READ THE RULES: Click here

Follow us on Facebook: https://www.facebook.com/xentax/ :)

ArcheAge Online

The Original Forum. Game archives, full of resources. How to open them? Get help here.
Post Reply
ehnoah
advanced
Posts: 70
Joined: Tue Feb 28, 2012 11:21 pm
Has thanked: 11 times
Been thanked: 4 times

ArcheAge Online

Post by ehnoah » Tue Feb 28, 2012 11:28 pm

Hey,

I searching help for a new upcoming MMO to open the PAK File.

The File is renamed by launcher to "game_pak" and it is ~ 18 GB big.

I want to open the Archive to translate the game to my native language :)

So if someone can maybe help me? :)

Thank's!

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1638
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 62 times
Been thanked: 821 times

Re: ArcheAge Online

Post by Ekey » Wed Feb 29, 2012 12:15 am

Cute ~2mb with File Cutter (attached)
You do not have the required permissions to view the files attached to this post.

ehnoah
advanced
Posts: 70
Joined: Tue Feb 28, 2012 11:21 pm
Has thanked: 11 times
Been thanked: 4 times

Re: ArcheAge Online

Post by ehnoah » Wed Feb 29, 2012 12:37 am

I think I should upload it so here I have:

It is cutted to 2 Mbit.

http://ul.to/kpf9tcpo

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1638
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 62 times
Been thanked: 821 times

Re: ArcheAge Online

Post by Ekey » Wed Feb 29, 2012 12:52 am

Hm PE file. It's setup or all pack's (resource) stored in main exe :)

Image
Last edited by Ekey on Thu Mar 01, 2012 10:53 pm, edited 2 times in total.

ehnoah
advanced
Posts: 70
Joined: Tue Feb 28, 2012 11:21 pm
Has thanked: 11 times
Been thanked: 4 times

Re: ArcheAge Online

Post by ehnoah » Wed Feb 29, 2012 7:37 am

Hey,

Shall I upload ArcheAge.exe + DDL's too?

Sorry I am not a real pro :)
I am very happy that you help me :)

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1638
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 62 times
Been thanked: 821 times

Re: ArcheAge Online

Post by Ekey » Wed Feb 29, 2012 8:37 am

I downloading client now.

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1638
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 62 times
Been thanked: 821 times

Re: ArcheAge Online

Post by Ekey » Wed Feb 29, 2012 7:59 pm

So some table, strings contained in SQLite format 3.

Code: Select all

"game\db\game.sqlite3"
File encrypted with AES-128-CFB -> xlcommon.dll

Code: Select all

void __cdecl aes_crypt_cbc(struct aes_context *,int,int,unsigned char * const,unsigned char *,unsigned char *)
void __cdecl aes_crypt_cbc_signed(struct aes_context *,int,int,char * const,char const *,char *)
void __cdecl aes_crypt_cfb128(struct aes_context *,int,int,int *,unsigned char * const,unsigned char *,unsigned char *)
void __cdecl aes_crypt_ecb(struct aes_context *,int,unsigned char * const,unsigned char * const)
void __cdecl aes_setkey_dec(struct aes_context *,unsigned char *,int)
void __cdecl aes_setkey_dec_signed(struct aes_context *,char const *,int)
void __cdecl aes_setkey_enc(struct aes_context *,unsigned char *,int)
void __cdecl aes_setkey_enc_signed(struct aes_context *,char const *,int)
functions obfuscated.

If someone manages to come somehow miraculously pull the keys here is the ecrypted game.sqlite3
Last edited by Ekey on Fri Mar 02, 2012 1:51 pm, edited 1 time in total.

User avatar
aluigi
VVIP member
VVIP member
Posts: 1917
Joined: Thu Dec 08, 2005 12:26 pm
Location: www.ZENHAX.com
Has thanked: 4 times
Been thanked: 644 times
Contact:

Re: ArcheAge Online

Post by aluigi » Wed Feb 29, 2012 10:19 pm

why don't you put a breakpoint on aes_setkey_dec when the game starts?
the raw alternative is placing the byte 0xcc with a hex editor and then waiting the popup of the debugger

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1638
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 62 times
Been thanked: 821 times

Re: ArcheAge Online

Post by Ekey » Thu Mar 01, 2012 12:28 pm

I do not have enough time for reversing. aluigi maybe can look ;) ?
Binaries here + removed HSHield which prevents debugging.
PS: Worked without game.pak

Open "Bin32\archeage.exe"
F9 (Run)
F12 (Pause)
CTRL+G (for following address 33014D50 (aes_setkey_dec))
F2 (Breakpoint)
F9 (Run)

ehnoah
advanced
Posts: 70
Joined: Tue Feb 28, 2012 11:21 pm
Has thanked: 11 times
Been thanked: 4 times

Re: ArcheAge Online

Post by ehnoah » Thu Mar 01, 2012 12:41 pm

Exe is Themidia locked too.

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1638
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 62 times
Been thanked: 821 times

Re: ArcheAge Online

Post by Ekey » Thu Mar 01, 2012 12:43 pm

Game binaries not packed, packed only HSHield modules (Themida)

ehnoah
advanced
Posts: 70
Joined: Tue Feb 28, 2012 11:21 pm
Has thanked: 11 times
Been thanked: 4 times

Re: ArcheAge Online

Post by ehnoah » Thu Mar 01, 2012 4:38 pm

Edited
Last edited by ehnoah on Mon Aug 06, 2012 1:57 pm, edited 1 time in total.

User avatar
aluigi
VVIP member
VVIP member
Posts: 1917
Joined: Thu Dec 08, 2005 12:26 pm
Location: www.ZENHAX.com
Has thanked: 4 times
Been thanked: 644 times
Contact:

Re: ArcheAge Online

Post by aluigi » Thu Mar 01, 2012 7:10 pm

@Ekey
you have a working environment (here doesn't work) and you have already done everything.
there is nothing to reverse, when the debugger breaks take a look at argument 2 and 3 of the stack:
- the first is the key
- the second is the length of the key (probably multiplied by 8)

ehnoah
advanced
Posts: 70
Joined: Tue Feb 28, 2012 11:21 pm
Has thanked: 11 times
Been thanked: 4 times

Re: ArcheAge Online

Post by ehnoah » Thu Mar 01, 2012 8:16 pm

Hey,

i am a real noob but:

I step over from this Point out and that I get:

ARG 3 = 80

Stack (0018E9c8) = 00040002
ECX=00000080 (decimal 128.)


ARG 2 = x2game.8982F9AC

Stack (0018E9C4) = 0
EAX=x2game.3982F9AC (I goed to x2game at 3982F9AC = Imm=04)

ARG 1 = 10E9D4

Stack (0018E9C0)=06CF0B88
ECX=0018E904


hope this help 's *g*

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1638
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 62 times
Been thanked: 821 times

Re: ArcheAge Online

Post by Ekey » Thu Mar 01, 2012 10:53 pm

I hope this is what you need

http://img62.imageshack.us/img62/1862/aeskeys.png

used the reading pack

AES_SETKEY_DEC and "\x1F\xD3\xFC\xAD\xCE\x70\xDF\x51\x72\x3A\x9E\x5F\x1E\x52\x07\x11\x1C\xD3\x12\xBC\xE3\x51\x08\x7E\xAC\x69\xDF\xFE\xF5\xBE\x18\x70"

http://img828.imageshack.us/img828/2880 ... empak1.png
http://img710.imageshack.us/img710/939/ ... empak2.png
http://img94.imageshack.us/img94/3084/crysystempak3.png
You do not have the required permissions to view the files attached to this post.

Post Reply