XeNTaX Forum Index
Forum MultiEx Commander Tools Tools Home
It is currently Sun Oct 21, 2018 9:04 am

All times are UTC + 1 hour


Forum rules


Please click here to view the forum rules



Post new topic Reply to topic  [ 132 posts ]  Go to page 1, 2, 3, 4, 5 ... 9  Next
Author Message
 Post subject: ArcheAge Online
PostPosted: Tue Feb 28, 2012 11:28 pm 
Offline
advanced

Joined: Tue Feb 28, 2012 11:21 pm
Posts: 70
Has thanked: 11 times
Have thanks: 3 times














You can make the ads go away by registering

Hey,

I searching help for a new upcoming MMO to open the PAK File.

The File is renamed by launcher to "game_pak" and it is ~ 18 GB big.

I want to open the Archive to translate the game to my native language :)

So if someone can maybe help me? :)

Thank's!


Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Wed Feb 29, 2012 12:15 am 
Offline
M-M-M-Monster veteran
M-M-M-Monster veteran

Joined: Wed Mar 31, 2010 6:54 am
Posts: 1627
Has thanked: 61 times
Have thanks: 784 times
Cute ~2mb with File Cutter (attached)


Attachments:


You do not have the required permissions to view the files attached to this post. Register to gain access.



Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Wed Feb 29, 2012 12:37 am 
Offline
advanced

Joined: Tue Feb 28, 2012 11:21 pm
Posts: 70
Has thanked: 11 times
Have thanks: 3 times
I think I should upload it so here I have:

It is cutted to 2 Mbit.

http://ul.to/kpf9tcpo


Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Wed Feb 29, 2012 12:52 am 
Offline
M-M-M-Monster veteran
M-M-M-Monster veteran

Joined: Wed Mar 31, 2010 6:54 am
Posts: 1627
Has thanked: 61 times
Have thanks: 784 times
Hm PE file. It's setup or all pack's (resource) stored in main exe :)

Image


Last edited by Ekey on Thu Mar 01, 2012 10:53 pm, edited 2 times in total.

Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Wed Feb 29, 2012 7:37 am 
Offline
advanced

Joined: Tue Feb 28, 2012 11:21 pm
Posts: 70
Has thanked: 11 times
Have thanks: 3 times
Hey,

Shall I upload ArcheAge.exe + DDL's too?

Sorry I am not a real pro :)
I am very happy that you help me :)


Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Wed Feb 29, 2012 8:37 am 
Offline
M-M-M-Monster veteran
M-M-M-Monster veteran

Joined: Wed Mar 31, 2010 6:54 am
Posts: 1627
Has thanked: 61 times
Have thanks: 784 times
I downloading client now.


Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Wed Feb 29, 2012 7:59 pm 
Offline
M-M-M-Monster veteran
M-M-M-Monster veteran

Joined: Wed Mar 31, 2010 6:54 am
Posts: 1627
Has thanked: 61 times
Have thanks: 784 times
So some table, strings contained in SQLite format 3.

Code:
"game\db\game.sqlite3"


File encrypted with AES-128-CFB -> xlcommon.dll

Code:
void __cdecl aes_crypt_cbc(struct aes_context *,int,int,unsigned char * const,unsigned char *,unsigned char *)
void __cdecl aes_crypt_cbc_signed(struct aes_context *,int,int,char * const,char const *,char *)
void __cdecl aes_crypt_cfb128(struct aes_context *,int,int,int *,unsigned char * const,unsigned char *,unsigned char *)
void __cdecl aes_crypt_ecb(struct aes_context *,int,unsigned char * const,unsigned char * const)
void __cdecl aes_setkey_dec(struct aes_context *,unsigned char *,int)
void __cdecl aes_setkey_dec_signed(struct aes_context *,char const *,int)
void __cdecl aes_setkey_enc(struct aes_context *,unsigned char *,int)
void __cdecl aes_setkey_enc_signed(struct aes_context *,char const *,int)


functions obfuscated.

If someone manages to come somehow miraculously pull the keys here is the ecrypted game.sqlite3


Last edited by Ekey on Fri Mar 02, 2012 1:51 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Wed Feb 29, 2012 10:19 pm 
Offline
VVIP member
VVIP member
User avatar

Joined: Thu Dec 08, 2005 12:26 pm
Posts: 1925
Location: www.ZENHAX.com
Has thanked: 4 times
Have thanks: 644 times
why don't you put a breakpoint on aes_setkey_dec when the game starts?
the raw alternative is placing the byte 0xcc with a hex editor and then waiting the popup of the debugger


Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Thu Mar 01, 2012 12:28 pm 
Offline
M-M-M-Monster veteran
M-M-M-Monster veteran

Joined: Wed Mar 31, 2010 6:54 am
Posts: 1627
Has thanked: 61 times
Have thanks: 784 times
I do not have enough time for reversing. aluigi maybe can look ;) ?
Binaries here + removed HSHield which prevents debugging.
PS: Worked without game.pak

Open "Bin32\archeage.exe"
F9 (Run)
F12 (Pause)
CTRL+G (for following address 33014D50 (aes_setkey_dec))
F2 (Breakpoint)
F9 (Run)


Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Thu Mar 01, 2012 12:41 pm 
Offline
advanced

Joined: Tue Feb 28, 2012 11:21 pm
Posts: 70
Has thanked: 11 times
Have thanks: 3 times
Exe is Themidia locked too.


Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Thu Mar 01, 2012 12:43 pm 
Offline
M-M-M-Monster veteran
M-M-M-Monster veteran

Joined: Wed Mar 31, 2010 6:54 am
Posts: 1627
Has thanked: 61 times
Have thanks: 784 times
Game binaries not packed, packed only HSHield modules (Themida)


Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Thu Mar 01, 2012 4:38 pm 
Offline
advanced

Joined: Tue Feb 28, 2012 11:21 pm
Posts: 70
Has thanked: 11 times
Have thanks: 3 times
Edited


Last edited by ehnoah on Mon Aug 06, 2012 1:57 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Thu Mar 01, 2012 7:10 pm 
Offline
VVIP member
VVIP member
User avatar

Joined: Thu Dec 08, 2005 12:26 pm
Posts: 1925
Location: www.ZENHAX.com
Has thanked: 4 times
Have thanks: 644 times
@Ekey
you have a working environment (here doesn't work) and you have already done everything.
there is nothing to reverse, when the debugger breaks take a look at argument 2 and 3 of the stack:
- the first is the key
- the second is the length of the key (probably multiplied by 8)


Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Thu Mar 01, 2012 8:16 pm 
Offline
advanced

Joined: Tue Feb 28, 2012 11:21 pm
Posts: 70
Has thanked: 11 times
Have thanks: 3 times
Hey,

i am a real noob but:

I step over from this Point out and that I get:

ARG 3 = 80

Stack (0018E9c8) = 00040002
ECX=00000080 (decimal 128.)


ARG 2 = x2game.8982F9AC

Stack (0018E9C4) = 0
EAX=x2game.3982F9AC (I goed to x2game at 3982F9AC = Imm=04)

ARG 1 = 10E9D4

Stack (0018E9C0)=06CF0B88
ECX=0018E904


hope this help 's *g*


Top
 Profile  
 
 Post subject: Re: ArcheAge Online
PostPosted: Thu Mar 01, 2012 10:53 pm 
Offline
M-M-M-Monster veteran
M-M-M-Monster veteran

Joined: Wed Mar 31, 2010 6:54 am
Posts: 1627
Has thanked: 61 times
Have thanks: 784 times
I hope this is what you need

http://img62.imageshack.us/img62/1862/aeskeys.png

used the reading pack

AES_SETKEY_DEC and "\x1F\xD3\xFC\xAD\xCE\x70\xDF\x51\x72\x3A\x9E\x5F\x1E\x52\x07\x11\x1C\xD3\x12\xBC\xE3\x51\x08\x7E\xAC\x69\xDF\xFE\xF5\xBE\x18\x70"

http://img828.imageshack.us/img828/2880 ... empak1.png
http://img710.imageshack.us/img710/939/ ... empak2.png
http://img94.imageshack.us/img94/3084/crysystempak3.png


Attachments:


You do not have the required permissions to view the files attached to this post. Register to gain access.



Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 132 posts ]  Go to page 1, 2, 3, 4, 5 ... 9  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group