Sharing is caring
This is similar topic to just with it u can decrypt 1.5.2.2 version files.
Everything same just source code different:
main.cpp
#include <string>
#include <iostream>
#include <fstream>
#include <map>
#include "hook.h"
typedef BOOL(WINAPI *_ReadFile) (HANDLE hFile, char *lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped);
_ReadFile true_ReadFile;
typedef HANDLE(WINAPI *_CreateFileW) (LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
_CreateFileW true_CreateFileW;
std::map<int, DWORD> Handles;
void fileputcontents(const std::string& name, char* content, DWORD size, bool append = false) {
std::ofstream outfile;
if (append)
outfile.open(name, std::ios::app | std::ios::binary);
else
outfile.open(name, std::ios::binary);
outfile.write(content, size);
}
int file = 0;
BOOL WINAPI new_ReadFile(HANDLE hFile, char *lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped) {
bool result = true_ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped);
std::map<int, DWORD>::iterator it = it = Handles.find((int)hFile);
if (it != Handles.end()) {
std::string filename;
file++;
filename = "decrypted_file.txt";
if (file == 1) {
fileputcontents(filename, lpBuffer, nNumberOfBytesToRead);
}
else {
fileputcontents(filename, lpBuffer, nNumberOfBytesToRead, true);
}
}
return result;
}
HANDLE WINAPI new_CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile) {
HANDLE true_handle = true_CreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
if (wcsstr(lpFileName, L"SysString-e.dat") != 0) {
std::map<int, DWORD>::iterator iter = Handles.find((int)true_handle);
Handles.insert(std::make_pair((int)true_handle, (DWORD)0));
}
else {
std::map<int, DWORD>::iterator iter = Handles.find((int)true_handle);
if (iter != Handles.end())
Handles.erase(iter);
}
return true_handle;
}
bool SetHooks(void)
{
FARPROC addr;
HANDLE hEngine = LoadLibraryA("engine.dll");
if ((addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "ReadFile")) == 0)
return false;
true_ReadFile = (_ReadFile)splice((unsigned char*)addr, new_ReadFile);
if ((addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "CreateFileW")) == 0)
return false;
true_CreateFileW = (_CreateFileW)splice((unsigned char*)addr, new_CreateFileW);
return true;
}
int load(void)
{
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
if (fdwReason == DLL_PROCESS_ATTACH)
{
if (!SetHooks()) {
return false;
}
}
return true;
}
hook.h
https://pastebin.com/V90efrHJ
hook.cpp
https://pastebin.com/LG92sS4b
1. CFF Explorer part: in ogg.dll file.
https://prnt.sc/sl91ylUn1B18
https://prnt.sc/NkkBPbailjZH
SmartDecrypt.dll must be before npkscrypt.dll
Compiled Version: vs2017 (v141 xp)
https://drive.google.com/file/d/1J4_OQS0dq5UD119xHi06Ve5028Ht-IWg/view?usp=sharing
If u want decrypt example interface.u/xdat/or other file then just rename it to SysString-e.dat and run l2.exe (you will get error just click ok) after all in system folder must appear decrypted_file.txt. (this file will be encrypted with regular l2encrypt (413/111 and etc..)