fix: fallback key in multi-key mode + bound printf context

- decrypt_images.c: try image_keys.json lookup first, fall back to config.json single key when CT pattern not mapped (previously returned -5 immediately in multi-key mode) - find_image_key.c: cap ASCII context printf to remaining buffer length, preventing out-of-bounds read near region end
2026-03-05 23:28:07 +08:00 · 2026-03-05 23:28:07 +08:00 · e84f1d5130
parent 96c1a5ac2e
commit e84f1d5130
2 changed files with 11 additions and 10 deletions
--- a/decrypt_images.c
+++ b/decrypt_images.c
@ -289,12 +289,10 @@ static int decrypt_v2_file(const char *input_path, const char *output_dir,
    }
    fclose(fin);

-    /* If multi-key mode: look up key by CT block 0 */
-    if (!aes_key && aes_ct_size >= 16) {
-        aes_key = find_key_for_ct(aes_ct);
-        if (!aes_key) {
-            free(aes_ct); free(raw_data); free(xor_data); return -5;
-        }
+    /* Try multi-key lookup (image_keys.json) first, then fall back to provided key */
+    if (aes_ct_size >= 16) {
+        const unsigned char *mk = find_key_for_ct(aes_ct);
+        if (mk) aes_key = mk;
    }
    if (!aes_key) { free(aes_ct); free(raw_data); free(xor_data); return -5; }

@ -409,8 +407,9 @@ static void walk_dir(const char *dir, walk_ctx *ctx) {
            if (*rel == '/') rel++;

            int xor_detected = -1;
-            /* In multi-key mode, pass NULL as key — decrypt_v2_file looks it up */
-            const unsigned char *key = ctx->multi_key ? NULL : ctx->fallback_key;
+            /* In multi-key mode, pass fallback_key — decrypt_v2_file tries
+             * image_keys.json lookup first, falls back to this key if provided */
+            const unsigned char *key = ctx->fallback_key;
            int ret = decrypt_v2_file(path, ctx->output_dir, rel,
                                       key, ctx->xor_key,
                                       ctx->auto_xor, &xor_detected);
--- a/find_image_key.c
+++ b/find_image_key.c
@ -470,8 +470,10 @@ static int scan_pid(pid_t pid) {
                                        printf("\n  *** FOUND KEY: %s ***\n", kh);
                                        printf("      Pattern: %s (%d files)\n",
                                               ch, patterns[idx].file_count);
-                                        printf("      ASCII context: %.32s\n",
-                                               buf + run_start);
+                                        int ctx_len = data_cnt - run_start;
+                                        if (ctx_len > 32) ctx_len = 32;
+                                        printf("      ASCII context: %.*s\n",
+                                               ctx_len, buf + run_start);
                                        found_this_pid++;
                                        /* Rebuild */
                                        n_unsolved = 0;