ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Thu Apr 26, 2018 5:44 am

All times are UTC




Post new topic  Reply to topic  [ 8 posts ] 
Author Message
PostPosted: Wed Aug 13, 2014 6:55 pm 

Joined: Wed Aug 13, 2014 6:43 pm
Posts: 22
I worked around my substitution table problem for Monster Hunter saves. :)

Now i'm trying to verify it. The game's using a 160bit SHA hash to verify data integrity. When i try to hash the memory file containing the data with QuickBMS, i don't get the correct hash though.

This is basically my test script to check the hash QuickBMS produces.
Code:
  log MEMORY_FILE3 0 0x40
  Encryption sha1 MEMORY_FILE3
  print "SHA-1 hash: %QUICKBMS_HEXHASH%"


I'm trying to attach a small (40 byte) file, but the forums won't let me and always says "extension not allowed". I tried .bin, .txt, .bmp, .dat, .jpg....

Anyway, with the script above i'm geting a different hash than with every other program (i tried 3, they gave identical hashes). Am I doing something wrong?


Top
   
PostPosted: Wed Aug 13, 2014 9:23 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7937
Hi.
I guess that your problem with Monster Hunter was the missing key size field at the end of the Encryption command, otherwise when it finds a NULL byte it truncates the key.

Here the problem is that you have used the Encryption command after the Log one, place it before so that it will calculate the hash while doing the reading of the file.

For the attachments, simply make a zip.
But images are accepted (probably it checks if it's a valid image).


Top
   
PostPosted: Thu Aug 14, 2014 3:02 pm 

Joined: Wed Aug 13, 2014 6:43 pm
Posts: 22
I did it like that because i copied it from what i'm supposed to do. I log the save to MEMORY_FILE, then i have to append a 14-character string as salt to the end of the save / memory file, which is specific to the region the save file is from.
I guess i could log them completed mem file into another mem file.

Nevertheless, i just tried this short script on my little tohash.bin test file, which i attached.
Code:
  Encryption sha1 ""
  log MEMORY_FILE3 0 0x40
  Encryption "" ""
  print "SHA-1 hash: %QUICKBMS_HEXHASH%"

The QuickBMS result was a hash of F6934BB884F1748550AA93CFF917F0500AACA45F.

This is what other programs say about the file:
Image
Am i still missing something?

#edit: As an aside, say i need to cancel a for loop on some condition. Would this work?
Code:
for i = 0 < FILES
  goto 0x6800  # file name position
  getdstring NAME 0x10
  if NAME = ""
    next i
  endif
  ...
  [ code to execute if name is valid ]
  ...
next i


Attachments:
File comment: .bin file to hash
tohash.zip [209 Bytes]
Downloaded 79 times
Top
   
PostPosted: Thu Aug 14, 2014 4:05 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7937
The problem is the size you specify, the file is 80 bytes (0x50) and you specified 0x40.
You can just do a:
Code:
Encryption sha1 ""
get SIZE asize
log MEMORY_FILE3 0 SIZE

Regarding the loop I guess you want a "continue" like in C, unfortunately that's not implemented because gave some troubles in Quickbms.

So you can just use an "if" "else" "endif" to perform the appropriate operation.

Instead if you want to "break" the loop there is just the Break command.
Only note about this command is that in particular conditions it may not work correctly, but if you use something like the following you will not have problems:
Code:
for i = 0 < FILES
    get TMP line
    if TMP == ""
        break
    endif
next i


Top
   
PostPosted: Mon Aug 18, 2014 3:21 pm 

Joined: Wed Aug 13, 2014 6:43 pm
Posts: 22
Oh yeah, i forgot to report back. :D

I got it to work, finally, with Encryption sha1 "" and the log command. Of course it was such a dumb mistake! Thanks for your time. Still, specifying just the encryption command with a memory file as key and a fixed width got me all kinds of various hashes, but not the right one. Oh well, log works. I got two working scripts to de- and encrypt a Monster Hunter save now. :)

This is beyond the SHA issue now, but: If i want to distribute QuickBMS with the scripts (and the neccessary cipher tables), i'm guessing i need to include the src folder?


Top
   
PostPosted: Mon Aug 18, 2014 3:41 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7937
You can distribute just the quickbms.exe file, no need of the src folder or the other files.


Ah, a little tip: if you want to calculate the hash of a string you can specify it in the encryption command and the hash will be calculated immediately.
It's a shortcut I added to avoid to make useless operations.

Try this:
Code:
set VAR string "hellohello"
encryption md5 VAR "" 0 4
print "%quickbms_hexhash%"
Useful, eh? :)

It works also with MEMORY_FILE:
Code:
set MEMORY_FILE string "hellohello"
encryption md5 MEMORY_FILE "" 0 4
print "%quickbms_hexhash%"
This feature has been introduced only recently.


Top
   
PostPosted: Wed Aug 20, 2014 3:07 pm 

Joined: Wed Aug 13, 2014 6:43 pm
Posts: 22
Cool. :)


By the way, is there a method to make a string filename-save? I'm thinking of taking filenames from within the archive, but some of the potential names contain question marks and the like.


Top
   
PostPosted: Wed Aug 20, 2014 3:33 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7937
quickbms has an internal function to clean the filenames when it dumps the file so the file is created without problems, but there is nothing similar exposed to the script.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 8 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited