EncryptorUtil 类的 ttEncrypt 函数用于对一段二进制数据加密(用于http请求body加密),函数定义如下:
public static native byte[] ttEncrypt(byte[] bArr, int i);函数传入 byte[] 和 长度,返回一个 byte[],其 native 层代码位于 libEncryptor.so 中
IDA 反编译 so 发现并没有直接jni 绑定,因此 hook RegisterNatives 函数寻找绑定的 native 层函数地址:
Interceptor.attach(addrRegisterNatives, {
onEnter: function (args) {
console.log("[RegisterNatives] method_count:", args[3], DebugSymbol.fromAddress(this.returnAddress));
var env = args[0];
var java_class = args[1];
var class_name = Java.vm.tryGetEnv().getClassName(java_class);
var methods_ptr = ptr(args[2]);
var method_count = parseInt(args[3]);
for (var i = 0; i < method_count; i++) {
var name_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3));
var sig_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize));
var fnPtr_ptr = Memory.readPointer(methods_ptr.add(i * Process.pointerSize * 3 + Process.pointerSize * 2));
var name = Memory.readCString(name_ptr);
var sig = Memory.readCString(sig_ptr);
var find_module = Process.findModuleByAddress(fnPtr_ptr);
console.log("[RegisterNatives] java_class:", class_name, "name:", name, "sig:", sig, "fnPtr:", fnPtr_ptr, "module_name:", find_module.name, "module_base:", find_module.base, "offset:", ptr(fnPtr_ptr).sub(find_module.base));
}
},
onLeave: function (retval) { }
});打印输出:
[RegisterNatives] method_count: 0x1 0x76d0acbd6c libEncryptor.so!0xd6c
[RegisterNatives] java_class: com.bytedance.frameworks.encryptor.EncryptorUtil name: ttEncrypt sig: ([BI)[B fnPtr: 0x76d0ad2d88 module_name: libEncryptor.so module_base: 0x76d0acb000 offset: 0x7d88
native 层函数位于文件偏移 0x7d88 处。
反编译代码如下:
jbyteArray __fastcall sub_7D88(JNIEnv *env, jclass thiz, jbyteArray jarray, jint size)
{
unsigned __int64 v4; // x25
int v5; // w24
jbyteArray v6; // x19
JNIEnv *v7; // x20
JNIEnv *v8; // x23
jbyte *v9; // x21
__int64 v10; // x22
__int64 v11; // [xsp+0h] [xbp-50h]
__int64 v12; // [xsp+8h] [xbp-48h]
v4 = _ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2));
v5 = size;
v6 = jarray;
v7 = env;
v8 = 0LL;
v12 = *(_QWORD *)(v4 + 40);
if ( jarray && (signed int)size >= 1 )
{
env = (JNIEnv *)(*env)->GetByteArrayElements(env, jarray, 0LL);
v9 = (jbyte *)env;
if ( env )
{
v11 = v5 + 118;
v10 = malloc(v5 + 118);
if ( v10 )
{
sub_2BD4((__int64)v9, v5, v10, (__int64)&v11);
if ( v11 )
{
v8 = (JNIEnv *)((__int64 (__fastcall *)(JNIEnv *))(*v7)->NewByteArray)(v7);
((void (__fastcall *)(JNIEnv *, JNIEnv *, _QWORD, _QWORD, __int64))(*v7)->SetByteArrayRegion)(
v7,
v8,
0LL,
(unsigned int)v11,
v10);
}
else
{
v8 = 0LL;
}
((void (__fastcall *)(JNIEnv *, jbyteArray, jbyte *, _QWORD))(*v7)->ReleaseByteArrayElements)(v7, v6, v9, 0LL);
env = (JNIEnv *)free(v10);
}
else
{
env = (JNIEnv *)((__int64 (__fastcall *)(JNIEnv *, jbyteArray, jbyte *, _QWORD))(*v7)->ReleaseByteArrayElements)(
v7,
v6,
v9,
0LL);
v8 = 0LL;
}
}
else
{
v8 = 0LL;
}
}
if ( *(_QWORD *)(v4 + 40) == v12 )
env = v8;
return (jbyteArray)env;
}这是补全变量类型后的反编译代码,获取传入的 jbytearray 后,转成 jbyte*,重新申请 size+118大小的内存,然后调用 sub_2BD4函数处理,如果处理的长度大于 0,则调用NewByteArray、SetByteArrayRegion 拷贝处理的结果并返回,否则返回 NULL。因此函数sub_2BD4 内部会处理加密逻辑,并且加密后的大小是 size + 118.
汇编代码对应如下:
反编译 sub_2BD4:
void __fastcall sub_2BD4(jbyte *a1, jsize a2, char *a3, int *a4)
{
unsigned __int64 v4; // x19
jbyte *v5; // [xsp+8h] [xbp-528h]
jsize v6; // [xsp+10h] [xbp-520h]
char *v7; // [xsp+18h] [xbp-518h]
int *v8; // [xsp+20h] [xbp-510h]
__int64 (__fastcall *v9)(__int64 (__fastcall *)(__int64), __int64); // [xsp+28h] [xbp-508h]
__int64 *v10; // [xsp+30h] [xbp-500h]
__int64 v11; // [xsp+510h] [xbp-20h]
__int64 v12; // [xsp+518h] [xbp-18h]
v4 = _ReadStatusReg(ARM64_SYSREG(3, 3, 13, 0, 2));
v12 = *(_QWORD *)(v4 + 40);
v5 = a1;
v6 = a2;
v7 = a3;
v8 = a4;
v9 = sub_2D1C;
v10 = &v11;
sub_2D28((unsigned int *)&unk_B2C0, (__int64)&v5, 0LL, (__int64)&off_21CE0, (__int64)&v9);
*(_QWORD *)(v4 + 40);
}实际是调用 sub_2D28,并传入了一些参数,我们看汇编代码看参数是怎么传递的:
这个函数有 5 个参数,
参数 1:地址 0xB2C0,是一个数据段的地址,看起来像是一个字节码序列
参数 2:是一个参数指针,里面保存了调用者传入的 4 个参数,即 jbyte*和 jsize char* 和 int*
参数 3:0
参数 4:地址 0x21CE0,像是一个地址数组
参数 5:是一个地址,里面保存了函数 sub_2D1C 和 sp +0x510
函数 sub_2D28 反编译代码:
unsigned int *__fastcall sub_2D28(unsigned int *result, __int64 a2, __int64 a3, __int64 a4, __int64 a5)
{
__int64 v5; // x19
unsigned int *v6; // x20
unsigned int **v7; // x21
_QWORD *v8; // x4
_QWORD *v9; // x5
signed __int64 v10; // x1
unsigned __int64 *v11; // x6
unsigned __int64 *v12; // x7
unsigned int v13; // w12
unsigned int v14; // w16
unsigned int v15; // w15
unsigned int v16; // w14
unsigned int v17; // w10
unsigned int v18; // w11
unsigned __int64 v19; // x9
__int64 v20; // x8
unsigned int v21; // w13
unsigned int v22; // w18
unsigned int v23; // w17
__int64 v24; // x11
bool v25; // zf
int v26; // w11
signed __int64 v27; // x8
signed int v28; // w10
unsigned int *v29; // x11
unsigned int v30; // w13
unsigned int *v31; // x9
signed __int64 v32; // x8
signed int v33; // w11
signed int v34; // w9
unsigned __int64 v35; // x9
_QWORD *v36; // x10
__int64 v37; // x11
char v38; // w9
unsigned __int64 v39; // x8
unsigned __int64 v40; // x9
int v41; // w11
int v42; // w10
int v43; // w11
int v44; // w10
int v45; // w8
int v46; // w12
signed __int64 v47; // x9
unsigned int *v48; // x10
signed __int64 v49; // x12
signed __int64 v50; // x10
_BOOL4 v51; // w11
bool v52; // nf
signed int v53; // w8
_BOOL4 v54; // w9
signed int v55; // w10
int v56; // w13
unsigned int v57; // w10
unsigned __int64 v58; // t2
int v59; // w10
int v60; // w11
unsigned int *v61; // x13
signed __int64 v62; // x11
signed int v63; // w9
signed __int64 v64; // x8
signed int v65; // w11
signed int v66; // w9
unsigned int v67; // w11
unsigned __int64 v68; // t2
int v69; // w10
unsigned int v70; // w11
unsigned int v71; // w12
__int64 v72; // x9
__int64 v73; // x8
int v74; // w13
unsigned __int64 v75; // t2
int v76; // w11
__int64 v77; // x11
char v78; // w9
_DWORD *v79; // x10
int v80; // w11
char v81; // w9
int v82; // w8
unsigned int v83; // w9
int v84; // w11
char v85; // w9
signed int v86; // w12
unsigned __int8 v87; // vf
_BOOL4 v88; // w13
int v89; // w11
signed __int64 v90; // x8
_BOOL4 v91; // w13
int v92; // w11
signed __int64 v93; // x9
__int64 v94; // x9
unsigned __int64 v95; // x8
unsigned __int64 v96; // x10
int v97; // w9
signed __int64 v98; // x9
signed int v99; // w8
unsigned __int64 v100; // x9
unsigned __int64 v101; // x8
unsigned __int64 v102; // x10
int v103; // w9
unsigned int v104; // w8
int v105; // w10
int v106; // w9
signed __int64 v107; // x9
__int64 v108; // x8
signed __int64 v109; // x9
unsigned __int64 v110; // x8
int v111; // w11
__int64 v112; // x8
int v113; // w11
signed __int64 v114; // x11
int v115; // w8
signed __int64 v116; // x9
__int64 v117; // x8
unsigned int v118; // w11
unsigned int v119; // w12
__int64 v120; // x9
__int64 v121; // x8
unsigned __int64 v122; // x8
unsigned __int64 v123; // x9
unsigned __int64 v124; // x8
_QWORD *v125; // x24
_QWORD *v126; // x26
unsigned __int64 *v127; // ST08_8
unsigned __int64 *v128; // x23
signed int v129; // w12
_BOOL4 v130; // w13
int v131; // w11
signed __int64 v132; // x8
unsigned __int64 v133; // x8
unsigned __int64 v134; // x8
bool v135; // cf
_QWORD *v136; // x8
unsigned int *v137; // x8
__int64 v138; // x9
__int64 v139; // x8
unsigned int *v140; // x13
signed __int64 v141; // x8
signed __int64 v142; // x9
signed int v143; // w12
signed int v144; // w10
__int64 v145; // x9
__int64 v146; // x8
signed __int64 v147; // x9
__int64 v148; // x8
__int64 v149; // x8
signed int v150; // w11
unsigned int *v151; // x8
_BOOL4 v152; // w13
int v153; // w12
signed __int64 v154; // x9
v6 = *(unsigned int **)a5;
v5 = *(_QWORD *)(a5 + 8);
*(_QWORD *)(v5 - 56) = 0LL;
*(_QWORD *)(v5 - 304) = 0LL;
v7 = (unsigned int **)(v5 - 312);
v8 = (_QWORD *)(v5 - 272);
v9 = (_QWORD *)(v5 - 264);
*(_QWORD *)(v5 - 72) = (v5 - 328) & 0xFFFFFFFFFFFFFFF0LL;
*(_QWORD *)(v5 - 32) = 0LL;
*(_QWORD *)(v5 - 272) = a2;
*(_QWORD *)(v5 - 264) = a3;
*(_QWORD *)(v5 - 256) = a4;
*(_QWORD *)(v5 - 248) = v6;
*(_QWORD *)(v5 - 312) = result;
*(_QWORD *)(v5 - 8) = result;
if ( result )
{
v10 = 0LL;
v11 = (unsigned __int64 *)(v5 - 40);
v12 = (unsigned __int64 *)(v5 - 48);
while ( 1 )
{
v13 = *result;
if ( v10 == 2 )
{
v10 = 3LL;
*(_QWORD *)(v5 - 32) = 3LL;
}
v14 = v13 & 0x10000000;
v15 = v13 & 0x20000000;
v16 = v13 & 0x40000000;
v17 = (v13 >> 11) & 2 | (v13 >> 31) | (v13 >> 11) & 4 | (v13 >> 11) & 8 | (v13 >> 11) & 0x10;
v18 = ((v13 & 0x10000000) >> 26) & 0xFFFFFFFC | (v13 >> 26) & 3 | ((v13 & 0x20000000) >> 26);
v19 = (v13 >> 21) & 0x1F;
v20 = (v13 >> 16) & 0x1F;
LABEL_7:
v21 = v13 & 0x80000000;
v22 = v13 & 0x4000000;
while ( 2 )
{
v23 = v13 & 0x8000000;
v24 = v18 | (v16 >> 26);
switch ( v17 )
{
case 0u:
case 2u:
case 8u:
case 0x12u:
case 0x1Fu:
case 0x21u:
case 0x22u:
case 0x27u:
case 0x2Bu:
case 0x30u:
case 0x31u:
case 0x33u:
case 0x37u:
v25 = v17 == 55;
if ( v17 <= 0x37 )
{
v26 = (v13 >> 6) & 0x3F;
v13 = (unsigned __int16)(v13 & 0xF000) | (v22 >> 20);
v18 = v13 | v26 | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
v19 = (unsigned __int64)v7[(unsigned int)v19 + 1] + (signed __int16)v18;
switch ( v13 )
{
case 0u:
v19 = *(signed __int16 *)v19;
goto LABEL_236;
case 2u:
v19 = *(_QWORD *)v19;
goto LABEL_236;
case 8u:
v19 = *(char *)v19;
goto LABEL_236;
case 0x12u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_DWORD *)(v27 + 8) & (unsigned int)(-1 << (32 - 8 * (v19 & 3))) | (*(_DWORD *)(v19 & 0xFFFFFFFFFFFFFFFCLL) >> 8 * (v19 & 3));
goto LABEL_237;
case 0x21u:
v19 = *(unsigned __int8 *)v19;
goto LABEL_236;
case 0x22u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_QWORD *)(v27 + 8) & (-1LL << (64 - 8 * ((unsigned __int8)v19 & 7u))) | (*(_QWORD *)(v19 & 0xFFFFFFFFFFFFFFF8LL) >> 8 * ((unsigned __int8)v19 & 7u));
goto LABEL_237;
case 0x27u:
case 0x31u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_QWORD *)(v27 + 8) & (0xFFFFFFFFFFFFFFuLL >> 8 * ((unsigned __int8)v19 & 7u)) | (*(_QWORD *)(v19 & 0xFFFFFFFFFFFFFFF8LL) << (56 - 8 * ((unsigned __int8)v19 & 7u)));
goto LABEL_237;
case 0x2Bu:
v19 = *(signed int *)v19;
goto LABEL_236;
case 0x30u:
v19 = *(unsigned __int16 *)v19;
goto LABEL_236;
case 0x33u:
v19 = *(unsigned int *)v19;
goto LABEL_236;
case 0x37u:
v27 = (signed __int64)&v7[(unsigned int)v20];
v19 = *(_DWORD *)(v27 + 8) & (0xFFFFFFu >> 8 * (v19 & 3)) | (*(_DWORD *)(v19 & 0xFFFFFFFFFFFFFFFCLL) << (24 - 8 * (v19 & 3)));
goto LABEL_237;
case 0x38u:
continue;
case 0x39u:
case 0x3Bu:
case 0x3Cu:
case 0x3Du:
case 0x3Eu:
case 0x3Fu:
goto LABEL_218;
case 0x3Au:
goto LABEL_7;
default:
goto def_4104;
}
}
goto def_4104;
case 3u:
case 5u:
case 0xFu:
case 0x1Au:
case 0x2Cu:
case 0x2Du:
case 0x3Au:
case 0x3Fu:
if ( !v10 )
{
v28 = 0;
v29 = 0LL;
v30 = (signed int)((v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20)) << 16) >> 14;
switch ( v13 & 0x3F )
{
case 3u:
case 0x1Au:
case 0x2Du:
case 0x3Fu:
goto LABEL_15;
case 5u:
case 0xFu:
case 0x2Cu:
case 0x3Au:
v29 = v7[(unsigned int)v20 + 1];
LABEL_15:
v31 = v7[(unsigned int)v19 + 1];
v32 = (signed __int64)result + (signed int)(v30 + 4);
switch ( (_DWORD)v32 )
{
case 0:
if ( (signed __int64)v31 <= 0 )
goto LABEL_112;
goto LABEL_17;
case 2:
if ( v31 == v29 )
goto LABEL_112;
goto LABEL_17;
case 0xC:
if ( v31 == v29 )
goto LABEL_17;
goto LABEL_112;
case 0x17:
v25 = v31 == 0LL;
v52 = (signed __int64)v31 < 0;
v34 = 1;
if ( !v52 && !v25 )
goto LABEL_109;
goto LABEL_113;
case 0x29:
v25 = v31 == v29;
v34 = 1;
if ( !v25 )
goto LABEL_113;
goto LABEL_109;
case 0x2A:
v87 = __OFSUB__(v31, 1LL);
v52 = (signed __int64)v31 - 1 < 0;
v34 = 1;
if ( !(v52 ^ v87) )
goto LABEL_113;
goto LABEL_109;
case 0x37:
v25 = v31 == v29;
v34 = 1;
if ( v25 )
goto LABEL_113;
LABEL_109:
v33 = 0;
goto LABEL_110;
case 0x3C:
if ( (signed __int64)v31 < 1 )
{
LABEL_17:
v33 = 0;
v34 = 0;
LABEL_110:
v28 = 0;
v86 = 1;
}
else
{
LABEL_112:
v34 = 0;
LABEL_113:
v86 = 0;
v28 = 0;
v32 = (signed __int64)(result + 2);
v33 = 1;
}
goto LABEL_114;
default:
goto def_4104;
}
goto def_4104;
case 0x11u:
v28 = 31;
goto LABEL_95;
case 0x2Au:
LABEL_95:
v33 = 0;
v34 = 0;
v86 = 1;
v32 = *(_QWORD *)(v5 - 8) + v30;
LABEL_114:
v88 = v34 != 0;
v89 = v33 & v88;
*(_QWORD *)(v5 - 24) = v32;
if ( v89 & 1 || !v34 || v86 & v88 )
{
v90 = 1LL;
if ( !v89 )
v90 = 2LL;
*(_QWORD *)(v5 - 32) = v90;
}
goto LABEL_120;
default:
goto def_4104;
}
}
goto def_4104;
case 4u:
case 0x20u:
case 0x38u:
case 0x3Eu:
v41 = v13 & 0x3F;
v42 = v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
if ( v41 > 55 )
{
if ( v41 == 56 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) ^ (unsigned __int16)v42;
}
else if ( v41 == 62 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) | (unsigned __int16)v42;
}
}
else
{
if ( v41 == 4 )
{
LODWORD(v19) = (v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20)) << 16;
goto LABEL_92;
}
if ( v41 == 32 )
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) & (unsigned __int16)v42;
}
goto def_4104;
case 0xAu:
case 0xBu:
case 0xEu:
case 0x14u:
case 0x16u:
case 0x24u:
case 0x36u:
case 0x3Bu:
v35 = (unsigned __int64)v7[(unsigned int)v19 + 1]
+ (v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20));
switch ( v13 & 0x3F )
{
case 0xAu:
v36 = (_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v37 = *(_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v38 = 8 * (v35 & 7);
v39 = (unsigned __int64)v7[(unsigned int)v20 + 1] >> (56 - v38);
v40 = v37 & (-256LL << v38);
goto LABEL_83;
case 0xBu:
v36 = (_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v77 = *(_QWORD *)(v35 & 0xFFFFFFFFFFFFFFF8LL);
v78 = 8 * (v35 & 7);
v39 = (_QWORD)v7[(unsigned int)v20 + 1] << v78;
v40 = v77 & (0xFFFFFFFFFFFFFFFFLL >> (64 - v78));
LABEL_83:
*v36 = v40 | v39;
goto def_4104;
case 0xEu:
*(_BYTE *)v35 = v7[(unsigned int)v20 + 1];
goto def_4104;
case 0x14u:
*(_WORD *)v35 = v7[(unsigned int)v20 + 1];
goto def_4104;
case 0x16u:
v79 = (_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v80 = *(_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v81 = 8 * (v35 & 3);
v82 = LODWORD(v7[(unsigned int)v20 + 1]) >> (24 - v81);
v83 = v80 & (-256 << v81);
goto LABEL_88;
case 0x24u:
v79 = (_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v84 = *(_DWORD *)(v35 & 0xFFFFFFFFFFFFFFFCLL);
v85 = 8 * (v35 & 3);
v82 = LODWORD(v7[(unsigned int)v20 + 1]) << v85;
v83 = v84 & (0xFFFFFFFF >> (32 - v85));
LABEL_88:
*v79 = v83 | v82;
break;
case 0x36u:
*(_DWORD *)v35 = v7[(unsigned int)v20 + 1];
break;
case 0x3Bu:
*(_QWORD *)v35 = v7[(unsigned int)v20 + 1];
break;
default:
goto def_4104;
}
goto def_4104;
case 0xDu:
case 0x15u:
case 0x1Bu:
case 0x28u:
v43 = v13 & 0x3F;
v44 = v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
if ( v43 == 13 || v43 == 40 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19)
+ (signed __int16)v44;
}
else if ( v43 == 21 )
{
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(signed int *)(v5 - 304 + 8 * v19)
+ (signed __int64)(signed __int16)v44;
}
goto def_4104;
case 0x10u:
v56 = v13 & 0xFFF;
if ( v56 > 2639 )
{
if ( v56 > 3727 )
{
if ( v56 != 3728 )
{
if ( v56 == 3792 )
{
LODWORD(v24) = v24 | 0x20;
}
else
{
if ( v56 != 3984 )
goto def_4104;
v17 |= 0x20u;
}
}
if ( (signed int)(v24 + v17) <= 63 )
{
v19 = (unsigned __int64)v7[(unsigned int)v19 + 1];
if ( v17 != 63 )
v19 = (v19 >> v24) & ~(-1LL << ((unsigned __int8)v17 + 1));
LABEL_236:
v27 = (signed __int64)&v7[(unsigned int)v20];
LABEL_237:
*(_QWORD *)(v27 + 8) = v19;
goto def_4104;
}
goto def_4104;
}
if ( v56 != 2640 )
{
if ( v56 == 2768 && v17 >= (unsigned int)v24 )
*(_QWORD *)(v5 - 304 + 8 * v20) = *(_DWORD *)(v5 - 304 + 8 * v20) & (-1 << v17) | ((*(_DWORD *)(v5 - 304 + 8 * v19) & ~(-1 << (1 - v24 + v17))) << v24) | *(_DWORD *)(v5 - 304 + 8 * v20) & ~(-1 << v24);
goto def_4104;
}
}
else
{
if ( v56 > 655 )
{
if ( v56 != 656 && v56 != 1680 )
{
if ( v56 != 2256 )
goto def_4104;
goto LABEL_163;
}
v97 = v13 & 0x7C000FFF;
if ( (signed int)(v13 & 0x7C000FFF) <= 1275069071 )
{
if ( v97 == 201328272 )
{
v134 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
*(_QWORD *)(v5 - 304 + 8LL * v17) = __ROR8__(
(v134 << 16) & 0xFFFF0000FFFF0000LL | (v134 >> 16) & 0xFFFF0000FFFFLL,
32);
}
else if ( v97 == 939524752 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(char *)(v5 - 304 + 8 * v20);
}
goto def_4104;
}
if ( v97 == 1275069072 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(signed __int16 *)(v5 - 304 + 8 * v20);
goto def_4104;
}
if ( v97 == 1409287824 )
{
v133 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
*(_QWORD *)(v5 - 304 + 8LL * v17) = (v133 << 8) & 0xFF00FF00FF00FF00LL | (v133 >> 8) & 0xFF00FF00FF00FFLL;
goto def_4104;
}
if ( v97 != 1946157712 )
goto def_4104;
v98 = v5 - 304;
v99 = (*(_DWORD *)(v5 - 304 + 8 * v20) << 8) & 0xFF00FF00 | (*(_DWORD *)(v5 - 304 + 8 * v20) >> 8) & 0xFF00FF;
goto LABEL_372;
}
if ( v56 == 16 )
{
if ( v17 + (unsigned int)v24 > 0x1F )
goto def_4104;
LODWORD(v19) = v7[(unsigned int)v19 + 1];
if ( v17 != 31 )
LODWORD(v19) = ((unsigned int)v19 >> v24) & ~(-2 << v17);
LABEL_92:
v19 = (signed int)v19;
goto LABEL_236;
}
if ( v56 != 144 )
goto def_4104;
LODWORD(v24) = v24 | 0x20;
LABEL_163:
v17 |= 0x20u;
}
if ( (signed int)v17 >= (signed int)v24 )
*(_QWORD *)(v5 - 304 + 8 * v20) = *(_QWORD *)(v5 - 304 + 8 * v20) & (-1LL << v17) | ((*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) & ~(-1LL << ((unsigned __int8)v17 + 1 - (unsigned __int8)v24))) << v24) | *(_QWORD *)(v5 - 304 + 8 * v20) & ~(-1LL << v24);
goto def_4104;
case 0x11u:
case 0x2Au:
if ( v10 )
goto def_4104;
v45 = v13 & 0x3F;
v46 = v13 & 0x3FFF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20);
if ( v45 == 17 )
{
v53 = 31;
LABEL_129:
v51 = 0;
v55 = 0;
v49 = *(_QWORD *)(v5 - 8) + (unsigned int)(v46 * 4);
v54 = 1;
goto LABEL_130;
}
if ( v45 == 42 )
{
v53 = 0;
goto LABEL_129;
}
if ( v45 != 26 )
goto def_4104;
v47 = (signed __int64)v7[(unsigned int)v19 + 1];
v48 = &result[v46];
v49 = (signed __int64)(result + 2);
v50 = (signed __int64)(v48 + 1);
v51 = v47 < 1;
v25 = v47 == 0;
v52 = v47 < 0;
v53 = 0;
v54 = v47 > 0;
if ( !v52 && !v25 )
v49 = v50;
v55 = 1;
LABEL_130:
v91 = v55 != 0;
v92 = v51 && v91;
*(_QWORD *)(v5 - 24) = v49;
if ( v92 & 1 || !v55 || v54 && v91 )
{
v93 = 1LL;
if ( !v92 )
v93 = 2LL;
*(_QWORD *)(v5 - 32) = v93;
}
LABEL_136:
if ( v53 >= 1 )
{
LABEL_137:
v7[v53 + 1] = result + 2;
*(_QWORD *)(v5 - 16) = result + 2;
}
goto def_4104;
case 0x17u:
LODWORD(v20) = v13 & 0x1F003F;
HIDWORD(v58) = (v13 & 0x1F003F) - 65559;
LODWORD(v58) = (v13 & 0x1F003F) - 65559;
v57 = v58 >> 16;
if ( v57 > 0x1A || !((1 << v57) & 0x4842861) || v10 )
goto def_4104;
v59 = v13 & 0x1F003F;
v13 = (signed int)((v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20)) << 16) >> 14;
if ( (signed int)(v20 & 0x1FFFFF) <= 65558 )
{
v60 = v59 - 3;
v28 = 0;
v61 = result;
switch ( v60 )
{
case 0:
case 23:
case 42:
case 60:
goto LABEL_50;
case 2:
case 12:
case 41:
case 55:
goto LABEL_51;
case 14:
v28 = 31;
goto LABEL_279;
case 39:
LABEL_279:
v65 = 0;
v66 = 0;
v64 = *(_QWORD *)(v5 - 8) + v13;
goto LABEL_290;
default:
goto def_4104;
}
goto def_4104;
}
if ( v59 > 917526 )
{
if ( v59 > 1572886 )
{
if ( v59 != 1769495 )
{
v25 = v59 == 1572887;
LABEL_218:
if ( !v25 )
goto def_4104;
}
}
else if ( v59 != 917527 && v59 != 1245207 )
{
goto def_4104;
}
}
else if ( v59 > 458774 )
{
if ( v59 != 458775 && v59 != 786455 )
goto def_4104;
}
else if ( v59 != 65559 && v59 != 393239 )
{
goto def_4104;
}
LABEL_50:
v61 = 0LL;
LABEL_51:
v62 = (signed __int64)v7[(unsigned int)v19 + 1];
v63 = v20 & 0x1FFFFF;
v64 = (signed __int64)result + (signed int)(v13 + 4);
if ( v63 > 65558 )
{
if ( v63 > 917526 )
{
if ( v63 > 1572886 )
{
if ( v63 == 1572887 )
{
v66 = 1;
if ( v62 & 0x8000000000000000LL )
goto LABEL_294;
goto LABEL_288;
}
if ( v63 == 1769495 )
{
v28 = 31;
v66 = 1;
if ( v62 & 0x8000000000000000LL )
{
LABEL_311:
v65 = 0;
LABEL_290:
v129 = 1;
LABEL_301:
v130 = v66 != 0;
v131 = v65 & v130;
*(_QWORD *)(v5 - 24) = v64;
if ( !(v131 & 1) && v66 && !(v129 & v130) )
{
LABEL_120:
if ( v28 < 1 )
goto def_4104;
LABEL_121:
v7[v28 + 1] = result + 2;
*(_QWORD *)(v5 - 16) = result + 2;
goto def_4104;
}
v132 = 1LL;
if ( !v131 )
v132 = 2LL;
*(_QWORD *)(v5 - 32) = v132;
if ( v28 >= 1 )
goto LABEL_121;
goto def_4104;
}
goto LABEL_300;
}
}
else
{
if ( v63 == 917527 )
{
v28 = 31;
v66 = 1;
if ( !(v62 & 0x8000000000000000LL) )
goto LABEL_311;
goto LABEL_300;
}
if ( v63 == 1245207 )
{
if ( v62 & 0x8000000000000000LL )
{
LABEL_298:
v28 = 0;
LABEL_299:
v66 = 0;
LABEL_300:
v129 = 0;
v64 = (signed __int64)(result + 2);
v65 = 1;
goto LABEL_301;
}
LABEL_54:
v65 = 0;
v66 = 0;
LABEL_289:
v28 = 0;
goto LABEL_290;
}
}
}
else if ( v63 > 458774 )
{
if ( v63 == 458775 )
{
v66 = 1;
if ( !(v62 & 0x8000000000000000LL) )
{
LABEL_294:
v28 = 0;
goto LABEL_300;
}
LABEL_288:
v65 = 0;
goto LABEL_289;
}
if ( v63 == 786455 )
{
v28 = 31;
if ( v62 & 0x8000000000000000LL )
goto LABEL_299;
LABEL_227:
v65 = 0;
v66 = 0;
goto LABEL_290;
}
}
else
{
if ( v63 == 65559 )
{
if ( !(v62 & 0x8000000000000000LL) )
goto LABEL_298;
goto LABEL_54;
}
if ( v63 == 393239 )
{
v28 = 31;
if ( !(v62 & 0x8000000000000000LL) )
goto LABEL_299;
goto LABEL_227;
}
}
}
else
{
switch ( v63 )
{
case 3:
if ( v62 > 0 )
goto LABEL_54;
goto LABEL_298;
case 5:
if ( (unsigned int *)v62 == v61 )
goto LABEL_298;
goto LABEL_54;
case 15:
if ( (unsigned int *)v62 != v61 )
goto LABEL_298;
goto LABEL_54;
case 26:
v66 = 1;
if ( v62 > 0 )
goto LABEL_288;
goto LABEL_294;
case 44:
v66 = 1;
if ( (unsigned int *)v62 != v61 )
goto LABEL_294;
goto LABEL_288;
case 45:
v66 = 1;
if ( v62 >= 1 )
goto LABEL_294;
goto LABEL_288;
case 58:
v66 = 1;
if ( (unsigned int *)v62 != v61 )
goto LABEL_288;
goto LABEL_294;
case 63:
if ( v62 >= 1 )
goto LABEL_298;
goto LABEL_54;
default:
goto def_4104;
}
}
goto def_4104;
case 0x23u:
*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) < (unsigned __int64)(signed __int16)(v13 & 0xF000 | (v22 >> 20) | (v13 >> 6) & 0x3F | (v23 >> 20) | (v14 >> 20) | (v15 >> 20) | (v16 >> 20) | (v21 >> 20));
goto def_4104;
case 0x29u:
HIDWORD(v68) = (v13 & 0xFFF) - 425;
LODWORD(v68) = (v13 & 0xFFF) - 425;
v67 = v68 >> 6;
if ( v67 > 0x1A )
goto def_4104;
if ( !((1 << v67) & 0x4000032) )
{
if ( v67 != 2 )
goto def_4104;
v76 = v13 & 0xFFF;
if ( v76 > 2158 )
{
if ( v76 > 2542 )
{
LABEL_67:
if ( v76 == 2543 )
goto LABEL_159;
if ( v76 == 2671 )
goto LABEL_250;
if ( v76 != 3375 )
goto def_4104;
LABEL_256:
v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v20) + *(_DWORD *)(v5 - 304 + 8 * v19);
}
else
{
LABEL_157:
if ( v76 != 2159 )
{
if ( v76 != 2415 )
goto def_4104;
LABEL_159:
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20)
+ *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
goto def_4104;
}
LABEL_250:
v114 = v5 - 304;
v115 = *(_DWORD *)(v5 - 304 + 8 * v19) - *(_DWORD *)(v5 - 304 + 8 * v20);
}
LABEL_257:
*(_QWORD *)(v114 + 8LL * v17) = v115;
goto def_4104;
}
if ( v76 > 942 )
{
LABEL_258:
if ( v76 == 943 || v76 == 1775 )
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19)
- *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
}
else
{
if ( v76 == 495 )
goto LABEL_256;
LABEL_222:
if ( v76 == 553 )
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(signed int *)(v5 - 304 + 8 * v20)
* (signed __int64)*(signed int *)(v5 - 304 + 8 * v19);
}
goto def_4104;
}
v69 = v13 & 0xFFF;
if ( v69 <= 1902 )
{
if ( v69 > 744 )
{
if ( v69 != 745 )
{
if ( v69 == 1327 )
goto LABEL_389;
if ( v69 != 1839 )
goto def_4104;
LABEL_187:
v100 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
v101 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v102 = (unsigned __int128)((signed __int64)v101 * (signed __int128)(signed __int64)v100) >> 64;
LABEL_403:
*v12 = v101 * v100;
*v11 = v102;
goto def_4104;
}
v118 = *(_DWORD *)v11;
v119 = *(_DWORD *)v12;
v120 = *(signed int *)(v5 - 304 + 8 * v19);
v121 = *(signed int *)(v5 - 304 + 8 * v20);
}
else
{
if ( v69 == 431 )
goto LABEL_391;
if ( v69 != 489 )
{
if ( v69 != 681 )
goto def_4104;
v70 = *(_DWORD *)v11;
v71 = *(_DWORD *)v12;
v72 = *(unsigned int *)(v5 - 304 + 8 * v19);
v73 = *(unsigned int *)(v5 - 304 + 8 * v20);
goto LABEL_274;
}
v118 = *(_DWORD *)v11;
v119 = *(_DWORD *)v12;
v120 = *(unsigned int *)(v5 - 304 + 8 * v19);
v121 = *(unsigned int *)(v5 - 304 + 8 * v20);
}
v122 = (v119 | ((unsigned __int64)v118 << 32)) - v121 * v120;
LABEL_277:
v123 = (unsigned int)v122;
v124 = v122 >> 32;
LABEL_393:
*v12 = v123;
*v11 = v124;
goto def_4104;
}
if ( v69 <= 2350 )
{
if ( v69 == 1903 )
goto LABEL_402;
if ( v69 != 2089 )
{
if ( v69 != 2223 )
goto def_4104;
goto LABEL_153;
}
v70 = *(_DWORD *)v11;
v71 = *(_DWORD *)v12;
v72 = *(signed int *)(v5 - 304 + 8 * v19);
v73 = *(signed int *)(v5 - 304 + 8 * v20);
LABEL_274:
v122 = (v71 | ((unsigned __int64)v70 << 32)) + v73 * v72;
goto LABEL_277;
}
if ( v69 == 2351 )
goto LABEL_328;
if ( v69 == 2863 )
goto LABEL_397;
if ( v69 != 3503 )
goto def_4104;
goto LABEL_191;
case 0x2Fu:
v74 = v13 & 0xFFF;
HIDWORD(v75) = v74 - 111;
LODWORD(v75) = v74 - 111;
switch ( (unsigned int)(v75 >> 6) )
{
case 0u:
case 3u:
case 9u:
case 0xFu:
case 0x2Eu:
case 0x3Du:
goto def_4104;
case 1u:
case 0xBu:
case 0x34u:
v113 = v13 & 0x4000FFF;
if ( (v13 & 0x4000FFF) == 67109679 )
v74 = 67109679;
goto LABEL_336;
case 2u:
v135 = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19) >= *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20);
v136 = (_QWORD *)(v5 - 304 + 8LL * v17);
if ( !v135 )
goto LABEL_355;
goto LABEL_321;
case 6u:
case 0xDu:
case 0x1Au:
case 0x20u:
case 0x24u:
case 0x26u:
case 0x28u:
case 0x33u:
v76 = v13 & 0xFFF;
if ( v76 > 2158 )
{
if ( v76 <= 2542 )
goto LABEL_157;
goto LABEL_67;
}
if ( v76 > 942 )
goto LABEL_258;
if ( v76 != 495 )
goto LABEL_222;
goto LABEL_256;
case 0xAu:
case 0x30u:
goto LABEL_198;
case 0xCu:
case 0x17u:
case 0x1Fu:
case 0x3Cu:
v111 = v13 & 0xFFF;
if ( v111 > 2094 )
{
if ( v111 == 2095 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = ~(*(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) | *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19));
}
else if ( v111 == 3951 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) & *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
}
}
else if ( v111 == 879 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) ^ *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
}
else if ( v111 == 1583 )
{
*(_QWORD *)(v5 - 304 + 8LL * v17) = *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v20) | *(_QWORD *)(v5 - 304 + 8LL * (unsigned int)v19);
}
goto def_4104;
case 0xEu:
case 0x10u:
case 0x22u:
case 0x2Cu:
case 0x31u:
v106 = v13 & 0x200FFF;
if ( (v13 & 0x200FFF) == 2099439 )
v74 = 2099439;
goto LABEL_194;
case 0x15u:
if ( v10 )
goto def_4104;
v53 = 0;
v140 = 0LL;
switch ( v13 & 0xFFF )
{
case 3u:
case 0x1Au:
case 0x2Du:
case 0x3Fu:
goto LABEL_332;
case 4u:
case 6u:
case 7u:
case 8u:
case 9u:
case 0xAu:
case 0xBu:
case 0xCu:
case 0xDu:
case 0xEu:
case 0x10u:
case 0x12u:
case 0x13u:
case 0x14u:
case 0x15u:
case 0x16u:
case 0x17u:
case 0x18u:
case 0x19u:
case 0x1Bu:
case 0x1Cu:
case 0x1Du:
case 0x1Eu:
case 0x1Fu:
case 0x20u:
case 0x21u:
case 0x22u:
case 0x23u:
case 0x24u:
case 0x25u:
case 0x26u:
case 0x27u:
case 0x28u:
case 0x29u:
case 0x2Bu:
case 0x2Eu:
case 0x2Fu:
case 0x30u:
case 0x31u:
case 0x32u:
case 0x33u:
case 0x34u:
case 0x35u:
case 0x36u:
case 0x37u:
case 0x38u:
case 0x39u:
case 0x3Bu:
case 0x3Cu:
case 0x3Du:
case 0x3Eu:
goto def_4104;
case 5u:
case 0xFu:
case 0x2Cu:
case 0x3Au:
v140 = v7[v17 + 1];
LABEL_332:
v141 = (signed __int64)v7[(unsigned int)v19 + 1];
v142 = 
最低0.47元/天 解锁文章
扫一扫
6617
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
