ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Thu Apr 26, 2018 2:05 am

All times are UTC




Post new topic  Reply to topic  [ 21 posts ]  Go to page 1 2 Next
Author Message
PostPosted: Tue Sep 02, 2014 5:29 pm 

Joined: Sat Aug 09, 2014 11:21 am
Posts: 616
Hello folks!

I've just stumbled over the main archive from Pac-Man Museum. I was trying to figure out the compression method of the file table at the end of the archive (ZPKI), but Luigi's algorithm scanner didn't turn up with anything.
Does anybody have any ideas? Here are the archives from PC, PS2 and XBLA: https://www.firedrive.com/file/9C711888DE6E7663
Thanks for your help! :)

Regards, Alpha23


Top
   
PostPosted: Tue Sep 02, 2014 7:21 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 749
Well entry table and file datas xored + compressed (custom algo). Anyway, here table. Try to analyze it :)

Code:
struct TableHeader
{
    DWORD dwFilesCount;
    DWORD dwFoldersCount;
};


Attachments:
pTable.rar [49.11 KiB]
Downloaded 92 times
Top
   
PostPosted: Tue Sep 02, 2014 7:56 pm 

Joined: Sat Aug 09, 2014 11:21 am
Posts: 616
Huh... How did you uncompress the table? Is it the same compression algorithm with each platform?


Top
   
PostPosted: Tue Sep 02, 2014 8:13 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 749
It's custom algorithm because while decompressing some bytes need to decrypt 2 times. Idk about other platforms. Here example entry datas:

Code:
DEBUG\EuSmall.abc
ZSize: 0xBD5 (3029.)
Size: 0x210F8 (135416.)
Offset: 0x15864964
Data: 11 34 42 47 F4 27 32 20 05 60 02 17 30 0B ED 6A 90 0F 02 60 09 43

=======================================================================

SHADER\Win32\sashader.vsh
ZSize: 0xD42 (3394.)
Size: 0x2FE1 (12257.)
Offset: 0x106AB39D
Data: 12 17 26 22 97 0F C4 EA 32 34 11 0F B2 20 ED D9 4D 62 42 13 A9 39

=======================================================================

GuiData\Geui\PC\_TextTables.rs
ZSize: 0x17FD (6141.)
Size: 0x46FD (18173.)
Offset: 0x095CE4B3
Data: 1B 34 42 46 F1 30 03 F9 A9 20 06 8F 1D 6C 37 2E B0 24 DF FB 12 40


Top
   
PostPosted: Tue Sep 02, 2014 8:18 pm 

Joined: Sat Aug 09, 2014 11:21 am
Posts: 616
Cool thing. To be honest, I don't know what I see here, I'm not that deep into the matter. My question is: Would Luigi be able to implement the algorithm in QuickBMS? :) I'd like to write a script.
Of course, THANKS A LOT for figuring this out, Ekey! :)


Top
   
PostPosted: Tue Sep 02, 2014 8:20 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 749
I guess nope, because if this algo using in all platforms, key for decrypt can be different. You can make script for reading entries? I'll try make algo for qbms by loading function from memory :)


Top
   
PostPosted: Tue Sep 02, 2014 10:00 pm 

Joined: Sat Aug 09, 2014 11:21 am
Posts: 616
Phew, not that easy to read the info I now notice... I'm not too familiar with this kind of info table with files and folders. ;)
Anybody wants to help? I'd be really glad! :)


Top
   
PostPosted: Wed Sep 03, 2014 10:55 am 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 749
Script for decompressing data ready. Waiting your script for reading entries :P


Top
   
PostPosted: Wed Sep 03, 2014 10:58 am 

Joined: Sat Aug 09, 2014 11:21 am
Posts: 616
Ekey wrote:
Script for decompressing data ready. Waiting your script for reading entries :P
I'm afraid I'm not quite able to grasp the structure... :(
Can anybody help me with this?


Top
   
PostPosted: Wed Sep 03, 2014 11:12 am 

Joined: Sat Aug 09, 2014 11:21 am
Posts: 616
Hm, I was just looking at the pTable you uploaded and something seems to be missing: The offsets to the folder names seem to be biased by 0xc.


Top
   
PostPosted: Wed Sep 03, 2014 11:13 am 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 749
Luigi..... I guess :)


Top
   
PostPosted: Wed Sep 03, 2014 11:34 am 

Joined: Sat Aug 09, 2014 11:21 am
Posts: 616
I almost got it anyway. ;)
Can you write a script that only extracts the TOC table into memory? I need to test something.


Top
   
PostPosted: Wed Sep 03, 2014 11:39 am 

Joined: Sat Aug 09, 2014 11:21 am
Posts: 616
Ok, here's what I got. The problem is that the pTable you uploaded is truncated by 0x560 bytes.

Code:
get FILES long
get FOLDERS long
get DUMMY long
get OFF_CRC long
get OFF_FOLDERNAMES_INFO long
get OFF_TOC_INFO long
get DUMMY long
get UNK long
get OFF_FILENAMES_INFO long

math OFF_CRC -= 0xc
math OFF_FOLDERNAMES_INFO -= 0xc
math OFF_UNK_INFO -= 0xc
math DUMMY -= 0xc
math UNK -= 0xc
math OFF_FILENAMES_INFO -= 0xc

goto OFF_CRC
for i = 0 < FILES
   get CRC long # not needed
next i

goto OFF_FOLDERNAMES_INFO
for i = 0 < FOLDERS
   get NAMEOFF long
   math NAMEOFF -= 0xc
   savepos MYOFF
   goto NAMEOFF
   get NAME_FOLDER string
   goto MYOFF
   putArray 0 i NAME_FOLDER
next i

goto OFF_FILENAMES_INFO
for i = 0 < FILES
   get NAMEOFF long
   math NAMEOFF -= 0xc
   savepos MYOFF
   goto NAMEOFF
   get NAME_FILE string
   goto MYOFF
   putArray 1 i NAME_FILE
next i

goto OFF_TOC_INFO
for i = 0 < FILES
   get OFFSET long
   get SIZE long
   get UNK short
   get FOLDERNUMBER short
   get UNK short
   get FILENUMBER short
   getArray NAME_FOLDER 0 FOLDERNUMBER
   getArray NAME_FILE 0 FILENUMBER
   set NAME NAME_FOLDER
   string NAME += "/"
   string NAME += NAME_FILE
   log NAME OFFSET SIZE
next i


Top
   
PostPosted: Wed Sep 03, 2014 1:49 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 749
I guess with OFF_TOC_INFO something wrong because i got

Code:
Error: the script uses more array indexes (2932) than supported (67)


Anyway script for decompress in attach


Attachments:
pmm_decompressor.rar [969 Bytes]
Downloaded 97 times
Top
   
PostPosted: Wed Sep 03, 2014 10:01 pm 

Joined: Sat Aug 09, 2014 11:21 am
Posts: 616
I've finished the script. The key works for all platforms. However, some of the extracted files still seem to be compressed or encrypted. Look at the *.xsb files in sounddata, they should contain an index list.
Btw, I somehow can't append any files, message: "The uploaded file is empty.".

Code:
# Pac-Man Museum - LPK format (PC)
# script written by AlphaTwentyThree
# decompressor written by Ekey (h4x0r)
# script for QuickBMS http://quickbms.aluigi.org

# Function for decompress > pDstBuffer, pDstSize, pScrBuffer, pScrSize
set MEMORY_FILE4 binary "\x55\x8B\xEC\x51\x8B\x4D\x10\x8B\x45\x14\x8D\x14\x08\x8B\x45\x0C\x53\x33\xDB\x57\x8B\x7D\x08\x89\x55\xFC\x89\x45\x10\x85\xC0\x0F\x8E\x55\x01\x00\x00\x56\xEB\x00\x85\xDB\x75\x07\xB8\x12\x00\x00\x00\xEB\x52\x83\xFB\x01\x75\x07\xB8\x34\x00\x00\x00\xEB\x46\x83\xFB\x02\x75\x07\xB8\x42\x00\x00\x00\xEB\x3A\x83\xFB\x03\x75\x07\xB8\x47\x00\x00\x00\xEB\x2E\x83\xFB\x04\x75\x07\xB8\xF1\x00\x00\x00\xEB\x22\x83\xFB\x05\x75\x07\xB8\x66\x00\x00\x00\xEB\x16\x83\xFB\x06\x75\x07\xB8\xAA\x00\x00\x00\xEB\x0A\x83\xFB\x07\x75\x05\xB8\x8F\x00\x00\x00\x0F\xB6\x11\x33\xC2\x43\x41\x89\x45\x14\x83\xE3\x07\xC7\x45\x08\x07\x00\x00\x00\xEB\x00\x84\xC0\x78\x54\x85\xDB\x75\x04\xB2\x12\xEB\x3D\x83\xFB\x01\x75\x04\xB2\x34\xEB\x34\x83\xFB\x02\x75\x04\xB2\x42\xEB\x2B\x83\xFB\x03\x75\x04\xB2\x47\xEB\x22\x83\xFB\x04\x75\x04\xB2\xF1\xEB\x19\x83\xFB\x05\x75\x04\xB2\x66\xEB\x10\x83\xFB\x06\x75\x04\xB2\xAA\xEB\x07\x83\xFB\x07\x75\x02\xB2\x8F\x32\x11\x43\x88\x17\x47\x41\x83\xE3\x07\xFF\x4D\x10\xEB\x6A\x0F\xB6\x01\x8B\xF0\xC1\xEE\x04\x83\xFE\x01\x7E\x03\x46\xEB\x35\x33\xD2\x83\xFE\x01\x0F\x94\xC2\x83\xE0\x0F\xC1\xE0\x04\x41\x8B\xF2\x8B\xD0\x85\xF6\x74\x12\x0F\xB6\x01\xC1\xE2\x04\x03\xD0\xC1\xE2\x04\x41\x81\xC2\x00\x01\x00\x00\x0F\xB6\x01\x8B\xF0\xC1\xEE\x04\x8D\x74\x16\x11\x0F\xB6\x51\x01\x29\x75\x10\x83\xE0\x0F\xC1\xE0\x08\x0B\xD0\x42\x8B\xC7\x83\xC1\x02\x2B\xC2\x8A\x10\x88\x17\x4E\x47\x40\x85\xF6\x7F\xF5\x8B\x45\x14\x83\x7D\x10\x00\x7E\x13\x03\xC0\xFF\x4D\x08\x89\x45\x14\x0F\x89\x2A\xFF\xFF\xFF\xE9\xB2\xFE\xFF\xFF\x8B\x55\xFC\x5E\x41\x5F\x5B\x3B\xCA\x77\x0D\x83\xC1\x03\x3B\xCA\x72\x06\x33\xC0\x8B\xE5\x5D\xC3\x83\xC8\xFF\x8B\xE5\x5D\xC3"

idstring "LPK\x00"
goto 0x18
get TABLE_OFFSET long
goto TABLE_OFFSET
idstring "ZPKI"
get VERSION long
get TABLE_SIZE long
get TABLE_ZSIZE long
savepos TABLE_OFFSET
log MEMORY_FILE TABLE_OFFSET TABLE_ZSIZE
putvarchr MEMORY_FILE2 TABLE_SIZE 0
goto 0 MEMORY_FILE2
calldll MEMORY_FILE4 0 cdecl RET MEMORY_FILE2 TABLE_SIZE MEMORY_FILE TABLE_ZSIZE

get FILES long MEMORY_FILE2
get FOLDERS long MEMORY_FILE2
get DUMMY long MEMORY_FILE2
get OFF_CRC long MEMORY_FILE2
get OFF_FOLDERNAMES_INFO long MEMORY_FILE2
get OFF_TOC_INFO long MEMORY_FILE2
get DUMMY long MEMORY_FILE2
get UNK long MEMORY_FILE2
get OFF_FILENAMES_INFO long MEMORY_FILE2

math OFF_CRC -= 0xc
math OFF_FOLDERNAMES_INFO -= 0xc
math OFF_TOC_INFO -= 0xc
math DUMMY -= 0xc
math UNK -= 0xc
math OFF_FILENAMES_INFO -= 0xc

goto OFF_CRC MEMORY_FILE2
for i = 0 < FILES
   get CRC long MEMORY_FILE2 # not needed
next i

goto OFF_FOLDERNAMES_INFO MEMORY_FILE2
for i = 0 < FOLDERS
   get NAMEOFF long MEMORY_FILE2
   math NAMEOFF -= 0xc
   savepos MYOFF MEMORY_FILE2
   goto NAMEOFF MEMORY_FILE2
   get NAME_FOLDER string MEMORY_FILE2
   goto MYOFF MEMORY_FILE2
   putArray 0 i NAME_FOLDER
next i

goto OFF_FILENAMES_INFO MEMORY_FILE2
for i = 0 < FILES
   get NAMEOFF long MEMORY_FILE2
   math NAMEOFF -= 0xc
   savepos MYOFF MEMORY_FILE2
   goto NAMEOFF MEMORY_FILE2
   get NAME_FILE string MEMORY_FILE2
   goto MYOFF MEMORY_FILE2
   putArray 1 i NAME_FILE
next i

goto OFF_TOC_INFO MEMORY_FILE2
for i = 0 < FILES
   get OFFSET long MEMORY_FILE2
   get SIZE long MEMORY_FILE2
   get UNK short MEMORY_FILE2
   get UNK short MEMORY_FILE2
   get FOLDERNUMBER short MEMORY_FILE2
   get FILENUMBER short MEMORY_FILE2
   get DUMMY long MEMORY_FILE2
   getArray NAME_FOLDER 0 FOLDERNUMBER
   getArray NAME_FILE 1 FILENUMBER
   set NAME NAME_FOLDER
   string NAME += "/"
   string NAME += NAME_FILE
   log NAME OFFSET SIZE
next i


Top
   
PostPosted: Thu Sep 04, 2014 5:10 am 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 749
Hm.. Why you not using function for decompress files?


Top
   
PostPosted: Thu Sep 04, 2014 10:15 am 

Joined: Sat Aug 09, 2014 11:21 am
Posts: 616
Sorry, I've never worked with the calldll command before and I don't quite understand it to be honest. I've tried decompressing on test file but my script is wrong in I guess some cases because the resulting file is zero bytes. Where's the error?

Code:
set MEMORY_FILE4 binary "\x55\x8B\xEC\x51\x8B\x4D\x10\x8B\x45\x14\x8D\x14\x08\x8B\x45\x0C\x53\x33\xDB\x57\x8B\x7D\x08\x89\x55\xFC\x89\x45\x10\x85\xC0\x0F\x8E\x55\x01\x00\x00\x56\xEB\x00\x85\xDB\x75\x07\xB8\x12\x00\x00\x00\xEB\x52\x83\xFB\x01\x75\x07\xB8\x34\x00\x00\x00\xEB\x46\x83\xFB\x02\x75\x07\xB8\x42\x00\x00\x00\xEB\x3A\x83\xFB\x03\x75\x07\xB8\x47\x00\x00\x00\xEB\x2E\x83\xFB\x04\x75\x07\xB8\xF1\x00\x00\x00\xEB\x22\x83\xFB\x05\x75\x07\xB8\x66\x00\x00\x00\xEB\x16\x83\xFB\x06\x75\x07\xB8\xAA\x00\x00\x00\xEB\x0A\x83\xFB\x07\x75\x05\xB8\x8F\x00\x00\x00\x0F\xB6\x11\x33\xC2\x43\x41\x89\x45\x14\x83\xE3\x07\xC7\x45\x08\x07\x00\x00\x00\xEB\x00\x84\xC0\x78\x54\x85\xDB\x75\x04\xB2\x12\xEB\x3D\x83\xFB\x01\x75\x04\xB2\x34\xEB\x34\x83\xFB\x02\x75\x04\xB2\x42\xEB\x2B\x83\xFB\x03\x75\x04\xB2\x47\xEB\x22\x83\xFB\x04\x75\x04\xB2\xF1\xEB\x19\x83\xFB\x05\x75\x04\xB2\x66\xEB\x10\x83\xFB\x06\x75\x04\xB2\xAA\xEB\x07\x83\xFB\x07\x75\x02\xB2\x8F\x32\x11\x43\x88\x17\x47\x41\x83\xE3\x07\xFF\x4D\x10\xEB\x6A\x0F\xB6\x01\x8B\xF0\xC1\xEE\x04\x83\xFE\x01\x7E\x03\x46\xEB\x35\x33\xD2\x83\xFE\x01\x0F\x94\xC2\x83\xE0\x0F\xC1\xE0\x04\x41\x8B\xF2\x8B\xD0\x85\xF6\x74\x12\x0F\xB6\x01\xC1\xE2\x04\x03\xD0\xC1\xE2\x04\x41\x81\xC2\x00\x01\x00\x00\x0F\xB6\x01\x8B\xF0\xC1\xEE\x04\x8D\x74\x16\x11\x0F\xB6\x51\x01\x29\x75\x10\x83\xE0\x0F\xC1\xE0\x08\x0B\xD0\x42\x8B\xC7\x83\xC1\x02\x2B\xC2\x8A\x10\x88\x17\x4E\x47\x40\x85\xF6\x7F\xF5\x8B\x45\x14\x83\x7D\x10\x00\x7E\x13\x03\xC0\xFF\x4D\x08\x89\x45\x14\x0F\x89\x2A\xFF\xFF\xFF\xE9\xB2\xFE\xFF\xFF\x8B\x55\xFC\x5E\x41\x5F\x5B\x3B\xCA\x77\x0D\x83\xC1\x03\x3B\xCA\x72\x06\x33\xC0\x8B\xE5\x5D\xC3\x83\xC8\xFF\x8B\xE5\x5D\xC3"

get SIZE asize
set ZSIZE SIZE
math ZSIZE *= 0x100
putVarChr MEMORY_FILE2 ZSIZE 0
log MEMORY_FILE2 0 0
log MEMORY_FILE 0 SIZE

goto 0 MEMORY_FILE2
calldll MEMORY_FILE4 0 cdecl RET MEMORY_FILE2 SIZE MEMORY_FILE ZSIZE

get NAME filename
string NAME += ".dec"
get SIZE asize MEMORY_FILE2
log NAME 0 SIZE MEMORY_FILE2


Top
   
PostPosted: Thu Sep 04, 2014 10:56 am 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 749
AlphaTwentyThree wrote:
Where's the error?

remove this line

Code:
log MEMORY_FILE2 0 0


Top
   
PostPosted: Wed Dec 14, 2016 10:44 am 

Joined: Wed Dec 14, 2016 10:21 am
Posts: 1
Hello !

I found really interesting infos on this game:
It seems that the battleroyale game is the same than the arcade one, with ugly modifications to make it playable on computer.
(saw that by trying to reverse the executable, and discovered arcade service menus strings (see attached file))

I tried to use your decompressing program, but some files are, as you said, invalid (DDS files for example)
However I successfully extracted audio from XSB and XWB files !

I reuploaded the game data file here: http://dl.free.fr/kPYJsrlYS

Any help on getting the DDS files readable ? Thanks !

Attachment:
pmbr.png [185.15 KiB]
Not downloaded yet


Top
   
 Post subject: Pac-Man Museum (.lpk)
PostPosted: Wed Apr 04, 2018 9:02 pm 

Joined: Sat Mar 24, 2018 9:58 pm
Posts: 7
Hi again guys.

After watching videos about original Pac-Man Championship Edition over years I instant bought Pac-Man Museum as soon as it came out for PC, since it included Championship Edition.
You can actually find some superplays of this game on my Youtube channel (same nickname as here).

The thing is for a long time I'd been wanting to mod the default background song of Pac-Man Championship Edition for one of Pac-Man Championship Edition DX+ songs.
When I checked the game folder, I found a single game data archive called dataDX9.lpk

Is there any tool I can use to unpack (and repack) .lpk archives?

Here's the original file in case somebody want to check it out:
https://drive.google.com/open?id=1snXXgrfNO4limOkFHJ14HPPz07XE0zUm

I already checked this thread about this game:
https://zenhax.com/viewtopic.php?f=9&t=122

But I honestly don't understand what they were talking about :S

Any help would be appreciated.
Thanks.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 21 posts ]  Go to page 1 2 Next

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited