voice-listener.lua/gs_decryption.cpp at main · tickcount/voice-listener.lua · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
// Shared ESP decryption from gamesense
// Build Options: Non-CRT / Optimizations: Minumim Code Size, etc
#include <vector>
#include <iostream>
#include <stdint.h>
#include <intrin.h>
#include <bit>

#if defined(__GNUC__)
typedef          long long ll;
typedef unsigned long long ull;
#define __int64 long long
#define __int32 int
#define __int16 short
#define __int8  char
#define MAKELL(num) num ## LL
#define FMT_64 "ll"
#elif defined(_MSC_VER)
typedef          __int64 ll;
typedef unsigned __int64 ull;
#define MAKELL(num) num ## i64
#define FMT_64 "I64"
#elif defined (__BORLANDC__)
typedef          __int64 ll;
typedef unsigned __int64 ull;
#define MAKELL(num) num ## i64
#define FMT_64 "L"
#else
#error "unknown compiler"
#endif

// Partially defined types:
#define _BYTE  uint8
#define _WORD  uint16
#define _DWORD uint32
#define _QWORD uint64
#if !defined(_MSC_VER)
#define _LONGLONG __int128
#endif

typedef unsigned int uint;
typedef unsigned char uchar;
typedef unsigned short ushort;
//typedef unsigned long ulong;

typedef          char   int8;
typedef   signed char   sint8;
typedef unsigned char   uint8;
typedef          short  int16;
typedef   signed short  sint16;
typedef unsigned short  uint16;
typedef          int    int32;
typedef   signed int    sint32;
typedef unsigned int    uint32;
typedef ll              int64;
typedef ll              sint64;
typedef ull             uint64;

#ifndef _WINDOWS_
typedef int8 BYTE;
typedef int16 WORD;
typedef int32 DWORD;
typedef int32 LONG;
#endif
typedef int64 QWORD;
#ifndef __cplusplus
typedef int bool;       // we want to use bool in our C programs
#endif
// Some convenience macros to make partial accesses nicer
// first unsigned macros:
#define LOBYTE(x)   (*((_BYTE*)&(x)))   // low byte
#define LOWORD(x)   (*((_WORD*)&(x)))   // low word
#define LODWORD(x)  (*((_DWORD*)&(x)))  // low dword
#define HIBYTE(x)   (*((_BYTE*)&(x)+1))
#define HIWORD(x)   (*((_WORD*)&(x)+1))
#define HIDWORD(x)  (*((_DWORD*)&(x)+1))
#define BYTEn(x, n)   (*((_BYTE*)&(x)+n))
#define WORDn(x, n)   (*((_WORD*)&(x)+n))
#define BYTE1(x)   BYTEn(x,  1)         // byte 1 (counting from 0)
#define BYTE2(x)   BYTEn(x,  2)
#define BYTE3(x)   BYTEn(x,  3)
#define BYTE4(x)   BYTEn(x,  4)
#define BYTE5(x)   BYTEn(x,  5)
#define BYTE6(x)   BYTEn(x,  6)
#define BYTE7(x)   BYTEn(x,  7)
#define BYTE8(x)   BYTEn(x,  8)
#define BYTE9(x)   BYTEn(x,  9)
#define BYTE10(x)  BYTEn(x, 10)
#define BYTE11(x)  BYTEn(x, 11)
#define BYTE12(x)  BYTEn(x, 12)
#define BYTE13(x)  BYTEn(x, 13)
#define BYTE14(x)  BYTEn(x, 14)
#define BYTE15(x)  BYTEn(x, 15)
#define WORD1(x)   WORDn(x,  1)
#define WORD2(x)   WORDn(x,  2)         // third word of the object, unsigned
#define WORD3(x)   WORDn(x,  3)
#define WORD4(x)   WORDn(x,  4)
#define WORD5(x)   WORDn(x,  5)
#define WORD6(x)   WORDn(x,  6)
#define WORD7(x)   WORDn(x,  7)

inline uint8  __ROL1__(uint8  value, int count) { return _rotl8((uint8)value, count); }
inline uint16 __ROL2__(uint16 value, int count) { return _rotl16((uint16)value, count); }
inline uint32 __ROL4__(uint32 value, int count) { return _rotl((uint32)value, count); }
inline uint64 __ROL8__(uint64 value, int count) { return _rotl64((uint64)value, count); }

inline uint8  __ROR1__(uint8  value, int count) { return _rotr8((uint8)value, count); }
inline uint16 __ROR2__(uint16 value, int count) { return _rotr16((uint16)value, count); }
inline uint32 __ROR4__(uint32 value, int count) { return _rotr((uint32)value, count); }
inline uint64 __ROR8__(uint64 value, int count) { return _rotr64((uint64)value, count); }

struct voicedata_t
{
	char pad_0000[8];
	_DWORD client;
	_DWORD audible_mask;
	_QWORD xuid;
	void* voice_data_;
	_DWORD proximity;
	_DWORD format;
	_DWORD sequence_bytes;
	_DWORD section_number;
	_DWORD uncompressed_sample_offset;
};

__forceinline char encrypt_packet(uint8_t* pthis, uint8_t* buffer, unsigned int size)
{
	unsigned __int8 v3; // bl
	unsigned int i; // eax
	unsigned __int8 v6; // dh
	unsigned int j; // esi
	char v8; // dl
	unsigned int v9; // ebx
	int v10; // edi
	unsigned __int8 v11; // ah
	char v12; // dl
	char result; // al
	char v14; // dl
	char v15[256]; // [esp+14h] [ebp-100h]

	v3 = 0;
	for (i = 0; i < 0x100; ++i)
		v15[i] = i;

	v6 = 0;
	for (j = 0; j < 0x100; ++j)
	{
		v8 = v15[j];
		v3 += v8 + pthis[(j & 0xF)];
		v15[j] = v15[v3];
		v15[v3] = v8;
	}

	v9 = 0;
	v10 = 128;
	v11 = 0;
	do
	{
		v12 = v15[++v6];
		v11 += v12;
		result = v15[v11];
		v15[v6] = result;
		v15[v11] = v12;
		--v10;
	} while (v10);
	if (size)
	{
		do
		{
			v14 = v15[++v6];
			v15[v6] = v15[(unsigned __int8)(v14 + v11)];
			v15[(unsigned __int8)(v14 + v11)] = v14;
			result = v15[(unsigned __int8)(v14 + v15[v6])];
			buffer[v9++] ^= result;
			v11 += v14;
		} while (v9 < size);
	}
	return result;
}

// Program Entry
bool __fastcall main(voicedata_t* msg, uint32_t xuid_low)
{
	_DWORD* v1; // edi
	int v3; // eax
	int v4; // ecx
	int v5; // eax
	int i; // eax
	int v7; // ecx
	int v8; // ecx
	unsigned int v9; // edi
	int v10; // ecx
	__int16 v11; // bx
	unsigned int v12; // eax
	int v13; // edx
	int v14; // esi
	__int16 v15; // bx
	int v16; // eax
	__int16 v17; // dx
	int v18; // edx
	int v19; // eax
	int v20; // edi
	unsigned int v23; // esi
	__int16 signature; // eax^2
	int v25; // xmm3_4
	unsigned int v26; // edx
	int v27; // ebx
	int v28; // ecx
	unsigned int v29; // eax
	int v30; // xmm2_4
	signed int v31; // ecx
	unsigned int v32; // eax
	int v33; // xmm0_4
	unsigned int v34; // edx
	int v35; // ebx
	int v36; // ecx
	unsigned int v37; // eax
	float v38; // xmm0_4
	unsigned int v39; // ebx
	unsigned int v40; // esi
	_DWORD* v41; // ebx
	float* v42; // edi
	float v43; // xmm1_4
	float v44; // xmm0_4
	int v45; // eax
	int v46; // eax
	int v49[3]; // [esp+164h] [ebp-40h] BYREF
	int v50; // [esp+170h] [ebp-34h]
	int v51; // [esp+174h] [ebp-30h]
	unsigned int v52; // [esp+178h] [ebp-2Ch]
	int v53; // [esp+17Ch] [ebp-28h]
	unsigned int who_shared; // [esp+180h] [ebp-24h]
	unsigned int shared_buffer[5]; // [esp+184h] [ebp-20h]
	unsigned int v56 = 0; // [esp+198h] [ebp-Ch]
	int v57; // [esp+19Ch] [ebp-8h]
	int v58; // [esp+1A0h] [ebp-4h]

	unsigned char rawData[16] = {
		0x68, 0x33, 0x05, 0x97, 0x36, 0x06, 0xD4, 0xEA, 0x4F, 0xC4, 0xA4, 0x3E,
		0x85, 0xB2, 0xAC, 0x0F
	};

	(*(_QWORD*)&shared_buffer) = msg->xuid;
	shared_buffer[2] = msg->section_number;
	shared_buffer[3] = msg->sequence_bytes;
	shared_buffer[4] = msg->uncompressed_sample_offset;

	encrypt_packet(rawData, (uint8_t*)&shared_buffer[0], 20);

	v9 = 0;
	v57 = 0;
	do
	{
		v10 = HIWORD(shared_buffer[v9 / 2]);
		v50 = LOWORD(shared_buffer[v9 / 2 + 1]);
		v11 = v50;
		v51 = v10;
		v12 = 0x91D58E85;
		v13 = (short)v10;
		v14 = 15;
		do
		{
			v15 = v11 - v12;
			v16 = __ROL4__(v12, 1);
			v11 = v13 ^ __ROR2__(v15, v13 & 0xF);
			v17 = v13 - v16;
			v12 = __ROL4__(v16, 1);
			v13 = (unsigned __int16)(v11 ^ __ROR2__(v17, v11 & 0xF));
			--v14;
		} while (v14);
		v52 = v12;
		LOWORD(shared_buffer[v9 / 2 + 1]) = v56 ^ (v11 - v12);
		v18 = v57 ^ (v13 - __ROL4__(v12, 1));
		v19 = (unsigned __int16)v51;
		HIWORD(shared_buffer[v9 / 2]) = v18;
		v9 += 2;
		v57 = v19;
		v56 = (unsigned __int16)v50;
	} while (v9 < 9);

	int buffer_hash = shared_buffer[0];
	buffer_hash ^= xuid_low;
	buffer_hash = buffer_hash >> 0x10;
	buffer_hash = (unsigned short)buffer_hash;

	return buffer_hash == 0x2424; // '$$'
}