# -*- coding: utf-8 -*- from ghidra.app.decompiler import DecompInterface from ghidra.util.task import ConsoleTaskMonitor import re monitor = ConsoleTaskMonitor() ifc = DecompInterface() ifc.openProgram(currentProgram) funcs = [ f for f in currentProgram.getFunctionManager().getFunctions(True) if "MockDateConverter" in f.getName() ] def trim_trailing_zeros(byte_list): out = list(byte_list) while out and out[-1] == 0: out.pop() return out def camel_to_snake(s): parts = re.findall(r'[A-Z][a-z0-9]*', s) return '_'.join(p.lower() for p in parts) def normalize_name(jni_name): if 'MockDateConverter_' in jni_name: name = jni_name.split('MockDateConverter_', 1)[1] else: name = jni_name if name.startswith('get'): name = name[3:] if name.startswith('value'): return 'value_' + camel_to_snake(name[5:]) if name.startswith('key'): return 'key_' + camel_to_snake(name[3:]) return camel_to_snake(name) print("XOR_TEMPLATES = {") for func in funcs: res = ifc.decompileFunction(func, 30, monitor) if not res.decompileCompleted(): continue code = res.getDecompiledFunction().getC() xor_bytes = [] dat_match = re.search(r'\(&DAT_[0-9a-fA-F]+\)\[uVar\d+\]', code) if dat_match: dat_label = dat_match.group(0) dat_name = re.search(r'DAT_[0-9a-fA-F]+', dat_label).group(0) dat_sym = currentProgram.getSymbolTable().getGlobalSymbols(dat_name)[0] addr = dat_sym.getAddress() mem = currentProgram.getMemory() raw = [] for i in range(12): raw.append(mem.getByte(addr.add(i)) & 0xff) xor_bytes = raw else: assigns = re.findall( r'(local_[0-9a-fA-F]+)\s*=\s*.*?(?:\^\s*(0x[0-9a-fA-F]+|\d+))?\s*;', code ) for local_name, val in assigns: idx = int(local_name.split('_')[1], 16) if idx < 0x70: continue if val is None or val == '': xor_bytes.append(0) elif val.startswith("0x"): xor_bytes.append(int(val, 16)) else: xor_bytes.append(int(val)) xor_bytes = trim_trailing_zeros(xor_bytes) hex_str = ''.join('%02x' % b for b in xor_bytes) print(" '%s': bytes.fromhex(\"%s\")," % (normalize_name(func.getName()), hex_str)) print("}")