Upload files to "ghidra"

2026-01-03 15:34:34 +00:00 · 2026-01-03 15:34:34 +00:00 · 2f40e9d054
commit 2f40e9d054
parent 95c220e266
1 changed files with 93 additions and 0 deletions
--- a/ghidra/mockdateconverter.py
+++ b/ghidra/mockdateconverter.py
@ -0,0 +1,93 @@
 # -*- coding: utf-8 -*-
 from ghidra.app.decompiler import DecompInterface
 from ghidra.util.task import ConsoleTaskMonitor
 import re
 monitor = ConsoleTaskMonitor()
 ifc = DecompInterface()
 ifc.openProgram(currentProgram)
 funcs = [
    f for f in currentProgram.getFunctionManager().getFunctions(True)
    if "MockDateConverter" in f.getName()
 ]
 def trim_trailing_zeros(byte_list):
    out = list(byte_list)
    while out and out[-1] == 0:
        out.pop()
    return out
 def camel_to_snake(s):
    parts = re.findall(r'[A-Z][a-z0-9]*', s)
    return '_'.join(p.lower() for p in parts)
 def normalize_name(jni_name):
    if 'MockDateConverter_' in jni_name:
        name = jni_name.split('MockDateConverter_', 1)[1]
    else:
        name = jni_name
    if name.startswith('get'):
        name = name[3:]
    if name.startswith('value'):
        return 'value_' + camel_to_snake(name[5:])
    if name.startswith('key'):
        return 'key_' + camel_to_snake(name[3:])
    return camel_to_snake(name)
 print("XOR_TEMPLATES = {")
 for func in funcs:
    res = ifc.decompileFunction(func, 30, monitor)
    if not res.decompileCompleted():
        continue
    code = res.getDecompiledFunction().getC()
    xor_bytes = []
    dat_match = re.search(r'\(&DAT_[0-9a-fA-F]+\)\[uVar\d+\]', code)
    if dat_match:
        dat_label = dat_match.group(0)
        dat_name = re.search(r'DAT_[0-9a-fA-F]+', dat_label).group(0)
        dat_sym = currentProgram.getSymbolTable().getGlobalSymbols(dat_name)[0]
        addr = dat_sym.getAddress()
        mem = currentProgram.getMemory()
        raw = []
        for i in range(12):
            raw.append(mem.getByte(addr.add(i)) & 0xff)
        xor_bytes = raw
    else:
        assigns = re.findall(
            r'(local_[0-9a-fA-F]+)\s*=\s*.*?(?:\^\s*(0x[0-9a-fA-F]+|\d+))?\s*;',
            code
        )
        for local_name, val in assigns:
            idx = int(local_name.split('_')[1], 16)
            if idx < 0x70:
                continue
            if val is None or val == '':
                xor_bytes.append(0)
            elif val.startswith("0x"):
                xor_bytes.append(int(val, 16))
            else:
                xor_bytes.append(int(val))
    xor_bytes = trim_trailing_zeros(xor_bytes)
    hex_str = ''.join('%02x' % b for b in xor_bytes)
    print("    '%s': bytes.fromhex(\"%s\")," % (normalize_name(func.getName()), hex_str))
 print("}")