ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Sun Dec 08, 2019 3:45 pm

All times are UTC




Post new topic  Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Fri Feb 22, 2019 2:35 pm 

Joined: Fri Jun 03, 2016 5:24 pm
Posts: 35
I hope someone can take a look to this file:

http://www.mediafire.com/file/7rbha57t9 ... i.wad/file


Top
   
PostPosted: Fri Feb 22, 2019 6:34 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 10822
It has an "AGAR" magic like in danganronpa and The King of Fighters XIV.
I think the format derives from kof but unfortunately the script doesn't work.
Since the format uses encrypted data there is not much I can do at the moment.


Top
   
PostPosted: Sat Feb 23, 2019 4:50 am 

Joined: Fri Jun 03, 2016 5:24 pm
Posts: 35
Ok, Thanks aluigi, I'm gonna wait to see if someone can take a look to this crap :P.


Top
   
PostPosted: Sun Feb 24, 2019 3:05 am 

Joined: Thu Aug 07, 2014 10:28 pm
Posts: 258
kof 14 function in ida
https://pastebin.com/EWPi4maF

same function in snk heroines
https://pastebin.com/wewXvTky


Top
   
PostPosted: Tue Feb 26, 2019 8:46 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 10822
So I bet it just uses a different key.


Top
   
PostPosted: Tue Feb 26, 2019 1:55 pm 

Joined: Tue Dec 20, 2016 11:15 pm
Posts: 13
most likely, no luck using aes-finder on the game though.


Top
   
PostPosted: Fri May 03, 2019 6:59 am 

Joined: Fri Dec 18, 2015 9:15 am
Posts: 27
Is it me or why none ever try research on the game file from Steam ver.? It is a wad file type, but the kofxiv script might not working. I'll upload the sample when I get home


Top
   
PostPosted: Sun May 05, 2019 9:50 pm 

Joined: Fri Dec 18, 2015 9:15 am
Posts: 27
This is the sample. Neither assets.wad works on kofxiv script. From PC ver.

Thief Arthur's file: https://mega.nz/#!QWwGQKJI!r0905hgGz4St ... M9dnOrbuT4


Top
   
PostPosted: Tue Sep 24, 2019 4:37 pm 

Joined: Sun May 31, 2015 2:23 am
Posts: 354
Here's one of the archives from the PC version, for the sake of those who can't access Switch Files and the like. I think it would be easier to extract from PC than other formats, since consoles tend to be...weird about their compressions and formats.

https://www.dropbox.com/s/16818fsa81nj9 ... c.wad?dl=0


Top
   
PostPosted: Fri Nov 29, 2019 2:58 am 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 874
aluigi wrote:
Since the format uses encrypted data there

Right, there used CAST128 (CAST5) as encryption. There is a problem with the algorithm, it is modified, the initialization of the key is removed and used already initialized key data.

Code:
struct cast5_ctx {
   uint32_t K[32]; //<-------
};


Data of key is:
Code:
static uint32_t K[32] = {
       0x65B3CD12, 0x080A74CE, 0xB8161A7D, 0x40A9C59A,
       0x1C214F73, 0x062A54CF, 0x509FEE42, 0x3FE50C3D,
       0x07A37254, 0xCC09AF7D, 0x907608F9, 0x45EAD42E,
       0xE5E4BA5C, 0xD95CD309, 0x2EACFB9C, 0x323A49E9,
       0x6D8DFA8F, 0x3D9CDD72, 0xF41CF5BA, 0x92C23079,
       0x29367382, 0x18220DDF, 0xCE482A16, 0xF380E8FB,
       0x5A19B243, 0xEE059CB9, 0x3D1871DA, 0xDD578885,
       0x6AC30D82, 0x27B658AA, 0xC6D39A98, 0xCCBEB258};


And we can use it something like this: (code part from libtomcrypt)

Code:
   R ^= FI(L, cast5_ctx->K[15], cast5_ctx->K[31]);
   L ^= FIII(R, cast5_ctx->K[14], cast5_ctx->K[30]);
   R ^= FII(L, cast5_ctx->K[13], cast5_ctx->K[29]);
   L ^= FI(R, cast5_ctx->K[12], cast5_ctx->K[28]);
   R ^= FIII(L, cast5_ctx->K[11], cast5_ctx->K[27]);
   L ^= FII(R, cast5_ctx->K[10], cast5_ctx->K[26]);
   R ^= FI(L, cast5_ctx->K[9], cast5_ctx->K[25]);
   L ^= FIII(R, cast5_ctx->K[8], cast5_ctx->K[24]);
   R ^= FII(L, cast5_ctx->K[7], cast5_ctx->K[23]);
   L ^= FI(R, cast5_ctx->K[6], cast5_ctx->K[22]);
   R ^= FIII(L, cast5_ctx->K[5], cast5_ctx->K[21]);
   L ^= FII(R, cast5_ctx->K[4], cast5_ctx->K[20]);
   R ^= FI(L, cast5_ctx->K[3], cast5_ctx->K[19]);
   L ^= FIII(R, cast5_ctx->K[2], cast5_ctx->K[18]);
   R ^= FII(L, cast5_ctx->K[1], cast5_ctx->K[17]);
   L ^= FI(R, cast5_ctx->K[0], cast5_ctx->K[16]);


It's works partially, in other matters, as usual :mrgreen:

PS: Well, for those who are interested, here is a terrible pseudocode > here


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 10 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited