ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Wed Jan 27, 2021 3:59 pm

All times are UTC




Post new topic  Reply to topic  [ 1707 posts ]  Go to page Previous 182 83 84 85 86 Next
Author Message
PostPosted: Thu Dec 17, 2020 7:28 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 292
@Diam000nd: Key is correct, but AES function is customized. Though not sure if only key expansion subroutine is modified or something else too. I could take a look at it later, when I have time and if unmodified old version will be still available somewhere, but actually it's out of my scope.
Only index is encrypted though, so theoretically it's possible to grab decrypted index from memory at runtime and use it with the archive, but since the game is going to be constantly updated, I don't see the point in it.

----------------------------------------------------------------------

Dragon Quest XI script in the specific scripts bundle updated to v5. It can now handle Switch version of the game properly (based on Pokeytax's changes from this post).

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Fri Dec 18, 2020 10:06 am 

Joined: Thu Dec 17, 2020 11:46 am
Posts: 5
@spiritovod: so how do leakers find every single version's AES for Fortnite and use them to extract everything? I have no idea how to use the key now ? cause I used to make skins for the game by extracting models and textures... isn't there any custom BMS files for extraction of these kind of files ? isn't there any other way for extraction ?


Top
   
PostPosted: Fri Dec 18, 2020 1:23 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 292
@Diam000nd: Fortnite is using standard aes encryption, so no problem with it. The only script that will work with the game at the moment would be raw_extract from custom scripts bundle, but it's not what you need - at least, not in the current form. Alternatives are learning how to grab decrypted index from memory and inserting it into archive or reversing modifications of encryption algorithm - or waiting until guess names feature will be implemented in raw_extract script (this way it will be kind of useful).

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Sat Dec 19, 2020 9:26 am 

Joined: Thu Dec 17, 2020 11:46 am
Posts: 5
@spiritovod: isn't there any tutorials about "grabbing decrypted index from memory" ? cause I found an github project which finds AES from memory when an app is open but cause the game has "Anti-Debug or Anti-Cheat" it doesn't work and says "Failed to open the process". I don't know ? any help for bypass of Anti-Debug? or tutorials or custom script for it to work ?

https://github.com/mmozeiko/aes-finder
that project...


Top
   
PostPosted: Sat Dec 19, 2020 1:47 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 292
@Diam000nd: The mentioned project is for finding aes keys, which would be the same as you already found with my aes finder. Like it was already said, the problem is not the key, but custom encryption. Also, there is not any step-by-step solutions for such things. Sorry, but I'm not here to teach people how to reverse stuff.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Sun Dec 20, 2020 7:53 am 

Joined: Thu Dec 17, 2020 11:46 am
Posts: 5
@spiritovod: Ok! no problem thanks for your help <8


Top
   
PostPosted: Mon Dec 21, 2020 5:50 pm 

Joined: Mon Sep 24, 2018 2:10 am
Posts: 5
Would like to know if anyone can help me.
I am about to start the creation of a free database website for Ashes of creation for the community and I'm having a hard time in identifying where i can find the items/equipments informations.
I just used quickbms with the new key and got all the files (used unreal_tournament_4_0.4.25 script).

I found some valuable informations of the items inside .uasset/.uexp files, the problem is how to properly open them? I know that they have Text inside.

I also used Umodel software and i successfully got some items images (still trying to figure out how to crop correct the atlas file)

@spiritovod maybe you know more about it? I'm a developer, so with some guidance I can create some tools for the community for this game


Top
   
PostPosted: Mon Dec 21, 2020 9:39 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 292
@Zodake: uasset+uexp is universal container for any kind of assets in UE4. So to get or modify any info from them, you should deserialize them first. Basically, uasset contains some general info, such as assets version/size/guids/basic parameters, table of related assets (their names) and table of properties (classes) - while uexp contains actual serialized data.
Here is an example, how it would look in general: viewtopic.php?f=9&t=12764
It's quite easy to get information from text assets (like localizations), because uexp there can be parsed directly and it usually contains only offsets/text size/text itself and some additional parameters, which can be ignored. In all other cases, you should usually reverse game code to understand certain properties/classes or dig into UE4 code itself (since it's open source).

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Tue Dec 22, 2020 1:18 pm 

Joined: Mon Sep 24, 2018 2:10 am
Posts: 5
spiritovod wrote:
@Zodake: uasset+uexp is universal container for any kind of assets in UE4. So to get or modify any info from them, you should deserialize them first. Basically, uasset contains some general info, such as assets version/size/guids/basic parameters, table of related assets (their names) and table of properties (classes) - while uexp contains actual serialized data.
Here is an example, how it would look in general: viewtopic.php?f=9&t=12764
It's quite easy to get information from text assets (like localizations), because uexp there can be parsed directly and it usually contains only offsets/text size/text itself and some additional parameters, which can be ignored. In all other cases, you should usually reverse game code to understand certain properties/classes or dig into UE4 code itself (since it's open source).


Thanks a lot @spiritovod with these informations, i answered you in pm.


Top
   
PostPosted: Tue Dec 22, 2020 5:45 pm 

Joined: Wed Jan 08, 2020 11:22 pm
Posts: 9
spiritovod
Your updated quickBMS script is no longer an "updated version" of it, it is a different script. Original value of quickBMS version of the pak-unpacker was that it preserved root name/path of the pack, for example, "GameName/Content/Materials" and would extract content of the pack int it. Your variant now behaves exactly like built-in tool UnrealPak which just dumps the content without respect to the root path.


Top
   
PostPosted: Tue Dec 22, 2020 7:33 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 292
@Kein: I quite understand what you're talking about. UE 4.9 and below were using relative paths for assets - so you have base path (/GameName/) and relative paths for assets (/Textures/t.1, /Sounds/s.1). Starting from 4.10 it's using absolute paths and mount point. That means you have full paths like "/GameName/Textures/t.1", "/GameName/Sounds/s.1" for all assets in base paks. But sometimes mount point is different and you can get "/Textures/t.1" from additinal paks even from games built with latest UE4 versions. There is no way to somehow "respect" this, because mount points are making sense only for UE4, where all paks are handled as single structure, while quickbms and unrealpak works with each pak separately. Though I think some workaround can be implemented in base script, if you provide some particular example (I've only done it for Fable Legends script, which is obviously can't be used with latest games).

P.S. This part of UE4 script was not modified for more than two years, so if something is "broken" now, it's not me. Again, it's not actually "broken" per se.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Sat Dec 26, 2020 3:20 am 

Joined: Sat Dec 26, 2020 3:18 am
Posts: 1
Hi, I'm new, I trying open .ueassets from SFV but my ue4 4.250 editor cant see them. Any thougs how to do that ?
thank you :)


Top
   
PostPosted: Sat Dec 26, 2020 5:04 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 292
@axlzero25: It doesn't work that way, because unreal editor doesn't support cooked assets. You can start with reading this tutorial and googling for SFV modding, I believe there are plenty resources for it, including videos.

----------------------------------------------------------------------

Latest UE4 bms script updated to version 0.4.25a, which now properly supports base paths in mount points if present (explained in this post). I didn't test it much, so if you'll have problems with it, please report them.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Wed Dec 30, 2020 6:01 am 

Joined: Wed Jan 08, 2020 11:22 pm
Posts: 9
spiritovod wrote:
But sometimes mount point is different and you can get "/Textures/t.1" from additinal paks even from games built with latest UE4 versions. There is no way to somehow "respect" this, because mount points are making sense only for UE4, where all paks are handled as single structure, while quickbms and unrealpak works with each pak separately. Though I think some workaround can be implemented in base script, if you provide some particular example (I've only done it for Fable Legends script, which is obviously can't be used with latest games).


Can you elaborate, may be I never encountered it? In the pak, the first entry in name list is the root entry. For example, let's say you pack Content/Data/ and Data contains Materials/, Scripts/, Whatever/. The first root entry will be "Content/Data/", depending on where it is, can be ".../Content/Data/" or "../../../Content/Data/" but it will be there ALWAYS. if you are packing multiple entries in root entry like, Dir1/, Dir2, Dir3, then, again, depending where these are in the hierarchy, it will be either "../" or "../../../".
What are you saying (if I understand it correctly) makes no sense, there could not be 2 root entries or files OUTSIDE of it. Whole logic behind PAK structure limits it.


Top
   
PostPosted: Wed Dec 30, 2020 1:11 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 292
@Kein: The difference between simple root entry and mount point is that in second case actual root entry can be inherited according to mount point and may not present in a pak. But that's just theoretically and I doubt you'll encounter something like that in usual 4.25- games. That's why I've decided to treat mount point as simple root entry for the latest 0.4.25a fix, it should work like you've described in most cases.
But if you're interested in the difference, you can take a look at v11 paks (with new zen loader structure, aside from utoc/ucas) or Gears 5 / Tactics. Here is an example from Gears 5, how folder structure will look without proper use of mount point (screenshot).

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Wed Dec 30, 2020 10:57 pm 

Joined: Wed Jan 08, 2020 11:22 pm
Posts: 9
spiritovod wrote:
how folder structure will look without proper use of mount point (screenshot).

What's wrong with it? You have root entry here as I can see?


Top
   
PostPosted: Thu Dec 31, 2020 12:23 am 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 292
@Kein: VFX_002 and cin folders should be subfolders of Cinematics.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Sun Jan 03, 2021 8:50 am 

Joined: Wed Jan 08, 2020 11:22 pm
Posts: 9
spiritovod wrote:
@Kein: VFX_002 and cin folders should be subfolders of Cinematics.

Where do you see this from? Are these entries taken from separate packs?


Top
   
PostPosted: Sun Jan 03, 2021 1:27 pm 

Joined: Sat Sep 28, 2019 7:00 pm
Posts: 292
@Kein: I've just provided the sample for demonstration that in some cases things can be different. And like it was already said, if you're interested, you can take a look by yourself. Gears 5 is not a good example, but I don't have decent v11 paks sample at the moment, because there are not working scripts for it to visualize folders structure.

_________________
You can request AES keys on rin forums (the list with keys is also there)
AES keys finder and latest UE4 bms scripts: in this post


Top
   
PostPosted: Sun Jan 03, 2021 9:06 pm 

Joined: Wed Jan 08, 2020 11:22 pm
Posts: 9
That does not answer my quesiton.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 1707 posts ]  Go to page Previous 182 83 84 85 86 Next

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited