ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Wed Oct 17, 2018 10:10 pm

All times are UTC




Post new topic  Reply to topic  [ 625 posts ]  Go to page Previous 114 15 16 17 1832 Next
Author Message
PostPosted: Thu Mar 29, 2018 4:19 pm 

Joined: Thu Mar 29, 2018 4:17 pm
Posts: 1
Sea of Thieves exe and paks smaller than 1GB

https://mega.nz/#F!n0BljLRL!N3eOxguUzQANSokmZmDAEA


Top
   
PostPosted: Fri Mar 30, 2018 12:42 pm 

Joined: Wed May 31, 2017 11:15 am
Posts: 8
Can you do a script for MX vs ATV All Out PAK's files? they are AES encrypted. Please!!


Top
   
PostPosted: Sat Mar 31, 2018 7:16 am 

Joined: Wed Nov 15, 2017 1:30 am
Posts: 44
rogerhnn wrote:
I am trying to find the key for the PUBG pak files after the last update (weapons skins).
Anyone knows how I can find it to extract the game content from the pak files?


Key has been the same since they added one, make sure to select 4.16 if using uModel.

Quote:
45DD15D6DD2DA50AEB71CE7A5284CF8EA498B2EC3D52B7E336F3EA0071CE44B3


Top
   
PostPosted: Sun Apr 01, 2018 10:13 pm 

Joined: Sun Apr 01, 2018 10:10 pm
Posts: 3
Hello, lost my weekend trying to find Pubg Mobile Key.
Here are some data which i think would help (partial memory dump, heap dump, etc):
PM for link.
Hope someone would help in trying to find Aes key.


Last edited by adryyy on Tue Apr 03, 2018 7:40 pm, edited 1 time in total.

Top
   
PostPosted: Mon Apr 02, 2018 4:19 am 

Joined: Thu Mar 22, 2018 10:59 am
Posts: 7
adryyy wrote:
Hello, lost my weekend trying to find Pubg Mobile Key.
Here are some data which i think would help (partial memory dump, heap dump, etc):
https://mega.nz/#!kdpDBLQY!f1mjvQ7a8Xvs ... lFHSZvfaB8
Hope someone would help in trying to find Aes key.
I find Aes key 5 days and no result,may we should hook native?


Top
   
PostPosted: Mon Apr 02, 2018 7:53 am 

Joined: Sun Apr 01, 2018 10:10 pm
Posts: 3
AnC1 wrote:
I find Aes key 5 days and no result,may we should hook native?

Did you modify pak file according to this ?

"So, I've downloaded the game. apk has obb file inside, with extension .png. Actually this is a zip file. After unpacking, I see .pak file. It has slightly modified file format - changed 'magic' number. It is located 44 bytes from the end of file:
16 12 17 20
it should be changed to
E1 12 6F 5A

After that, UModel can open the file. However whole content of the pak file is encrypted."
Reference: http://www.gildor.org/smf/index.php/top ... l#msg26873

I can see files after modifications using umodel, also quickbms identify correctly.
Tried your key but it didn't work.
Can i ask how did you get it? Also, for what version it is (mine is 3212)


Top
   
PostPosted: Mon Apr 02, 2018 8:14 am 

Joined: Thu Mar 22, 2018 10:59 am
Posts: 7
adryyy wrote:
AnC1 wrote:
I find Aes key 5 days and no result,may we should hook native?

Did you modify pak file according to this ?

"So, I've downloaded the game. apk has obb file inside, with extension .png. Actually this is a zip file. After unpacking, I see .pak file. It has slightly modified file format - changed 'magic' number. It is located 44 bytes from the end of file:
16 12 17 20
it should be changed to
E1 12 6F 5A

After that, UModel can open the file. However whole content of the pak file is encrypted."
Reference: http://www.gildor.org/smf/index.php/top ... l#msg26873

I can see files after modifications using umodel, also quickbms identify correctly.
Tried your key but it didn't work.
Can i ask how did you get it? Also, for what version it is (mine is 3212)
Yeah,I know this post of gildor,My key for version3199 then Tencent change to AES Key and I cant decryption it= =


Top
   
PostPosted: Mon Apr 02, 2018 6:27 pm 

Joined: Mon Nov 07, 2016 1:25 pm
Posts: 3
htc911ok wrote:
Everyone can help me, how to find encryption key on MagesTale-Win64-Shipping.exe ?, and I can't retrieve it. My English is very bad and I use Google Translate. thank you all!
https://drive.google.com/open?id=1tzk_v3WjljGTrt-3tPosqVRyEnL7nRYU

I add new key in bms,you can try it. http://zenhax.com/viewtopic.php?f=9&t=7271&p=33752#p33752


Top
   
PostPosted: Tue Apr 03, 2018 3:41 am 

Joined: Sat Feb 17, 2018 2:24 pm
Posts: 5
BlueEffie wrote:
htc911ok wrote:
Everyone can help me, how to find encryption key on MagesTale-Win64-Shipping.exe ?, and I can't retrieve it. My English is very bad and I use Google Translate. thank you all!
https://drive.google.com/open?id=1tzk_v3WjljGTrt-3tPosqVRyEnL7nRYU

I add new key in bms,you can try it. http://zenhax.com/viewtopic.php?f=9&t=7271&p=33752#p33752

Still invalid, but thank you!


Top
   
PostPosted: Tue Apr 03, 2018 7:38 pm 

Joined: Sun Apr 01, 2018 10:10 pm
Posts: 3
For those who want to change Pubg Mobile Resolution, in this thread you got all infos.
https://4pda.ru/forum/index.php?showtop ... p=71843917
It's a bit off topic, but there are some guys who wanted to extract pak exactly for this.

You need to enter in game, change graphics to low, then back to high, minimize game, edit User Custom ini, enter in game again and exit (don't force close, exit with back key). Enjoy.

https://pastebin.com/q1u54K5k


Top
   
PostPosted: Wed Apr 04, 2018 1:58 am 

Joined: Thu Mar 22, 2018 10:59 am
Posts: 7
adryyy wrote:
For those who want to change Pubg Mobile Resolution, in this thread you got all info.
https://4pda.ru/forum/index.php?showtop ... p=71843917
It's a bit off topic, but there are some guys who wanted to extract pak exactly for this.

You need to enter in game, change graphics to low, then back to high, minimize game, edit User Custom ini, enter in game again and exit (don't force close, exit with back key). Enjoy.
https://pastebin.com/q1u54K5k
It will be banned,China Version start detecting that player modify user custom ini


Top
   
PostPosted: Sat Apr 07, 2018 7:12 am 

Joined: Fri Apr 06, 2018 8:12 pm
Posts: 1
I can't load the PUBG uassets into UE4 4.16. I keep getting this error: Post Tag is not valid. File might be corrupted.
Can anyone help me load extracted PUBG content into UE4 so I can play with it?


Top
   
PostPosted: Sun Apr 08, 2018 4:04 pm 

Joined: Wed Nov 15, 2017 1:30 am
Posts: 44
brainblip3 wrote:
I can't load the PUBG uassets into UE4 4.16. I keep getting this error: Post Tag is not valid. File might be corrupted.
Can anyone help me load extracted PUBG content into UE4 so I can play with it?

They won't work that way, you will need to use another program like uModel to extract them properly, and that's just meshes, textures, animations, icons etc...then you will need to recreate all the Materials inside UE4, they won't be done automatically, it's a manual process.


Top
   
PostPosted: Wed Apr 11, 2018 10:39 pm 

Joined: Wed Apr 11, 2018 10:22 pm
Posts: 1
I am having trouble extracting the Fortnite paks. I have used both unreal_tournament_4.bms and umodel but no results.

Can someone please provide me with the AES keys of each pak file, or send me link to the program used to find it, and tell me how?

I would love it if you would!


Top
   
PostPosted: Wed Apr 11, 2018 11:45 pm 

Joined: Wed Apr 11, 2018 10:52 pm
Posts: 9
Having same problem


Top
   
PostPosted: Thu Apr 12, 2018 7:42 am 

Joined: Wed Nov 15, 2017 1:30 am
Posts: 44
Gildor Fortnite forum is about to explode, Buzzfarts has deleted his account on there, getting flooded with AES requests etc....

be good to know how to do it myself but obvious a reason why no one shows a how to do it tutorial?


Top
   
PostPosted: Thu Apr 12, 2018 10:33 pm 

Joined: Thu Apr 12, 2018 10:30 pm
Posts: 1
Hell Let Loose has encryption on their .PAK

Heres 2 sample files: https://www.dropbox.com/sh/aytirl14said ... XM-aa?dl=0


Top
   
PostPosted: Sun Apr 15, 2018 8:46 am 

Joined: Fri Mar 30, 2018 2:48 am
Posts: 4
Anyone here familiar with getting the decryption key for the 4.19 EU4 games?
I need help getting the key for a game that was recently encrypted. Would really appreciate if anyone could tell me what I need to supply to get help with getting a key.


Top
   
PostPosted: Sun Apr 15, 2018 2:07 pm 

Joined: Tue Aug 22, 2017 7:47 am
Posts: 8
I tried this script
Code:
# Unreal Engine 4 - Unreal Tournament 4 (*WindowsNoEditor.pak) (script 0.4.15a)
# script for QuickBMS http://quickbms.aluigi.org

math NO_TAIL_INFO = 0   # set it to 1 for archives with corrupt/missing tail information

quickbmsver "0.8.3"

math TOC_FILE = 0

# set your AES_KEY here as text or C string ("\x11\x22...")
set AES_KEY binary ""
putarray 10 -1 "KIWIKIWIKIWIKIWIKIWIKIWIKIWIKIWI"   # first beta of Street Fighter V
putarray 10 -1 "_aS4mfZK8M5s5KWC2Lz2VsFnGKI7azgl"   # current version of Street Fighter V
putarray 10 -1 "bR!@nbR0wnc@rychR!$d@nd@v3d3R3kj!mj0$hk3v!nm!ch@3lm!k3s3@nst3v3t!m" # Victory: The Culling
putarray 10 -1 "casd#55@#$%323!$^#b%05sa5W|hhaf4365s52ss51|55m!|{55s^@@36f233|-|0w@%3g8hssDk35/!Nm|_|%ds23%a32d5&23as3%12p|-|y$t3ds562d23fav3c@dyw38#49" # Victory: The Culling
putarray 10 -1 "C8C4847F3B4FA52D4AAD57A52358CDBC"   # Injustice 2 (iOS)
putarray 10 -1 "k14z0ZLR8a7jNm49uyBzxXYY9LpTHcehLSNiC3jAkzBsffPuy8YsTa72RLD9KWIn"   # Gal*Gun VR
putarray 10 -1 "E7@[dZfoYCW;+YWR;0JK^{9tt:yU0_T&"   # Marvel VS Capcom - Infinite
putarray 10 -1 "E1A1F2E4AA066C54BD5090F463EDDF58D01684243672B3CE809FF47FF473B04A"   # OverHit
putarray 10 -1 "I0vV6wr0TFbg3m23QuSIwnYC1sI0AIDq"   # Fernbus
putarray 10 -1 "VWSUATAUAVAW"                       # Paragon
putarray 10 -1 "y298qjSb115NqQ3Agad30DWn2QYrTI8CT6aP05l2PBV9Qe92S94PdoVCCy06A38L"   # Fortnite
putarray 10 -1 "b9uW0RKNY91be8HN3Lemi68j6Xsi2l7fQJYsp5oR4al4C4c9kY5E0l90411l9P3L"   # Dragonball FighterZ
putarray 10 -1 "h67GrjX2aGMgrAQeNwf9VmCYbt50ylJFeP3rIhbxh4e9bZXnqm8sbvEjWGOi6rgs"   # SAO Fatal Bullet
math AES_KEY_IS_SET = 0

math ALTERNATIVE_MODE = 0

get ARCHIVE_NAME basename

math VERSION = 0

# 1 = HIT
math WORKAROUND = 0

if NO_TAIL_INFO != 0
    get OFFSET asize
    math ALTERNATIVE_MODE = 1
else
    goto -0x2c
    get MAGIC long  #idstring "\xe1\x12\x6f\x5a" # 0x5a6f12e1
    endian guess MAGIC      # 0x5a6f12e1:le, 0xe1126f5a:be
    if MAGIC == 0x1233a     # HIT game
        math WORKAROUND = 1
    elif MAGIC == 0x1066a   # OverHit
        math WORKAROUND = 1
    elif MAGIC == 0x13aed   # OverHit
        math WORKAROUND = 1
    elif ARCHIVE_NAME & "OverHit"
        math WORKAROUND = 1
    elif ARCHIVE_NAME == "0"    # HIT
        math WORKAROUND = 1
    elif ARCHIVE_NAME & "-UWP"  # Gears of War 4
        math WORKAROUND = 2
    endif
    get VERSION long
    get OFFSET longlong
    get SIZE longlong
    getdstring HASH 20
    if WORKAROUND == 1
        math VERSION = 3
    endif

    if VERSION >= 3
        goto -0x2d
        get ENCRYPTED byte
        if ENCRYPTED != 0
            callfunction SET_AES_KEY 1
            log MEMORY_FILE10 OFFSET SIZE
            encryption "" ""
            math TOC_FILE = -10 # MEMORY_FILE10 is -10
        endif
    endif

    goto OFFSET # don't use TOC_FILE
    callfunction GET_NAME 1
endif

if ALTERNATIVE_MODE == 0
    get FILES long TOC_FILE
else
    math FILES = 0x7fffffff
    math MAX_OFF = OFFSET
    goto 0
    set NAME string ""
endif

math CHUNK_SIZE = 0x10000   # just in case...
for i = 0 < FILES
    if ALTERNATIVE_MODE == 0
        callfunction GET_NAME 1
    endif
    savepos TMP_OFF # no need to use TOC_FILE in savepos/goto

    get OFFSET longlong TOC_FILE
    if WORKAROUND == 2
        get ZSIZE long TOC_FILE
        get SIZE long TOC_FILE
        get ZIP byte TOC_FILE
    else
        get ZSIZE longlong TOC_FILE
        get SIZE longlong TOC_FILE
        get ZIP long TOC_FILE
    endif
    if WORKAROUND == 1
        getdstring HASH 20 TOC_FILE
    elif VERSION <= 1
        get TSTAMP longlong TOC_FILE
    endif
    if WORKAROUND == 2
    else
        getdstring HASH 20 TOC_FILE
    endif
    math CHUNKS = 0
    math ENCRYPTED = 0
    if VERSION >= 3
        if ZIP != 0
            get CHUNKS long TOC_FILE
            for x = 0 < CHUNKS
                get CHUNK_OFFSET longlong TOC_FILE
                get CHUNK_END_OFFSET longlong TOC_FILE
                putarray 0 x CHUNK_OFFSET
                putarray 1 x CHUNK_END_OFFSET
            next x
        endif
        if WORKAROUND == 2
        else
            get ENCRYPTED byte TOC_FILE
        endif
        get CHUNK_SIZE long TOC_FILE
    endif
    if WORKAROUND == 1
        if ARCHIVE_NAME == "0"  # HIT game only!
            math ENCRYPTED = 0
        endif
    endif
    if ALTERNATIVE_MODE != 0
        savepos TMP_OFF
        math OFFSET + TMP_OFF
    endif

    comtype copy    # for AES
      if ZIP & 1
        comtype zlib
    elif ZIP & 2
        comtype gzip
    elif ZIP & 4
        comtype snappy
        if WORKAROUND == 2
            comtype lz4
        endif
    elif ZIP & 0x10
        comtype oodle
    endif
    if ZIP == 3 # JoyfunRPG / Faith of Danschant
        comtype oodle
    endif

    if CHUNKS > 0
        putvarchr MEMORY_FILE SIZE 0
        log MEMORY_FILE 0 0
        append
        math TMP_SIZE = SIZE
        for x = 0 < CHUNKS
            getarray CHUNK_OFFSET 0 x
            getarray CHUNK_END_OFFSET 1 x
            math CHUNK_ZSIZE = CHUNK_END_OFFSET
            math CHUNK_ZSIZE - CHUNK_OFFSET
            if ENCRYPTED != 0
                callfunction SET_AES_KEY 1
                math CHUNK_ZSIZE x 16
            endif
            if TMP_SIZE u< CHUNK_SIZE
                math CHUNK_SIZE = TMP_SIZE
            endif
            clog MEMORY_FILE CHUNK_OFFSET CHUNK_ZSIZE CHUNK_SIZE
            math TMP_SIZE - CHUNK_SIZE
        next x
        append
        encryption "" ""
        log NAME 0 SIZE MEMORY_FILE
    else
        # the file offset points to an entry containing
        # the "same" OFFSET ZSIZE SIZE ZIP HASH ZERO fields,
        # just an additional backup... so let's skip them
        savepos BASE_OFF
        math BASE_OFF - TMP_OFF
        math OFFSET + BASE_OFF
        if ENCRYPTED != 0
            callfunction SET_AES_KEY 1
            math ZSIZE x 16
        endif
        clog NAME OFFSET ZSIZE SIZE
        encryption "" ""
    endif

    if ALTERNATIVE_MODE != 0
        math OFFSET + ZSIZE
        goto OFFSET
        if OFFSET == MAX_OFF
            break
        endif
        if VERSION >= 4
            padding 0x800   # necessary for WitchIt
        endif
    endif
next i

startfunction SET_AES_KEY_ASK
    math AES_KEY_IS_SET = 1
    print "The archive is encrypted, select the number of the key to use or type yours:"
    for z = 0
        getarray KEY 10 z
        if KEY == ""
            break
        endif
        print "%z%: %KEY%"
    next z
        print "%z%: press RETURN for no encryption (Lineage 2 Revolution)"
    set KEY unknown "???"
    strlen TMP KEY
    if KEY == ""
        math AES_KEY_IS_SET = -1
        set AES_KEY string "no key, encryption disabled"
    elif TMP <= 2
        getarray AES_KEY 10 KEY
    else
        set AES_KEY binary KEY
    endif
    print "KEY: %AES_KEY%"
endfunction

startfunction SET_AES_KEY
    if AES_KEY_IS_SET == 0
        callfunction SET_AES_KEY_ASK 1
    endif
    if AES_KEY_IS_SET > 0
        encryption aes AES_KEY "" 0 32
    endif
endfunction

startfunction GET_NAME
    get NAMESZ signed_long TOC_FILE
    if NAMESZ >= 0
        if NAMESZ > 0x200
            math ALTERNATIVE_MODE = 1
        else
            getdstring NAME NAMESZ TOC_FILE
        endif
    else
        math NAMESZ n NAMESZ
        if NAMESZ > 0x200
            math ALTERNATIVE_MODE = 1
        else
            math NAMESZ * 2
            getdstring NAME NAMESZ TOC_FILE
            set NAME unicode NAME
        endif
    endif
endfunction

I have added the key for SAO Fatal Bullet but I get an error.
Image

I did not have to do things right ...> _ <


Top
   
PostPosted: Sun Apr 15, 2018 3:39 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 9051
What you did wrong was removing the 'putarray 10 -1 ""' which acts as delimiter, you can put every key you desire BEFORE it but do not delete it.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 625 posts ]  Go to page Previous 114 15 16 17 1832 Next

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited