ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Tue Oct 16, 2018 4:11 am

All times are UTC




Post new topic  Reply to topic  [ 56 posts ]  Go to page Previous 1 2 3 Next
Author Message
 Post subject: Re: Destiny 2 PKG
PostPosted: Fri Sep 01, 2017 2:14 pm 

Joined: Sun Mar 27, 2016 7:20 pm
Posts: 11
It's AES-GCM with one of two static 128 bit keys (a flag in the block table entry indicates which to use). The 12 byte nonce is initialized using some static data, then modified with package ID and a constant that matches the pkg version or whatever it is. The authentication tag is the last 16 bytes in the block table entry.

I've managed to decrypt and decompress some data earlier and just need to make a usable tool.

Attached the source for a simple extraction tool with the keys and nonce stripped.


Attachments:
SourcePublic_v2.cpp [18 KiB]
Downloaded 336 times


Last edited by Sir Kane on Thu Jan 04, 2018 6:06 pm, edited 1 time in total.
Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Mon Sep 04, 2017 1:51 pm 

Joined: Sat Sep 02, 2017 10:00 pm
Posts: 6
Sir Kane wrote:
It's AES-GCM with one of two static 128 bit keys (a flag in the block table entry indicates which to use). The 12 byte nonce is initialized using some static data, then modified with package ID and a constant that matches the pkg version or whatever it is. The authentication tag is the last 16 bytes in the block table entry.

I've managed to decrypt and decompress some data earlier and just need to make a usable tool.

Attached the source for a simple extraction tool with the keys and nonce stripped.


works like a charm! honestly, that is great work on how quick you managed find out how the decryption works.
now i assume a specific amount of files will add up to one "real" file? like if i extracted 10 files with 1kb each they would have to be merged in order to be complete?


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Mon Sep 04, 2017 2:49 pm 

Joined: Sun Mar 20, 2016 10:25 pm
Posts: 26
Ginsor wrote:
Sir Kane wrote:
It's AES-GCM with one of two static 128 bit keys (a flag in the block table entry indicates which to use). The 12 byte nonce is initialized using some static data, then modified with package ID and a constant that matches the pkg version or whatever it is. The authentication tag is the last 16 bytes in the block table entry.

I've managed to decrypt and decompress some data earlier and just need to make a usable tool.

Attached the source for a simple extraction tool with the keys and nonce stripped.


works like a charm! honestly, that is great work on how quick you managed find out how the decryption works.
now i assume a specific amount of files will add up to one "real" file? like if i extracted 10 files with 1kb each they would have to be merged in order to be complete?


No, the way the game works is all of the entry data is concatenated into blocks. Those blocks were encrypted / compressed (Encryption = AES, Decompress = Oodle). The entry table points to entries within the final decompressed block buffer, so, all of the entries you see are single file entries for each package file. Pretty simple format, pretty similar to Destiny 1's package format.


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Fri Sep 15, 2017 4:37 am 

Joined: Fri Sep 15, 2017 4:30 am
Posts: 1
What sort of data is available in the decrypted chunks? is there anything like item/ability/etc data or is it all just assets? and any hints on where to look for the nonce?


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Fri Sep 15, 2017 8:56 pm 

Joined: Fri Mar 17, 2017 9:41 pm
Posts: 14
Hello :roll: ,

I'm not a developer, i have try to attached the file with VisualStudio to some extractor program. :roll:
But no success, sorry in advance for the noob question... I'm a beginner.
I do not know how to run this tool :oops: , Can you help me with a little tutorial please. :mrgreen:

Best Regards


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Fri Sep 15, 2017 10:07 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 9037
I can try to write a quickbms script if someone can provide the aes keys and the nonce


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Tue Sep 19, 2017 5:17 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 9037
I leave my converted script here:
http://aluigi.org/bms/destiny2.bms

Obviously it has NOT been tested and it's probably wrong, in fact many files are just 1 byte and only the 24% of the decompressed filesystem is parsed, tested with one of the provided samples (with decryption disabled obviously).
I guess there is a problem in how the bitfields of the entries are read but the offsets/next_offsets and the sizes match, feel free to check and fix it.


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Thu Oct 19, 2017 2:39 am 

Joined: Thu Oct 19, 2017 2:35 am
Posts: 1
Preloading for the retail version went live today. I can launch the executable and arrive at the loadscreen. Not sure how to grab the AES/Nonce keys so I'd appreciate a bit of help there.


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Sun Oct 22, 2017 4:01 pm 

Joined: Fri Mar 17, 2017 9:41 pm
Posts: 14
+1 =)


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Wed Oct 25, 2017 3:24 pm 

Joined: Wed Oct 25, 2017 3:22 pm
Posts: 4
Sir Kane wrote:
It's AES-GCM with one of two static 128 bit keys (a flag in the block table entry indicates which to use). The 12 byte nonce is initialized using some static data, then modified with package ID and a constant that matches the pkg version or whatever it is. The authentication tag is the last 16 bytes in the block table entry.

I've managed to decrypt and decompress some data earlier and just need to make a usable tool.

Attached the source for a simple extraction tool with the keys and nonce stripped.


This is SO HELPFUL!
I'm working on the oo2core_3_win64.dll trying to create a process dump with tagging to pull out the keys.
Any way you wouldn't mind PMing the keys to add into the code? :mrgreen:

GL ALL


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Wed Oct 25, 2017 3:32 pm 

Joined: Wed Oct 25, 2017 3:22 pm
Posts: 4
Untested: Destiny2ools looks like it can extract files from memory during play
https://github.com/Ernegien/Destiny2ools


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Mon Oct 30, 2017 7:50 pm 

Joined: Sun Mar 27, 2016 7:20 pm
Posts: 11
I just checked, the beta keys/nonce init values don't work anymore.


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Tue Oct 31, 2017 4:20 pm 

Joined: Sat Sep 02, 2017 10:00 pm
Posts: 6
Sir Kane wrote:
I just checked, the beta keys/nonce init values don't work anymore.


hmm for most of the packages it still works for me. just for some (especially the smaller sized ones) it cant read the entry block data.


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Tue Oct 31, 2017 8:51 pm 

Joined: Wed Oct 25, 2017 3:22 pm
Posts: 4
Sir Kane wrote:
I just checked, the beta keys/nonce init values don't work anymore.


Could you PM me your beta keys so I can cross check the decompiled beta exe to my decompiled retail for the new keys/nonce?


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Wed Nov 01, 2017 9:21 pm 

Joined: Wed Oct 25, 2017 3:22 pm
Posts: 4
aluigi wrote:
I leave my converted script here:
http://aluigi.org/bms/destiny2.bms

Obviously it has NOT been tested and it's probably wrong, in fact many files are just 1 byte and only the 24% of the decompressed filesystem is parsed, tested with one of the provided samples (with decryption disabled obviously).
I guess there is a problem in how the bitfields of the entries are read but the offsets/next_offsets and the sizes match, feel free to check and fix it.


Still a WIP but I've been pulling AES Keys from Destiny2.exe out of memory at kernel mode.

Destiny 2 Beta:
[000000E44DBEE3C0] AES-256 decryption key: c7edbcad64907d8372d20872e011efe6b4163a5196f5c4f7fe2f68e78097a1a0

Destiny 2 Retail:
[000001D40800B220] AES-256 decryption key: 7a7a2230aae9fa491356143cf0de95c819d21106ff8a010de2f600eaf241cffa
[000001D4FF084060] AES-256 decryption key: c465a7db48eea10f5d38993505cb60d20fa106f7c78529fc6b0034f0eaa07093


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Sat Nov 04, 2017 4:51 pm 

Joined: Sat Nov 04, 2017 4:49 pm
Posts: 3
Following this post with intrigue.
Just installed my copy of Destiny 2 on PC, and ready to grab that awesome music from it :)

There is a guy on the destiny reddit that appears to have datamined it already 'TheEcumene' - https://www.reddit.com/r/DestinyTheGame ... _spoilers/
Maybe they can help?


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Thu Jan 04, 2018 11:45 am 

Joined: Wed Jan 03, 2018 8:53 pm
Posts: 1
Can someone provide info about keys and nounce or how to obtain them?
Thank You!


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Thu Jan 04, 2018 6:16 pm 

Joined: Sun Mar 27, 2016 7:20 pm
Posts: 11
I was wrong about the keys/nonce having changed, they turned out to be the same as beta. The code just needed to deal with patch archives.

The files reference other files via a package ID and entry index packed into an uint32_t:
Code:
EntryID = (handle & 0x1FFF)
PkgID = (handle >> 13) & 0x3FF

Here's an example:
Code:
0x80A02446 & 0x1FFF = 0x446 (1094)
(0x80A02446 >> 13) & 0x1FF = 0x101


The localized text is obfuscated using a simple additive cipher.

I attached the updated code that works with the release version of the game.


Attachments:
SourcePublic_v2.cpp [18 KiB]
Downloaded 313 times
Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Sun Mar 11, 2018 12:59 pm 

Joined: Tue Mar 06, 2018 1:46 pm
Posts: 2
I'm very interested in these files. If anyone could help me understand how to find the keys/nonce I would greatly appreciate it.


Top
   
 Post subject: Re: Destiny 2 PKG
PostPosted: Mon Mar 12, 2018 8:48 am 

Joined: Mon Sep 01, 2014 7:19 pm
Posts: 34
Yes, I'm also very interested in destinty 2. Does anyone was acrually able to extract 3d models/textures? If someone could explain how to extract files from .pkg or could provide some samples of 3d model files, that would be great! Thank you :)


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 56 posts ]  Go to page Previous 1 2 3 Next

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited