ZenHAX
https://zenhax.com/

Obfuscation algorithm
https://zenhax.com/viewtopic.php?f=11&t=15672
Page 1 of 1

Author:  Samdou [ Tue Aug 17, 2021 11:31 pm ]
Post subject:  Obfuscation algorithm

Is it possible to work out an obfuscation algorithm by comparing an obfuscated and deobfuscated version of the same file,
then use that algorithm to deobfuscate other files?

Author:  atom0s [ Wed Aug 18, 2021 8:59 am ]
Post subject:  Re: Obfuscation algorithm

It's possible but usually only works for basic algo's or things that have known header data that is easy to spot (or something similar). Otherwise, it generally requires looking at the actual code to see how the files are being used/loaded/etc. to figure out the algo.

Author:  Samdou [ Wed Oct 13, 2021 12:17 am ]
Post subject:  Re: Obfuscation algorithm

If I upload an obfuscated file, would you be able to help identify the algorithm?

Author:  aluigi [ Wed Oct 13, 2021 10:11 am ]
Post subject:  Re: Obfuscation algorithm

Try.
And please also specify the name of the game.

Author:  Samdou [ Wed Oct 13, 2021 1:33 pm ]
Post subject:  Re: Obfuscation algorithm

The game is the Japanese version of Way of the Samurai 2 Special Edition/Samurai Dou 2 Kettouban [SLPM_742.09] for the PS2.

Obfuscated file.
https://www.solidfiles.com/v/DeN2YP4reZxpk

Author:  aluigi [ Wed Oct 13, 2021 6:20 pm ]
Post subject:  Re: Obfuscation algorithm

It's like a sort of sequence of various data all starting with a 'J' followed by a filename like "JP\task\normal_beginner_area_a.bin".

I don't know if the data is obfuscated or compressed, or maybe that's a weird format.

Author:  Samdou [ Thu Oct 14, 2021 12:10 am ]
Post subject:  Re: Obfuscation algorithm

Is the "J" included in "JP\task\*", or is it a seperate one followed by the file name?

Here's the deobfuscated/decompressed/decrypted version of the file from the Japanese version of Way of the Samurai 2 Portable/Samurai Dou 2 Po-taburu [ULJS-00217] for the PSP.
https://www.solidfiles.com/v/nk3Q8Z25BNpRz

You can see lines of NPC dialogue in this one which are readable, whereas if you go to the same line in the first version of the file, it's unreadable.
e.g. at 0000077C the dialogue "おや、お侍さん 天原は初めてかい?".

Perhaps comparing the two versions will make it easier to identify the algorithm making the first version of the file unreadable.

Author:  aluigi [ Thu Oct 14, 2021 12:37 am ]
Post subject:  Re: Obfuscation algorithm

Ok, found it's lzss compression.

This script will automatically dump all the files contained in the BIN, the last file doesn't have any name:
Code:
# Way of the Samurai 2 BIN

comtype lzss0
get BIN_SIZE asize
math OFFSET = 0
do
    findloc NEXT_OFF binary JP\\ 0 ""
    if NEXT_OFF == ""
        math NEXT_OFF = BIN_SIZE
        set NAME string ""
    else
        goto NEXT_OFF
        get NAME string
    endif

    xmath SIZE "NEXT_OFF - OFFSET"
    xmath XSIZE "SIZE * 10"
    clog NAME OFFSET SIZE XSIZE

    goto NEXT_OFF
    padding 0x800
    savepos OFFSET
while OFFSET < BIN_SIZE

Author:  Samdou [ Sat Oct 16, 2021 12:42 am ]
Post subject:  Re: Obfuscation algorithm

Thanks, worked with everything except that one nameless file. Any idea what that one could be? A header file perhaps?

I was hoping that by figuring out the algorithm, I could then apply it to other files and decompress them, but unfortunately when I use it on the desired file
it extracts multiple files, but they are still unreadable.

Do you mind if I upload this file for you to analyze?

Author:  aluigi [ Sat Oct 16, 2021 8:01 am ]
Post subject:  Re: Obfuscation algorithm

I can't help with the decompressed data

Author:  Samdou [ Sun Oct 17, 2021 12:22 am ]
Post subject:  Re: Obfuscation algorithm

Are you referring to the nameless file?

The other file I'm suggesting for upload is compressed.

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/