ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Tue Jun 25, 2019 6:09 pm

All times are UTC




Post new topic  Reply to topic  [ 49 posts ]  Go to page 1 2 3 Next
Author Message
PostPosted: Tue Apr 09, 2019 5:57 pm 

Joined: Sun Nov 25, 2018 11:18 pm
Posts: 29
Hi all...
i found this file that should contains text file of this game.
But i can't open it. Someone can help me?
https://www23.zippyshare.com/v/iGuCWa9Y/file.html


Top
   
PostPosted: Wed Apr 10, 2019 3:50 pm 
User avatar

Joined: Thu Aug 07, 2014 9:43 pm
Posts: 59
Decrypt script for text-files:
Code:
encryption Rijndael "\x35\x38\x9A\xFF\xF2\x61\xB3\xE8\x87\x22\x24\x0B\x6B\x0B\x25\xC8" "\x01\x85\x40\xA5\x57\xDE\x8C\x4E\x86\xE4\x23\xE3\x3A\xB9\x77\x84"
get SIZE asize
log "decrypted_file.dat" 0 SIZE

_________________
-= GP-team =-
https://twitter.com/Haoose


Top
   
PostPosted: Wed Apr 10, 2019 6:28 pm 

Joined: Fri Oct 09, 2015 1:41 am
Posts: 67
Haoose wrote:
Decrypt script for text-files:
Code:
encryption Rijndael "\x35\x38\x9A\xFF\xF2\x61\xB3\xE8\x87\x22\x24\x0B\x6B\x0B\x25\xC8" "\x01\x85\x40\xA5\x57\xDE\x8C\x4E\x86\xE4\x23\xE3\x3A\xB9\x77\x84"
get SIZE asize
log "decrypted_file.dat" 0 SIZE


And how i use this script? QuickBMS?


Top
   
PostPosted: Wed Apr 10, 2019 8:10 pm 
User avatar

Joined: Thu Aug 07, 2014 9:43 pm
Posts: 59
Ogoshi
Code:
quickbms.exe -w DecryptAceAttorney.bms option_text_u.bin UnPack\

_________________
-= GP-team =-
https://twitter.com/Haoose


Top
   
PostPosted: Wed Apr 10, 2019 10:32 pm 

Joined: Fri Oct 09, 2015 1:41 am
Posts: 67
Haoose wrote:
Ogoshi
Code:
quickbms.exe -w DecryptAceAttorney.bms option_text_u.bin UnPack\


Thanks Haoose!


Top
   
PostPosted: Thu Apr 11, 2019 6:18 am 

Joined: Sun Nov 25, 2018 11:18 pm
Posts: 29
How did you found the way to decrypt?


Top
   
PostPosted: Thu Apr 11, 2019 10:57 am 

Joined: Fri Nov 16, 2018 8:18 am
Posts: 13
Haoose wrote:
Decrypt script for text-files:
Code:
encryption Rijndael "\x35\x38\x9A\xFF\xF2\x61\xB3\xE8\x87\x22\x24\x0B\x6B\x0B\x25\xC8" "\x01\x85\x40\xA5\x57\xDE\x8C\x4E\x86\xE4\x23\xE3\x3A\xB9\x77\x84"
get SIZE asize
log "decrypted_file.dat" 0 SIZE


This works successfully with .bin text files, but it doesn't work with .mdt script files.

Has anyone got any luck with those ones?


Top
   
PostPosted: Thu Apr 11, 2019 2:05 pm 

Joined: Fri Jan 25, 2019 2:47 pm
Posts: 48
Siengried wrote:
How did you found the way to decrypt?


If you open "Assembly-CSharp.dll" with dnSpy (or another .NET disassembler) you can find the decryption code:

Code:
public byte[] load(string in_path)
{
    byte[] array = File.ReadAllBytes(in_path);
    RijndaelManaged rijndaelManaged = new RijndaelManaged();
    rijndaelManaged.KeySize = 128;
    rijndaelManaged.BlockSize = 128;
    string password = "u8DurGE2";
    string s = "6BBGizHE";
    byte[] bytes = Encoding.UTF8.GetBytes(s);
    Rfc2898DeriveBytes rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, bytes);
    rfc2898DeriveBytes.IterationCount = 1000;
    rijndaelManaged.Key = rfc2898DeriveBytes.GetBytes(rijndaelManaged.KeySize / 8);
    rijndaelManaged.IV = rfc2898DeriveBytes.GetBytes(rijndaelManaged.BlockSize / 8);
    ICryptoTransform cryptoTransform = rijndaelManaged.CreateDecryptor();
    byte[] result = cryptoTransform.TransformFinalBlock(array, 0, array.Length);
    cryptoTransform.Dispose();
    return result;
}


Dj_Mike238 wrote:
This works successfully with .bin text files, but it doesn't work with .mdt script files.

Has anyone got any luck with those ones?


.mdt are encrypted in the same way, but then you have to substract 128 from every text character to get the real character. The problem is that .mdt files contains the game scripts, so I'm still looking for a way to extract just the texts without breaking anything else.


Top
   
PostPosted: Thu Apr 11, 2019 2:35 pm 

Joined: Sun Nov 25, 2018 11:18 pm
Posts: 29
Well, we have first to find a way to expand files without to cause crash in games... How we can do? Files don't seems to have a size check


Top
   
PostPosted: Sun Apr 14, 2019 4:09 pm 

Joined: Sun Nov 25, 2018 11:18 pm
Posts: 29
How we can make the file bigger without to make the game crash?


Top
   
PostPosted: Sun Apr 14, 2019 7:36 pm 

Joined: Fri Jan 25, 2019 2:47 pm
Posts: 48
What do you mean? I've been able to add text without crashing the game.

Image


Top
   
PostPosted: Mon Apr 15, 2019 12:20 pm 

Joined: Sun Nov 25, 2018 11:18 pm
Posts: 29
Kaplas wrote:
What do you mean? I've been able to add text without crashing the game.

Image


How? If i just add two bytes the game crash... did you modified something else?


Top
   
PostPosted: Mon Apr 15, 2019 1:16 pm 

Joined: Fri Jan 25, 2019 2:47 pm
Posts: 48
Once decrypted, .mdt files have the following header:

Code:
ushort numberOfScenesInFile;
ushort dummy; // 0
uint[numberOfScenesInFile] sceneStartOffset;

And after this header goes the data.

If you add or remove bytes, you have to update the "sceneStartOffset" pointers.


Top
   
PostPosted: Mon Apr 15, 2019 1:20 pm 

Joined: Sun Nov 25, 2018 11:18 pm
Posts: 29
Kaplas wrote:
Once decrypted, .mdt files have the following header:

Code:
ushort numberOfScenesInFile;
ushort dummy; // 0
uint[numberOfScenesInFile] sceneStartOffset;

And after this header goes the data.

If you add or remove bytes, you have to update the "sceneStartOffset" pointers.

I know it. But i added two bytes at the very last word:
É˙Ó˙€0Á˙Ä˙Ę˙Ď˙Ő˙Ň˙Î˙Ĺ˙Ä˙˙ ORIGINAL
É˙Ó˙€0Á˙Ä˙Ę˙Ď˙Ő˙Ň˙Î˙Ĺ˙Ä˙Ä˙˙NEW
And the game crash. The last scene is the last, so no pointer have to be modified(pointer=Scene offset)


Top
   
PostPosted: Mon Apr 15, 2019 1:51 pm 

Joined: Fri Jan 25, 2019 2:47 pm
Posts: 48
Have you encrypted the file after modifying?


Top
   
PostPosted: Mon Apr 15, 2019 1:51 pm 

Joined: Sun Nov 25, 2018 11:18 pm
Posts: 29
Kaplas wrote:
Have you encrypted the file after modifying?

Yes, i have.


Top
   
PostPosted: Mon Apr 15, 2019 1:58 pm 

Joined: Fri Jan 25, 2019 2:47 pm
Posts: 48
What file are you trying to modify? I've tried with "sc0_text_u.mdt" in "GS1\scenario" folder and it works, may be other files have other structure.


Top
   
PostPosted: Mon Apr 15, 2019 2:03 pm 

Joined: Sun Nov 25, 2018 11:18 pm
Posts: 29
Kaplas wrote:
What file are you trying to modify? I've tried with "sc0_text_u.mdt" in "GS1\scenario" folder and it works, may be other files have other structure.

I have modified the same. Can i send you the file decripted and none? The modified one i mean


Top
   
PostPosted: Mon Apr 15, 2019 2:11 pm 

Joined: Fri Jan 25, 2019 2:47 pm
Posts: 48
Yes, send me the file and I'll take a look


Top
   
PostPosted: Mon Apr 15, 2019 2:12 pm 

Joined: Sun Nov 25, 2018 11:18 pm
Posts: 29
I added some bytes at the offset 016F95
https://www109.zippyshare.com/v/zhiVAZkf/file.html
Obliously i change everytime the name in sc0_text_u.mdt and encrypt it again with reimport.bat(tried the reimport2 too)


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 49 posts ]  Go to page 1 2 3 Next

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited