diff --git a/auto-analysis/linux/arm/LATEST_VERSION b/auto-analysis/linux/arm/LATEST_VERSION new file mode 100644 index 0000000..e69de29 diff --git a/auto-analysis/linux/x64/LATEST_VERSION b/auto-analysis/linux/x64/LATEST_VERSION new file mode 100644 index 0000000..e69de29 diff --git a/auto-analysis/version_download.py b/auto-analysis/version_download.py new file mode 100644 index 0000000..8970b25 --- /dev/null +++ b/auto-analysis/version_download.py @@ -0,0 +1,77 @@ +# -*- coding:utf-8 -*- +""" +@Author: Mas0n +@File: version_download.py +@Time: 2022/4/3 18:36 +@Desc: It's all about getting better. +""" +from loguru import logger as log +import subprocess +import os + +# Usage: +# innoextract +# +BASE_DIR = os.path.dirname(__file__) + +DOWNLOAD_LINK = { + "win": { + "x86": "https://typora.io/windows/typora-setup-ia32.exe", + "x64": "https://typora.io/windows/typora-setup-x64.exe", + "arm": "https://typora.io/windows/typora-setup-arm64.exe", + }, + "linux": { + "x64": "https://download.typora.io/linux/Typora-linux-x64.tar.gz", + "arm": "https://download.typora.io/linux/Typora-linux-arm64.tar.gz", + }, +} + + +def download_file(from_link, to_path): + log.info(f"downloading from {from_link}") + subprocess.check_call(["wget", from_link, "-O", to_path]) + log.info("ready extract package") + subprocess.check_call(["md5sum", "-b", to_path, ">", "LATEST_VERSION"]) + + + +def patch_file(_key, _iv): + patch_file_path = os.path.join(BASE_DIR, "../typora.py") + fd = open(patch_file_path, "a") + content = fd.read() + content = content.replace("{AES_KEY}", f"b''.fromhex('{_key}')") + content = content.replace("{AES_IV}", f"b''.fromhex('{_iv}')") + fd.write(content) + + +def win_x64_run(): + from win.x64 import analysis + basedir = os.path.join(BASE_DIR, "win/x64") + link = DOWNLOAD_LINK["win"]["x64"] + download_path = os.path.join(basedir, os.path.basename(link)) + + download_file(link, download_path) + subprocess.check_call(["innoextract", download_path]) + log.info("preparation stage completed") + main_node_path = os.path.join(basedir, "app/resources/app.asar.unpacked/main.node") + log.info("auto analysis start") + key, iv = analysis.get_aes_key_and_iv(main_node_path) + log.success("analysis done") + patch_file(key.hex(), iv.hex()) + log.success("patch done") + + +if __name__ == '__main__': + win_x64_run() + + # hashString = open("LATEST_VERSION", "r").read() + # if hashString == "": + # log.info("not history for typora version") + # exit() + + # basedir = os.path.dirname(__file__) + # for h1 in DOWNLOAD_LINK.keys(): + # h1dir = os.path.join(basedir, h1) + # for h2 in DOWNLOAD_LINK.get(h1).keys(): + # h2dir = os.path.join(h1dir, h2) + # print(h2dir) diff --git a/auto-analysis/win/arm/LATEST_VERSION b/auto-analysis/win/arm/LATEST_VERSION new file mode 100644 index 0000000..e69de29 diff --git a/auto-analysis/win/x64/LATEST_VERSION b/auto-analysis/win/x64/LATEST_VERSION new file mode 100644 index 0000000..e69de29 diff --git a/auto-analysis/win/x64/analysis.py b/auto-analysis/win/x64/analysis.py new file mode 100644 index 0000000..2390071 --- /dev/null +++ b/auto-analysis/win/x64/analysis.py @@ -0,0 +1,37 @@ +# -*- coding:utf-8 -*- +""" +@Author: Mas0n +@Name: typora_win_x64_analysis +@Time: 2022/4/3 18:26 +@Desc: It's all about getting better. +""" +import struct +import r2pipe + + +def get_aes_key_and_iv(file_path): + r = r2pipe.open(file_path) + # auto analysis + r.cmd("aaa") + # string "base64" x-cross reference + regex = r.cmdj("axtj @@ str.base64") + assert len(regex) == 1 + + func = regex[0]["fcn_name"] + # disasm func + r.cmd(f"s {func}") + asm = r.cmdj("pdfj")['ops'] + assert len(asm) != 0 + + asm_regex = [] + for body in asm: + if "=[4]" in body["esil"] and body['type'] == 'mov': + opcode, value = body["disasm"].split(", ") + asm_regex.append({"opcode": opcode, "value": value}) + + assert len(asm_regex) == 12 + + iv = struct.pack("<4L", *[int(asm_regex[i]['value'], 16) for i in range(4)]) + key = struct.pack("<8L", *[int(asm_regex[i]['value'], 16) for i in range(4, 12)]) + # print(key, iv) + return key, iv \ No newline at end of file diff --git a/auto-analysis/win/x86/LATEST_VERSION b/auto-analysis/win/x86/LATEST_VERSION new file mode 100644 index 0000000..e69de29 diff --git a/typora.py b/typora.py index 53d52a2..bdaf7fc 100644 --- a/typora.py +++ b/typora.py @@ -28,8 +28,8 @@ if DEBUG: else: log.add(sys.stderr, level="INFO") -AES_KEY = struct.pack("<4Q", *[0x252A4C7BD0B85281, 0xA31BD92CE099F719, 0x13E283392646D82D, 0x118BDE501CF74120]) -AES_IV = struct.pack("<4L", *[0x33706964, 0x5387CDD2, 0xD05F336D, 0x53F82468]) +AES_KEY = {AES_KEY} +AES_IV = {AES_IV} def _mkDir(_path):