MPCrypto/ghidra/mockdateconverter.py

# -*- coding: utf-8 -*-

from ghidra.app.decompiler import DecompInterface
from ghidra.util.task import ConsoleTaskMonitor
import re

monitor = ConsoleTaskMonitor()

ifc = DecompInterface()
ifc.openProgram(currentProgram)

funcs = [
    f for f in currentProgram.getFunctionManager().getFunctions(True)
    if "MockDateConverter" in f.getName()
]

def trim_trailing_zeros(byte_list):
    out = list(byte_list)
    while out and out[-1] == 0:
        out.pop()
    return out

def camel_to_snake(s):
    parts = re.findall(r'[A-Z][a-z0-9]*', s)
    return '_'.join(p.lower() for p in parts)

def normalize_name(jni_name):
    if 'MockDateConverter_' in jni_name:
        name = jni_name.split('MockDateConverter_', 1)[1]
    else:
        name = jni_name

    if name.startswith('get'):
        name = name[3:]

    if name.startswith('value'):
        return 'value_' + camel_to_snake(name[5:])
    if name.startswith('key'):
        return 'key_' + camel_to_snake(name[3:])

    return camel_to_snake(name)

print("XOR_TEMPLATES = {")

for func in funcs:
    res = ifc.decompileFunction(func, 30, monitor)
    if not res.decompileCompleted():
        continue

    code = res.getDecompiledFunction().getC()

    xor_bytes = []

    dat_match = re.search(r'\(&DAT_[0-9a-fA-F]+\)\[uVar\d+\]', code)
    if dat_match:
        dat_label = dat_match.group(0)
        dat_name = re.search(r'DAT_[0-9a-fA-F]+', dat_label).group(0)
        dat_sym = currentProgram.getSymbolTable().getGlobalSymbols(dat_name)[0]
        addr = dat_sym.getAddress()

        mem = currentProgram.getMemory()
        raw = []
        for i in range(12):
            raw.append(mem.getByte(addr.add(i)) & 0xff)

        xor_bytes = raw

    else:
        assigns = re.findall(
            r'(local_[0-9a-fA-F]+)\s*=\s*.*?(?:\^\s*(0x[0-9a-fA-F]+|\d+))?\s*;',
            code
        )

        for local_name, val in assigns:
            idx = int(local_name.split('_')[1], 16)

            if idx < 0x70:
                continue

            if val is None or val == '':
                xor_bytes.append(0)
            elif val.startswith("0x"):
                xor_bytes.append(int(val, 16))
            else:
                xor_bytes.append(int(val))

    xor_bytes = trim_trailing_zeros(xor_bytes)

    hex_str = ''.join('%02x' % b for b in xor_bytes)

    print("    '%s': bytes.fromhex(\"%s\")," % (normalize_name(func.getName()), hex_str))

print("}")