Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Sat Feb 23, 2019 4:25 am

All times are UTC

Post new topic  Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Sat Aug 18, 2018 1:58 pm 

Joined: Fri Jun 02, 2017 2:15 pm
Posts: 13
Wondering if anyone knows enough about encryption to work out how they do it for Smile Game Builder engine archives.

Older versions were just a ZIP file with a funny header and no compression - they're pretty simple to figure out.

Newer archives look very different, to me it looks like the files are XOR'd with a 16-byte repeating key, but each file in the archive might have a different key? In the example archive, the first file looks like it might use this key (\x1E\x20\x45\x1B\x14\x84\xC9\x8C\x53\xA5\x7C\x42\x7B\xA9\x62\xE9) and a file a little further on with this key (\x34\x7C\x25\xD5\xEE\x10\x2C\x2A\x4B\xE7\xE0\xAE\x83\xBB\x2B\x49)

I admit I'm no expert in encryption, so I could be totally wrong.

It looks like there is probably no compression, as there are whole sections of repeating characters that really should be easy to compress.

Is anyone able to help with this?

Sample archive (from game Monarch of Greed - Act 1) - https://drive.google.com/open?id=12A3UhodYRvFjaM9-F_SQQ5JTlmhyO0NC

Thanks for any help!

PostPosted: Mon Aug 20, 2018 1:00 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 9820
It's weird indeed and it's not a xor key since the resulting data is still senseless.
It's not a block cipher too since most of the bytes in these "sequences" are often differents.
Apparently it's necessary to do some reverse engineering and it's not possible to guess it from the file.

Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 2 posts ] 

All times are UTC

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited