Skip to content
View in the app

A better way to browse. Learn more.
ResHax

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Help us keep the site running.

RandXor128 monster strike

ZenHAX
in Zenhax

Featured Replies

  • Author
  • Localization

chrrox, posted Mon Mar 29, 2021 4:22 pm (63124)

How would you handle this in quickbms.
game uses this for encryption
android game monster-strike-20.0.1
Quote:
#include
#include
#include
class RandXor128
{
private:
std::uint_fast32_t x{ 123456789 }, y{ 362436069 }, z{ 521288629 }, w{ 88675123 };
public:
//?????
constexpr std::uint_fast32_t operator()() noexcept {
const std::uint_fast32_t t{ (x ^ (x << 11)) };
x = y; y = z; z = w;
return (w = (w ^ (w >> 19)) ^ (t ^ (t >> 8)));
}
//0~???-1 (????????????)
constexpr std::uint_fast32_t operator()(const std::uint_fast32_t max_) noexcept {
return ((std::uint_fast32_t)(((double)operator()() / ((double)(std::numeric_limits::max)() 1)) * max_));
}
//???~???
constexpr std::uint_fast32_t operator()(const std::uint_fast32_t min_, const std::uint_fast32_t max_) noexcept {
return ((std::uint_fast32_t)(((double)operator()() / ((double)(std::numeric_limits::max)() 1)) * (max_ - min_ 1)) min_);
}

constexpr void setSeed(const std::uint_fast32_t x_, const std::uint_fast32_t y_, const std::uint_fast32_t z_, const std::uint_fast32_t w_) noexcept {
x = x_;
y = y_;
z = z_;
w = w_;
}

};

2.5mb of the xor key generated attached.

the initial vectors should be
Code:
 sn::RandXor128::Seed::Seed((sn::RandXor128::Seed *)&v3, 0x1F123BB5u, 0x75BCD15u, 0x5491333u, 0x159A55E5u);


Code:
int *__fastcall sn::RandXor128::setSeed(int *result, int a2, int a3, int a4, int a5)
{
  int v5; // r4
  int v6; // r5
  int v7; // r12
  __int64 v8; // r4

  v5 = 0;
  v6 = 0;
  if ( !a3 )
    v5 = 1;
  if ( !a2 )
    v6 = 1;
  v7 = a5;
  LODWORD(v8) = v5 | v6 | (a4 == 0);
  HIDWORD(v8) = a5 == 0;
  if ( v8 )
  {
    a4 = 521288629;
    a2 = 123456789;
    v7 = 88675123;
    a3 = 362436069;
  }
  *result = a2;
  result[1] = a3;
  result[2] = a4;
  result[3] = v7;
  result[4] = 0;
  return result;
}
  • Author
  • Localization

aluigi, posted Mon Mar 29, 2021 7:52 pm (63129)

When in doubt, use tcc ;)

Code:
set MEMORY_FILE10 string "
typedef unsigned int u32;
u32 x=123456789, y=362436069, z=521288629, w=88675123;
u32 RandXor128(void) {
    u32 t = (x ^ (x     x = y; y = z; z = w;
    return (w = (w ^ (w >> 19)) ^ (t ^ (t >> 8)));
}
void seed(u32 x_, u32 y_, u32 z_, u32 w_) {
    x = x_;
    y = y_;
    z = z_;
    w = w_;
}
void decrypt(unsigned char *buff, int size, u32 x_, u32 y_, u32 z_, u32 w_) {
    int i;
    seed(x_, y_, z_, w_);
    for(i = 0; i         buff[i] ^= RandXor128();
    }
}
"

get SIZE asize
log MEMORY_FILE 0 SIZE
calldll MEMORY_FILE10 decrypt tcc RET MEMORY_FILE SIZE 0x1F123BB5 0x75BCD15 0x5491333 0x159A55E5
log "dump.dat" 0 SIZE MEMORY_FILE


A little note: constant number must not have characters at their end or they will be wrongly intepreted by quickbms so 0x1F123BB5 is ok while 0x1F123BB5u is bad.
Guest
This topic is now closed to further replies.
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.