Decryption Technique 3.6.4.8 - For Externals

**epikmane** · 01-15-2018

Code:

#include <cstdint>
 
class TSLEncryptedPointer
{
private:
	uint64_t encrypted_pointers[44];
	uint16_t encrypted_index1;
	uint8_t pad0[6];
	uint16_t encrypted_index2;
	uint8_t pad1[6];
	uint16_t encrypted_xor1;
	uint8_t pad2[6];
	uint16_t encrypted_xor2;
	uint8_t pad3[6];
 
 
	uint16_t DecryptWord(uint8_t* table8, uint16_t word)
	{
		for (int i = 0; i < 5; i++)
		{
			word = table8[table8[(word & 0xFF) ^ 0x55]] << 0x08 | table8[table8[(word >> 0x08) ^ 0x44]];
		}
 
		return  word;
	}
 
	uint32_t DecryptDword(uint32_t* table32, uint32_t dword)
	{
		uint32_t xor = 0;
		xor ^= table32[((dword >> 0x00) & 0xFF) + 0x300];
		xor ^= table32[((dword >> 0x08) & 0xFF) + 0x200];
		xor ^= table32[((dword >> 0x10) & 0xFF) + 0x100];
		xor ^= table32[((dword >> 0x18) & 0xFF) + 0x000];
		return ~xor;
	}
 
	uint64_t DecryptIndex(uint32_t* table32, uint8_t* table8)
	{
		uint32_t temp = DecryptWord(table8, ~encrypted_index1 ^ encrypted_index2 ^ 0x0D25);
 
		temp ^= 0xD7AF5ABC;
		temp = DecryptDword(table32, temp);
 
		return temp % 0x2B;
	}
 
	uint64_t DecryptXor(uint32_t* table32, uint8_t* table8)
	{
		uint32_t temp = DecryptWord(table8, ~encrypted_xor1 ^ encrypted_xor2 ^ 0x0D25);
 
		temp ^= 0x5CE7E30C;
		temp = DecryptDword(table32, temp);
 
		return temp % 0x2B;
	}
 
public:
	uint64_t Decrypt(uint32_t* table32, uint8_t* table8)
	{
		uint64_t index = DecryptIndex(table32, table8);
		uint64_t pointer = encrypted_pointers[index];
		uint64_t xor = DecryptXor(table32, table8);
 
		return pointer ^ xor;
	}
};

Usage:

Code:

// run once
std::vector<uint8_t> decryptTable8;
decryptTable8.resize(255);
process.ReadMemory(module.baseAddress + 0x3AFF120, decryptTable8.data(), decryptTable8.size() * sizeof(uint8_t));
 
std::vector<uint32_t> decryptTable32;
decryptTable32.resize(1024);
process.ReadMemory(module.baseAddress + 0x3DEB290, decryptTable32.data(), decryptTable32.size() * sizeof(uint32_t));
 
//how to decrypt pointers
TSLEncryptedPointer encryptedPointer;
process.ReadMemory(tmpGnames, &encryptedPointer);
 
auto decrypted = encryptedPointer.Decrypt(decryptTable32.data(), decryptTable8.data());

Credits to Dr_P3pp3r

Thread: Decryption Technique 3.6.4.8 - For Externals

Thread Tools

Display

Decryption Technique 3.6.4.8 - For Externals

The Following 3 Users Say Thank You to epikmane For This Useful Post:

Similar Threads

[Release] [MW2] QuickScope plugin for External BoxESP v1.2

QuickScope plugin for External ESp V1.7.2

[Release] ConfigEdit v. 1.0 - GUI for External BoxESP v. 5.1

will it be possible for EXTERNAL ESP

[SOLVED]Has anyone been banned for External Boxes 4.3? Askin MODS