ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Mon Oct 23, 2017 2:42 am

All times are UTC




Post new topic  Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Sun Oct 08, 2017 11:05 pm 

Joined: Sun Jul 10, 2016 11:07 am
Posts: 54
sorry this is kinda a noob question but the only code I could somewhat under stand is quickbms so i'm trying make this one work on quickbms..

Code:
#!/usr/bin/env python3



import sys

import zlib

import base64



zrif_dict = list(zlib.decompress(base64.b64decode(

  b"eNpjYBgFo2AU0AsYAIElGt8MRJiDCAsw3xhEmIAIU4N4AwNdRxcXZ3+/EJCAkW6Ac7C7ARwYgviuQAaIdoPSzlDaBUo7QmknIM3ACIZM78+u7kx3VWYEAGJ9HV0=")))



if len(sys.argv) != 2 and len(sys.argv) != 3:

  exit("Usage: %s zRIF [path/to/work.bin]" % sys.argv[0])



bin = base64.b64decode(sys.argv[1].encode("ascii"))



d = zlib.decompressobj(wbits=10, zdict=bytes(zrif_dict))

rif = d.decompress(bin)

rif += d.flush()



output = sys.argv[2] if len(sys.argv) == 3 else "work.bin"

open(output, "wb").write(rif)


and the only thing similar I could find is this, but somewhat reverse

Code:
# File to compressed variable
# script for QuickBMS http://quickbms.aluigi.org

quickbmsver "0.5.33"

comtype zlib_compress
get SIZE asize
clog MEMORY_FILE 0 SIZE SIZE

comtype base64_compress
get SIZE asize MEMORY_FILE
clog MEMORY_FILE2 0 SIZE SIZE MEMORY_FILE

get NAME filename
string NAME += ".compressed.txt"

get SIZE asize MEMORY_FILE2
log NAME 0 SIZE MEMORY_FILE2



so what should I do? should I decode the base64 text then use zlib to extract it? or should I use encryption?

so this text should output KO5ifR1dQ+d7BRgYmptDbTE2NQTZ7+IZ4ouw0sQEn/90J3D7TUyw4ZmYdDUp9n/M0dEYH9wAABwnEtoA the work.bin attached


Attachments:
work.bin [512 Bytes]
Downloaded 3 times
Top
   
PostPosted: Sun Oct 08, 2017 11:21 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6904
base64 decoding + zlib decompression:
Code:
comtype base64
get SIZE asize
clog MEMORY_FILE 0 SIZE SIZE
comtype zlib_noerror
get SIZE asize MEMORY_FILE
clog "dump.dat" 0 SIZE SIZE MEMORY_FILE


Top
   
PostPosted: Sun Oct 08, 2017 11:36 pm 

Joined: Sun Jul 10, 2016 11:07 am
Posts: 54
thanks for the quick response but the output file is some what different

I tried adding DICT

Code:
comtype base64 "eNpjYBgFo2AU0AsYAIElGt8MRJiDCAsw3xhEmIAIU4N4AwNdRxcXZ3+/EJCAkW6Ac7C7ARwYgviuQAaIdoPSzlDaBUo7QmknIM3ACIZM78+u7kx3VWYEAGJ9HV0="


but no luck, or should I read the file by text/line not by hex?


Top
   
PostPosted: Mon Oct 09, 2017 9:19 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6904
You must provide the input file, that work.bin is the output.

The code should be the following but I can't test it without samples:
Code:
set MYDICT string "eNpjYBgFo2AU0AsYAIElGt8MRJiDCAsw3xhEmIAIU4N4AwNdRxcXZ3+/EJCAkW6Ac7C7ARwYgviuQAaIdoPSzlDaBUo7QmknIM3ACIZM78+u7kx3VWYEAGJ9HV0="
log MEMORY_FILE 0 0

math DICTSZ = 0
putct MYDICT string -1 MEMORY_FILE
callfunction ZBASE 1
math DICTSZ = SIZE
getdstring DICT DICTSZ MEMORY_FILE2

get SIZE asize
log MEMORY_FILE 0 SIZE
callfunction ZBASE 1

clog "dump.dat" 0 SIZE SIZE MEMORY_FILE2

startfunction ZBASE
    comtype base64
    get SIZE asize MEMORY_FILE
    clog MEMORY_FILE2 0 SIZE SIZE MEMORY_FILE
    comtype zlib_noerror DICT DICTSZ
    get SIZE asize MEMORY_FILE2
endfunction


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 4 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited