ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Thu Aug 16, 2018 8:32 pm

All times are UTC




Post new topic  Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Fri Mar 16, 2018 3:47 pm 

Joined: Sun Nov 12, 2017 7:42 am
Posts: 5
I was hoping someone could help extract .PAK archives from Angry Birds: Transformers. The heading is XPK9, and I've uploaded some samples too: https://drive.google.com/open?id=1kD3gc ... nIp7fhah2i

Thanks guys;

UPDATE So I checked the files, and all of them have screwy headers. After changing Optimus' head to XPK2, I extracted some files using Aluigis XPK2 script:

Code:
# F1 2016 obb (2KPX/XPK2) (script 0.1.1)
# script for QuickBMS http://quickbms.aluigi.org

comtype lz4
idstring "\x02KPX"  # KPX/XPK
get FOLDERS long
get FILES long
get DUMMY long

math FOLDER_BASE = 20
math FILE_BASE = FOLDERS
math FILE_BASE *= 32
math FILE_BASE += FOLDER_BASE
math NAME_BASE = FILES
math NAME_BASE *= 32
math NAME_BASE += FILE_BASE

goto FILE_BASE
for i = 0 < FILES
    get NAME_OFF long
    get DUMMY long
    get SIZE long
    get OFFSET long
    get ZIP long
    get CRC long
    get ZSIZE long
    get DUMMY long

    math NAME_OFF += NAME_BASE
    savepos TMP
    goto NAME_OFF
    get NAME string
    goto TMP

    putarray 0 i NAME
    putarray 1 i SIZE
    putarray 2 i OFFSET
    putarray 3 i ZIP
    putarray 4 i ZSIZE
next i

goto FOLDER_BASE
for i = 0 < FOLDERS
    get NAME_OFF long
    get DUMMY long
    get XFILES_POS long
    get DUMMY long
    get XFOLDERS_POS long
    get DUMMY long
    get XFILES long
    get XFOLDERS long

    math NAME_OFF += NAME_BASE
    savepos TMP
    goto NAME_OFF
    get NAME string
    goto TMP

    putarray 5 i NAME
    putarray 6 i XFILES
    putarray 7 i XFOLDERS
    putarray 8 i XFILES_POS
    putarray 9 i XFOLDERS_POS
next i

getarray NAME         5 0
getarray XFILES       6 0
getarray XFOLDERS     7 0
getarray XFILES_POS   8 0
getarray XFOLDERS_POS 9 0
set PATH string ""
set NAME string ""
callfunction EXTRACT

startfunction EXTRACT
    string PATH += NAME
    string PATH += /
    math FILES = XFILES
    math FOLDERS = XFOLDERS
    math FILES_POS = XFILES_POS
    math FOLDERS_POS = XFOLDERS_POS

    for i = 0 < FILES
        math T = FILES_POS
        math T += i
        getarray NAME   0 T
        getarray SIZE   1 T
        getarray OFFSET 2 T
        getarray ZIP    3 T
        getarray ZSIZE  4 T
        set FNAME string PATH
        string FNAME += NAME
        if ZIP == 0
            log FNAME OFFSET SIZE
        else
            clog FNAME OFFSET ZSIZE SIZE
        endif
    next i

    for i = 0 < FOLDERS
        math T = FOLDERS_POS
        math T += i
        getarray NAME         5 T
        getarray XFILES       6 T
        getarray XFOLDERS     7 T
        getarray XFILES_POS   8 T
        getarray XFOLDERS_POS 9 T
        callfunction EXTRACT
    next i
endfunction


Top
   
PostPosted: Fri Mar 16, 2018 4:21 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 8609
Script 0.1.2:
http://aluigi.org/bms/xpk2.bms


Top
   
PostPosted: Fri Apr 20, 2018 12:44 am 
User avatar

Joined: Fri Apr 20, 2018 12:41 am
Posts: 11
aluigi wrote:


Cool, I found a debug menu in the files extracted from the .paks, this script also worked on the OBB but that gave multiple .paks, worked on them as well, but there is one problem, store2.pak doesn't decompress, every other .pak does. Anywho is recompiling the .paks possible after modifications?


Top
   
PostPosted: Fri Apr 20, 2018 10:35 am 

Joined: Sun Oct 04, 2015 2:27 am
Posts: 184
LolHacksRule wrote:
aluigi wrote:


Cool, I found a debug menu in the files extracted from the .paks, this script also worked on the OBB but that gave multiple .paks, worked on them as well, but there is one problem, store2.pak doesn't decompress, every other .pak does. Anywho is recompiling the .paks possible after modifications?


stop fucking this forum model
not hack forum


Top
   
PostPosted: Fri Apr 20, 2018 4:34 pm 
User avatar

Joined: Fri Apr 20, 2018 12:41 am
Posts: 11
godskin wrote:
LolHacksRule wrote:
aluigi wrote:


Cool, I found a debug menu in the files extracted from the .paks, this script also worked on the OBB but that gave multiple .paks, worked on them as well, but there is one problem, store2.pak doesn't decompress, every other .pak does. Anywho is recompiling the .paks possible after modifications?


stop fucking this forum model
not hack forum


Sorry, but can store2.pak be decompressable soon?


Top
   
PostPosted: Sat Apr 21, 2018 8:25 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 8609
upload store2.pak


Top
   
PostPosted: Sun Apr 22, 2018 7:03 pm 
User avatar

Joined: Fri Apr 20, 2018 12:41 am
Posts: 11
aluigi wrote:
upload store2.pak


Here it is as of v1.35.8

"D─σ╕║ o┬♥¢l ↨îÇS" is the first ten digits in the header.


Attachments:
store2.pak [141.98 KiB]
Downloaded 28 times


Last edited by LolHacksRule on Wed May 09, 2018 4:28 pm, edited 2 times in total.
Top
   
PostPosted: Sun Apr 22, 2018 7:13 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 8609
It's all encrypted, nothing to do.


Top
   
PostPosted: Wed May 02, 2018 10:47 pm 
User avatar

Joined: Fri Apr 20, 2018 12:41 am
Posts: 11
aluigi wrote:
It's all encrypted, nothing to do.


store2.pak updates via hotfixes so here is v1.35.8.3's hotfix. Some bytes changed, try comparing the APK version (old) to this new one. Maybe that will help you with decrypting the pak.

Assets I probably found in it, based on dissembled .so code, note this is for the ARMV7 architecture:

BundleDefinitions.xml
gacha.xml
ParsedList.txt
LiveEventOffersRelease.xml
Offers.xml
ShockwavesSpire.xml
Economy.xml
PopupCoordinator.xml
CurrencyShop.xml

dissembled .so code relating to store2.pak:

BL _Z12Util_OpenPakiPKciPciN13EXGSMemHeapID4EnumE ; Util_OpenPak(int,char const*,int,char *,int,EXGSMemHeapID::Enum)
LDR R1, =(aDataStore2Pak - 0x470E88)
LDR R3, =(aStore2 - 0x470E8C)
MOV R2, R4
STR R6, [SP,#0x18+var_18]
MOV R0, #4
STR R5, [SP,#0x18+var_14]
ADD R1, PC, R1 ; "Data/Store2.pak"
ADD R3, PC, R3 ; "STORE2"
off_470EF0 DCD aDataStore2Pak - 0x470E88
; DATA XREF: std::_Function_handler<void ()(void),CApp::MainLoadingFunc(CXGSJob *,void *)::{lambda(void)#2}>::_M_invoke(std::_Any_data const&)+80↑r
; "Data/Store2.pak"
off_470EF4 DCD aStore2 - 0x470E8C ; DATA XREF: std::_Function_handler<void ()(void),CApp::MainLoadingFunc(CXGSJob *,void *)::{lambda(void)#2}>::_M_invoke(std::_Any_data const&)+84↑r
; "STORE2"
BL _Z12Util_OpenPakiPKciPciN13EXGSMemHeapID4EnumE ; Util_OpenPak(int,char const*,int,char *,int,EXGSMemHeapID::Enum)
LDR R1, =(aDataStore2Pak - 0x47271C)
LDR R3, =(aStore2 - 0x472720)
MOV R2, R4
STR R6, [SP,#0x18+var_18]
MOV R0, #4
STR R5, [SP,#0x18+var_14]
ADD R1, PC, R1 ; "Data/Store2.pak"
ADD R3, PC, R3 ; "STORE2"
off_472784 DCD aDataStore2Pak - 0x47271C
; DATA XREF: CApp::MainLoadingOpenPAKFiles(void)+80↑r
; "Data/Store2.pak"
off_472788 DCD aStore2 - 0x472720 ; DATA XREF: CApp::MainLoadingOpenPAKFiles(void)+84↑r
; "STORE2"

I will add more code later.


Attachments:
store2.pak [142 KiB]
Downloaded 22 times
Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 9 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited