这里的任何人都可以帮助我解密保护本主题末尾链接的此 LUA 脚本的 SSL 加密吗?
基本上它们是用 Base64 然后 SSL 编码的,但我不知道如何做 SSL 部分。它们与一个名为“传奇机器人”的程序一起使用,有人告诉我可以通过转储所述程序的解密功能并使用它来获取 SSL 密钥来破解加密。但是,我不知道从哪里开始。
基本上,这些脚本通过连接到编码到脚本中的身份验证服务器来工作,我通过从网络数据包中嗅探到他们身份验证服务器的流量以获取他们的服务器链接并基本上创建了我自己的身份验证服务器,从而获得了一些自己的脚本使用 Apache,然后将流向他们服务器的网络流量从脚本重定向到我自己的,以获得脚本验证的响应。
对于某些具有更强加密功能的脚本,这并不容易,我必须访问源代码以删除运行身份验证服务器检查的编码。直到几天前,我都不知道 lua 编码是如何工作的,甚至不知道如何计算身份验证服务器检查如何由于 lua 混淆而在简单的文本文件中进行编码。
所以,请耐心等待,我希望有人能插话并告诉我我能做什么。
Base64 部分首先是 SSL 部分在底部。
因为它不再使用了,我会告诉你:)
print("SSL Decoder version 2.0")
print("Copyright (C) 2015")
print("Decoding Started...")
local infilename = select(1,...)
local outfilename = select(2,...)
local infile = io.open(infilename, "r")
if not infile then
error("Failed to open input file.")
end
local intext = infile:read("*a")
infile:close()
local ssltabletext = intext:match("SSL%s*%(%s*%{([%s,0-9]*)%}%s*%)")
if not ssltabletext then
error("Could not find ssl table in source file.")
end
local ssltable = load("return {"..ssltabletext.."}")()
if #ssltable < 255 then
error("SSL table is too short -- can't find table encryption key.")
end
-- find decryption key for the ssl table
local decrypt = {}
decrypt[0] = 0
for i = 1,255 do
local dec = i
local enc = ssltable[i]
assert(decrypt[enc] == nil)
decrypt[enc] = dec
end
-- decrypt ssl table
for i = 256, #ssltable - 256 do -- not sure what last 256 bytes are
ssltable[i] = decrypt[ssltable[i] ]
end
-- If this does a stack overflow, easy to change to something dumb but more robust
local sslcode = string.char(table.unpack(ssltable, 256, #ssltable - 256))
-- This is interesting --
--print(sslcode)
local keyindex = sslcode:match("local Key%s*=%s*'()")
if not keyindex then
error("Could not find key in decoded ssl table.")
end
local key = sslcode:sub(keyindex)
local length = 0
while true do
local c = key:sub(length+1, length+1)
if c == "" then
error("Key string was not terminated.")
elseif c == "'" then
break
elseif c == "\\" then
local c2 = key:sub(length+2, length+2)
if c2:match("%d") then
local c3 = key:sub(length+3, length+3)
if c3:match("%d") then
local c4 = key:sub(length+4, length+4)
if c4:match("%d") then
length = length + 4
else
length = length + 3
end
else
length = length + 2
end
elseif c2 == "x" then
length = length + 4
else
length = length + 2
end
else
length = length + 1
end
end
key = key:sub(1, length)
if #key == 0 then
error("Key is empty")
end
print("Key Found! > " .. key)
print("Decoding finished, outfile is at > " .. outfilename)
-- find base64
local b64 = intext:match("_G.ScriptCode%s*=%s*Base64Decode%s*%(%s*\"([a-zA-Z0-9/+]*=*)\"%s*%)")
if not b64 then
error("Could not find Base-64 encrypted code in source file.")
end
-- base64 decode
local b64val = {}
for i = 0, 25 do
do
local letter = string.byte("A")
b64val[string.char(letter+i)] = i
end
do
local letter = string.byte("a")
b64val[string.char(letter+i)] = i + 26
end
end
for i = 0, 9 do
local numeral = string.byte("0")
b64val[string.char(numeral+i)] = i + 52
end
b64val["+"] = 62
b64val["/"] = 63
b64val["="] = 0
local encoded = b64:gsub("(.)(.)(.)(.)",function(a,b,c,d)
local n = b64val[a] * (64 * 64 * 64) + b64val[b] * (64 * 64) + b64val[c] * 64 + b64val[d]
local b1 = n % 256; n = (n - b1) / 256
local b2 = n % 256; n = (n - b2) / 256
local b3 = n
if d == "=" then
if c == "=" then
assert(b1 == 0 and b2 == 0)
return string.char(b3)
else
assert(b1 == 0)
return string.char(b3, b2)
end
else
return string.char(b3, b2, b1)
end
end)
-- decode
local decoded = encoded:gsub("()(.)", function(i, c)
local b = c:byte()
local ki = ((i - 1) % #key) + 1
local k = key:byte(ki,ki)
b = b - k
if b < 0 then b = b + 256 end
return string.char(b)
end)
-- verify
local result, err = load(decoded)
if not result then
error("Decoded file could not be loaded -- it may be corrupt... ("..tostring(err)..")")
end
-- output
local outfile = io.open(outfilename, "wb")
if not outfile then
error("Failed to open output file.")
end
outfile:write(decoded)
outfile:close()