ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Sat Oct 23, 2021 2:11 am

All times are UTC




Post new topic  Reply to topic  [ 11 posts ] 
Author Message
 Post subject: Obfuscation algorithm
PostPosted: Tue Aug 17, 2021 11:31 pm 

Joined: Mon Jul 19, 2021 12:48 am
Posts: 11
Is it possible to work out an obfuscation algorithm by comparing an obfuscated and deobfuscated version of the same file,
then use that algorithm to deobfuscate other files?


Top
   
PostPosted: Wed Aug 18, 2021 8:59 am 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 225
It's possible but usually only works for basic algo's or things that have known header data that is easy to spot (or something similar). Otherwise, it generally requires looking at the actual code to see how the files are being used/loaded/etc. to figure out the algo.

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Wed Oct 13, 2021 12:17 am 

Joined: Mon Jul 19, 2021 12:48 am
Posts: 11
If I upload an obfuscated file, would you be able to help identify the algorithm?


Top
   
PostPosted: Wed Oct 13, 2021 10:11 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 12549
Try.
And please also specify the name of the game.


Top
   
PostPosted: Wed Oct 13, 2021 1:33 pm 

Joined: Mon Jul 19, 2021 12:48 am
Posts: 11
The game is the Japanese version of Way of the Samurai 2 Special Edition/Samurai Dou 2 Kettouban [SLPM_742.09] for the PS2.

Obfuscated file.
https://www.solidfiles.com/v/DeN2YP4reZxpk


Top
   
PostPosted: Wed Oct 13, 2021 6:20 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 12549
It's like a sort of sequence of various data all starting with a 'J' followed by a filename like "JP\task\normal_beginner_area_a.bin".

I don't know if the data is obfuscated or compressed, or maybe that's a weird format.


Top
   
PostPosted: Thu Oct 14, 2021 12:10 am 

Joined: Mon Jul 19, 2021 12:48 am
Posts: 11
Is the "J" included in "JP\task\*", or is it a seperate one followed by the file name?

Here's the deobfuscated/decompressed/decrypted version of the file from the Japanese version of Way of the Samurai 2 Portable/Samurai Dou 2 Po-taburu [ULJS-00217] for the PSP.
https://www.solidfiles.com/v/nk3Q8Z25BNpRz

You can see lines of NPC dialogue in this one which are readable, whereas if you go to the same line in the first version of the file, it's unreadable.
e.g. at 0000077C the dialogue "おや、お侍さん 天原は初めてかい?".

Perhaps comparing the two versions will make it easier to identify the algorithm making the first version of the file unreadable.


Top
   
PostPosted: Thu Oct 14, 2021 12:37 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 12549
Ok, found it's lzss compression.

This script will automatically dump all the files contained in the BIN, the last file doesn't have any name:
Code:
# Way of the Samurai 2 BIN

comtype lzss0
get BIN_SIZE asize
math OFFSET = 0
do
    findloc NEXT_OFF binary JP\\ 0 ""
    if NEXT_OFF == ""
        math NEXT_OFF = BIN_SIZE
        set NAME string ""
    else
        goto NEXT_OFF
        get NAME string
    endif

    xmath SIZE "NEXT_OFF - OFFSET"
    xmath XSIZE "SIZE * 10"
    clog NAME OFFSET SIZE XSIZE

    goto NEXT_OFF
    padding 0x800
    savepos OFFSET
while OFFSET < BIN_SIZE


Top
   
PostPosted: Sat Oct 16, 2021 12:42 am 

Joined: Mon Jul 19, 2021 12:48 am
Posts: 11
Thanks, worked with everything except that one nameless file. Any idea what that one could be? A header file perhaps?

I was hoping that by figuring out the algorithm, I could then apply it to other files and decompress them, but unfortunately when I use it on the desired file
it extracts multiple files, but they are still unreadable.

Do you mind if I upload this file for you to analyze?


Top
   
PostPosted: Sat Oct 16, 2021 8:01 am 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 12549
I can't help with the decompressed data


Top
   
PostPosted: Sun Oct 17, 2021 12:22 am 

Joined: Mon Jul 19, 2021 12:48 am
Posts: 11
Are you referring to the nameless file?

The other file I'm suggesting for upload is compressed.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 11 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited