Sir Kane wrote:
It's AES-GCM with one of two static 128 bit keys (a flag in the block table entry indicates which to use). The 12 byte nonce is initialized using some static data, then modified with package ID and a constant that matches the pkg version or whatever it is. The authentication tag is the last 16 bytes in the block table entry.
I've managed to decrypt and decompress some data earlier and just need to make a usable tool.
Attached the source for a simple extraction tool with the keys and nonce stripped.
works like a charm! honestly, that is great work on how quick you managed find out how the decryption works.
now i assume a specific amount of files will add up to one "real" file? like if i extracted 10 files with 1kb each they would have to be merged in order to be complete?
No, the way the game works is all of the entry data is concatenated into blocks. Those blocks were encrypted / compressed (Encryption = AES, Decompress = Oodle). The entry table points to entries within the final decompressed block buffer, so, all of the entries you see are single file entries for each package file. Pretty simple format, pretty similar to Destiny 1's package format.