Jump to content

Smart Crypt Decryptor 1.5.2.2


Recommended Posts

Sharing is caring

 

This is similar topic to just with it u can decrypt 1.5.2.2 version files.

 

 

Everything same just source code different:

main.cpp

#include <string>
#include <iostream>
#include <fstream>
#include <map>
#include "hook.h"

typedef BOOL(WINAPI *_ReadFile) (HANDLE hFile, char *lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped);
_ReadFile true_ReadFile;

typedef HANDLE(WINAPI *_CreateFileW) (LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
_CreateFileW true_CreateFileW;


std::map<int, DWORD> Handles;

void fileputcontents(const std::string& name, char* content, DWORD size, bool append = false) {
	std::ofstream outfile;
	if (append)
		outfile.open(name, std::ios::app | std::ios::binary);
	else
		outfile.open(name, std::ios::binary);
	outfile.write(content, size);
}

int file = 0;
BOOL WINAPI new_ReadFile(HANDLE hFile, char *lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped) {

	bool result = true_ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped);
	std::map<int, DWORD>::iterator it = it = Handles.find((int)hFile);
	if (it != Handles.end()) {
		std::string filename;
		file++;
		filename = "decrypted_file.txt";
		if (file == 1) {
			fileputcontents(filename, lpBuffer, nNumberOfBytesToRead);	
		}
		else {	
			fileputcontents(filename, lpBuffer, nNumberOfBytesToRead, true);
		}
	}
	
	return result;

}

HANDLE WINAPI new_CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile) {

	HANDLE true_handle = true_CreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
	if (wcsstr(lpFileName, L"SysString-e.dat") != 0) {
		std::map<int, DWORD>::iterator iter = Handles.find((int)true_handle);
		Handles.insert(std::make_pair((int)true_handle, (DWORD)0));
	}
	else {
		std::map<int, DWORD>::iterator iter = Handles.find((int)true_handle);
		if (iter != Handles.end())
			Handles.erase(iter);
	}
	return true_handle;

}

bool SetHooks(void)
{
	FARPROC addr;

	HANDLE hEngine = LoadLibraryA("engine.dll");
	if ((addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "ReadFile")) == 0)
		return false;
		true_ReadFile = (_ReadFile)splice((unsigned char*)addr, new_ReadFile);

	if ((addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "CreateFileW")) == 0)
		return false;
		true_CreateFileW = (_CreateFileW)splice((unsigned char*)addr, new_CreateFileW);
		return true;

}

int load(void)
{
	return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{

	if (fdwReason == DLL_PROCESS_ATTACH)
	{
		if (!SetHooks()) {
			return false;
		}
	}
	return true;
}

 

hook.h

https://pastebin.com/V90efrHJ

hook.cpp

https://pastebin.com/LG92sS4b

 

1. CFF Explorer part: in ogg.dll file.

https://prnt.sc/sl91ylUn1B18

https://prnt.sc/NkkBPbailjZH

 SmartDecrypt.dll must be before npkscrypt.dll

 

Compiled Version: vs2017 (v141 xp)

https://drive.google.com/file/d/1J4_OQS0dq5UD119xHi06Ve5028Ht-IWg/view?usp=sharing

If u want decrypt example interface.u/xdat/or other file then just rename it to SysString-e.dat and run l2.exe (you will get error just click ok) after all in system folder must appear decrypted_file.txt. (this file will be encrypted with regular l2encrypt (413/111 and etc..)

Edited by wongerlt
  • Like 2
Link to comment
Share on other sites

  • 2 weeks later...

Hello there after follow to the letter your guide im stuck with the final file called "decrypted_file.txt" ,i used this tool to decrypt the regular encrypt (413). 

also i attached the file wich im try to decrypt

https://www.mediafire.com/file/b6xqfaov3yea91y/systemmsg-e.dat/file

 

Link to comment
Share on other sites

9 minutes ago, maxicroma said:

Hello there after follow to the letter your guide im stuck with the final file called "decrypted_file.txt" ,i used this tool to decrypt the regular encrypt (413). 

also i attached the file wich im try to decrypt

https://www.mediafire.com/file/b6xqfaov3yea91y/systemmsg-e.dat/file

 

 

Decrypted:

https://www.mediafire.com/file/0bj7p05cl64q1at/systemmsg-e.dat/file

  • Thanks 1
Link to comment
Share on other sites

wow its working ,maybe you can give me a little hand of how to do it :D? (i have a lot files to decompile to 😹) ,maybe my regular decompiler its not working?

Link to comment
Share on other sites

4 hours ago, maxicroma said:

wow its working ,maybe you can give me a little hand of how to do it :D? (i have a lot files to decompile to 😹) ,maybe my regular decompiler its not working?

Rename decrypted_file.txt to orginal one and then u can use l2 file editor

Link to comment
Share on other sites

5 hours ago, wongerlt said:

Rename decrypted_file.txt to orginal one and then u can use l2 file editor

Well ,i do this ,but first i need to decrypt it with a regular decryter no?

this its the file that i get after use the SmartDecrypt.dll on the ogg.dll

https://www.mediafire.com/file/2q606t5jqkz2cx7/decrypted_file.txt/file

First of all sorry for double post .

Finally it working for me ,i screw up on the CFF part ,i forgot to check the "create new section"

 

lol.JPG

Link to comment
Share on other sites

  • 4 months later...
  • 1 month later...
On 2/5/2024 at 9:30 AM, wongerlt said:

Sharing is caring

 

This is similar topic to just with it u can decrypt 1.5.2.2 version files.

 

 

Everything same just source code different:

main.cpp

#include <string>
#include <iostream>
#include <fstream>
#include <map>
#include "hook.h"

typedef BOOL(WINAPI *_ReadFile) (HANDLE hFile, char *lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped);
_ReadFile true_ReadFile;

typedef HANDLE(WINAPI *_CreateFileW) (LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
_CreateFileW true_CreateFileW;


std::map<int, DWORD> Handles;

void fileputcontents(const std::string& name, char* content, DWORD size, bool append = false) {
	std::ofstream outfile;
	if (append)
		outfile.open(name, std::ios::app | std::ios::binary);
	else
		outfile.open(name, std::ios::binary);
	outfile.write(content, size);
}

int file = 0;
BOOL WINAPI new_ReadFile(HANDLE hFile, char *lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped) {

	bool result = true_ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped);
	std::map<int, DWORD>::iterator it = it = Handles.find((int)hFile);
	if (it != Handles.end()) {
		std::string filename;
		file++;
		filename = "decrypted_file.txt";
		if (file == 1) {
			fileputcontents(filename, lpBuffer, nNumberOfBytesToRead);	
		}
		else {	
			fileputcontents(filename, lpBuffer, nNumberOfBytesToRead, true);
		}
	}
	
	return result;

}

HANDLE WINAPI new_CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile) {

	HANDLE true_handle = true_CreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile);
	if (wcsstr(lpFileName, L"SysString-e.dat") != 0) {
		std::map<int, DWORD>::iterator iter = Handles.find((int)true_handle);
		Handles.insert(std::make_pair((int)true_handle, (DWORD)0));
	}
	else {
		std::map<int, DWORD>::iterator iter = Handles.find((int)true_handle);
		if (iter != Handles.end())
			Handles.erase(iter);
	}
	return true_handle;

}

bool SetHooks(void)
{
	FARPROC addr;

	HANDLE hEngine = LoadLibraryA("engine.dll");
	if ((addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "ReadFile")) == 0)
		return false;
		true_ReadFile = (_ReadFile)splice((unsigned char*)addr, new_ReadFile);

	if ((addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "CreateFileW")) == 0)
		return false;
		true_CreateFileW = (_CreateFileW)splice((unsigned char*)addr, new_CreateFileW);
		return true;

}

int load(void)
{
	return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{

	if (fdwReason == DLL_PROCESS_ATTACH)
	{
		if (!SetHooks()) {
			return false;
		}
	}
	return true;
}

 

hook.h

https://pastebin.com/V90efrHJ

hook.cpp

https://pastebin.com/LG92sS4b

 

1. CFF Explorer part: in ogg.dll file.

https://prnt.sc/sl91ylUn1B18

https://prnt.sc/NkkBPbailjZH

 SmartDecrypt.dll must be before npkscrypt.dll

 

Compiled Version: vs2017 (v141 xp)

https://drive.google.com/file/d/1J4_OQS0dq5UD119xHi06Ve5028Ht-IWg/view?usp=sharing

If u want decrypt example interface.u/xdat/or other file then just rename it to SysString-e.dat and run l2.exe (you will get error just click ok) after all in system folder must appear decrypted_file.txt. (this file will be encrypted with regular l2encrypt (413/111 and etc..)

Hi, I got the error "invalid pe file possible reason: no export table present" in CFF when I try to add the dll file in L2.exe, any idea what's happening?. btw I used vs2013 

I appreciate your support

Link to comment
Share on other sites

1 hour ago, Dunk3L said:

Hi, I got the error "invalid pe file possible reason: no export table present" in CFF when I try to add the dll file in L2.exe, any idea what's happening?. btw I used vs2013 

I appreciate your support



Okay I'm pretty sure there was already compiled one shared by @wongerlt.

Yeah there you go.

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...