mirror of
https://github.com/Ap0dexMe0/unixtract.git
synced 2026-07-16 05:04:22 +02:00
Consistency cleanup + add MSD11 and SDDL.SEC extractors
This commit is contained in:
@@ -0,0 +1,214 @@
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::fs::{self, File, OpenOptions};
|
||||
use std::io::{self, Read, Seek, SeekFrom, Write};
|
||||
|
||||
use aes::Aes128;
|
||||
use flate2::read::ZlibDecoder;
|
||||
use cbc::{Decryptor, cipher::{block_padding::Pkcs7, BlockDecryptMut, KeyIvInit}};
|
||||
|
||||
type Aes128CbcDec = Decryptor<Aes128>;
|
||||
|
||||
use crate::common;
|
||||
|
||||
pub fn is_sddl_sec_file(file: &File) -> bool {
|
||||
let header = common::read_file(&file, 0, 8).expect("Failed to read from file.");
|
||||
if header == b"\x12\xB8\x02\x8C\x6F\xC6\xBD\x15" {
|
||||
true
|
||||
} else {
|
||||
false
|
||||
}
|
||||
}
|
||||
|
||||
fn decrypt(encrypted_data: &[u8], key: &[u8; 16], iv: &[u8; 16]) -> Result<Vec<u8>, Box<dyn std::error::Error>> {
|
||||
let mut data = encrypted_data.to_vec();
|
||||
let decryptor = Aes128CbcDec::new(key.into(), iv.into());
|
||||
let decrypted = decryptor.decrypt_padded_mut::<Pkcs7>(&mut data)
|
||||
.map_err(|e| format!("!!Decryption error!!: {:?}", e))?;
|
||||
|
||||
Ok(decrypted.to_vec())
|
||||
}
|
||||
|
||||
//ported from original from https://nese.team/posts/justctf/
|
||||
fn decipher(s: &[u8], len_: usize) -> Vec<u8> {
|
||||
let mut v3: u32 = 904;
|
||||
let mut out = s.to_vec();
|
||||
let mut cnt = 0;
|
||||
|
||||
if len_ > 0 {
|
||||
let true_len = if len_ >= 0x80 {
|
||||
128
|
||||
} else {
|
||||
len_
|
||||
};
|
||||
|
||||
if true_len > 0 {
|
||||
let mut i = 0;
|
||||
let mut j: u8 = 0;
|
||||
|
||||
while i < s.len() {
|
||||
let iter_ = s[i];
|
||||
i += 1;
|
||||
j = j.wrapping_add(1);
|
||||
|
||||
let v11 = (iter_ as u32).wrapping_add(38400) & 0xffffffff;
|
||||
let v12 = iter_ ^ ((v3 & 0xff00) >> 8) as u8;
|
||||
v3 = v3.wrapping_add(v11).wrapping_add(163) & 0xffffffff;
|
||||
|
||||
if j == 0 {
|
||||
v3 = 904;
|
||||
}
|
||||
|
||||
if cnt < out.len() {
|
||||
out[cnt] = v12;
|
||||
cnt += 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
out
|
||||
}
|
||||
|
||||
fn decompress_zlib(data: &[u8]) -> io::Result<Vec<u8>> {
|
||||
let mut decoder = ZlibDecoder::new(data);
|
||||
let mut decompressed = Vec::new();
|
||||
decoder.read_to_end(&mut decompressed)?;
|
||||
|
||||
Ok(decompressed)
|
||||
}
|
||||
|
||||
pub fn extract_sddl_sec(file: &File, output_folder: &str) -> Result<(), Box<dyn std::error::Error>> {
|
||||
|
||||
let file_size = file.metadata()?.len();
|
||||
|
||||
let key = [
|
||||
0x26, 0xE0, 0x96, 0xD3, 0xEF, 0x8A, 0x8F, 0xBB,
|
||||
0xAA, 0x5E, 0x51, 0x6F, 0x77, 0x26, 0xC2, 0x2C,
|
||||
];
|
||||
|
||||
let iv = [
|
||||
0x3E, 0x4A, 0xE2, 0x3A, 0x69, 0xDB, 0x81, 0x54,
|
||||
0xCD, 0x88, 0x38, 0xC4, 0xB9, 0x0C, 0x76, 0x66,
|
||||
];
|
||||
|
||||
let mut offset = 32;
|
||||
|
||||
while offset < file_size {
|
||||
let header = common::read_file(&file, offset, 32)?;
|
||||
let decrypted_header: Vec<u8>;
|
||||
|
||||
match decrypt(&header, &key, &iv) {
|
||||
Ok(v) => decrypted_header = v,
|
||||
Err(_) => {
|
||||
// SDDL files can have a footer(signature?) of 0x80 OR 0x100 lenght in later ones, and there is no good way to detect it before entering the while loop and the footer has no common header.
|
||||
// so we can assume if a file fails to decode at negative offsets 0x80 or 0x100, that is the footer and it can be skipped.
|
||||
if offset == file_size - 128 {
|
||||
break
|
||||
} else if offset == file_size - 256{
|
||||
break
|
||||
} else {
|
||||
println!("!!Decryption error!! This file is invalid or not compatible!");
|
||||
std::process::exit(0)
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
let decrypted_string = String::from_utf8_lossy(&decrypted_header);
|
||||
|
||||
let filename = decrypted_string.split("\0").next().unwrap();
|
||||
let size_str = &decrypted_string[decrypted_string.len() - 12..];
|
||||
let size: u64 = size_str.parse().unwrap();
|
||||
|
||||
println!("\nFile: {}, Size: {}", filename, size);
|
||||
|
||||
offset += 32;
|
||||
|
||||
let data = common::read_file(&file, offset, size.try_into().unwrap())?;
|
||||
let decrypted_data = decrypt(&data, &key, &iv)?;
|
||||
|
||||
if decrypted_data.starts_with(&[0x11, 0x22, 0x33, 0x44]) && filename != "SDIT.FDI"{ // header of obfuscated file, SDIT.FDI also has this header but seems to work differently so its skipped
|
||||
|
||||
println!("- Version: {}.{}{}{}", decrypted_data[24], decrypted_data[25], decrypted_data[26], decrypted_data[27]);
|
||||
println!("- Deciphering...");
|
||||
let deciphered_data = decipher(&decrypted_data[48..], decrypted_data[48..].len());
|
||||
|
||||
let control_byte = decrypted_data[34];
|
||||
let out_data: Vec<u8>;
|
||||
|
||||
if control_byte == 3 {
|
||||
println!("-- Decompressing...");
|
||||
out_data = decompress_zlib(&deciphered_data)?;
|
||||
} else {
|
||||
println!("-- Uncompressed...");
|
||||
out_data = deciphered_data;
|
||||
}
|
||||
|
||||
let first_byte;
|
||||
if out_data[1] & 0xF0 == 0xD0 {
|
||||
first_byte = out_data[1] & 0x0F;
|
||||
} else {
|
||||
first_byte = out_data[1];
|
||||
}
|
||||
|
||||
let dest_offset = u32::from_be_bytes([first_byte, out_data[2], out_data[3], out_data[4]]);
|
||||
|
||||
let source_offset = u32::from_be_bytes([0x00, out_data[6], out_data[7], out_data[8]]);
|
||||
|
||||
let path: PathBuf;
|
||||
let msg: &str;
|
||||
|
||||
if filename.starts_with("PEAKS.F") {
|
||||
if source_offset == 270 { //unique for 2014-2018 files
|
||||
let embedded_file_name_string = String::from_utf8_lossy(&out_data[14..270]);
|
||||
let embedded_file_name = embedded_file_name_string.split("\0").next().unwrap();
|
||||
println!("--- Embedded file: {}", embedded_file_name);
|
||||
|
||||
let folder_path = Path::new(&output_folder).join("PEAKS");
|
||||
fs::create_dir_all(&folder_path)?;
|
||||
path = Path::new(&folder_path).join(embedded_file_name);
|
||||
msg = "to PEAKS";
|
||||
} else {
|
||||
path = Path::new(&output_folder).join("PEAKS.bin");
|
||||
msg = "to PEAKS.bin";
|
||||
}
|
||||
} else {
|
||||
path = Path::new(&output_folder).join(filename);
|
||||
msg = "file";
|
||||
}
|
||||
|
||||
fs::create_dir_all(&output_folder)?;
|
||||
let mut file = OpenOptions::new()
|
||||
.read(true)
|
||||
.write(true)
|
||||
.create(true)
|
||||
.open(path)?;
|
||||
|
||||
file.seek(SeekFrom::Start(dest_offset as u64))?;
|
||||
file.write_all(&out_data[source_offset as usize..])?;
|
||||
println!("--- Saved {}!", msg);
|
||||
|
||||
} else {
|
||||
let out_data = decrypted_data;
|
||||
if filename.ends_with(".TXT") {
|
||||
println!("{}", String::from_utf8_lossy(&out_data));
|
||||
} else {
|
||||
let path = Path::new(&output_folder).join(filename);
|
||||
|
||||
fs::create_dir_all(&output_folder)?;
|
||||
let mut file = OpenOptions::new()
|
||||
.write(true)
|
||||
.create(true)
|
||||
.open(path)?;
|
||||
|
||||
file.write_all(&out_data)?;
|
||||
println!("-- Saved file!");
|
||||
}
|
||||
}
|
||||
|
||||
offset += size;
|
||||
}
|
||||
|
||||
println!("\nExtraction finished!");
|
||||
|
||||
Ok(())
|
||||
}
|
||||
Reference in New Issue
Block a user