From 2f40e9d05484a62a4265d61f3e092b952ddb2796 Mon Sep 17 00:00:00 2001
From: Mike <mike@noreply.localhost>
Date: Sat, 3 Jan 2026 15:34:34 +0000
Subject: [PATCH] Upload files to "ghidra"

---
 ghidra/mockdateconverter.py | 93 +++++++++++++++++++++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 ghidra/mockdateconverter.py

diff --git a/ghidra/mockdateconverter.py b/ghidra/mockdateconverter.py
new file mode 100644
index 0000000..c9f10aa
--- /dev/null
+++ b/ghidra/mockdateconverter.py
@@ -0,0 +1,93 @@
+# -*- coding: utf-8 -*-
+
+from ghidra.app.decompiler import DecompInterface
+from ghidra.util.task import ConsoleTaskMonitor
+import re
+
+monitor = ConsoleTaskMonitor()
+
+ifc = DecompInterface()
+ifc.openProgram(currentProgram)
+
+funcs = [
+    f for f in currentProgram.getFunctionManager().getFunctions(True)
+    if "MockDateConverter" in f.getName()
+]
+
+def trim_trailing_zeros(byte_list):
+    out = list(byte_list)
+    while out and out[-1] == 0:
+        out.pop()
+    return out
+
+def camel_to_snake(s):
+    parts = re.findall(r'[A-Z][a-z0-9]*', s)
+    return '_'.join(p.lower() for p in parts)
+
+def normalize_name(jni_name):
+    if 'MockDateConverter_' in jni_name:
+        name = jni_name.split('MockDateConverter_', 1)[1]
+    else:
+        name = jni_name
+
+    if name.startswith('get'):
+        name = name[3:]
+
+    if name.startswith('value'):
+        return 'value_' + camel_to_snake(name[5:])
+    if name.startswith('key'):
+        return 'key_' + camel_to_snake(name[3:])
+
+    return camel_to_snake(name)
+
+print("XOR_TEMPLATES = {")
+
+for func in funcs:
+    res = ifc.decompileFunction(func, 30, monitor)
+    if not res.decompileCompleted():
+        continue
+
+    code = res.getDecompiledFunction().getC()
+
+    xor_bytes = []
+
+    dat_match = re.search(r'\(&DAT_[0-9a-fA-F]+\)\[uVar\d+\]', code)
+    if dat_match:
+        dat_label = dat_match.group(0)
+        dat_name = re.search(r'DAT_[0-9a-fA-F]+', dat_label).group(0)
+        dat_sym = currentProgram.getSymbolTable().getGlobalSymbols(dat_name)[0]
+        addr = dat_sym.getAddress()
+
+        mem = currentProgram.getMemory()
+        raw = []
+        for i in range(12):
+            raw.append(mem.getByte(addr.add(i)) & 0xff)
+
+        xor_bytes = raw
+
+    else:
+        assigns = re.findall(
+            r'(local_[0-9a-fA-F]+)\s*=\s*.*?(?:\^\s*(0x[0-9a-fA-F]+|\d+))?\s*;',
+            code
+        )
+
+        for local_name, val in assigns:
+            idx = int(local_name.split('_')[1], 16)
+
+            if idx < 0x70:
+                continue
+
+            if val is None or val == '':
+                xor_bytes.append(0)
+            elif val.startswith("0x"):
+                xor_bytes.append(int(val, 16))
+            else:
+                xor_bytes.append(int(val))
+
+    xor_bytes = trim_trailing_zeros(xor_bytes)
+
+    hex_str = ''.join('%02x' % b for b in xor_bytes)
+
+    print("    '%s': bytes.fromhex(\"%s\")," % (normalize_name(func.getName()), hex_str))
+
+print("}")