mirror of
https://github.com/Mas0nShi/typoraCracker.git
synced 2023-07-10 13:41:20 +08:00
33 lines
688 B
Python
33 lines
688 B
Python
# -*- coding:utf-8 -*-
|
|
"""
|
|
@Author: Mas0n
|
|
@Name: typora_linux_x64_analysis
|
|
@Time: 2022/4/4 19:48
|
|
@Desc: It's all about getting better.
|
|
"""
|
|
import json
|
|
import r2pipe
|
|
|
|
|
|
def get_aes_key_and_iv(file_path):
|
|
r = r2pipe.open(file_path)
|
|
|
|
r.cmd("aaa")
|
|
regex = r.cmdj("axtj @@ str.base64")
|
|
assert len(regex) == 1
|
|
|
|
func = regex[0]["fcn_name"]
|
|
r.cmd(f"s {func}")
|
|
asm = r.cmdj("pdfj")['ops']
|
|
assert len(asm) != 0
|
|
|
|
if 'str.dip3' in json.dumps(asm):
|
|
r.cmd('s str.dip3 - 32')
|
|
data = r.cmdj('xj 48')
|
|
key = bytearray(data[0:32])
|
|
iv = bytearray(data[32:48])
|
|
else:
|
|
raise "need rewrite scripts for linux x64"
|
|
|
|
return key, iv
|