Free Game Research Forum | Official QuickBMS support | twitter @zenhax
It is currently Sun Jan 29, 2023 1:30 pm

All times are UTC

Post new topic  Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Wed Nov 24, 2021 10:30 am 

Joined: Mon Nov 22, 2021 12:13 am
Posts: 2
So I've been on a long journey to decrypt a mobile game, Mass for the Dead, right? I'm no coding expert by any means, but I've been doing what I can to try and make progress.

Essentially, what I want to do is take the "overlord" script from this thread: viewtopic.php?f=9&t=15671&hilit=mass+for+the+dead (I've already modified it to try more XOR key combinations because the original only decrypts a handful (I'll attach the original work in this post)--

# Set up a list of possible xor keys

PutArray 0 0 "\x00\xff\xff\xff\x00\x00\x00\x00"
PutArray 0 1 "\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00"
PutArray 0 2 "\x00\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00"
PutArray 0 3 "\x00\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 4 "\x00\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 5 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 6 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 7 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 8 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 9 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

Get SIZE asize
Get TEMPNAME basename

For A = 0 To 9
   GetArray KEY 0 A

   FileXor KEY 0
   Goto 0
   GetDString TEXT1 7
   Goto 0x0c
   GetDString TEXT2 5
   Goto 0x12
   GetDString TEXT3 4

   String TEMP1 P "%TEXT1% %TEXT2% %TEXT3%"

   If TEMP1 = "UnityFS 5.x.x 2017"

Next A

--and extend it in a way that it will try more XOR keys to decrypt files. I want to go beyond 5 keys (I added “PutArray”’s 6-9), but I keep breaking the script in the process trying to adapt the rest. There’s also a disconnect between what I’ve added and the rest of the script, so it’s hardly better than the original.

It's probably something somewhat simple, but having some direction to decipher the logic would be nice.

If anyone wants to try any specific sample files to decrypt, I'll post a link to a thread that has most, if not all the files for the game: https://forum.xentax.com/viewtopic.php?f=16&t=24400 (I'm specifically looking at the files in the "u" folder if you want to look at it.) I would attach the files more directly here, but it seems the forum doesn't support the file type.

File comment: From here on zenhax (https://zenhax.com/viewtopic.php?f=9&t=15671&hilit=mass+for+the+dead)
overlord.txt [818 Bytes]
Downloaded 123 times
PostPosted: Sun Nov 28, 2021 7:31 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 12984
Here we go:
# Overlord decrypter

Get SIZE asize
Get TEMPNAME basename

for i = 8 < 32
    set KEY binary ""
    for x = 0 < i
        putvarchr KEY x 0
    next x
    xmath j "i / 2"
    for x = 1 < j
        putvarchr KEY x 0xff
    next x

    encryption xor KEY "" 0 i
    log MEMORY_FILE 0 0x20

    Goto 0 MEMORY_FILE
    GetDString TEXT1 7 MEMORY_FILE
    Goto 0x0c MEMORY_FILE
    GetDString TEXT2 5 MEMORY_FILE
    Goto 0x12 MEMORY_FILE
    GetDString TEXT3 4 MEMORY_FILE
    String TEMP1 P "%TEXT1% %TEXT2% %TEXT3%"

    If TEMP1 = "UnityFS 5.x.x 2017"
        encryption xor KEY "" 0 i
        Log FILENAME 0 SIZE
next i

It looks like the key has a size of N bytes where the first half is 0xff except for the first byte (0x00) and the second half is 0x00.

Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 2 posts ] 

All times are UTC

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited