cross reference regex = r.cmdj("axtj @@ str.base64") assert len(regex) == 1 func = regex[0]["fcn_name"] - # disasm func r.cmd(f"s {func}") asm = r.cmdj("pdfj")['ops'] assert len(asm) != 0 - asm_regex = [] - for body in asm: - if "=[4]" in body["esil"] and body['type'] == 'mov': - opcode, value = body["disasm"].split(", ") - asm_regex.append({"opcode": opcode, "value": value}) - + asm_regex = regex_key_iv(asm) assert len(asm_regex) == 12 iv = struct.pack("<4L", *[int(asm_regex[i]['value'], 16) for i in range(4)]) key = struct.pack("<8L", *[int(asm_regex[i]['value'], 16) for i in range(4, 12)]) - # print(key, iv) return key, iv \ No newline at end of file diff --git a/auto-analysis/win/x86/analysis.py b/auto-analysis/win/x86/analysis.py new file mode 100644 index 0000000..7ef28ef --- /dev/null +++ b/auto-analysis/win/x86/analysis.py @@ -0,0 +1,45 @@ +# -*- coding:utf-8 -*- +""" +@Author: Mas0n +@Name: typora_win_x86_analysis +@Time: 2022/4/3 18:36 +@Desc: It's all about getting better. +""" +import struct +import r2pipe + + +def regex_key_iv(asm_obj): + asm_regex = [] + for body in asm_obj: + if "=[4]" in body["esil"] and body['type'] == 'mov': + opcode, value = body["disasm"].split(", ") + if "0x" in value: + asm_regex.append({"opcode": opcode, "value": value}) + return asm_regex + + +def get_aes_key_and_iv(file_path): + r = r2pipe.open(file_path) + r.cmd("aaa") + regex = r.cmdj("axtj @@ str.base64") + assert len(regex) == 1 + + func = regex[0]["fcn_name"] + r.cmd(f"s {func}") + asm = r.cmdj("pdfj")['ops'] + assert len(asm) != 0 + + asm_regex = regex_key_iv(asm) + + iv = struct.pack("<4L", *[int(asm_regex[i]['value'], 16) for i in range(4)]) + + # find the set key func + call_regex = [i for i in asm if i['size'] == 5 and i['type'] == 'call'] + r.cmd(f"s {call_regex[1]['jump']}") + asm = r.cmdj("pdfj")["ops"] + asm_regex = regex_key_iv(asm) + assert len(asm_regex) == 8 + + key = struct.pack("<8L", *[int(asm_regex[i]['value'], 16) for i in range(8)]) + return key, iv From df5bb4473ff5677f38ce6cdb5fa0037400f0b559 Mon Sep 17 00:00:00 2001 From: Mason Shi <60805843+Mas0nShi@users.noreply.github.com> Date: Mon, 4 Apr 2022 15:03:18 +0800 Subject: [PATCH 4/6] Update manual.yml --- .github/workflows/manual.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/manual.yml b/.github/workflows/manual.yml index c89409a..36e1e57 100644 --- a/.github/workflows/manual.yml +++ b/.github/workflows/manual.yml @@ -45,7 +45,7 @@ jobs: sudo apt-get update && DEBIAN_FRONTEND=noninteractive sudo apt-get install innoextract -y python3 -m pip install loguru - - name: Check Latest Version + - name: Check Latest Version (use win-x64) id: checkVersion run: | python3 auto-analysis/check_version.py @@ -98,6 +98,7 @@ jobs: run: | python3 auto-analysis/patch.py tar -zcvf auto-analysis/win/x64/build/typoraCracker.tar.gz auto-analysis/win/x64/build/* + tar -zcvf auto-analysis/win/x86/build/typoraCracker.tar.gz auto-analysis/win/x86/build/* - name: Check release version id: checkReleaseVersion @@ -123,7 +124,7 @@ jobs: core.setFailed(e.message); } - - name: Upload win x64 typora.py for typoraCracker + - name: Upload win-x64 uses: actions/upload-release-asset@v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -133,3 +134,12 @@ jobs: asset_name: 'typoraCracker-${{ needs.check_version.outputs.LATEST_VERSION }}-win-x64.tar.gz' asset_content_type: application/x-tgz + - name: Upload win-x86 + uses: actions/upload-release-asset@v1.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: '${{ steps.checkReleaseVersion.outputs.upload_url }}' + asset_path: '${{ github.workspace }}/auto-analysis/win/x86/build/typoraCracker.tar.gz' + asset_name: 'typoraCracker-${{ needs.check_version.outputs.LATEST_VERSION }}-win-x86.tar.gz' + asset_content_type: application/x-tgz From 43b858c3cee50da5c55424d95481399e831e1e10 Mon Sep 17 00:00:00 2001 From: MasOnShi Date: Mon, 4 Apr 2022 15:09:07 +0800 Subject: [PATCH 5/6] add win x86 supports. --- auto-analysis/patch.py | 1 + 1 file changed, 1 insertion(+) diff --git a/auto-analysis/patch.py b/auto-analysis/patch.py index 6ac3a26..a4d157b 100644 --- a/auto-analysis/patch.py +++ b/auto-analysis/patch.py @@ -8,5 +8,6 @@ import utils if __name__ == '__main__': + utils.win_x86_run() utils.win_x64_run() From 6968976033ea998d5a44c49b9890728f6d4cb247 Mon Sep 17 00:00:00 2001 From: Mason Shi <60805843+Mas0nShi@users.noreply.github.com> Date: Mon, 4 Apr 2022 15:30:10 +0800 Subject: [PATCH 6/6] Update manual.yml --- .github/workflows/manual.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/manual.yml b/.github/workflows/manual.yml index 36e1e57..e4ba246 100644 --- a/.github/workflows/manual.yml +++ b/.github/workflows/manual.yml @@ -84,7 +84,7 @@ jobs: architecture: 'x64' # optional x64 or x86. Defaults to x64 if not specified - name: install dependencies run: | - sudo apt-get update && DEBIAN_FRONTEND=noninteractive sudo apt-get install innoextract cmake -y + sudo apt-get update && DEBIAN_FRONTEND=noninteractive sudo apt-get install innoextract cmake zip -y python3 -m pip install r2pipe loguru - name: build radare2 @@ -97,8 +97,8 @@ jobs: run: | python3 auto-analysis/patch.py - tar -zcvf auto-analysis/win/x64/build/typoraCracker.tar.gz auto-analysis/win/x64/build/* - tar -zcvf auto-analysis/win/x86/build/typoraCracker.tar.gz auto-analysis/win/x86/build/* + zip -rj auto-analysis/win/x64/build/typoraCracker.zip auto-analysis/win/x64/build/* + zip -rj auto-analysis/win/x86/build/typoraCracker.zip auto-analysis/win/x86/build/* - name: Check release version id: checkReleaseVersion @@ -130,9 +130,9 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: '${{ steps.checkReleaseVersion.outputs.upload_url }}' - asset_path: '${{ github.workspace }}/auto-analysis/win/x64/build/typoraCracker.tar.gz' - asset_name: 'typoraCracker-${{ needs.check_version.outputs.LATEST_VERSION }}-win-x64.tar.gz' - asset_content_type: application/x-tgz + asset_path: '${{ github.workspace }}/auto-analysis/win/x64/build/typoraCracker.zip' + asset_name: 'typoraCracker-${{ needs.check_version.outputs.LATEST_VERSION }}-win-x64.zip' + asset_content_type: application/zip - name: Upload win-x86 uses: actions/upload-release-asset@v1.0.2 @@ -140,6 +140,6 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: '${{ steps.checkReleaseVersion.outputs.upload_url }}' - asset_path: '${{ github.workspace }}/auto-analysis/win/x86/build/typoraCracker.tar.gz' - asset_name: 'typoraCracker-${{ needs.check_version.outputs.LATEST_VERSION }}-win-x86.tar.gz' - asset_content_type: application/x-tgz + asset_path: '${{ github.workspace }}/auto-analysis/win/x86/build/typoraCracker.zip' + asset_name: 'typoraCracker-${{ needs.check_version.outputs.LATEST_VERSION }}-win-x86.zip' + asset_content_type: application/zip