ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Thu Nov 23, 2017 1:59 am

All times are UTC




Post new topic  Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Sat Sep 09, 2017 7:46 pm 

Joined: Sat Sep 09, 2017 5:42 pm
Posts: 2
Hello everybody.

I figured that this is most likely the best place on the web to ask for help in this regard. The Game is loading all it's data from .PAK files. It seems like there is no encryption or packing involved. I could really need a helping Hand in understanding how those files are build and to possibly be able to extract their contents and maybe even pack together new .PAK files. So if anyone if you have a little time to share and wants to help me out I would really appreciate that.

The smallest sample I can provide is actually an Update File (230kb in size), but i suspect it to be structured just like all the other .PAK files.

http://www46.zippyshare.com/v/4R2YDuzq/file.html

Thanks a lot in advance and happy hacking everyone :)


Top
   
PostPosted: Sun Sep 10, 2017 12:40 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7132
The table containing the information about the archived files is obfuscated with some sort of sequential sequence of bytes but with something missing.

I leave here a debugging script for who is interested in checking this stuff, no it's NOT an extraction script so do NOT use it:
Code:
idstring "ResourceFile-ID-"
goto 0x60
get SIZE long
get DUMMY long
get DUMMY long  # obfuscated flag?
savepos OFFSET
encryption xor "\xaa\xab\xac\xad\xae\xaf\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8\xe9\xea\xeb\xec\xed\xee\xef\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9"
log MEMORY_FILE OFFSET SIZE
encryption "" ""
get FILES long MEMORY_FILE
for i = 0 < FILES
    get DUMMY1 long MEMORY_FILE
    get DUMMY2 long MEMORY_FILE
    get DUMMY3 long MEMORY_FILE
    get DUMMY4 long MEMORY_FILE
    get DUMMY5 long MEMORY_FILE
next i


Top
   
PostPosted: Sun Sep 10, 2017 6:38 pm 

Joined: Sat Sep 09, 2017 5:42 pm
Posts: 2
Thanks for investing your time, aluigi, it's really appreciated!
Is there something I could do to assist further with this thingy? For example providing more files?

Just let me know, please. Thanks again for your efforts! :)


Top
   
PostPosted: Sun Sep 10, 2017 8:08 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7132
Without the table containing the information of the archived files you can only "rip" the known file formats using a file ripper:
viewtopic.php?f=17&t=712


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 4 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
Powered by phpBB® Forum Software © phpBB Limited