ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax
It is currently Sat Apr 01, 2023 6:11 pm

Unanswered topics | Active topics


»

All times are UTC



Post new topic  Reply to topic  Page 1 of 1
  [ 6 posts ] 
  Print view Previous topic | Next topic 
Author Message
Dark Frost
PostPosted: Fri Jan 20, 2023 4:40 am 

Joined: Tue Apr 26, 2022 5:34 am
Posts: 7
ı Can use this code https://zenhax.com/viewtopic.php?t=1843#p10024 but ı have problem Byte Pattern Splitting
my code is
Code:
findloc OFFSET binary "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
do
    goto OFFSET
    get DUMMY long
    findloc NEXT_OFFSET binary "\x00\x07\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77" 0 ""
    if NEXT_OFFSET == ""
        get SIZE asize
    else
        math SIZE = NEXT_OFFSET
    endif
    math SIZE += OFFSET
    log "" OFFSET SIZE
    math OFFSET = NEXT_OFFSET
while NEXT_OFFSET != ""

Problem is first extracted file is fine because start with \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 Pattern And End With "\x00\x07\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77"
Like This
Image
but 2nd and another files doesnt extracted correctly because start with "\x00\x07\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77" and with Nothing
Like This
Image
How Can I Fix This ?


Attachments:
ss2.png [30.67 KiB]
Not downloaded yet
ss1.png [28.4 KiB]
Not downloaded yet
Top
   
Reply with quote  
spiritovod
PostPosted: Fri Jan 20, 2023 7:02 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 730
Original script is designed for splitting by headers only (when you only search next header). If you need to consider both header and footer, you need to adjust the script accordingly:
Code:
do
    findloc OFFSET binary "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 0 ""
    goto OFFSET
    get DUMMY long
    findloc NEXT_OFFSET binary "\x00\x07\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77" 0 ""
    if NEXT_OFFSET == ""
        get SIZE asize
    else
       math NEXT_OFFSET + 16
        math SIZE = NEXT_OFFSET
    endif
    math SIZE - OFFSET
    log "" OFFSET SIZE
    math OFFSET = NEXT_OFFSET
    goto OFFSET
while NEXT_OFFSET != ""

though it may produce error on last iteration (everything should be already extracted at this point).

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post
Top
   
Reply with quote  
Dark Frost
PostPosted: Sat Jan 21, 2023 1:43 pm 

Joined: Tue Apr 26, 2022 5:34 am
Posts: 7
spiritovod wrote:
Original script is designed for splitting by headers only (when you only search next header). If you need to consider both header and footer, you need to adjust the script accordingly:
Code:
do
    findloc OFFSET binary "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" 0 ""
    goto OFFSET
    get DUMMY long
    findloc NEXT_OFFSET binary "\x00\x07\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77\x77" 0 ""
    if NEXT_OFFSET == ""
        get SIZE asize
    else
       math NEXT_OFFSET + 16
        math SIZE = NEXT_OFFSET
    endif
    math SIZE - OFFSET
    log "" OFFSET SIZE
    math OFFSET = NEXT_OFFSET
    goto OFFSET
while NEXT_OFFSET != ""

though it may produce error on last iteration (everything should be already extracted at this point).


Thank You So Much !!!! Everything Work Flawless Now
Top
   
Reply with quote  
Dark Frost
PostPosted: Sat Jan 21, 2023 4:09 pm 

Joined: Tue Apr 26, 2022 5:34 am
Posts: 7
I Try Learned Someting,I Try Rewriting Your Sending Code, But Where I Went Wrong ?
Code:
do
    findloc A_OFFSET binary "\x70\x51\x45\x53\x00\x00\x00\x01" 0 ""
    goto A_OFFSET
    get A_SIZE LONG
    findloc B_OFFSET binary "\x00\xFF\x2F" 0 ""
    goto B_OFFSET
    get B_SIZE LONG
    math B_OFFSET + 4
    math B_SIZE = B_OFFSET
    math A_SIZE = A_OFFSET
    math B_SIZE - A_SIZE
    log "" NAME B_SIZE
    math A_OFFSET = B_OFFSET
    goto A_OFFSET
While NotEOF <> 0
Top
   
Reply with quote  
spiritovod
PostPosted: Sat Jan 21, 2023 6:01 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 730
@Dark Frost: If you need to only change patterns for header or footer, just change 16 to the footer size (in bytes) and it will work. Otherwise, in case of more complex modifications, I suggest to look into quickbms documention for better understanding of what you're doing.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post
Top
   
Reply with quote  
Dark Frost
PostPosted: Fri Jan 27, 2023 12:45 am 

Joined: Tue Apr 26, 2022 5:34 am
Posts: 7
spiritovod wrote:
@Dark Frost: If you need to only change patterns for header or footer, just change 16 to the footer size (in bytes) and it will work. Otherwise, in case of more complex modifications, I suggest to look into quickbms documention for better understanding of what you're doing.

Finally ı Create This Thing
Code:
do
    findloc A_OFFSET binary "\x80\x00"
    goto A_OFFSET
    get A_SIZE asize
    findloc Q_OFFSET binary "\x43\x52\x49"
    goto Q_OFFSET
    get Q_SIZE asize
    if A_OFFSET == Q_OFFSET - 32
    findloc B_OFFSET binary "\x80\x01\x??\x??" 0 ""
    goto B_OFFSET
    if B_OFFSET == ""
        get B_SIZE asize
    else
       math B_OFFSET + 4 # 4 is B_OFFSET Byte
        math B_SIZE = B_OFFSET
    endif
    math B_SIZE - A_OFFSET
    string A_OFFSET + ".adx"
    log A_OFFSET A_OFFSET B_SIZE
    math A_OFFSET = B_OFFSET
    goto A_OFFSET
    else
    goto A_OFFSET
While NotEOF <> 0
cleanexit

I Thing if A_OFFSET == Q_OFFSET - 32 Script Continue, else goto A_OFFSET
but ı have problem Because İts Not working
my data is
Image
How Can I Fix that because my some files have only "\x80\x00" Data ı Need Compare A_OFFSET before Q_OFFSET

And I try This Way But Not Working Too:
Code:
do
    findloc A_OFFSET binary "\x80\x00"
    goto A_OFFSET
    get A_SIZE asize
    findloc Q_OFFSET binary "\x43\x52\x49"
    math Q_OFFSET - 34
    goto Q_OFFSET
    math Q_SIZE = Q_OFFSET
    if A_OFFSET == Q_SIZE
    findloc B_OFFSET binary "\x80\x01\x??\x??" 0 ""
    goto B_OFFSET
    if B_OFFSET == ""
        get B_SIZE asize
    else
       math B_OFFSET + 4 # 4 is B_OFFSET Byte
        math B_SIZE = B_OFFSET
    endif
    math B_SIZE - A_OFFSET
    string A_OFFSET + ".adx"
    log A_OFFSET A_OFFSET B_SIZE
    math A_OFFSET = B_OFFSET
    goto A_OFFSET
    else
    goto A_OFFSET
While NotEOF <> 0
cleanexit


Attachments:
asdasdasdasd.png [34.69 KiB]
Not downloaded yet
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic  Page 1 of 1
  [ 6 posts ] 

»

All times are UTC

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited