ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Thu Jul 18, 2019 1:48 pm

All times are UTC




Post new topic  Reply to topic  [ 5 posts ] 
Author Message
PostPosted: Wed Jun 26, 2019 1:37 pm 

Joined: Sun Jun 23, 2019 1:01 am
Posts: 5
Hi,
So for a while now I have been trying to get at the sounds in this game because I really, really want to listen to them.
First, the game is at:
https://www.dropbox.com/sh/t1k8j6efph5k ... McRaa?dl=0
It's a folder, the sounds are in data\sounds.dat and this game is for windows, it works on windows 7 both 32 and 64 bit.
I do know the sounds.dat archive is a DPMX archive made by hot soup processor.
There's also a dpmx.txt quickbms script in the main folder, which can extract the archive, but the results don't look like any kind of audio at all.
I found a ruby app that says the key is "0xE3239B04", but my attempts at XOR and such didn't produce anything useful.
Has anyone got any idea on how to decrypt the files?
The games executable and DLLs are included, so you can download play.exe, the games executable and run it through a hex viewer or something.
Any help at all is appreciated!


Top
   
PostPosted: Sat Jul 06, 2019 5:34 am 

Joined: Fri Aug 26, 2016 3:11 pm
Posts: 25
Cat-gamer wrote:
Hi,
So for a while now I have been trying to get at the sounds in this game because I really, really want to listen to them.
First, the game is at:
https://www.dropbox.com/sh/t1k8j6efph5k ... McRaa?dl=0
It's a folder, the sounds are in data\sounds.dat and this game is for windows, it works on windows 7 both 32 and 64 bit.
I do know the sounds.dat archive is a DPMX archive made by hot soup processor.
There's also a dpmx.txt quickbms script in the main folder, which can extract the archive, but the results don't look like any kind of audio at all.
I found a ruby app that says the key is "0xE3239B04", but my attempts at XOR and such didn't produce anything useful.
Has anyone got any idea on how to decrypt the files?
The games executable and DLLs are included, so you can download play.exe, the games executable and run it through a hex viewer or something.
Any help at all is appreciated!


Here ya go, it will create a sounds folder in the same location as the file and extract them all.


Attachments:
Extract Sounds.zip [4.62 KiB]
Downloaded 10 times
Top
   
PostPosted: Sat Jul 06, 2019 7:49 pm 

Joined: Sun Jun 23, 2019 1:01 am
Posts: 5
Thanks! Can you tell how you got it to work?


Top
   
PostPosted: Sat Jul 06, 2019 8:37 pm 

Joined: Fri Aug 26, 2016 3:11 pm
Posts: 25
Cat-gamer wrote:
Thanks! Can you tell how you got it to work?

Code:
        private class sFile
        {
            public string fileName;
            public int unknown; // -1
            public uint hash;
            public uint offset;
            public uint length;

            public sFile(byte[] bytes,uint bOffset)
            {
                MemoryStream ms = new MemoryStream(bytes);
                BinaryReader br = new BinaryReader(ms);
                fileName = Encoding.ASCII.GetString(br.ReadBytes(16)).TrimEnd(new char[1] { (char)0x00 });
                unknown = br.ReadInt32();
                hash = br.ReadUInt32();
                offset = br.ReadUInt32() + bOffset;
                length = br.ReadUInt32();
            }
        }

        private byte[] decrypt(sFile sf,BinaryReader br)
        {
            byte v1 = (byte)((sf.hash >> 16) & 0xFF);
            byte v2 = (byte)(sf.hash & 0xFF);
            v2 += 0x5A;
            v2 ^= v1;

            byte v3 = (byte)((sf.hash >> 8) & 0xFF);
            byte v4 = (byte)((sf.hash >> 24) & 0xFF);
            v3 += 0xA5;
            v3 ^= v4;

            byte AL = (byte)((v2 + 0xA8) & 0xFF);
            byte DL;
            byte HL = 0;
            br.BaseStream.Position = sf.offset;
            byte[] file = br.ReadBytes((int)sf.length);

                for(int i = 0; i < file.Length;i++)
                {
                    byte BL = file[i];
                    DL = (byte)((v3 + 1) & 0xFF);

                    BL ^= AL;
                    BL -= DL;
                    DL = HL;
                    DL += BL;
                    file[i] = DL;
                    HL = DL;
                }
                return file;
        }


The values 0xA8 & 0x01 used to initialize AL & DL aren't entirely static but they appear to be for the sound.dat file, I didn't bother trying to map them properly as the request was strictly around the sound data and since this is all chained xor logic it's a pain to follow through the assembly.

Basically what was called the hash (which it may be, didn't bother to check the CRC32 on the files) is used with some byte logic to decrypt the files along with some statics & 2 other variables (0xA8 & 0x01)


Top
   
PostPosted: Sat Jul 06, 2019 9:35 pm 

Joined: Sun Jun 23, 2019 1:01 am
Posts: 5
Ah, I guess you'd need to scann the assembly for each game that has sounds like that.
I was hoping it was just a key embedded in the executable, but of course I'm not that lucky.
Thanks for this! These sounds are great!


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 5 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited