XeNTaX

aluigi

and why you use a memory_file?

filexor "stuff"
get DUMMY long
getdstring DUMMY 0x10
...

you don't need a memory_file

aluigi

oh well, I wrote a reply but the timedout login deleted it.

in short that thing it's caused by relocations (like aslr) and heap memory (allocations) so the solution is tracking the functions that read/create the memory and referring to the module base address for the relocations

aluigi

http://aluigi.org/papers/bms/others/jubeat.bms

aluigi

the only difference between demo and full version is that this second one doesn't use the additional scrambling/encryption on the files

aluigi

job done, script updated.

in short the additional encryption (gpe_decrypt_file.c) is applied only when "TYPE & 1"

aluigi

are you sure this is not related to this thread?
viewtopic.php?f=10&t=9349

aluigi

exe+file in pm

aluigi

that key is the result of an expansion (it's just a concatenation) and scrambling of the 0x84 bytes long key 98ru91nb98fH98ufkfQkRAnf09i09kmvVnSjzAc9iu28rir09akdnBCn289ua9f09aRFnf029ur09akQRtanmzlkAvjb983ur9jaopVAkfmlzrWknlRzxc90i3r09uqtARankfnQdf to a 1024 one using an algorithm similar to an rc4. ...

aluigi

that one is only a part of the job (it's just a simple xor that thing), anyway I did the job:
http://aluigi.org/papers/bms/gpeg.bms

aluigi

sure but not in the standard structure of the archive (the one used from NFS Shift), they may be contained in another file or even in the executable.
maybe even in the archive but probably in one of the files, not in its structure (I didn't see them)

aluigi

those are the names contained in the archive, personally I can't extract files with other names that I don't have or don't exist since it's not technically possible.

aluigi

isn't the Padding command enough for this job?
padding 4

note that the alignment calculation is made from offset 0.
the math command has the 'x' operator that does alignment works, for example:
math TMP = 7
math TMP x= 4
print "%TMP%"

aluigi

give me the name of one of these MAS, I have tried with evox.mas and everything worked correctly.
I'm using the latest simraceway.bms released some days ago: 0.2

aluigi

you can make the last part smaller removing filexor "" because doesn't get used and using do while: ... do filexor KEY NULLS get NSIZE byte getdstring NAME NSIZE get OFFSET long get SIZE long log NAME OFFSET SIZE savepos TMP while TMP < TABLESIZE I know that a "while {} do" would...

aluigi

just seen this new format with the signature 0x03040506 (probably used to control the endianess of the file):
http://aluigi.org/papers/bms/deadrising2_otr.bms

XeNTaX

XeNTaX

Search found 1910 matches

Re: Making memory file as "file 0"

Re: Need tips to analyze hacked memory pointers

Re: [PC]KONAMI Jubeat Ripples (.pak)

Re: grand prix evolution compressed files, encrypted?

Re: grand prix evolution compressed files, encrypted?

Re: Persona 4 Arena .PAC archive extracting

Re: grand prix evolution compressed files, encrypted?

Re: grand prix evolution compressed files, encrypted?

Re: grand prix evolution compressed files, encrypted?

Re: Project Cars

Re: Project Cars

Re: quickbms byte alignment

Re: Simraceway MAS

Re: Battle Hearts (*.DAT)

Dead Rising 2 Off-the-record (0x03040506)