斗鱼mac html5,new api · issue #28 · spacemeowx2/douyuhtml5player · github -尊龙游戏旗舰厅官网
func_2476e15e57ddb2b4和 上一个版本的func_173e8124cdbdc90d应该是类似的?
在sub_c5e3(danmakustructtag*, int, char**, char**)里调用时把key固定成了
a1 1c f6 17 58 34 48 37 24 25
求问有没有动态分析的方法?
静态分析:
str2 = l__zz8sub_c5e3p16danmakustructtagippcs2_e3c_2e_2
str3 = l__zz8sub_c5e3p16danmakustructtagippcs2_e3c_2e_3
func_2476e15e57ddb2b4(key, str2, 32)
func_2476e15e57ddb2b4(key, str3, 32)
aes_decrypt(rid, ebp-33, ebp-66, ebp-166)
//ebp-33: modified str2?
//ebp-66: modified str3?
//ebp-166: size 100 buf, output ptr?
snprintf(v6, 499, "%d%s%lld%s%s", rid, did, tt, "1000", aes_output)
func_86c8982cccc5e7a0(rid, v6, len(v6), buf)
md5的k表还是像之前一样ff hh 1 gg ii -1
不知道正确率如何
新东西估计主要在这个encodeflashmain::encodedatac
cpp的,有个全局的初始化,生成80 1字节的bss seg,然后再根据rid的值用一组4 bytes bss和一个_encodeflashmain::decodeflashmain_0[0-4][0-9](unsigned char*, int, idatacache*)函数去算最后的encode,这种函数有50个,反向出来的代码量该有多少……
ptr2fun mapping:
modfunstart:int = cmodule.allocfunptrs(modpkgname,416,4);
_encodeflashmain::initialcache() modfunstart 0
__global__i_encodeflashmain::initialcache():int modfunstart 4
_encodeflashmain::encodeflashmain_000(unsigned char*, int, idatacache*):int modefunstart 8
_encodeflashmain::decodeflashmain_000(unsigned char*, int, idatacache*) modfunstart 12
_encodeflashmain::encodeflashmain_001(unsigned char*, int, idatacache*):int modfunstart 16
_encodeflashmain::decodeflashmain_001(unsigned char*, int, idatacache*) modfunstart 20
...
_encodeflashmain::encodeflashmain_049(unsigned char*, int, idatacache*):int modfunstart 400
_encodeflashmain::decodeflashmain_049(unsigned char*, int, idatacache*) modfunstart 404
_encodeflashmain::decodedatac(unsigned char, unsigned char*, unsigned short):int modfunstart 408
_encodeflashmain::encodedatac(unsigned char, unsigned char*, unsigned short):int modfunstart 412
总结
以上是尊龙游戏旗舰厅官网为你收集整理的斗鱼mac html5,new api · issue #28 · spacemeowx2/douyuhtml5player · github的全部内容,希望文章能够帮你解决所遇到的问题。
- 上一篇:
- 下一篇: