--/--/--

スポンサーサイト

上記の広告は1ヶ月以上更新のないブログに表示されています。
新しい記事を書く事で広告が消せます。

--:-- | スポンサー広告  TOP

2013/02/02

DATEL PAPARX HASH(TRIPLE ADDING DATEL HASH!?)

//VB.NET
If size + (BitConverter.ToUInt32(Code, 24) >> 1) * 3 + 44 = fsize Then

Dim psparx As Integer = size + 28
Dim paplen As Integer = BitConverter.ToInt32(Code, psparx + 12)
'3block triple adding DATEL HASH FUNCTION
psparx += 16
z = datel_hash(Code, psparx, paplen)
psparx += paplen
z = z + datel_hash(Code, psparx, paplen)
psparx += paplen
z = z + datel_hash(Code, psparx, paplen)
Dim paparxs As String = z.ToString("X8")

If z = BitConverter.ToUInt32(Code, 20) AndAlso paplen * 2 = BitConverter.ToUInt32(Code, 24) Then
'MessageBox.Show(paparxs & "PAPARXが一致しました." & paplen.ToString("X"))
End If
End If


Public Function datel_hash(ByVal bin() As Byte, ByVal s As Integer, ByVal w As Integer) As UInteger

Dim v1 As UInteger = 0
Dim v0 As UInteger = 0
Dim a3 As UInteger = 0
Dim t0 As UInteger = &H10000000
Dim a2 As UInteger = &H17072008
Dim i As Integer = 0
For i = 0 To w - 1
v0 = Convert.ToUInt32(bin(s + i))
a3 = v0 + v1
v1 = a3 >> 1
If ((a3 And 1) <> 0) Then
v1 = v1 Or t0
End If
Next
v0 = a2 Xor v1
Return v0

End Function



#
# TAB=8
#
__0000f404: #
jal $0001f060 # 0000f404:0c007c18 ▼FNC_0001f060
addiu s1, v0, $3540 # 0000f408:24513540 s1=$000f3540:s1=内蔵コードのアドレス
lwl a1, $000f(s1) # 0000f40c:8a25000f
lwl v1, $0003(s1) # 0000f410:8a230003
lwl v0, $0007(s1) # 0000f414:8a220007
lwl a0, $000b(s1) # 0000f418:8a24000b
lwl a2, $0013(s1) # 0000f41c:8a260013
lwl a3, $0017(s1) # 0000f420:8a270017
lwl t0, $001b(s1) # 0000f424:8a28001b
lwr a1, $000c(s1) # 0000f428:9a25000c
lwr a0, $0008(s1) # 0000f42c:9a240008
lwr t0, $0018(s1) # 0000f430:9a280018
lwr a2, $0010(s1) # 0000f434:9a260010
lwr v1, $0000(s1) # 0000f438:9a230000
lwr v0, $0004(s1) # 0000f43c:9a220004
lwr a3, $0014(s1) # 0000f440:9a270014
sw a1, $000c(s2) # 0000f444:ae45000c
lui a1, $0005 # 0000f448:3c050005 a1=$00050000
sw a0, $0008(s2) # 0000f44c:ae440008
sw a2, $0010(s2) # 0000f450:ae460010
sw v1, $0000(s2) # 0000f454:ae430000
sw v0, $0004(s2) # 0000f458:ae420004
PSPARC01を比較: #
addiu a1, a1, $f10c # 0000f45c:24a5f10c a1="PSPARC01"
sw a3, $0014(s2) # 0000f460:ae470014
addu a0, s2, zero # 0000f464:02402021
sw t0, $0018(s2) # 0000f468:ae480018
jal $00045614 # 0000f46c:0c011585 ▼memcmp:PSPARC01を比較
addiu a2, zero, $0008 # 0000f470:24060008 a2=$00000008
beq v0, zero, $0000f4b8 # 0000f474:10400010 ▼DATELHASHチェック
lui s3, $1707 # 0000f478:3c131707 s3=$17070000:XOR指定
lui a1, $0005 # 0000f47c:3c050005 a1=$00050000
addiu a1, a1, $f260 # 0000f480:24a5f260 a1="PSPARC"
addu a0, s2, zero # 0000f484:02402021
jal $00045614 # 0000f488:0c011585 ▼memcmp:PSPARCを比較
addiu a2, zero, $0006 # 0000f48c:24060006 a2=$00000006
bne v0, zero, $0000f4f0 # 0000f490:14400017 ▼__0000f4f0
lui a1, $0005 # 0000f494:3c050005 a1=$00050000
lw ra, $0010(sp) # 0000f498:8fbf0010
__0000f49c: #
lw s3, $000c(sp) # 0000f49c:8fb3000c
lw s2, $0008(sp) # 0000f4a0:8fb20008
lw s1, $0004(sp) # 0000f4a4:8fb10004
lw s0, $0000(sp) # 0000f4a8:8fb00000
addiu v0, zero, $fffd # 0000f4ac:2402fffd v0=$fffffffd
jr ra # 0000f4b0:03e00008
addiu sp, sp, $0018 # 0000f4b4:27bd0018
DATELHASHチェック: #
addiu a0, s2, $000c # 0000f4b8:2644000c
addiu a1, zero, $0010 # 0000f4bc:24050010 a1=$00000010:計算範囲 16バイト
jal $00010400 # 0000f4c0:0c004100 ▼DATELHASH計算式
ori a2, s3, $2008 # 0000f4c4:36662008
lw v1, $0008(s2) # 0000f4c8:8e430008
一致した場合ジャンプ: #
beq v0, v1, $0000f510 # 0000f4cc:10430010 ▼コード全体のハッシュ計算
addiu v0, zero, $fffe # 0000f4d0:2402fffe v0=$fffffffe
__0000f4d4: #
lw ra, $0010(sp) # 0000f4d4:8fbf0010
__0000f4d8: #
lw s3, $000c(sp) # 0000f4d8:8fb3000c
lw s2, $0008(sp) # 0000f4dc:8fb20008
lw s1, $0004(sp) # 0000f4e0:8fb10004
lw s0, $0000(sp) # 0000f4e4:8fb00000
jr ra # 0000f4e8:03e00008
addiu sp, sp, $0018 # 0000f4ec:27bd0018
__0000f4f0: #
addiu a0, s2, $0006 # 0000f4f0:26440006
addiu a1, a1, $f268 # 0000f4f4:24a5f268
jal $00045614 # 0000f4f8:0c011585 ▼memcmp
addiu a2, zero, $0002 # 0000f4fc:24060002 a2=$00000002
bgez v0, $0000f49c # 0000f500:0441ffe6 ▲__0000f49c
lw ra, $0010(sp) # 0000f504:8fbf0010
j $0000f4d8 # 0000f508:08003d36 ▲__0000f4d8
addiu v0, zero, $fffc # 0000f50c:2402fffc v0=$fffffffc
コード全体のハッシュ計算: #
jal $000115bc # 0000f510:0c00456f ▼ PAPARX??
lw a0, $0010(s2) # 0000f514:8e440010 :a0=コードブロックのサイズ
beq v0, zero, $0000f5c8 # 0000f518:1040002b ▼__0000f5c8
sw v0, $003c(s2) # 0000f51c:ae42003c
lw a2, $0010(s2) # 0000f520:8e460010 :a2=コードブロックのサイズ
addu a0, v0, zero # 0000f524:00402021 a0=$fffffffc
jal $00045648 # 0000f528:0c011592 ▼memcpy
addiu a1, s1, $001c # 0000f52c:2625001c :0x1C=arbinのコード開始アドレス
lw s0, $0010(s2) # 0000f530:8e500010 :s0=コードブロック全体のサイズ
lw a0, $003c(s2) # 0000f534:8e44003c
ori a2, s3, $2008 # 0000f538:36662008
GOHASH: #
jal $00010400 # 0000f53c:0c004100 ▼DATELHASH計算式
addu a1, s0, zero # 0000f540:02002821
lw v1, $000c(s2) # 0000f544:8e43000c :arbin[12]=DATELHASH
bnel v0, v1, $0000f5d0 # 0000f548:54430021 ▼__0000f5d0
lw a0, $003c(s2) # 0000f54c:8e44003c
jal $0000b1ec # 0000f550:0c002c7b ▲FNC_0000b1ec
addu a0, s2, zero # 0000f554:02402021
addiu v1, zero, $ffff # 0000f558:2403ffff v1=$ffffffff
beq v0, v1, $0000f5c0 # 0000f55c:10430018 ▼__0000f5c0
addiu v0, zero, $fffe # 0000f560:2402fffe v0=$fffffffe
jal $0000d870 # 0000f564:0c00361c ▲FNC_0000d870
addu a0, s2, zero # 0000f568:02402021
lw v0, $004c(s2) # 0000f56c:8e42004c
beq v0, zero, $0000f4d4 # 0000f570:1040ffd8 ▲__0000f4d4
addiu v0, zero, $fffb # 0000f574:2402fffb v0=$fffffffb
lw v0, $0018(s2) # 0000f578:8e420018 :arbin[24]=PAPARX??
arbin[24]があればジャンプ: #
bnel v0, zero, $0000f5ec # 0000f57c:5440001b ▼PAPARX
addiu v0, s0, $001c # 0000f580:2602001c :v0=PAPAR01までのオフセット
__0000f584: #
jal $0000d674 # 0000f584:0c00359d ▲FNC_0000d674
addu a0, s2, zero # 0000f588:02402021
addu a1, zero, zero # 0000f58c:00002821
__0000f590: #
jal $0000b258 # 0000f590:0c002c96 ▲FNC_0000b258
addu a0, s2, zero # 0000f594:02402021
addiu a1, zero, $0001 # 0000f598:24050001 a1=$00000001
jal $0000ef30 # 0000f59c:0c003bcc ▲SORTGAME
addu a0, s2, zero # 0000f5a0:02402021
jal $0000d870 # 0000f5a4:0c00361c ▲FNC_0000d870
addu a0, s2, zero # 0000f5a8:02402021
addu a0, s2, zero # 0000f5ac:02402021
jal $0000b258 # 0000f5b0:0c002c96 ▲FNC_0000b258
addu a1, zero, zero # 0000f5b4:00002821
j $0000f4d4 # 0000f5b8:08003d35 ▲__0000f4d4
addiu v0, zero, $0001 # 0000f5bc:24020001 v0=$00000001
__0000f5c0: #
j $0000f4d4 # 0000f5c0:08003d35 ▲__0000f4d4
sw zero, $0044(s2) # 0000f5c4:ae400044
__0000f5c8: #
j $0000f4d4 # 0000f5c8:08003d35 ▲__0000f4d4
addiu v0, zero, $fffb # 0000f5cc:2402fffb v0=$fffffffb
__0000f5d0: #
beql a0, zero, $0000f4d4 # 0000f5d0:5080ffc0 ▲__0000f4d4
addiu v0, zero, $fffe # 0000f5d4:2402fffe v0=$fffffffe
jal $000113d0 # 0000f5d8:0c0044f4 ▼FNC_000113d0
nop # 0000f5dc:00000000
addiu v0, zero, $fffe # 0000f5e0:2402fffe v0=$fffffffe
j $0000f4d4 # 0000f5e4:08003d35 ▲__0000f4d4
sw zero, $003c(s2) # 0000f5e8:ae40003c
PAPARX: #
addu v0, v0, s1 # 0000f5ec:00511021 :s1=&arbin[0]
lwl a1, $0003(v0) # 0000f5f0:88450003 :v0=&paparx[0]
lwl a2, $0007(v0) # 0000f5f4:88460007
lwl a3, $000b(v0) # 0000f5f8:8847000b
lwl a0, $000f(v0) # 0000f5fc:8844000f
lwr a1, $0000(v0) # 0000f600:98450000 :a1=papaex[0]
lwr a2, $0004(v0) # 0000f604:98460004 :a2=papaex[4]
lwr a0, $000c(v0) # 0000f608:9844000c :a0=papaex[12]
lwr a3, $0008(v0) # 0000f60c:98470008 :a3=papaex[8]
addiu v1, s2, $001c # 0000f610:2643001c
sw a1, $001c(s2) # 0000f614:ae45001c :arbin[20]にコピー
sw a0, $000c(v1) # 0000f618:ac64000c :arbin[32]
sw a2, $0004(v1) # 0000f61c:ac660004 :arbin[24]
sw a3, $0008(v1) # 0000f620:ac670008 :arbin[28]
jal $000115bc # 0000f624:0c00456f ▼ PAPARX??
lw a0, $0028(s2) # 0000f628:8e440028
beq v0, zero, $0000f5c8 # 0000f62c:1040ffe6 ▲__0000f5c8
sw v0, $0030(s2) # 0000f630:ae420030
jal $000115bc # 0000f634:0c00456f ▼ PAPARX??
lw a0, $0028(s2) # 0000f638:8e440028
beq v0, zero, $0000f5c8 # 0000f63c:1040ffe2 ▲__0000f5c8
sw v0, $0034(s2) # 0000f640:ae420034
jal $000115bc # 0000f644:0c00456f ▼ PAPARX??
lw a0, $0028(s2) # 0000f648:8e440028
beq v0, zero, $0000f5c8 # 0000f64c:1040ffde ▲__0000f5c8
sw v0, $0038(s2) # 0000f650:ae420038
lw a0, $0030(s2) # 0000f654:8e440030
lw a2, $0028(s2) # 0000f658:8e460028
addiu s0, s0, $002c # 0000f65c:2610002c
jal $00045648 # 0000f660:0c011592 ▼memcpy
addu a1, s0, s1 # 0000f664:02112821
lw a2, $0028(s2) # 0000f668:8e460028
lw a0, $0034(s2) # 0000f66c:8e440034
addu s0, s0, a2 # 0000f670:02068021
jal $00045648 # 0000f674:0c011592 ▼memcpy
addu a1, s0, s1 # 0000f678:02112821
lw a2, $0028(s2) # 0000f67c:8e460028
lw a0, $0038(s2) # 0000f680:8e440038
addu s0, s0, a2 # 0000f684:02068021
jal $00045648 # 0000f688:0c011592 ▼memcpy
addu a1, s0, s1 # 0000f68c:02112821
lw a0, $0030(s2) # 0000f690:8e440030
lw a1, $0028(s2) # 0000f694:8e450028
GOHASH: #
jal $00010400 # 0000f698:0c004100 ▼DATELHASH計算式
ori a2, s3, $2008 # 0000f69c:36662008
lw a0, $0034(s2) # 0000f6a0:8e440034
lw a1, $0028(s2) # 0000f6a4:8e450028
ori a2, s3, $2008 # 0000f6a8:36662008
GOHASH: #
jal $00010400 # 0000f6ac:0c004100 ▼DATELHASH計算式
addu s0, v0, zero # 0000f6b0:00408021
lw a0, $0038(s2) # 0000f6b4:8e440038
lw a1, $0028(s2) # 0000f6b8:8e450028
ori a2, s3, $2008 # 0000f6bc:36662008
GOHASH: #
jal $00010400 # 0000f6c0:0c004100 ▼DATELHASH計算式
addu s0, s0, v0 # 0000f6c4:02028021
lw v1, $0014(s2) # 0000f6c8:8e430014 :arbin[20]=PAPARX
addu s0, s0, v0 # 0000f6cc:02028021
あわないとき飛ばす: #
bne s0, v1, $0000f5c0 # 0000f6d0:1603ffbb ▲__0000f5c0
addiu v0, zero, $fffe # 0000f6d4:2402fffe v0=$fffffffe
jal $0000d570 # 0000f6d8:0c00355c ▲FNC_0000d570
addu a0, s2, zero # 0000f6dc:02402021
beq v0, zero, $0000f5c8 # 0000f6e0:1040ffb9 ▲__0000f5c8
addu v1, v0, zero # 0000f6e4:00401821 v1=$fffffffe
lw v0, $0028(s2) # 0000f6e8:8e420028
bne v1, v0, $0000f584 # 0000f6ec:1462ffa5 ▲__0000f584
nop # 0000f6f0:00000000
j $0000f590 # 0000f6f4:08003d64 ▲__0000f590


ねたもないので、PAPARXの解析してみた。いちおうそれっぽいとこみつけて3段加算ハシュで計算してみたらいっちした。CDEにはんえいできたらやるかも?8BITずつくぎってるっぽい?
8byte PAPARX署名
4byte null?
4byte 各ブロックの大きさ(PSARC01のヘッダ0x18からの数字÷2)
第1ブロック;隠しコード、ありだとBITが追加
第2ブロック;コードON/OFF、ONだと0xFFから各BITがなくなる
第3ブロック;フォルダの開閉、閉じるとBITが追加

//第2ブロック例
FF F9 FE ....
新規追加用のダミー?
1bit コードブロック全体(全体を隠す、第1ブロックしか使わない)
2bit 最初のコード,ON
3bit 2個目のこーど,ON
....
8bit 7個目のこーど,OFF
次の1bit 8個目のコード、ON
次の2bit 2個目のこーど,OFF
....

スポンサーサイト

06:33 | ACTIONREPLAYCOMMENT(0)TRACKBACK(0)  TOP

コメント

コメントの投稿



秘密にする

上記広告は1ヶ月以上更新のないブログに表示されています。新しい記事を書くことで広告を消せます。