Decrypting some possibly XXTEA encrypted lua/game files

Question

I am trying to extract assets from a Chinese game, I downloaded the apk file and unzipped it. I looked through the files and they are encrypted in some ways, the PNGs and LUAs are unviewable.

The engine the game used was called TerransForceEngine which does not show any results in Google Search. I had a look in the lib folder and decided to open up the  libtpnsSecurity.so file because of its name. I opened it in IDA and found some strings that may suggest that the so file is the one containing the encrypting and decrypting algorithms.

Unfortunately I have no experience in using IDA. I have tried following other topics but they are usually about games which use Cocos2D and I couldn't follow the steps provided in said topic.

The game's server leaked its Directories and I downloaded a few files with wget, there are php files and one of them is xxtea.php which is just a source code of the algorithm. I attached leak files here: https://www.dropbox.com/s/wkxs4s3v9wwf5ym/leak.zip?dl=0

The .so file, lib folder containing others .so files, example lua and png files can be download here: https://www.dropbox.com/s/alj37ai7qd4lmqh/game.zip?dl=0

Minh Nguyen · Answer

Next time please include the original apk in your question. Luckily I'm working on the same game so I can help somewhat.
Get the old apk (yzjlzl_2.80_1_20180918_170403_83de83.apk) from bilibili (google it) and use IDA to decompile it. This is an obvious solution to JNI_Onload obfuscation if you want to do static debugging.
One of the other way to do this is a Live Debugging with Frida, but I'm sure we're not interested into it bc we need the decryption schema.

Decrypting some possibly XXTEA encrypted lua/game files

One Answer

Add your own answers!

Ask a Question