API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 18th, 2019
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.88 KB | None | 0 0
raw download clone embed print report
  1. #Python doesn't support do while, so I do "while True" -> inverse check (if var1 == 1: break)
  2. from struct import unpack, pack
  3. import sys
  4.  
  5. bits_left = 0 #0x816107EC
  6. decrypt_byte = 0
  7. bytes_read = 0
  8. DAT_816107F8 = 0
  9. write_addr = 0
  10. read_addr = 0
  11.  
  12. DAT_81610804 = 0
  13. payload_start = 0
  14. DAT_8161080C = 0
  15. DAT_81610810 = 0 #no xrefs?
  16.  
  17. DAT_81610814 = 0
  18. DAT_81610818 = 0
  19. DAT_8161081C = 0
  20.  
  21. payload_entry = 0
  22.  
  23. table1 = [0] * 0x4EA #short, 2 bytes long
  24. table2 = [0] * 0x4EA #short
  25. table3 = [0] * 0x275 #short
  26. table4 = [0] * 0x275 #short
  27.  
  28. table5 = [0] * 6 #word, 4 bytes long
  29. table6 = [0] * 6 #short
  30. table7 = [0] * 6 #word
  31. # entry, flush_cache
  32. #-----------------------------------------------------
  33. def read_byte(f): #u8 read_byte(void)
  34. global read_addr
  35. byte = ord(f.read(1)) #*(payload_start + read_addr)
  36. read_addr += 1
  37. return byte
  38. #-----------------------------------------------------
  39. def write_byte(byte, o): #void write_byte(u8 byte)
  40. global write_addr
  41. o.write(chr(byte)) #*(payload_entry + write_addr)
  42. write_addr += 1
  43. #-----------------------------------------------------
  44. def get_bit(f): #u8 get_bit(void)
  45. global bits_left, decrypt_byte, bytes_read
  46.  
  47. bits_left -= 1
  48. if bits_left == -1: #read another byte
  49. decrypt_byte = read_byte(f)
  50. bits_left = 7
  51. bytes_read += 1
  52. bit = decrypt_byte >> 7
  53. decrypt_byte <<= 1
  54. return bit & 1
  55. #-----------------------------------------------------
  56. def FUN_80D131C4(r3, r4): #void FUN_80D131C4(short r3, short r4)
  57. global table1, table2, table3, table4
  58.  
  59. while True:
  60. var1 = table1[r3]
  61. table2[var1] = table2[r3] + table2[r4]
  62. if var1 == 1: break
  63. r4 = table4[table1[var1]]
  64. if (r4 == var1):
  65. r4 = table3[table1[var1]]
  66. r3 = var1
  67. if var1 == 1: break #do while var1 != 1
  68.  
  69. if table2[1] != 2000: return
  70.  
  71. for i in range(1, 0x4EA):
  72. table2[var1] >>= 1
  73. var1 += 1
  74. #-----------------------------------------------------
  75. def FUN_80D1326C(value): #void FUN_80D1326C(short value)
  76. global table1, table2, table3, table4
  77.  
  78. value += 0x275
  79. r10 = table1[value]
  80. table2[value] += 1
  81. if r10 == 1: return
  82.  
  83. r4 = table4[r10]
  84. if (r4 == value):
  85. r4 = table3[r10]
  86. FUN_80D131C4(value, r4)
  87. while True:
  88. r10_val = table1[r10]
  89. r10_val2 = r10_val
  90. r4 = table4[r10_val2]
  91. if r4 == r10:
  92. r4 = table3[r10_val2]
  93.  
  94. if table2[r4] < table2[value]:
  95. r9 = table4
  96. if table4[r10_val2] == r10:
  97. r9 = table3
  98. r9[r10_val2] = value
  99. r10_val2 = table4[r10] #overwrites 1 if we don't have another var
  100. if r10_val2 == value:
  101. table4[r10] = r4
  102. r10_val2 = table3[r10]
  103. else:
  104. table3[r10] = r4
  105.  
  106. table1[r4] = r10
  107. table1[value] = r10_val
  108. FUN_80D131C4(r4, r10_val2)
  109. value = r4
  110.  
  111. value = table1[value]
  112. r10 = table1[value]
  113. if r10 == 1: break #do while r10 != 1
  114. #-----------------------------------------------------
  115. def FUN_80D133D0(value, f): #short FUN_80D133D0(short value)
  116. ret = 0
  117. uVar1 = 1
  118. if 0 < value:
  119. while True:
  120. bit = get_bit(f)
  121. if bit != 0:
  122. ret |= uVar1
  123. value -= 1
  124. uVar1 <<= 1
  125.  
  126. if value == 0: break #do while value != 0
  127. return ret
  128. #-----------------------------------------------------
  129. def get_short(f): #short get_short(void)
  130. global table3, table4
  131.  
  132. r29 = 1
  133. while r29 < 0x275:
  134. if get_bit(f) == 0:
  135. r29 = table4[r29]
  136. else:
  137. r29 = table3[r29]
  138.  
  139. FUN_80D1326C(r29 - 0x275)
  140. return r29 - 0x275
  141. #-----------------------------------------------------
  142. def setup_tables(): #checks out
  143. global bits_left, decrypt_byte, bytes_read, DAT_816107F8, \
  144. write_addr, read_addr, DAT_81610804, DAT_8161080C, \
  145. DAT_81610814, DAT_81610818, DAT_8161081C, table1, \
  146. table2, table3, table4, table5, table6, table7
  147.  
  148. for i in range(6):
  149. table6[i] = 4 + (2 * i)
  150. DAT_8161081C = 3
  151. write_addr = 0
  152. DAT_81610814 = 0
  153. DAT_81610818 = 0
  154. bits_left = 0
  155. decrypt_byte = 0
  156. DAT_816107F8 = 0
  157. bytes_read = 0
  158. read_addr = 0
  159. for i in range(2, 0x4EA):
  160. table1[i] = i >> 1;
  161. table2[i] = 1;
  162. for i in range(1, 0x275):
  163. table3[i] = (i * 2) + 1
  164. table4[i] = i * 2
  165. l = 0
  166. for i in range(6):
  167. table5[i] = l
  168. l += 1 << table6[i]
  169. table7[i] = l - 1
  170.  
  171. DAT_81610804 = l - 1
  172. DAT_8161080C = l + 0x3F
  173. #-----------------------------------------------------
  174. def decrypt_payload(f, o):
  175. global DAT_816107F8, DAT_8161080C, table5, table6
  176.  
  177. buffer = [0] * 0x5600 #but *why*
  178.  
  179. bytes_wrote = 0
  180. setup_tables()
  181. short = get_short(f)
  182. while short != 0x100:
  183. if short < 0x100:
  184. write_byte(short, o)
  185. buffer[bytes_wrote] = short
  186. bytes_wrote += 1
  187. DAT_816107F8 += 1
  188. if bytes_wrote == DAT_8161080C:
  189. bytes_wrote = 0 #looks like debug?
  190. else:
  191. iVar1 = (short + -0x101) / 0x3E
  192. iVar6 = short + iVar1 * -0x3E + -0xFE
  193. short = FUN_80D133D0(table6[iVar1], f)
  194. uVar8 = bytes_wrote - (short + iVar6 + table5[iVar1])
  195. if uVar8 < 0:
  196. uVar8 += DAT_8161080C #looks like debug?
  197. uVar7 = bytes_wrote
  198. short = iVar6
  199. if 0 < iVar6:
  200. while True:
  201. write_byte(buffer[uVar8], o)
  202. short -= 1
  203. buffer[uVar7] = buffer[uVar8]
  204. uVar7 += 1
  205. uVar8 += 1
  206. uVar5 = uVar8 ^ DAT_8161080C
  207. uVar3 = uVar5 >> 31
  208. uVar2 = uVar7 ^ DAT_8161080C
  209. uVar4 = uVar2 >> 31
  210. DAT_816107F8 += 1
  211. uVar8 &= ((uVar3 - (uVar3 ^ uVar5)) >> 31)
  212. uVar7 &= ((uVar4 - (uVar4 ^ uVar2)) >> 31)
  213. if short == 0: break #do while short != 0
  214. bytes_wrote += iVar6
  215. if DAT_8161080C <= bytes_wrote:
  216. bytes_wrote -= DAT_8161080C
  217. short = get_short(f) #load new
  218.  
  219. #-----------------------------------------------------
  220. #FUN_80D1376C global something
  221. def entry2(f, o):
  222. global payload_start, payload_entry
  223.  
  224. payload_start = 0x80D13820
  225. payload_entry = 0x80A00000
  226. decrypt_payload(f, o)
  227. #flush_cache(0x80000000, 0x1800000); //flush entire MEM1
  228. #(*(void*)0x80A00000)(); //they blrl to fuck with people(?)
  229. #-----------------------------------------------------
  230. with open("boot.elf", "rb") as f:
  231. with open("output.bin", "wb") as o:
  232. f.seek(0xD00) #too lazy to extract
  233. entry2(f, o)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!