ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Thu Dec 12, 2019 4:15 pm

All times are UTC




Post new topic  Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Wed Nov 20, 2019 2:26 pm 

Joined: Tue Nov 19, 2019 2:03 pm
Posts: 7
Hi, i want to unpack these files. Can anyone help me?
They named like "44_6.pack" and i thought the files with the same "_X" are related to each other so i zipped them together.

".pack" files from Project Torque(unfortunately, i don't have HEAT Online, i just have some extracted files)
https://mega.nz/#F!hpkSUADA!HvpvruIbRXVSyTvxbHDWZg

And some extracted files from HEAT Online(i only have maps and vehicles and i got them from someone else)
Only uploaded 1 car and 1 map
https://mega.nz/#F!l8USnKyb!Cg144f_oelYkzczSj_mCUw
If these aren't enough, i can upload more.

Note: HEAT Online and Project Torque is actually the same game but different versions.

Thanks


Top
   
PostPosted: Thu Nov 21, 2019 2:15 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 874
TOC is encrypted.


Top
   
PostPosted: Thu Nov 21, 2019 2:38 pm 

Joined: Tue Nov 19, 2019 2:03 pm
Posts: 7
What does that mean?


Top
   
PostPosted: Thu Nov 21, 2019 4:33 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 874
It's mean - without of encryption algorithm you can't extract content.


Top
   
PostPosted: Thu Nov 21, 2019 5:18 pm 

Joined: Tue Nov 19, 2019 2:03 pm
Posts: 7
Quote:
Just for the record, the encryption is a lot more complex than that.
It uses aes_256_cfb128 (plus some ivec-related xor every 32 bytes that is not standard or not correctly implemented in quickbms) with dynamic keys to decrypt the table of each archive, a non-standard base64 for a fixed key ("IMAAAAAACAAAAAAAFPHPKJP...") and also the charset encryption for the content of the files is dynamic.
"IPack001" + 8 bytes + 0x80 bytes + table to decrypt with aes_256_cfb128 + content of files
"LPack002" + 0x80 bytes + rest to decrypt with aes_256_cfb128

I will not work on this but, maybe, these info can be a starting point for someone else.

If someone wants to waste some time and wants to have a quick look at this stuff you have to copy the bin file as exe (like ProjectTorque.bin -> test.exe) and then use offbreak: offbreak -D "c:\PATH\test.exe" "c:\PATH\Packages.lpatch" 0x88 "c:\PATH\Packages\100_2.pack" 0x90
The code is in CRC_ReleaseNoDebug.dll, it uses msvcr90.fread for reading the data.

https://zenhax.com/viewtopic.php?f=5&t=1364#p7491

I just found this, i can waste my time but i don't even know where to write that "offbreak -D "c:\PATH\test.exe" "c:\PATH\Packages.lpatch" 0x88 "c:\PATH\Packages\100_2.pack"
How can i learn all these things?

Edit: I found out what is offbreak http://aluigi.altervista.org/mytoolz/offbreak.zip
But i still don't understand anything


Top
   
PostPosted: Thu Nov 21, 2019 5:39 pm 

Joined: Tue Nov 19, 2019 2:03 pm
Posts: 7
Quote:
C:\Users\user>F:\Desktop\Downloads\offbreak\offbreak.exe offbreak -D "F:\Project Torque\test.exe" "F:\Project Torque\Packages.lpatch" 0x88 "F:\Project Torque\packages\172_0.pack" 0x90

Offbreak 0.3.4
by Luigi Auriemma
e-mail: me@aluigi.org
web: aluigi.org


- monitor 0000000000000000 -D

- monitor 0000000000000000 -D

- monitor 0000000000000000 -D

- monitor 0000000000000000 -D

- monitor 0000000000000000 -D

- monitor 0000000000000000 -D

- monitor 0000000000000088 F:\Project Torque\Packages.lpatch

- monitor 0000000000000090 F:\Project Torque\packages\172_0.pack

- command-line, PID or process name:
offbreak

- execute:
offbreak

- PID: 8880


- load original Offbreak DLL for setting parameters
- copy parameters 0000f540
- copy options 0000f220
- copy the dll in the temporary folder:
C:\Users\USER~1\AppData\Local\Temp\\offbreak_95805dd6c911.dll


- CreateRemoteThread
- LoadLibrary address 759C2280

- CreateRemoteThread ok

- C:\Users\USER~1\AppData\Local\Temp\\offbreak_95805dd6c911.dll injected

- done


Do you understand anything from this?


Top
   
PostPosted: Sat Nov 23, 2019 6:05 pm 

Joined: Tue Nov 19, 2019 2:03 pm
Posts: 7
bump


Top
   
PostPosted: Sat Nov 30, 2019 8:12 pm 

Joined: Tue Nov 19, 2019 2:03 pm
Posts: 7
bump


Top
   
PostPosted: Mon Dec 02, 2019 2:13 pm 

Joined: Tue Nov 19, 2019 2:03 pm
Posts: 7
bump


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 9 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited