Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
redive tools update
- cdb ver3 toolkit
  • Loading branch information
esterTion committed Sep 8, 2018
1 parent 952eecc commit c579e4b
Show file tree
Hide file tree
Showing 4 changed files with 102 additions and 79 deletions.
Binary file added redive/Coneshell_call/coneshell_cdb_ver2.7z
Binary file not shown.
Binary file added redive/Coneshell_call/coneshell_cdb_ver3.7z
Binary file not shown.
175 changes: 99 additions & 76 deletions redive/Coneshell_call/main.cpp
@@ -1,8 +1,8 @@
/**
* coneshell.dll caller
* @author EAirPeter & esterTion
* coneshell.dll is from (c)Cygames Inc.
*/
* coneshell.dll caller
* @author EAirPeter & esterTion
* coneshell.dll is from (c)Cygames Inc.
*/
#define _CRT_SECURE_NO_WARNINGS
#define _WIN32_LEAN_AND_MEAN

Expand Down Expand Up @@ -68,37 +68,121 @@ string hex2bin(string hex) {
}

int main(int argc, const char* argv[]) {
//auto h = Wrap(LoadLibraryA("E:/Game/DMM/priconner/PrincessConnectReDive_Data/Plugins/coneshell.dll"), &FreeLibrary);
auto h = Wrap(LoadLibraryA("coneshell.dll"), &FreeLibrary);
using Int = std::int32_t;
using Long = std::int64_t;
using IntPtr = void *;
using ByteArray = char *;
auto *_fx00 = (IntPtr(*)()) GetProcAddress(h.get(), "_fx00");
auto *_a = (IntPtr(*)()) _fx00(); // 获取函数指针
auto *_a = (IntPtr(*)()) _fx00(); // 获取函数指针
auto *_e = (Int(*)(IntPtr, ByteArray, Int, ByteArray, Int)) _a(); // Pack(IntPtr out, ByteArray body, int bodyLen, ByteArray iv, int unk)
auto *_g = (Int(*)(IntPtr, ByteArray, Int)) _a(); // Unpack(IntPtr out, ByteArray body, int bodyLen)
auto *_h = (Int(*)(IntPtr, Int, IntPtr, Int)) _a(); // DecompressUnpacked(IntPtr out, int decompressedSize, IntPtr body, int bodyLen)
auto *_c = (void(*)()) _a(); // ResetContext()
auto *_i = (IntPtr(*)(ByteArray, Long, ByteArray)) _a(); // OpenCustomVFS(ByteArray cdb, int cdbSize, ByteArray dbName)
auto *_j = (void(*)(IntPtr)) _a(); // CloseVFS(IntPtr vfsHandle)
auto *_b = (Int(*)(ByteArray, ByteArray)) _a(); // InitializeContext(udid, key)
auto *_d = (Int(*)(Int, Int)) _a(); // GetPackedSize(int bodySize)
auto *_f = (Int(*)(Int)) _a(); // GetUnpackedSize(int bodySize)
auto *_g = (Int(*)(IntPtr, ByteArray, Int)) _a(); // Unpack(IntPtr out, ByteArray body, int bodyLen)
auto *_h = (Int(*)(IntPtr, Int, IntPtr, Int)) _a(); // DecompressUnpacked(IntPtr out, int decompressedSize, IntPtr body, int bodyLen)
auto *_c = (void(*)()) _a(); // ResetContext()
auto *_i = (IntPtr(*)(ByteArray, Long, ByteArray)) _a(); // OpenCustomVFS(ByteArray cdb, int cdbSize, ByteArray dbName)
auto *_j = (void(*)(IntPtr)) _a(); // CloseVFS(IntPtr vfsHandle)
auto *_b = (Int(*)(ByteArray, ByteArray)) _a(); // InitializeContext(udid, key)
auto *_d = (Int(*)(Int, Int)) _a(); // GetPackedSize(int bodySize)
auto *_f = (Int(*)(Int)) _a(); // GetUnpackedSize(int bodySize)

if (argc < 4) {
cerr << endl << "Not enough param" << endl
<< "\t-cdb\t\t<in> <out>\tunpack cdb" << endl
<< "\t-pack-<udid>\t<in> <out>\tpack request body from json" << endl
<< "\t-unpack-<udid>\t<in> <out>\tunpack response body to json" << endl;
Sleep(3e3);
return 1;
}
string mode = argv[1];
if (mode == "-cdb") {
auto cdb = ReadAll(argv[2]);
char name[]{ "master.mdb" };
//pre key transformation
if (cdb[3] == 3) {
uint8_t *cdbChar = (uint8_t*)cdb.data();
uint64_t v12 = 0;
uint64_t v13, v14, v15, v16;
uint8_t v109[16];
v13 = 2
* ((((((((unsigned __int64)cdbChar[32] << 56) & 0xFF00FFFFFFFFFFFFLL | ((unsigned __int64)cdbChar[33] << 48)) & 0xFFFF00FFFFFFFFFFLL | ((unsigned __int64)cdbChar[34] << 40)) & 0xFFFFFF00FFFFFFFFLL | ((unsigned __int64)cdbChar[35] << 32)) & 0xFFFFFFFF00FFFFFFLL | ((unsigned __int64)cdbChar[36] << 24)) & 0xFFFFFFFFFF00FFFFLL | ((unsigned __int64)cdbChar[37] << 16)) & 0xFFFFFFFFFFFF00FFLL | ((unsigned __int64)cdbChar[38] << 8) | cdbChar[39]) | 1;
v14 = v13
+ 0x5851F42D4C957F2DLL
* (v13
+ ((((((((unsigned __int64)cdbChar[24] << 56) & 0xFF00FFFFFFFFFFFFLL | ((unsigned __int64)cdbChar[25] << 48)) & 0xFFFF00FFFFFFFFFFLL | ((unsigned __int64)cdbChar[26] << 40)) & 0xFFFFFF00FFFFFFFFLL | ((unsigned __int64)cdbChar[27] << 32)) & 0xFFFFFFFF00FFFFFFLL | ((unsigned __int64)cdbChar[28] << 24)) & 0xFFFFFFFFFF00FFFFLL | ((unsigned __int64)cdbChar[29] << 16)) & 0xFFFFFFFFFFFF00FFLL | ((unsigned __int64)cdbChar[30] << 8) | cdbChar[31]));
v15 = 2
* ((((((((unsigned __int64)cdbChar[12] << 56) & 0xFF00FFFFFFFFFFFFLL | ((unsigned __int64)cdbChar[13] << 48)) & 0xFFFF00FFFFFFFFFFLL | ((unsigned __int64)cdbChar[14] << 40)) & 0xFFFFFF00FFFFFFFFLL | ((unsigned __int64)cdbChar[15] << 32)) & 0xFFFFFFFF00FFFFFFLL | ((unsigned __int64)cdbChar[16] << 24)) & 0xFFFFFFFFFF00FFFFLL | ((unsigned __int64)cdbChar[17] << 16)) & 0xFFFFFFFFFFFF00FFLL | ((unsigned __int64)cdbChar[18] << 8) | cdbChar[19]) | 1;
v16 = v15
+ 0x5851F42D4C957F2DLL
* (v15
+ ((((((((unsigned __int64)cdbChar[4] << 56) & 0xFF00FFFFFFFFFFFFLL | ((unsigned __int64)cdbChar[5] << 48)) & 0xFFFF00FFFFFFFFFFLL | ((unsigned __int64)cdbChar[6] << 40)) & 0xFFFFFF00FFFFFFFFLL | ((unsigned __int64)cdbChar[7] << 32)) & 0xFFFFFFFF00FFFFFFLL | ((unsigned __int64)cdbChar[8] << 24)) & 0xFFFFFFFFFF00FFFFLL | ((unsigned __int64)cdbChar[9] << 16)) & 0xFFFFFFFFFFFF00FFLL | ((unsigned __int64)cdbChar[10] << 8) | cdbChar[11]));
do
{
uint64_t v17 = v13 + 0x5851F42D4C957F2DLL * v14;
uint64_t v18 = _lrotr((v14 ^ (v14 >> 18)) >> 27, v14 >> 59);
uint64_t v19 = _lrotr((v16 ^ (v16 >> 18)) >> 27, v16 >> 59);
v109[v12] = v18 ^ v19;
uint64_t v20 = 0LL;
uint64_t v21 = 1LL;
if (v19)
{
uint64_t v22 = v13;
uint64_t v23 = 6364136223846793005LL;
v19 = (unsigned int)v19;
do
{
if (v19 & 1)
v21 *= v23;
if (v19 & 1)
v20 = v22 + v23 * v20;
v22 *= v23 + 1;
v23 *= v23;
v19 >>= 1;
} while (v19);
}
uint64_t v24 = v15 + 0x5851F42D4C957F2DLL * v16;
v14 = v20 + v21 * v17;
uint64_t v25 = 0LL;
uint64_t v26 = 1LL;
if (v18)
{
uint64_t v27 = v15;
uint64_t v28 = 0x5851F42D4C957F2DLL;
v18 = (unsigned int)v18;
do
{
if (v18 & 1)
v26 *= v28;
if (v18 & 1)
v25 = v27 + v28 * v25;
v27 *= v28 + 1;
v28 *= v28;
v18 >>= 1;
} while (v18);
}
v16 = v25 + v26 * v24;
++v12;
} while (v12 != 16);
int i = 0;
do {
cdbChar[0x3c + i] = cdbChar[20 + i];
i++;
} while (i != 8);
i = 0;
do {
cdbChar[8 + i] = v109[i];
++i;
} while (i != 16);
//cdbChar[3] = 2;
}
else {
return -1;
}
// prepare cdb to vfs
auto vfs = _i((ByteArray)cdb.data(), (Long)cdb.size(), name);
int* dbSize = (int*)((char*)vfs + 0x58);
char* dbData = (char*)vfs + 0x1000;
WriteAll(argv[3], dbData, *dbSize);
return 0;

auto res = sqlite3_vfs_register((sqlite3_vfs *)vfs, 0);
if (res)
return res;
Expand All @@ -121,70 +205,9 @@ int main(int argc, const char* argv[]) {
return res;
return 0;
}
else if (mode.substr(0, 7) == "-unpack") {
//string udid = "edcadba12a674a089107d8065a031742";
string udid = mode.substr(8);
string udidHex = hex2bin(udid);
int res0 = _b((ByteArray)udidHex.c_str(), "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");

// pack once before unpack
char body[] = { "{}" };
int packedLen = _d(strlen(body), 0);
ByteArray packed = (ByteArray)malloc(packedLen);
int res = _e(packed, body, strlen(body), "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 0);
free(packed);

// unpack
auto encrypted = ReadAll(argv[2]);
auto unpackedLen = _f(encrypted.size());
IntPtr unpacked = (IntPtr)malloc(unpackedLen);
memset(unpacked, 0, unpackedLen);
res = _g(unpacked, (ByteArray)encrypted.data(), encrypted.size());
if (res < 0) {
return 2;
}

// uncompress?
char* output;
int outputSize;
IntPtr json = NULL;
unsigned int uncompressedSize = *(char*)unpacked + (*((char*)unpacked + 1) << 8) + (*((char*)unpacked + 2) << 16) + (*((char*)unpacked + 3) << 24);
if (uncompressedSize > 0) {
json = (IntPtr)malloc(uncompressedSize);
int res2 = _h(json, uncompressedSize, (char*)unpacked + 4, unpackedLen - 4);
if (res2 < 0) {
return 2;
}
output = (char*)json;
outputSize = res2;
}
else {
output = (char*)unpacked + 4;
outputSize = unpackedLen - 4;
}
WriteAll(argv[3], output, outputSize);
free(unpacked);
if (json != NULL) free(json);
return 0;
}
else if (mode.substr(0, 5) == "-pack") {
auto body = ReadAll(argv[2]);
//string udid = "edcadba12a674a089107d8065a031742";
string udid = mode.substr(6);
string udidHex = hex2bin(udid);
_b((ByteArray)udidHex.c_str(), "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
int packedLen = _d(body.size(), 0);
ByteArray packed = (ByteArray)malloc(packedLen);
int res = _e(packed, (ByteArray)body.c_str(), body.size(), "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 0);
if (res > 0)
WriteAll(argv[3], packed, res);
free(packed);
}
else {
cerr << endl << "Not recognized param" << endl
<< "\t-cdb\t\t<in> <out>\tunpack cdb" << endl
<< "\t-pack-<udid>\t<in> <out>\tpack request body from json" << endl
<< "\t-unpack-<udid>\t<in> <out>\tunpack response body to json" << endl;
return 1;
}
}
6 changes: 3 additions & 3 deletions redive/main.php
Expand Up @@ -394,10 +394,10 @@ function main() {
$manifest = file_get_contents('data/+manifest_masterdata.txt');
$manifest = array_map(function ($i){ return explode(',', $i); }, explode("\n", $manifest));
foreach ($manifest as $entry) {
if ($entry[0] === 'a/masterdata_master.cdb') { $manifest = $entry; break; }
if ($entry[0] === 'a/masterdata_master_0003.cdb') { $manifest = $entry; break; }
}
if ($manifest[0] !== 'a/masterdata_master.cdb') {
_log('masterdata_master.cdb not found');
if ($manifest[0] !== 'a/masterdata_master_0003.cdb') {
_log('masterdata_master_0003.cdb not found');
//file_put_contents('stop_cron', '');
file_put_contents('last_version', json_encode($last_version));
chdir('data');
Expand Down

1 comment on commit c579e4b

@esterTion
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.