ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Sun May 26, 2019 6:58 pm

All times are UTC




Post new topic  Reply to topic  [ 15 posts ] 
Author Message
PostPosted: Fri Nov 30, 2018 3:39 pm 

Joined: Sun Nov 04, 2018 6:11 pm
Posts: 7
Quick disclaimer: please tell me straight if I make any mistakes, I'm a bit of a n00b.

I would like to extract some assets from the Professor Layton and the Curious Village mobile game. The roadblock in my way is the fact that the .obb can't be opened through WinRAR, unlike most .obb files.

Image
There's no point to posting more images, it's 300MB of gibberish with no discernible structure.

I will be providing two 2MB samples of the file:
https://www.dropbox.com/sh/udf9qki9nbjc ... XUAsa?dl=0

If you guys have any insights or questions, feel free to post. I look forward to hopefully getting this thing cracked so I can start ripping assets.

_________________
An expert is a man who has made all the mistakes which can be made in a narrow field. -Niels Bohr


Last edited by DahMainahGaimah on Fri Dec 07, 2018 9:04 pm, edited 1 time in total.

Top
   
PostPosted: Fri Nov 30, 2018 8:01 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 10284
The lack of header or footer and the complete senseless content makes me think it's just encrypted.


Top
   
PostPosted: Sun Dec 02, 2018 3:31 am 

Joined: Sun Nov 04, 2018 6:11 pm
Posts: 7
aluigi wrote:
The lack of header or footer and the complete senseless content makes me think it's just encrypted.

Yes, that was my original assumption, before I trimmed down the topic. What do you think I should do, in that case? Is there any hope for me to decrypt this? I'm willing to pay someone to do it - it means that much to me.

_________________
An expert is a man who has made all the mistakes which can be made in a narrow field. -Niels Bohr


Top
   
PostPosted: Sun Dec 02, 2018 11:30 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 10284
Reverse engineering is the only solution.
There is a "Market" section here just in case:
viewforum.php?f=14


Top
   
PostPosted: Thu Dec 06, 2018 10:34 pm 

Joined: Sun Nov 04, 2018 6:11 pm
Posts: 7
aluigi wrote:
Reverse engineering is the only solution.
There is a "Market" section here just in case:
viewforum.php?f=14

Apologies for the late reply, for some reason I'm not receiving email notifications.
Given it's on Android and doesn't seem to use any proprietary formats other than Criware, (hell, the game uses PNG files for textures) what do you think would be the price and time frame? And if an update occurs, what's the chance the process would need to be repeated?

_________________
An expert is a man who has made all the mistakes which can be made in a narrow field. -Niels Bohr


Top
   
PostPosted: Fri Dec 07, 2018 8:57 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 10284
I have no control or statistics about the Market section.
To be honest I don't like that section, it exists only because I can't avoid people to make such requests when they have no other solutions.


Top
   
PostPosted: Fri Dec 07, 2018 9:04 pm 

Joined: Sun Nov 04, 2018 6:11 pm
Posts: 7
aluigi wrote:
I have no control or statistics about the Market section.
To be honest I don't like that section, it exists only because I can't avoid people to make such requests when they have no other solutions.

Alright, thanks a lot for the help anyways! I'll see if I can try to commission someone when I have the money, as it seems like I have no other choice. Here's hoping the upcoming Layton ports use the same method.

_________________
An expert is a man who has made all the mistakes which can be made in a narrow field. -Niels Bohr


Top
   
PostPosted: Sun Dec 09, 2018 10:04 pm 

Joined: Sun Aug 17, 2014 5:50 pm
Posts: 19
Attachment:
Layton_Curious_Village_HD.bms [1.3 KiB]
Downloaded 39 times

Attachment:
Laytons_Mystery_Journey.bms [391 Bytes]
Downloaded 35 times

Code:
# Layton: Curious Village in HD (Android)

set OFFSET long 0
set TSIZE long 0x14
callfunction Decrypt 1
math m = -1
get HDR long m

if HDR == 0x31435241
  get FSIZE long m
  get OFFSET long m
  get TSIZE long m
  callfunction Decrypt 1
  get FILES long m
  savepos POS m
  for j = 0 < FILES
   goto POS m
   get NAME_OFF long m
   get OFFSET long m
   get TSIZE long m
   savepos POS m
   goto NAME_OFF m
   get NAME string m
   string MP4 = NAME
   string MP4 $ ".mp"
   log MEMORY_FILE2 OFFSET TSIZE
   if MP4 != ".mp4"
     callfunction Decrypt2 1
   endif
   log NAME 0 TSIZE MEMORY_FILE2
  next j
else
  print "Error: Unknown format (Header value: %HDR|h%)"
  cleanexit
endif

startfunction Decrypt
  log MEMORY_FILE OFFSET TSIZE
  math OFFSET + 0x45243
for i = 0 < TSIZE
  math OFFSET * 0x41C64E6D
  math OFFSET + 0x3039
  math OFFSET & 0xFFFFFFFF
  math KEY = OFFSET
  math KEY u> 0x18
  getvarchr KEYX MEMORY_FILE i byte
  math KEYX ^ KEY
  putvarchr MEMORY_FILE i KEYX byte
next i
endfunction

startfunction Decrypt2
  math OFFSET + 0x45243
for i = 0 < TSIZE
  math OFFSET * 0x41C64E6D
  math OFFSET + 0x3039
  math OFFSET & 0xFFFFFFFF
  math KEY = OFFSET
  math KEY u> 0x18
  getvarchr KEYX MEMORY_FILE2 i byte
  math KEYX ^ KEY
  putvarchr MEMORY_FILE2 i KEYX byte
next i
endfunction

Code:
# Layton’s Mystery Journey (Android)

idstring "HP10"
get FILES long
get FSIZE long
get TOC_END long
get TOC_NAME long
get FILE_OFF long
set POS long 48

for i = 0 < FILES
  goto POS
  get OFFSET long
  get SIZE long
  get NAME_OFF long
  math OFFSET + FILE_OFF
  math NAME_OFF + TOC_NAME
  goto NAME_OFF
  get NAME string
  log NAME OFFSET SIZE
  math POS + 32
next i


Top
   
PostPosted: Tue Dec 11, 2018 4:04 am 

Joined: Sun Nov 04, 2018 6:11 pm
Posts: 7
Holy crap, I'm so glad good Samaritans such as yourself exist, ssh. I'm currently testing your script out and seeing what goodies I can find.

_________________
An expert is a man who has made all the mistakes which can be made in a narrow field. -Niels Bohr


Top
   
PostPosted: Tue Dec 11, 2018 11:28 pm 

Joined: Sun Nov 04, 2018 6:11 pm
Posts: 7
Thanks so much for doing this for me, it's a massive help!

_________________
An expert is a man who has made all the mistakes which can be made in a narrow field. -Niels Bohr


Top
   
PostPosted: Sat Dec 15, 2018 7:57 am 

Joined: Fri Dec 14, 2018 6:54 pm
Posts: 1
Thank you so much! I have one question, I want to fan translate this game, but when I try to reimport the files it doesn't work and it gives me an error:

Error: script invalid for reimporting, it uses MEMORY_FILEs
You can use the -. option or quickbmsver "-." if this script is meant
to act as a header/data builder (for example if it adds a RIFF header
to raw PCM data embedded in the file, and so on), the MEMORY_FILE data
will be skipped automatically allowing to reimport the real file data

Last script line before the error or that produced the error:
30 log NAME 0 TSIZE MEMORY_FILE2

Would it be possible in some way to reimport the files with QuickBMS, or do I need to wait on another program to be able to reimport files?

Hopefully someone can help me with this! But it's already awesome to be able to extract the files!

Many thanks!


Top
   
PostPosted: Thu Jan 10, 2019 4:40 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 10284
Unfortunately not because the format uses a custom encryption that can't be reversed during reimport.
Requires a new tool.


Top
   
PostPosted: Thu Jan 10, 2019 5:26 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 10284
Honestly I don't remember if reimport may work with this modification and there is no sample available to test... maybe try it:
Code:
set MEMORY_FILE10 string "
void Decrypt(unsigned int OFFSET, unsigned char *data, int size) {
    OFFSET += 0x45243;
    for(int i = 0; i < size; i++) {
      OFFSET *= 0x41C64E6D;
      OFFSET += 0x3039;
      OFFSET &= 0xFFFFFFFF;
      data[i] ^= (OFFSET >> 0x18);
    }
}
"

set OFFSET long 0
set TSIZE long 0x14
log MEMORY_FILE OFFSET TSIZE
calldll MEMORY_FILE10 Decrypt tcc RET OFFSET MEMORY_FILE TSIZE
math m = -1
get HDR long m

if HDR == 0x31435241
  get FSIZE long m
  get OFFSET long m
  get TSIZE long m
  log MEMORY_FILE OFFSET TSIZE
  calldll MEMORY_FILE10 Decrypt tcc RET OFFSET MEMORY_FILE TSIZE
  get FILES long m
  savepos POS m
  for j = 0 < FILES
   goto POS m
   get NAME_OFF long m
   get OFFSET long m
   get TSIZE long m
   savepos POS m
   goto NAME_OFF m
   get NAME string m
   string MP4 = NAME
   string MP4 $ ".mp"
   encryption "" ""
   if MP4 != ".mp4"
     encryption calldll "MEMORY_FILE10 Decrypt tcc RET OFFSET #INPUT# #INPUT_SIZE#"
   endif
   log NAME OFFSET TSIZE
   encryption "" ""
  next j
else
  print "Error: Unknown format (Header value: %HDR|h%)"
  cleanexit
endif


Top
   
PostPosted: Thu Jan 17, 2019 4:03 pm 

Joined: Sun Nov 04, 2018 6:11 pm
Posts: 7
Fantastic! I just tested it out, and it indeed fixes the import issue. Sorry for the late reply, Gmail automatically sends all Zenhax updates to the spam folder. I shall do some further testing, and then I'll add your contribution to my Github repo.

_________________
An expert is a man who has made all the mistakes which can be made in a narrow field. -Niels Bohr


Top
   
PostPosted: Sun Jan 20, 2019 10:28 am 

Joined: Sun Jan 20, 2019 10:18 am
Posts: 1
EDIT:

Managed to reimport it with command lines, but now the app still wants to download the data, so i don't think that the game recognizes the file :(

Edit 2:

I get why it doesn't work. reimport2 doesn't work, so all the files have to be the same as the original, and that is impossible :( But hey, thanks for the script!


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 15 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited