ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Sat Oct 21, 2017 1:14 am

All times are UTC




Post new topic  Reply to topic  [ 233 posts ]  Go to page Previous 18 9 10 11 12 Next
Author Message
PostPosted: Sat Aug 20, 2016 4:59 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6885
@Ekey
Just for your information, the hsel library is bugged and can't work correctly.
In fact the 3des encryption/decryption writes data outside the buffer crashing quickbms which has protections against these problems.
Even by fixing the problem I get wrong data.
In short it's all bugged and doesn't work.


Top
   
PostPosted: Sat Aug 20, 2016 3:09 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 715
I don't know what the problem, but i have tested this source and works perfect.


Top
   
PostPosted: Sat Aug 20, 2016 3:14 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6885
It works (sort-of) perfect if you don't have checks on the limits of the buffer :)
Code:
   while(   1   <   iBlockCount)
   {
      (*(lpBlock--))   +=   (iTempLeftKey);
      (iTempLeftKey)   =   (*(lpBlock-1));
      (iBlockCount--);
   }
basically it takes data from 4 bytes before the beginning of the buffer with (*(lpBlock-1)).
I added some checks and it works but I'm not sure if the encryption is correct because looks very weak.
What I mean is that it's not a real DES but just a lame xor (complicated but still just a xor).

As default setting for quickbms I use:
eninit.iDesCount = HSEL_DES_TRIPLE;
eninit.iSwapFlag = HSEL_SWAP_FLAG_ON;
eninit.iCustomize = HSEL_KEY_TYPE_CUSTOMIZE;
eninit.iEncryptType = HSEL_ENCRYPTTYPE_1;


Top
   
PostPosted: Sun Aug 21, 2016 4:44 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6885
quickbms 0.7.6 is ready so if you have any last-minute request before its release, now it's the moment :)


Top
   
PostPosted: Tue Sep 20, 2016 10:17 pm 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 131
New compression is released
https://github.com/solaris573/taikotools
will fix tales of games compression.


Top
   
PostPosted: Wed Sep 21, 2016 7:52 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6885
thanks for the link, added to my todo list


Top
   
PostPosted: Sun Nov 06, 2016 11:57 am 

Joined: Sun Aug 24, 2014 5:26 pm
Posts: 228
Hi, can you add ERR_VALUE to clog command, like in findloc? I have compressed file with chunks and sometimes compressed size is 0x4000 lower then it should be. It seems to be around every 0x800000 bytes, but i can't understand it's logic completely. ERR_VALUE would be very useful as a workaround, cause it will be possible to do something like this:
Code:
if ERR_VALUE == ""
    math ZSIZE += 0x4000
    clog MEMORY_FILE OFFSET ZSIZE SIZE
endif


Top
   
PostPosted: Sun Nov 06, 2016 12:45 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6885
In my experience a similar feature was useful only with uncomplete formats or when I had to "scan/guess" a compression... definitely not worth for normal usage.
The goal of quickbms and its language is trying to be as simple and possible.


Top
   
PostPosted: Wed Nov 16, 2016 8:18 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6885
Almost ready to work on quickbms 0.7.7 so it's time for sending feedbacks and error reports.


Top
   
PostPosted: Tue Nov 22, 2016 4:44 pm 

Joined: Sun Aug 24, 2014 5:26 pm
Posts: 228
Can you make putvarchar working with TEMPORARY_FILE? MEMORY_FILEs are useful, but not for big files, cause it gives malloc error even with exe for 4gb files, so sometimes TEMPORARY_FILEs need to be used, but i cant change values inside them without working putvarchar


Top
   
PostPosted: Tue Nov 22, 2016 4:49 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6885
The problem is that TEMPORARY_FILE is just the name of a file, so it can be used only with Open and *Log.
Instead putvarchr is a memory-related command.
The only way for you is just using goto and put on the file number that you used for the temporary file.


Top
   
PostPosted: Wed Nov 23, 2016 7:23 am 

Joined: Sun Aug 24, 2014 5:26 pm
Posts: 228
So i open file, use goto to go to needed position and how do i change value on that offset?


Top
   
PostPosted: Wed Nov 23, 2016 8:52 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6885
The Put command does the job:
put 0x11223344 long 1 # if 1 is the filenumber of TEMPORARY_FILE

You must run quickbms with the -w option for being able to modify the file.

Anyway this is stuff that is not really related to extraction and to the purpose of quickbms so it's a sort of hack, I suggest you to use a programming language.


Top
   
PostPosted: Wed Nov 23, 2016 10:27 am 

Joined: Sun Aug 24, 2014 5:26 pm
Posts: 228
Yeah, it would be really better, thanks.


Top
   
PostPosted: Fri Nov 25, 2016 3:40 am 
User avatar

Joined: Sat Jun 06, 2015 6:50 pm
Posts: 19
Hello aluigi!
Do you have plans to add some... idk.. kinda JIT compiler or something else to improve performance?
Usually I'm using QuickBMS for decrypting files, but with custom algorythms it takes too much time to get a result from a script.

e.g. I want to decrypt 120 MB file with this script, and on my PC it takes about 20 minutes (dual-core athlon 2.9 GHz)
Can it be any faster?

Code:
get fsize asize
log memory_file 0 fsize

for i = 0 < fsize
  xmath crypt "(i & 0xFF) * 33 + (fsize & 0xFF) + 125"
  getvarchr x memory_file i
  math x ^= crypt
  putvarchr memory_file i x
next i += 1

get fname basename
string fname += "_dec.bin"

log fname 0 fsize memory_file
exit



Later I rewrote this. Script with table of pre-calculated "crypt" values gives me 7 minutes against 20, but still it is too slow to me.. :(


Top
   
PostPosted: Fri Nov 25, 2016 8:48 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6885
Eh JIT would be cool but a core rewriting of quickbms is not possible, it takes a huge amount of time and effort for both writing and testing. Really impossible at the moment.

The solution I adopt when I need to work with custom algorithms is simply writing a C function (or a dll) and dumping it, then using it in quickbms as a MEMORY_FILE to call with CallDLL.
The only down-side of this solution is that the user will be prompted to acknoledge the usage of the dll/dumped_function before running it (for security reasons).


Top
   
PostPosted: Fri Nov 25, 2016 5:10 pm 
User avatar

Joined: Sat Jun 06, 2015 6:50 pm
Posts: 19
Whoa! Calldll can run pure compiled code? Somehow I didn't noticed that before.
Since I'm familiar with x86 asm language, this feature would make my work a lot easier.
Many thanks, aluigi! :D


Top
   
PostPosted: Fri Nov 25, 2016 5:39 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6885
Yeah CallDLL is really awesome: physical DLLs, memory dlls, dumped functions and even dumped groups of functions (since it's possible to specify the offset of the data to execute).
Theoretically you can even build the x86 code at runtime with the embedded assembler in quickbms and then running the buffer you generated :)

Just remember to specify the correct calling convention, for example cdecl if you use gcc/mingw (default) or stdcall for VC++.


Top
   
PostPosted: Fri Nov 25, 2016 6:34 pm 
User avatar

Joined: Sat Jun 06, 2015 6:50 pm
Posts: 19
Got another question - what is the best way to put my code into a script directly?

Code:
// "put string" places string as is, without converting hex codes to a hex numbers
put "\x31\xC0\x40\xC3" string memory_file

// binary type seems to be unsupported by "put" command
put "\x31\xC0\x40\xC3" binary memory_file

// this actually works, but only until the first zero byte occured
set code binary "\x31\xC0\x40\xC3"
put code string memory_file

// now I'm using this code. The only inconvenience is that I need specify actual length in bytes,
set code binary "\x31\xC0\x40\xC3"
putdstring code 4 memory_file


Another thing - I've found that I don't have a permission to write into a memory section which is containing my code.
Is there any way to use static variables?


Top
   
PostPosted: Fri Nov 25, 2016 7:47 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6885
Let say your function has the following prototype:
Code:
int __cdecl function(unsigned char *buff, int buff_size, int arg1234);

Use this script:
Code:
set MEMORY_FILE10 binary "\x...YOUR_FUNCTION..."
log MEMORY_FILE OFFSET SIZE
calldll MEMORY_FILE10 0 cdecl RET MEMORY_FILE SIZE 1234

You can even use the x86 code automatically in the Encryption or Comtype command so that you don't have to dump the data in a MEMORY_FILE first:
Code:
set MEMORY_FILE10 binary "\x...YOUR_FUNCTION..."
encryption calldll "MEMORY_FILE10 0 cdecl RET #INPUT# #INPUT_SIZE# 1234"
log "dump.dat" OFFSET SIZE
encryption "" ""


I have not understood your second question but let me know if what I have written answers to it too.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 233 posts ]  Go to page Previous 18 9 10 11 12 Next

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited