ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Fri Nov 17, 2017 9:07 pm

All times are UTC




Post new topic  Reply to topic  [ 36 posts ]  Go to page Previous 1 2
Author Message
 Post subject: Re: Destiny 2 PKG
PostPosted: Fri Sep 01, 2017 2:14 pm 

Joined: Sun Mar 27, 2016 7:20 pm
Posts: 2
It's AES-GCM with one of two static 128 bit keys (a flag in the block table entry indicates which to use). The 12 byte nonce is initialized using some static data, then modified with package ID and a constant that matches the pkg version or whatever it is. The authentication tag is the last 16 bytes in the block table entry.

I've managed to decrypt and decompress some data earlier and just need to make a usable tool.

Attached the source for a simple extraction tool with the keys and nonce stripped.


Attachments:
SourcePublic.cpp [15.02 KiB]
Downloaded 145 times
Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Mon Sep 04, 2017 1:51 pm 

Joined: Sat Sep 02, 2017 10:00 pm
Posts: 2
Sir Kane wrote:
It's AES-GCM with one of two static 128 bit keys (a flag in the block table entry indicates which to use). The 12 byte nonce is initialized using some static data, then modified with package ID and a constant that matches the pkg version or whatever it is. The authentication tag is the last 16 bytes in the block table entry.

I've managed to decrypt and decompress some data earlier and just need to make a usable tool.

Attached the source for a simple extraction tool with the keys and nonce stripped.


works like a charm! honestly, that is great work on how quick you managed find out how the decryption works.
now i assume a specific amount of files will add up to one "real" file? like if i extracted 10 files with 1kb each they would have to be merged in order to be complete?


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Mon Sep 04, 2017 2:49 pm 

Joined: Sun Mar 20, 2016 10:25 pm
Posts: 26
Ginsor wrote:
Sir Kane wrote:
It's AES-GCM with one of two static 128 bit keys (a flag in the block table entry indicates which to use). The 12 byte nonce is initialized using some static data, then modified with package ID and a constant that matches the pkg version or whatever it is. The authentication tag is the last 16 bytes in the block table entry.

I've managed to decrypt and decompress some data earlier and just need to make a usable tool.

Attached the source for a simple extraction tool with the keys and nonce stripped.


works like a charm! honestly, that is great work on how quick you managed find out how the decryption works.
now i assume a specific amount of files will add up to one "real" file? like if i extracted 10 files with 1kb each they would have to be merged in order to be complete?


No, the way the game works is all of the entry data is concatenated into blocks. Those blocks were encrypted / compressed (Encryption = AES, Decompress = Oodle). The entry table points to entries within the final decompressed block buffer, so, all of the entries you see are single file entries for each package file. Pretty simple format, pretty similar to Destiny 1's package format.


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Fri Sep 15, 2017 4:37 am 

Joined: Fri Sep 15, 2017 4:30 am
Posts: 1
What sort of data is available in the decrypted chunks? is there anything like item/ability/etc data or is it all just assets? and any hints on where to look for the nonce?


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Fri Sep 15, 2017 8:56 pm 

Joined: Fri Mar 17, 2017 9:41 pm
Posts: 14
Hello :roll: ,

I'm not a developer, i have try to attached the file with VisualStudio to some extractor program. :roll:
But no success, sorry in advance for the noob question... I'm a beginner.
I do not know how to run this tool :oops: , Can you help me with a little tutorial please. :mrgreen:

Best Regards


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Fri Sep 15, 2017 10:07 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7107
I can try to write a quickbms script if someone can provide the aes keys and the nonce


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Tue Sep 19, 2017 5:17 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7107
I leave my converted script here:
http://aluigi.org/bms/destiny2.bms

Obviously it has NOT been tested and it's probably wrong, in fact many files are just 1 byte and only the 24% of the decompressed filesystem is parsed, tested with one of the provided samples (with decryption disabled obviously).
I guess there is a problem in how the bitfields of the entries are read but the offsets/next_offsets and the sizes match, feel free to check and fix it.


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Thu Oct 19, 2017 2:39 am 

Joined: Thu Oct 19, 2017 2:35 am
Posts: 1
Preloading for the retail version went live today. I can launch the executable and arrive at the loadscreen. Not sure how to grab the AES/Nonce keys so I'd appreciate a bit of help there.


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Sun Oct 22, 2017 4:01 pm 

Joined: Fri Mar 17, 2017 9:41 pm
Posts: 14
+1 =)


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Wed Oct 25, 2017 3:24 pm 

Joined: Wed Oct 25, 2017 3:22 pm
Posts: 4
Sir Kane wrote:
It's AES-GCM with one of two static 128 bit keys (a flag in the block table entry indicates which to use). The 12 byte nonce is initialized using some static data, then modified with package ID and a constant that matches the pkg version or whatever it is. The authentication tag is the last 16 bytes in the block table entry.

I've managed to decrypt and decompress some data earlier and just need to make a usable tool.

Attached the source for a simple extraction tool with the keys and nonce stripped.


This is SO HELPFUL!
I'm working on the oo2core_3_win64.dll trying to create a process dump with tagging to pull out the keys.
Any way you wouldn't mind PMing the keys to add into the code? :mrgreen:

GL ALL


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Wed Oct 25, 2017 3:32 pm 

Joined: Wed Oct 25, 2017 3:22 pm
Posts: 4
Untested: Destiny2ools looks like it can extract files from memory during play
https://github.com/Ernegien/Destiny2ools


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Mon Oct 30, 2017 7:50 pm 

Joined: Sun Mar 27, 2016 7:20 pm
Posts: 2
I just checked, the beta keys/nonce init values don't work anymore.


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Tue Oct 31, 2017 4:20 pm 

Joined: Sat Sep 02, 2017 10:00 pm
Posts: 2
Sir Kane wrote:
I just checked, the beta keys/nonce init values don't work anymore.


hmm for most of the packages it still works for me. just for some (especially the smaller sized ones) it cant read the entry block data.


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Tue Oct 31, 2017 8:51 pm 

Joined: Wed Oct 25, 2017 3:22 pm
Posts: 4
Sir Kane wrote:
I just checked, the beta keys/nonce init values don't work anymore.


Could you PM me your beta keys so I can cross check the decompiled beta exe to my decompiled retail for the new keys/nonce?


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Wed Nov 01, 2017 9:21 pm 

Joined: Wed Oct 25, 2017 3:22 pm
Posts: 4
aluigi wrote:
I leave my converted script here:
http://aluigi.org/bms/destiny2.bms

Obviously it has NOT been tested and it's probably wrong, in fact many files are just 1 byte and only the 24% of the decompressed filesystem is parsed, tested with one of the provided samples (with decryption disabled obviously).
I guess there is a problem in how the bitfields of the entries are read but the offsets/next_offsets and the sizes match, feel free to check and fix it.


Still a WIP but I've been pulling AES Keys from Destiny2.exe out of memory at kernel mode.

Destiny 2 Beta:
[000000E44DBEE3C0] AES-256 decryption key: c7edbcad64907d8372d20872e011efe6b4163a5196f5c4f7fe2f68e78097a1a0

Destiny 2 Retail:
[000001D40800B220] AES-256 decryption key: 7a7a2230aae9fa491356143cf0de95c819d21106ff8a010de2f600eaf241cffa
[000001D4FF084060] AES-256 decryption key: c465a7db48eea10f5d38993505cb60d20fa106f7c78529fc6b0034f0eaa07093


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Sat Nov 04, 2017 4:51 pm 

Joined: Sat Nov 04, 2017 4:49 pm
Posts: 1
Following this post with intrigue.
Just installed my copy of Destiny 2 on PC, and ready to grab that awesome music from it :)

There is a guy on the destiny reddit that appears to have datamined it already 'TheEcumene' - https://www.reddit.com/r/DestinyTheGame ... _spoilers/
Maybe they can help?


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 36 posts ]  Go to page Previous 1 2

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited