ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Wed May 12, 2021 8:06 pm

All times are UTC




Post new topic  Reply to topic  [ 1800 posts ]  Go to page Previous 184 85 86 87 8890 Next
Author Message
PostPosted: Sun Jan 10, 2021 1:13 am 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 348
Just fyi, aluigi has updated official UE4 script to support 4.25 games and now it's incompatible with OverHIT (not sure about other hardcoded workarounds). If you want to unpack it, use my latest variant of the script or any previous version of it.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Mon Jan 11, 2021 5:20 pm 

Joined: Mon Jan 11, 2021 3:19 am
Posts: 1
Hello

I need help to find the Key for Life is Strange 2

Here the LIS2-Win64-Shipping.exe

https://drive.google.com/file/d/1t5ord1lsfJYHqks1NtwuFHaj2bg1smQk/view?usp=sharing


Top
   
PostPosted: Mon Jan 11, 2021 10:28 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 348
@senha1k2: LIS2 is not encrypted. Considering that the game doesn't have UWP build at the moment and it should work with default script, I have no idea, what the problem is. Explain your issue in more details.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Wed Jan 13, 2021 4:03 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 348
Script with v11 paks support (for 4.26 games) added to my base post. It only supports paks at the moment, but utoc/ucas support may be added later.

Please note that it isn't backward compatible with 4.25- games, because it's a temporary solution, so use default script for 4.25 games and below. It was not tested much, because there are very few 4.26 games at the moment, so if you have problems with it, report them here.

--------------------------------------------------------------------

unreal_tournament_4_0.4.26_paks_only script updated, it now works properly with files over 4GB.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Mon Jan 18, 2021 10:43 pm 

Joined: Thu Dec 24, 2020 7:48 am
Posts: 1
pubg mobile dont work pls hep


Top
   
PostPosted: Mon Jan 25, 2021 9:52 pm 

Joined: Mon Jan 25, 2021 9:10 pm
Posts: 1
Unpaking Friday the 13th with this script gives this error

Error: [myfseek] offset 0x8750217967b15906 in file 0 can't be reached

Last script line before the error or that produced the error:
99 log MEMORY_FILE10 OFFSET SIZE

Press ENTER or close the window to quit

How would I fix this?


Top
   
PostPosted: Tue Jan 26, 2021 1:58 am 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 348
@doodle160: Use corresponding script from specific scripts bundle with proper key (both are available via my signature). If it will not work, tell what version of the game you're trying to extract.

---------------------------------------------------------------

Script for decrypting and encrypting Dragon Quest XI S saves.

Update: Updated version of the script supports saves from microsoft store (game pass), steam and switch versions of DQ XI S - but there is no auto-detect feature, so you should edit script manually (I've added comments in it for that reason). Also, you can encrypt saves back with the same script, just open the script and edit it according to corresponding comment.
Please note that saves from different versions can be incompatible with each other due to differences in internal format, this script only allow you to decrypt and encrypt saves with different keys.

Update 2: It appeared that keys are different not between platforms, but between different game versions (full / demo). Comments in the script were adjusted with that info, and the key for full versions is now uncommented by default. Please re-download the script if needed.

Update 3:
Here are all changes between PC (gamepass / steam) and switch saves of DQ XI S, based on data001.sav from gamepass and switch versions (see attachment):
1) First 4 bytes are version flag, it's 0x1 for full versions and 0x100 for demo versions. Note that saves are using values in little endian format (for example, 1 will be 01000000 in little endian and 00000001 in big endian for "long" variable).
2) Next 4 bytes are total save size (it will be [file size - 8 bytes]).
3) At 0xC offset it's most likely platform flag, always 8E for PC and 89 for switch.
4) At 0x35 offset there is actual save size, calculated from 0x8 offset (obviously first 8 bytes are system info for decrypting, not related to actual save).
5) At 0x39 offset it's internal offset, where save info starts after save's header, calculated from the 0x0 for some reason. Here is the first noticeable difference between gamepass and switch versions - for gamepass that offset is always pointing to byte after 04000000 (0x4 in little endian), while for switch that offset is always pointing to beginning of 04000000, and this gap is filled with additional 4 zero bytes in PC version.
6) I don't quite understand, what is the offset at 0xB7, but it can be blindly adjusted accordingly, since it's just an offset.
7) Around 0x022BD8 offset for PC version there are additional 0x5C bytes, which is appeared to be controls settings. Switch version doesn't have that block of data at all. Can be copied "as is" from any of your existing saves. You can find it with "05??000000" + "next byte is not null" (switch) / "next byte is 0xFF" (PC) pattern - for switch ?? will be save slot value (like 07 for data007). Also, controls block size can be different, so after finding the pattern (for PC) take 12 bytes after "05" and next will be main part size in little endian.
8) Now to the end of file. It seems the game doesn't use padding schemes for encryption, and that's why end of file (EOF) is adjusted for the save size to be multiple of 16 (AES is encrypting data in 16-byte blocks, so if no padding is used, data should be adjusted to fill blocks fully).
9) Last 8 bytes will be always zero, and starting from [EOF - 16 bytes] there are 4 bytes with actual save size (the same as at 0x35 offset). For example, if you're converting switch save to gamepass, you're adding 4 bytes in the header and 0x5C controls block, that means you should increase actual save size by 0x5C + 4 = 0x60 (and also that unknown offset from [6]).
10) Next 4 bytes are CRC-32 of actual save size data in little endian. For example CC558260 will be 608255CC in the save.
11) Next calculate 0x8 offset + actual save size. Now take a look at [8], it's time to calculate if additional padding is required between current offset and actual save size offset. If current offset is not multiple of 16, it should be adjusted accordingly (i.e. filled with additional zero bytes).

After all those adjustments you can encrypt save back and it should work on different platform. Thanks to Niko of Death for sample saves and some important info. Samples in the attachment.

Update 4: Test script for converting saves automatically (only [switch -> pc] at the moment) is now available in the attachment.

Update 5: "convert" script now works in both directions ([switch -> pc] by default, for [pc -> switch] change option to 0 in the first string). Also, "decrypt-encrypt" script is now more automated and it's also updating CRC checksum during encryption, if you'll make some manual edits without changing size of the save (decryption is default option, for encryption set it to 0 in the first string).


Attachments:
dq_xi_s_saves_convert.bms [3.89 KiB]
Downloaded 88 times
dq_xi_s_saves_decrypt-encrypt.bms [1.41 KiB]
Downloaded 82 times
dq_xi_s_saves_samples.zip [594.11 KiB]
Downloaded 76 times

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Last edited by spiritovod on Mon Feb 01, 2021 7:34 pm, edited 12 times in total.
Top
   
PostPosted: Thu Jan 28, 2021 1:33 pm 

Joined: Tue Jun 16, 2020 3:59 pm
Posts: 13
anyone know Re ZERO Starting Life in Another World The Prophecy of the Throne aes key?


Top
   
PostPosted: Thu Jan 28, 2021 4:11 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 348
@Killnus: Latest Re:Zero game is not UE4 game, but you can find more info about it in that post.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Sat Jan 30, 2021 5:41 pm 

Joined: Sat Jan 30, 2021 6:23 am
Posts: 2
I'm a noob developer, and I have no idea how to get keys from mobile games. Can someone help me for aes key of uworigin closed beta first version? Thanks in advance!
Android only, zlib https://drive.google.com/file/d/1zOt4v2 ... sp=sharing


Top
   
PostPosted: Sat Jan 30, 2021 7:02 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 348
@surugaya: Uncharted Waters Origin key added to the list (see my signature).

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Sat Jan 30, 2021 9:21 pm 

Joined: Sat Jan 30, 2021 6:23 am
Posts: 2
WOW! It's easy for you:) May I ask you again next time because there maybe exists another updates, or can I learn how to find this key? Thank you so much:)


Top
   
PostPosted: Sun Jan 31, 2021 3:43 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 348
@surugaya: You can find all required tools via my signature.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
 Post subject: fallen doll bms
PostPosted: Mon Feb 01, 2021 11:31 pm 

Joined: Mon Feb 01, 2021 8:43 pm
Posts: 1
anyone how can use quickbms in fallen doll 0.32?
maybe pak file is encrypted

https://mega.nz/file/h94XVIQb#bSSj9SRRR ... 8wLgiGj-Bo


Top
   
PostPosted: Tue Feb 02, 2021 1:16 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 348
@leesuhong330: You can find key for the latest version (0.33) via my signature. If you want to request the key for this particular version, go to rin forums and also provide required file (it's all written there).

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Wed Feb 03, 2021 10:23 pm 

Joined: Wed Feb 03, 2021 10:19 pm
Posts: 1
spiritovod wrote:
@doodle160: Use corresponding script from specific scripts bundle with proper key (both are available via my signature). If it will not work, tell what version of the game you're trying to extract.

---------------------------------------------------------------

Script for decrypting and encrypting Dragon Quest XI S saves.

Update: Updated version of the script supports saves from microsoft store (game pass), steam and switch versions of DQ XI S - but there is no auto-detect feature, so you should edit script manually (I've added comments in it for that reason). Also, you can encrypt saves back with the same script, just open the script and edit it according to corresponding comment.
Please note that saves from different versions can be incompatible with each other due to differences in internal format, this script only allow you to decrypt and encrypt saves with different keys.

Update 2: It appeared that keys are different not between platforms, but between different game versions (full / demo). Comments in the script were adjusted with that info, and the key for full versions is now uncommented by default. Please re-download the script if needed.

Update 3:
Here are all changes between PC (gamepass / steam) and switch saves of DQ XI S, based on data001.sav from gamepass and switch versions (see attachment):
1) First 4 bytes are version flag, it's 0x1 for full versions and 0x100 for demo versions. Note that saves are using values in little endian format (for example, 1 will be 01000000 in little endian and 00000001 in big endian for "long" variable).
2) Next 4 bytes are total save size (it will be [file size - 8 bytes]).
3) At 0xC offset it's most likely platform flag, always 8E for PC and 89 for switch.
4) At 0x35 offset there is actual save size, calculated from 0x8 offset (obviously first 8 bytes are system info for decrypting, not related to actual save).
5) At 0x39 offset it's internal offset, where save info starts after save's header, calculated from the 0x0 for some reason. Here is the first noticeable difference between gamepass and switch versions - for gamepass that offset is always pointing to byte after 04000000 (0x4 in little endian), while for switch that offset is always pointing to beginning of 04000000, and this gap is filled with additional 4 zero bytes in PC version.
6) I don't quite understand, what is the offset at 0xB7, but it can be blindly adjusted accordingly, since it's just an offset.
7) Around 0x022BD8 offset for PC version there are additional 0x5C bytes, which is appeared to be controls settings. Switch version doesn't have that block of data at all. Can be copied "as is" from any of your existing saves. You can find it with "05??000000" + "next byte is not null" (switch) / "next byte is 0xFF" (PC) pattern - for switch ?? will be save slot value (like 07 for data007). Also, controls block size can be different, so after finding the pattern (for PC) take 12 bytes after "05" and next will be main part size in little endian.
8) Now to the end of file. It seems the game doesn't use padding schemes for encryption, and that's why end of file (EOF) is adjusted for the save size to be multiple of 16 (AES is encrypting data in 16-byte blocks, so if no padding is used, data should be adjusted to fill blocks fully).
9) Last 8 bytes will be always zero, and starting from [EOF - 16 bytes] there are 4 bytes with actual save size (the same as at 0x35 offset). For example, if you're converting switch save to gamepass, you're adding 4 bytes in the header and 0x5C controls block, that means you should increase actual save size by 0x5C + 4 = 0x60 (and also that unknown offset from [6]).
10) Next 4 bytes are CRC-32 of actual save size data in little endian. For example CC558260 will be 608255CC in the save.
11) Next calculate 0x8 offset + actual save size. Now take a look at [8], it's time to calculate if additional padding is required between current offset and actual save size offset. If current offset is not multiple of 16, it should be adjusted accordingly (i.e. filled with additional zero bytes).

After all those adjustments you can encrypt save back and it should work on different platform. Thanks to Niko of Death for sample saves and some important info. Samples in the attachment.

Update 4: Test script for converting saves automatically (only [switch -> pc] at the moment) is now available in the attachment.

Update 5: "convert" script now works in both directions ([switch -> pc] by default, for [pc -> switch] change option to 0 in the first string). Also, "decrypt-encrypt" script is now more automated and it's also updating CRC checksum during encryption, if you'll make some manual edits without changing size of the save (decryption is default option, for encryption set it to 0 in the first string).


It was a larger project to homebrew my switch and make this work but it did! Thank you so much for this. Making a YouTube tutorial on this would be a nice bonus, i could give it a shot if need be. If you have a donation link i would be happy to show my gratitude there! Good shit dude, thanks again. ;)


Top
   
PostPosted: Wed Feb 03, 2021 11:42 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 348
@Andazu: I think the most hard part in all that routine would be getting saves from switch and putting them back. And I don't even have the game, so those scripts were created only because Niko provided a lot of samples and explicit info about his findings. Also, if you want to donate, please donate to some actual modders.

-------------------------------------------------------------------------------------------

Script for "Beyond a Steel Sky" was added to specific scripts bundle. It may be also helpful for games using zstd as main compression algorithm.

Also, some scripts from specific scripts bundle were renamed to get rid of most abbreviations. Now they contain complete game title if possible (except PUBG scripts, but that abbreviation is known to almost everyone).

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Thu Feb 04, 2021 5:22 am 

Joined: Wed Apr 22, 2020 5:10 pm
Posts: 7
Hey @spiritovod maybe now you can do something about pubg mobile
Because i think we need new key now !
First we got error something like that :

"Error: [myfseek] offset 0x8750217967b15906 in file 0 can't be reached

Last script line before the error or that produced the error:
99 log MEMORY_FILE10 OFFSET SIZE

Press ENTER or close the window to quit "

But now key error again can you help out with it.
Try with new version :
http://www.mediafire.com/file/wnu1brja9 ... d.apk/file


Top
   
 Post subject: ENCRYPTED .PAK FILE
PostPosted: Fri Feb 05, 2021 12:50 pm 

Joined: Sun Jan 10, 2021 7:43 am
Posts: 37
How to open encrypted .pak file
game name=Predator: Hunting Grounds


Top
   
PostPosted: Sat Feb 06, 2021 9:44 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 348
@RDR2EXE: Latest UE4 script should work with the game. You can find it along with required key via my signature.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 1800 posts ]  Go to page Previous 184 85 86 87 8890 Next

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited