├── sample ├── b0747746.bin ├── b25a6f00.bin ├── b2a46eff.bin ├── b2a66dff.bin └── f2a32072.bin ├── LICENSE ├── README.md └── rr_decode.py /sample/b0747746.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nao-sec/rr_decoder/HEAD/sample/b0747746.bin -------------------------------------------------------------------------------- /sample/b25a6f00.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nao-sec/rr_decoder/HEAD/sample/b25a6f00.bin -------------------------------------------------------------------------------- /sample/b2a46eff.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nao-sec/rr_decoder/HEAD/sample/b2a46eff.bin -------------------------------------------------------------------------------- /sample/b2a66dff.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nao-sec/rr_decoder/HEAD/sample/b2a66dff.bin -------------------------------------------------------------------------------- /sample/f2a32072.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nao-sec/rr_decoder/HEAD/sample/f2a32072.bin -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 nao_sec 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | # rr_decoder 3 | This script is to decode `Royal Road RTF Weaponizer` 8.t object 4 | 5 | The encodings that can be decoded are: 6 | - 0F 78 50 BA 7 | - 4D A2 EE 67 8 | - 61 4A 86 0C 9 | - 82 91 70 6F 10 | - 94 5F DA D8 11 | - 95 A2 74 8E 12 | - A9 A4 6E FE 13 | - B0 74 77 46 14 | - B2 5A 6F 00 15 | - B2 A4 6E FF 16 | - B2 A6 6D FF 17 | - F2 A3 20 72 18 | - 82 91 98 6F 19 | - 23 33 F7 65 20 | 21 | ## Usage 22 | ``` 23 | $ python3 rr_decoder [Input] [Output] 24 | ``` 25 | 26 | ## Example 27 | ``` 28 | $ python3 rr_decoder sample/b2a66dff.bin b2a66dff.exe 29 | ``` 30 | 31 | ## License 32 | `rr_decoder` is open-sourced software licensed under the [MIT License](LICENSE) 33 | 34 | ## Change Log 35 | - 2024/09/26 - 0.1.10 - Add decode_2333f765 36 | - 2024/06/24 - 0.1.9 - Add decode_8291986f 37 | - 2024/01/10 - 0.1.8 - Add decode_0f7850ba 38 | - 2024/01/04 - 0.1.7 - Add decode_614a860c 39 | - 2022/01/24 - 0.1.6 - Add decode_8291706f 40 | - 2021/05/21 - 0.1.5 - Add decode_4da2ee67 41 | - 2021/03/30 - 0.1.4 - Add decode_95a2748e 42 | - 2020/10/28 - 0.1.3 - Add decode_945fdad8 43 | - 2020/10/14 - 0.1.2 - Add decode_a9a46efe 44 | - 2020/03/29 - 0.1.1 - Refactoring decode_b0747746 & decode_f2a32072 45 | - 2020/01/09 - 0.1.0 - First Commit 46 | -------------------------------------------------------------------------------- /rr_decode.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | def decode_b0747746(enc_data): 4 | print('[!] Type [b0747746] is detected!') 5 | print('[+] Decoding...') 6 | 7 | dec_data = [] 8 | xor_key = 1219836524 9 | 10 | for i in range(len(enc_data)): 11 | for _ in range(7): 12 | x0 = (xor_key & 0x20000000) == 0x20000000 13 | x1 = (xor_key & 8) == 8 14 | x2 = xor_key & 1 15 | x3 = 1 + (x0 ^ x1 ^ x2) 16 | xor_key = ((xor_key + xor_key) + x3) & 0xFFFFFFFF 17 | dec_data.append(int.from_bytes(enc_data[i], "little") ^ (xor_key % 256)) 18 | 19 | return dec_data 20 | 21 | def decode_b25a6f00(enc_data): 22 | print('[!] Type [b25a6f00] is detected!') 23 | print('[+] Decoding...') 24 | 25 | dec_data = [] 26 | 27 | for i in range(len(enc_data)): 28 | if i % 2 == 0: 29 | dec_data.append(int.from_bytes(enc_data[i], "little") ^ 0xff) 30 | else: 31 | dec_data.append(int.from_bytes(enc_data[i], "little")) 32 | 33 | return dec_data 34 | 35 | def decode_b2a66dff(enc_data): 36 | print('[!] Type [b2a66dff] is detected!') 37 | print('[+] Decoding...') 38 | 39 | dec_data = [] 40 | 41 | for i in range(len(enc_data)): 42 | dec_data.append(int.from_bytes(enc_data[i], "little") ^ 0xfc) 43 | 44 | dec_data[0] = 0x4d 45 | dec_data[2] = 0x90 46 | 47 | return dec_data 48 | 49 | def decode_f2a32072(enc_data): 50 | print('[!] Type [f2a32072] is detected!') 51 | print('[+] Decoding...') 52 | 53 | dec_data = [] 54 | xor_key = 2079624803 55 | 56 | for i in range(len(enc_data)): 57 | for _ in range(7): 58 | x0 = (xor_key & 0x40000000) == 0x40000000 59 | x1 = (xor_key & 8) == 8 60 | x2 = xor_key & 1 61 | x3 = x0 ^ x1 ^ x2 62 | xor_key = ((xor_key + xor_key) + x3) & 0xFFFFFFFF 63 | dec_data.append(int.from_bytes(enc_data[i], "little") ^ (xor_key % 256)) 64 | 65 | return dec_data 66 | 67 | def decode_b2a46eff(enc_data): 68 | print('[!] Type [b2a46eff] is detected!') 69 | print('[+] Decoding...') 70 | 71 | dec_data = [] 72 | 73 | for i in range(len(enc_data)): 74 | dec_data.append(int.from_bytes(enc_data[i], "little") ^ 0xff) 75 | 76 | dec_data[1] = 0x5a 77 | dec_data[2] = 0x90 78 | 79 | return dec_data 80 | 81 | def decode_a9a46efe(enc_data): 82 | print('[!] Type [a9a46efe] is detected!') 83 | print('[+] Decoding...') 84 | 85 | dec_data = [] 86 | 87 | for i in range(len(enc_data)): 88 | dec_data.append(((int.from_bytes(enc_data[i], "little") ^ 0x7b) + 0x7b) % 256) 89 | 90 | return dec_data 91 | 92 | def decode_945fdad8(enc_data): 93 | print('[!] Type [945fdad8] is detected!') 94 | print('[+] Decoding...') 95 | 96 | dec_data = [] 97 | xor_key = 1387678300 98 | 99 | for i in range(len(enc_data)): 100 | for _ in range(7): 101 | x0 = (xor_key & 0x20000000) == 0x20000000 102 | x1 = (xor_key & 8) == 8 103 | x2 = xor_key & 1 104 | x3 = 1 + (x0 ^ x1 ^ x2) 105 | xor_key = ((xor_key + xor_key) + x3) & 0xFFFFFFFF 106 | dec_data.append(int.from_bytes(enc_data[i], "little") ^ (xor_key % 256)) 107 | 108 | return dec_data 109 | 110 | def decode_95a2748e(enc_data): 111 | print('[!] Type [95a2748e] is detected!') 112 | print('[+] Decoding...') 113 | 114 | dec_data = [] 115 | xor_key = 1404390492 116 | 117 | for i in range(len(enc_data)): 118 | for _ in range(7): 119 | x0 = (xor_key & 0x20000000) == 0x20000000 120 | x1 = (xor_key & 8) == 8 121 | x2 = xor_key & 1 122 | x3 = 1 + (x0 ^ x1 ^ x2) 123 | xor_key = ((xor_key + xor_key) + x3) & 0xFFFFFFFF 124 | dec_data.append(int.from_bytes(enc_data[i], "little") ^ (xor_key % 256)) 125 | 126 | return dec_data 127 | 128 | def rc4_ksa(key): 129 | x = 0 130 | y = 0 131 | s = list(range(256)) 132 | 133 | for i in range(0x100): 134 | y = (key[x % len(key)] + s[i] + y) & 0xff 135 | s[i], s[y] = s[y], s[i] 136 | x += 1 137 | return s 138 | 139 | def rc4_prga(enc_data, s): 140 | x = 0 141 | y = 0 142 | for i in range(len(enc_data)): 143 | x = (x + 1) & 0xff 144 | y = (s[x] + y) & 0xff 145 | s[x], s[y] = s[y], s[x] 146 | enc_data[i] = int.from_bytes(enc_data[i], "little") ^ s[(s[x] + s[y]) & 0xff] 147 | return bytes(enc_data) 148 | 149 | def decode_4da2ee67(enc_data): 150 | print('[!] Type [4da2ee67] is detected!') 151 | print('[+] Decoding...') 152 | 153 | key = bytearray(b"123456") 154 | s = rc4_ksa(key) 155 | dec_data = rc4_prga(enc_data, s) 156 | 157 | return dec_data 158 | 159 | def decode_8291706f(enc_data): 160 | print('[!] Type [8291706f] is detected!') 161 | print('[+] Decoding...') 162 | 163 | key = bytearray(b"2YlK77") 164 | s = rc4_ksa(key) 165 | dec_data = rc4_prga(enc_data, s) 166 | 167 | return dec_data 168 | 169 | def decode_614a860c(enc_data): 170 | print('[!] Type [614a860c] is detected!') 171 | print('[+] Decoding...') 172 | 173 | key = bytearray(b"923hrg") 174 | s = rc4_ksa(key) 175 | dec_data = rc4_prga(enc_data, s) 176 | 177 | return dec_data 178 | 179 | def decode_0f7850ba(enc_data): 180 | print('[!] Type [614a860c] is detected!') 181 | print('[+] Decoding...') 182 | 183 | key = bytearray(b"c34H4y") 184 | s = rc4_ksa(key) 185 | dec_data = rc4_prga(enc_data, s) 186 | 187 | return dec_data 188 | 189 | def decode_8291986f(enc_data): 190 | print('[!] Type [8291986f] is detected!') 191 | print('[+] Decoding...') 192 | 193 | key = bytearray(b"2YlK77") 194 | s = rc4_ksa(key) 195 | dec_data = rc4_prga(enc_data, s) 196 | 197 | return dec_data 198 | 199 | def decode_2333f765(enc_data): 200 | print('[!] Type [2333f765] is detected!') 201 | print('[+] Decoding...') 202 | 203 | key = bytearray(b"nigerdi") 204 | dec_data = [] 205 | 206 | for i in range(len(enc_data)): 207 | dec_data.append(int.from_bytes(enc_data[i], "little") ^ key[i % len(key)]) 208 | 209 | return dec_data 210 | 211 | def main(): 212 | args = sys.argv 213 | if len(args) != 3: 214 | print('[!] Usage: "' + args[0] + ' [Input] [Output]"') 215 | sys.exit(-1) 216 | 217 | signature = [ 218 | [0xb0, 0x74, 0x77, 0x46], 219 | [0xb2, 0x5a, 0x6f, 0x00], 220 | [0xb2, 0xa6, 0x6d, 0xff], 221 | [0xf2, 0xa3, 0x20, 0x72], 222 | [0xb2, 0xa4, 0x6e, 0xff], 223 | [0xa9, 0xa4, 0x6e, 0xfe], 224 | [0x94, 0x5f, 0xda, 0xd8], 225 | [0x95, 0xa2, 0x74, 0x8e], 226 | [0x4d, 0xa2, 0xee, 0x67], 227 | [0x82, 0x91, 0x70, 0x6f], 228 | [0x61, 0x4a, 0x86, 0x0c], 229 | [0x0f, 0x78, 0x50, 0xba], 230 | [0x82, 0x91, 0x98, 0x6f], 231 | [0x23, 0x33, 0xf7, 0x65] 232 | ] 233 | 234 | enc_data = [] 235 | 236 | with open(args[1], 'rb') as f: 237 | while True: 238 | byte = f.read(1) 239 | if byte: 240 | enc_data.append(byte) 241 | else: 242 | break 243 | 244 | header = enc_data[:4] 245 | for i in range(4): 246 | header[i] = int.from_bytes(header[i], 'little') 247 | 248 | if header == signature[0]: 249 | dec_data = decode_b0747746(enc_data) 250 | elif header == signature[1]: 251 | dec_data = decode_b25a6f00(enc_data) 252 | elif header == signature[2]: 253 | dec_data = decode_b2a66dff(enc_data) 254 | elif header == signature[3]: 255 | dec_data = decode_f2a32072(enc_data) 256 | elif header == signature[4]: 257 | dec_data = decode_b2a46eff(enc_data) 258 | elif header == signature[5]: 259 | dec_data = decode_a9a46efe(enc_data) 260 | elif header == signature[6]: 261 | dec_data = decode_945fdad8(enc_data) 262 | elif header == signature[7]: 263 | dec_data = decode_95a2748e(enc_data) 264 | elif header == signature[8]: 265 | dec_data = decode_4da2ee67(enc_data) 266 | elif header == signature[9]: 267 | dec_data = decode_8291706f(enc_data) 268 | elif header == signature[10]: 269 | dec_data = decode_614a860c(enc_data) 270 | elif header == signature[11]: 271 | dec_data = decode_0f7850ba(enc_data) 272 | elif header == signature[12]: 273 | dec_data = decode_8291986f(enc_data) 274 | elif header == signature[13]: 275 | dec_data = decode_2333f765(enc_data) 276 | else: 277 | print('[!] Error: Unknown Format') 278 | sys.exit(-1) 279 | 280 | print('[!] Complete!') 281 | 282 | with open(args[2], 'wb') as f: 283 | f.write(bytearray(dec_data)) 284 | 285 | if __name__ == '__main__': 286 | main() 287 | --------------------------------------------------------------------------------