Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- __forceinline __int64 decrypt_uworld(const uint32_t key, const uint64_t* state)
- {
- unsigned __int64 v19; // rcx
- unsigned __int64 v20; // rdi
- __int64 v21; // r8
- unsigned __int64 v22; // r10
- unsigned __int64 v23; // r11
- unsigned __int64 v24; // r8
- unsigned __int64 v25; // r10
- unsigned __int64 v26; // rcx
- unsigned __int64 v27; // rdx
- v19 = 2685821657736338717i64
- * ((unsigned int)key ^ (unsigned int)(key << 25) ^ (((unsigned int)key ^ ((unsigned __int64)(unsigned int)key >> 15)) >> 12))
- % 7;
- v20 = state[v19];
- v21 = (2685821657736338717i64
- * ((unsigned int)key ^ (unsigned int)(key << 25) ^ (((unsigned int)key ^ ((unsigned __int64)(unsigned int)key >> 15)) >> 12))) >> 32;
- switch ((unsigned int)v19 % 7)
- {
- case 0u:
- v22 = v20 - (unsigned int)(v21 - 1);
- goto LABEL_25;
- case 1u:
- v20 = __ROL8__(v20 - (unsigned int)(v21 + 2 * v19), (unsigned __int8)(((int)v21 + (int)v19) % 0x3Fu) + 1);
- break;
- case 2u:
- v20 = ~(v20 - (unsigned int)(v21 + 2 * v19));
- break;
- case 3u:
- v26 = 2 * ((2 * v20) ^ ((2 * v20) ^ (v20 >> 1)) & 0x5555555555555555i64);
- v20 = v26 ^ (v26 ^ (((2 * v20) ^ ((2 * v20) ^ (v20 >> 1)) & 0x5555555555555555i64) >> 1)) & 0x5555555555555555i64;
- break;
- case 4u:
- v27 = __ROR8__(v20, (unsigned __int8)(((int)v21 + 2 * (int)v19) % 0x3Fu) + 1);
- v20 = (2 * v27) ^ ((2 * v27) ^ (v27 >> 1)) & 0x5555555555555555i64;
- break;
- case 5u:
- v22 = __ROR8__(v20, (unsigned __int8)(((int)v21 + 2 * (int)v19) % 0x3Fu) + 1);
- LABEL_25:
- v23 = (2 * v22) ^ ((2 * v22) ^ (v22 >> 1)) & 0x5555555555555555i64;
- v24 = (4 * v23) ^ ((4 * v23) ^ (v23 >> 2)) & 0x3333333333333333i64;
- v25 = (16 * v24) ^ ((16 * v24) ^ (v24 >> 4)) & 0xF0F0F0F0F0F0F0Fi64;
- v20 = __ROL8__((v25 << 8) ^ ((v25 << 8) ^ (v25 >> 8)) & 0xFF00FF00FF00FFi64, 32);
- break;
- case 6u:
- v20 = ~v20 - (unsigned int)(v21 + v19);
- break;
- default:
- break;
- }
- return v20 ^ (unsigned int)key;
- }
- //general globals
- HANDLE h_process = nullptr;
- uint32_t proc_id = 0;
- uint64_t main_base = 0;
- uintptr_t GetModuleBaseAddress(DWORD procId, const wchar_t* modName)
- {
- uintptr_t modBaseAddr = 0;
- HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
- if (hSnap != INVALID_HANDLE_VALUE)
- {
- MODULEENTRY32 modEntry;
- modEntry.dwSize = sizeof(modEntry);
- if (Module32First(hSnap, &modEntry))
- {
- do
- {
- if (!_wcsicmp(modEntry.szModule, modName))
- {
- modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
- break;
- }
- } while (Module32Next(hSnap, &modEntry));
- }
- }
- CloseHandle(hSnap);
- return modBaseAddr;
- }
- //if (!ReadProcessMemory(h_process, mbi.BaseAddress, dump, mbi.RegionSize, NULL))
- __forceinline uint64_t read_uworld()
- {
- uint64_t key = 0;/* = Read<uint64_t>(g_ProcessBase + 0x6B86EF8);*/
- if (!ReadProcessMemory(h_process, (void*)(main_base + 0x6C36D78), &key, sizeof(uint64_t), NULL)) {
- cout << " [-] RPM1 failed!" << endl;
- return 0;
- }
- #pragma pack(push, 1)
- struct State
- {
- uint64_t Keys[7];
- };
- #pragma pack(pop)
- State state = { 0 }; /*Read<State>(g_ProcessBase + 0x6B86EC0);*/
- if (!ReadProcessMemory(h_process, (void*)(main_base + 0x6C36D40), &state, sizeof(State), NULL)) {
- cout << " [-] RPM2 failed!" << endl;
- return 0;
- }
- uint64_t decrypted = 0;
- if (!ReadProcessMemory(h_process, (void*)(decrypt_uworld(key, (const uint64_t*)& state)), &decrypted, sizeof(uint64_t), NULL)) {
- cout << " [-] RPM3 failed!" << endl;
- return 0;
- }
- return decrypted;
- /*return Read<uint64_t>(DecryptUWorld(key, (const uint64_t*)& state));*/
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement