ZenHAX
https://zenhax.com/

How to extend this decryption script?
https://zenhax.com/viewtopic.php?f=11&t=16121
Page 1 of 1

Author:  TheEleh [ Wed Nov 24, 2021 10:30 am ]
Post subject:  How to extend this decryption script?

So I've been on a long journey to decrypt a mobile game, Mass for the Dead, right? I'm no coding expert by any means, but I've been doing what I can to try and make progress.

Essentially, what I want to do is take the "overlord" script from this thread: viewtopic.php?f=9&t=15671&hilit=mass+for+the+dead (I've already modified it to try more XOR key combinations because the original only decrypts a handful (I'll attach the original work in this post)--

Code:
# Set up a list of possible xor keys

PutArray 0 0 "\x00\xff\xff\xff\x00\x00\x00\x00"
PutArray 0 1 "\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00"
PutArray 0 2 "\x00\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00"
PutArray 0 3 "\x00\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 4 "\x00\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 5 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 6 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 7 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 8 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 9 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"


Get SIZE asize
Get TEMPNAME basename
String FILENAME P "%TEMPNAME%_dec"

For A = 0 To 9
   GetArray KEY 0 A

   FileXor KEY 0
   Goto 0
   GetDString TEXT1 7
   Goto 0x0c
   GetDString TEXT2 5
   Goto 0x12
   GetDString TEXT3 4

   String TEMP1 P "%TEXT1% %TEXT2% %TEXT3%"

   If TEMP1 = "UnityFS 5.x.x 2017"
      Log FILENAME 0 SIZE
      Exit
   Endif

Next A



--and extend it in a way that it will try more XOR keys to decrypt files. I want to go beyond 5 keys (I added “PutArray”’s 6-9), but I keep breaking the script in the process trying to adapt the rest. There’s also a disconnect between what I’ve added and the rest of the script, so it’s hardly better than the original.

It's probably something somewhat simple, but having some direction to decipher the logic would be nice.

If anyone wants to try any specific sample files to decrypt, I'll post a link to a thread that has most, if not all the files for the game: https://forum.xentax.com/viewtopic.php?f=16&t=24400 (I'm specifically looking at the files in the "u" folder if you want to look at it.) I would attach the files more directly here, but it seems the forum doesn't support the file type.

Attachments:
File comment: From here on zenhax (https://zenhax.com/viewtopic.php?f=9&t=15671&hilit=mass+for+the+dead)
overlord.txt [818 Bytes]
Downloaded 25 times

Author:  aluigi [ Sun Nov 28, 2021 7:31 pm ]
Post subject:  Re: How to extend this decryption script?

Here we go:
Code:
# Overlord decrypter

Get SIZE asize
Get TEMPNAME basename
String FILENAME P "%TEMPNAME%_dec"

for i = 8 < 32
    set KEY binary ""
    for x = 0 < i
        putvarchr KEY x 0
    next x
    xmath j "i / 2"
    for x = 1 < j
        putvarchr KEY x 0xff
    next x

    encryption xor KEY "" 0 i
    log MEMORY_FILE 0 0x20

    Goto 0 MEMORY_FILE
    GetDString TEXT1 7 MEMORY_FILE
    Goto 0x0c MEMORY_FILE
    GetDString TEXT2 5 MEMORY_FILE
    Goto 0x12 MEMORY_FILE
    GetDString TEXT3 4 MEMORY_FILE
    String TEMP1 P "%TEXT1% %TEXT2% %TEXT3%"

    If TEMP1 = "UnityFS 5.x.x 2017"
        encryption xor KEY "" 0 i
        Log FILENAME 0 SIZE
        cleanexit
    Endif
next i

It looks like the key has a size of N bytes where the first half is 0xff except for the first byte (0x00) and the second half is 0x00.

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/