ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Mon Jun 14, 2021 10:23 pm

All times are UTC




Post new topic  Reply to topic  [ 82 posts ]  Go to page 1 2 3 4 5 Next
Author Message
PostPosted: Tue Sep 01, 2015 4:47 am 

Joined: Thu Apr 16, 2015 8:14 am
Posts: 8
MAD MAX released today, and it seems to have same ".arc/.tab" format as in Just Cause 2.

When I used aluigi's Just Cause 2 bms script :-

Code:
http://aluigi.altervista.org/papers/bms/justcause2.bms


then it unpacked more than 12 GB data for a 500 MB file from the game, and moreover it was still unpacking, so I had to cancel it.

Can someone please check this game files and hopefully write bms script/repacker for it :- Samples below :-

Code:
https://www.dropbox.com/s/hn2aruw62dffexz/madarc.zip?dl=0


NOTE: the above zip file contains 20MB data cut using file cutter from a 500MB archive from MAD MAX, so if any problem occurs then I can also upload the 500 MB file.


Top
   
PostPosted: Tue Sep 01, 2015 9:28 am 

Joined: Sun Aug 10, 2014 12:49 pm
Posts: 292
i could write repacker, just dont have a time to check if data are same from JC2. If aluigi check it and make correct bms scriopt i can write repacker from it i guess. :D


Top
   
PostPosted: Tue Sep 01, 2015 9:29 am 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1197
Try this one > http://svn.gib.me/builds/avalanche/aval ... 71_b56.zip


Top
   
PostPosted: Tue Sep 01, 2015 12:28 pm 

Joined: Sun Aug 24, 2014 5:26 pm
Posts: 233
.arc files looks like encrypted - http://puu.sh/jWbaT/fd4680b71a.png , http://puu.sh/jWb9k/2363cfb8ff.png


Top
   
PostPosted: Tue Sep 01, 2015 1:08 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1197
Can some one make EXE dump? (for dump use Scylla x64 > Run Game, Run Scylla, Select process and dump it)


Last edited by Ekey on Tue Sep 01, 2015 10:10 pm, edited 5 times in total.

Top
   
PostPosted: Tue Sep 01, 2015 1:32 pm 

Joined: Sun Aug 24, 2014 5:26 pm
Posts: 233
i don't have a game, but it uses new version of denuvo, so don't think it's possible to get a key.


Top
   
PostPosted: Tue Sep 01, 2015 1:35 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1197
Anyway files not encrypted, just compressed > DEFLATE


Top
   
PostPosted: Tue Sep 01, 2015 1:50 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1197
See below


Last edited by Ekey on Tue Sep 01, 2015 11:08 pm, edited 6 times in total.

Top
   
PostPosted: Tue Sep 01, 2015 1:58 pm 

Joined: Sun Aug 10, 2014 12:49 pm
Posts: 292
looks easy, no filenames ? Im uploading dump be here in a few mins... also why did u use deflate_noerror Ekey ?

EXE dump:
Code:
https://mega.nz/#!qpR3hDRb!e8j21FQsnIaJTvnPAp5V45CDtr5NtESPnaJF2JRdByE


Top
   
PostPosted: Tue Sep 01, 2015 3:15 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1197
michalss wrote:
looks easy, no filenames ?
EXE dump:
Code:
https://mega.nz/#!qpR3hDRb!e8j21FQsnIaJTvnPAp5V45CDtr5NtESPnaJF2JRdByE

Yeah no names. Need to find hash algorithm. Also some tab's have different structure.


Top
   
PostPosted: Tue Sep 01, 2015 9:49 pm 

Joined: Sun Aug 10, 2014 12:49 pm
Posts: 292
found the texts, al in files with magic FDA all over the archives :(, not good


Top
   
PostPosted: Tue Sep 01, 2015 10:19 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1197
Well what we have

Code:
struct TABHeader
{
   uint32_t   dwAlign; //?
   uint32_t   dwUnknown; //? can be 0,1,2,3,4,5.... and etc
};


Code:
struct TABEntry
{
   uint32_t   dwHash; // (Lookup3) https://github.com/akheron/jansson/blob/master/src/lookup3.h
   uint32_t   dwOffset;
   uint32_t   dwZSize;
   uint32_t   dwSize;
};


See below


Last edited by Ekey on Wed Sep 02, 2015 11:14 am, edited 2 times in total.

Top
   
PostPosted: Tue Sep 01, 2015 11:09 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1197
Ok, solved! :)

Code:
# Mad Max (ARC/TAB format) 0.0.2a
#
# Written by Ekey (h4x0r) / thx Haoose
#
# script for QuickBMS http://quickbms.aluigi.org

comtype deflate_noerror
open FDDE "tab" 0
open FDDE "arc" 1

get FILES asize
get ALIGN long
get ADDITIONAL long

if ADDITIONAL >= 0
for i = 0 < ADDITIONAL
   get IHASH long
   get ITYPE long
   savepos ITEMP
   if ITYPE == 2
      math ITEMP += 16
   elif ITYPE == 3
      math ITEMP += 24
   elif ITYPE == 4
      math ITEMP += 32
   elif ITYPE == 5
      math ITEMP += 40
   else
      print "Unsupported type %ITYPE%"
     cleanexit
   endif
   goto ITEMP
next i

savepos CUROFFSET
math FILES -= CUROFFSET
math FILES /= 16

for i = 0 < FILES
   get HASH long   
   get OFFSET long
   get ZSIZE long
   get SIZE long
   string NAME p= "%08X" HASH
   if ZSIZE == SIZE
      log NAME OFFSET SIZE 1
   else
      clog NAME OFFSET ZSIZE SIZE 1
   endif
next i


Last edited by Ekey on Wed Sep 02, 2015 9:14 am, edited 1 time in total.

Top
   
PostPosted: Wed Sep 02, 2015 1:29 am 

Joined: Sun Aug 24, 2014 8:54 am
Posts: 157
thx,but,script not support game1.arc,game1.tab


Top
   
PostPosted: Wed Sep 02, 2015 9:15 am 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1197
happyend wrote:
thx,but,script not support game1.arc,game1.tab

Updated script


Top
   
PostPosted: Wed Sep 02, 2015 11:37 am 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1197
Hash found it's Lookup3. Some progress Image

Image


Top
   
PostPosted: Wed Sep 02, 2015 7:21 pm 

Joined: Sun Aug 10, 2014 12:49 pm
Posts: 292
Ekey gonna make also repacker or just unpacker? Just want to know coz if you do then i dont need to :)


Top
   
PostPosted: Wed Sep 02, 2015 8:17 pm 

Joined: Sat Aug 09, 2014 2:34 pm
Posts: 1197
michalss wrote:
Ekey gonna make also repacker or just unpacker? Just want to know coz if you do then i dont need to :)

If you known mechanics for dwUnknown which is greater than 0 (because I do not understand what this) it is i guess yes.


Top
   
PostPosted: Thu Sep 03, 2015 12:44 pm 
User avatar

Joined: Fri Aug 07, 2015 3:21 pm
Posts: 9
Hi everyone,

i only found the script but not the unpacker with gui? Where to find?

How to repack these extracted files into the original files?

Thanks in advance and best regards


Top
   
PostPosted: Thu Sep 03, 2015 8:03 pm 
User avatar

Joined: Thu Aug 07, 2014 9:43 pm
Posts: 68
ShadowEagle wrote:
i only found the script but not the unpacker with gui? Where to find?

It is under development

_________________
-= GP-team =-
https://twitter.com/Haoose


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 82 posts ]  Go to page 1 2 3 4 5 Next

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited