Join also our Discord channel! Click here.

Counter-Strike Online 2 (.PKG) Archive

Read or post about compression. And decompression. Or ask questions how to decompress your files.
User avatar
cra0
ultra-veteran
ultra-veteran
Posts: 432
Joined: Fri Apr 27, 2012 9:37 am
Has thanked: 29 times
Been thanked: 184 times
Contact:

Counter-Strike Online 2 (.PKG) Archive

Post by cra0 » Wed Jan 08, 2014 2:13 pm

Counter-Strike Online2
I'm not sure if anyone has looked at this at all.
Image

Game: Counter-Strike Online2
Publisher: Nexon


EXE seems packed however you can dump it.
Image


PKG files seem encrypted has a MD5 filename hash at the top i think
Image


Only PKG reference I've found has one of the filenames hardcoded

Image

Which has some decrypt function linked to it.
Not sure if it's related
http://www.openssl.org/docs/crypto/EVP_EncryptInit.html
Image

EXE(PACKED)/(UNPACKED) plus pkg archives
https://www.dropbox.com/sh/dfs4mae81hi26mi/FLswZF_hvZ


Hope someone can help :P

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1711
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 81 times
Been thanked: 901 times

Re: Counter-Strike Online 2 (.PKG) Archive

Post by Ekey » Wed Jun 25, 2014 12:21 pm

Well 1b87c6b551e518d11114ee21b7645a47.pkg - Encrypted main file contained list of avaible PKGs.

Structure only for this file:

Code: Select all

struct PKGHeader
{
	WORD	dwVersion;  // 0x01 0x00
	BYTE	bEncryption;  // ID of encrypt algorithm ( 1 - AES-128-CBC , 0 - BlowFish-CBC )
	BYTE	bFlag;  // 6
	DWORD  dwDataSize;
};
Key generating automaticly

Code: Select all

const char * pPKGName = "1b87c6b551e518d11114ee21b7645a47.pkg";

int __cdecl FileSystem_Init(int bFlag, int bEncryption, const char *pPKGName, int pScrBuffer, int dwSize, int pDstBuffer)
{
  int result;
  char pKey[16] = { 0 };

  if ( FileSystem_MakeKey((signed int)&bEncryption, (int)&pKey, pPKGName) == 1 )
  {
    result = FileSystem_Decrypt((int)&bFlag, pScrBuffer, dwSize, (int)&pKey, pDstBuffer);
  }
  else
  {
    printf("Error: Unable generate key!\n");
    result = 0;
  }
  return result;
}
Default algorithm is AES-128 in CBC mode.

Code: Select all

FileSystem_Decrypt

	static unsigned char pKey[16] = {0x51, 0xFE, 0xAA, 0x02, 0x43, 0x0A, 0xFE, 0xC6, 0xC2, 0x9E, 0x24, 0x24, 0x2B, 0x99, 0xFF, 0x77};
	EVP_CIPHER_CTX ctx;
	EVP_CIPHER_CTX_init(&ctx);
	cipher = EVP_aes_128_cbc();

	EVP_DecryptInit(&ctx, cipher, pKey, 0);
	EVP_DecryptUpdate(&ctx, pBuffer, (int*)&PKGHeader.dwSize, pBuffer, PKGHeader.dwSize);
	EVP_DecryptFinal(&ctx, pBuffer, (int*)&PKGHeader.dwSize);
	EVP_CIPHER_CTX_cleanup(&ctx);
And we get decrypted variant > here

Other PKGs also encrypted with AES, Key and IV generated by other functions > it's MD5 + custom passwords > kbuj37shgh&@4n!2; and [wospo-02i after generating key and iv they converted to string and using as key and iv.
Last edited by Ekey on Wed Jun 25, 2014 1:23 pm, edited 2 times in total.

User avatar
cra0
ultra-veteran
ultra-veteran
Posts: 432
Joined: Fri Apr 27, 2012 9:37 am
Has thanked: 29 times
Been thanked: 184 times
Contact:

Re: Counter-Strike Online 2 (.PKG) Archive

Post by cra0 » Wed Jun 25, 2014 1:08 pm

Great work ekey

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1711
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 81 times
Been thanked: 901 times

Re: Counter-Strike Online 2 (.PKG) Archive

Post by Ekey » Wed Jun 25, 2014 2:16 pm

Okay, what's next!..... We need generate key and iv for decrypt PKG data's. How it work:

1 ) Get any PKG
2 ) Get name from full path
3 ) Set Password 1
4 ) Calculate MD5 hash for Password 1
5 ) Set Password 2
6 ) Calculate MD5 hash for Password 2
7 ) Convert Password 1 Hash to string
8 ) Convert Password 2 Hash to string
9 ) Set KEY and IV
10 ) Decrypt with AES
11 ) Profit :)

Example:

Code: Select all

p_PKG_Path = "e:\Games\Counter-Strike Online 2\Data\006c2458c2c24beb0b08e45e1ea3874e.pkg";
char* p_PKG_Name = "006c2458c2c24beb0b08e45e1ea3874e.pkg"
char* p_PKG_Password_1 = "kbuj37shgh&@4n!2;";
char* p_PKG_Password_2 = "[wospo-02i";
char* p_PKG_Set_Password_1 = p_PKG_Password_1 + p_PKG_Name;
char* p_PKG_Set_Password_2 = p_PKG_Password_2 + p_PKG_Name;
char* p_PKG_Hash_Password_1[16]; // 6f24769ebe7c9acc6328ad7d3be1ebc3
char* p_PKG_Hash_Password_2[16]; // 4422261f9839d54f7fece6448b062522
string p_PKG_Key;
string p_PKG_Iv;

1 ) Open -> p_PKG_Path
2 ) Get Name -> p_PKG_Name
3 ) Set Password 1 -> p_PKG_Set_Password_1
4 ) Get MD5 hash from Password 1 =
    
    MD5Init(&ctx);
    MD5Update(&ctx, p_PKG_Set_Password_1, strlen(p_PKG_Set_Password_1));
    MD5Final(p_PKG_Hash_Password_1, &ctx);
   
5 ) Set Password 2 -> p_PKG_Set_Password_2
6 ) Get MD5 hash from Password 2 =

    MD5Init(&ctx);
    MD5Update(&ctx, p_PKG_Set_Password_2, strlen(p_PKG_Set_Password_2));
    MD5Final(p_PKG_Hash_Password_2, &ctx);

7 ) p_PKG_Key = 6f24769ebe7c9acc6328ad7d3be1ebc3
8 ) p_PKG_Iv = 4422261f9839d54f7fece6448b062522
9 ) Set Key / Iv and Decrypt data =

    p_PKG_Iv = 4422261f9839d54f7fece6448b062522 -> 7fece6448b062522 - also need reverse
    p_PKG_Key  = 6f24769ebe7c9acc6328ad7d3be1ebc3 -> 6f24769ebe7c9acc

    >>> pkg_aes_decrypt(int ctx, int pKey, int*pIV, int dwKeySize, int dwBlockSize) <<<

    pkg_aes_init(&context, pKey, pIv, 16, 16);

10 ) Lalalala ...... Done :)
Result

Image
Last edited by Ekey on Thu Jun 26, 2014 11:23 pm, edited 2 times in total.

oamio
veteran
Posts: 98
Joined: Sun Mar 06, 2011 2:52 pm
Has thanked: 20 times
Been thanked: 8 times

Re: Counter-Strike Online 2 (.PKG) Archive

Post by oamio » Thu Jun 26, 2014 4:18 pm

Omg, very good Elky, cra0

User avatar
aluigi
VVIP member
VVIP member
Posts: 1917
Joined: Thu Dec 08, 2005 12:26 pm
Location: www.ZENHAX.com
Has thanked: 4 times
Been thanked: 645 times
Contact:

Re: Counter-Strike Online 2 (.PKG) Archive

Post by aluigi » Thu Jun 26, 2014 9:18 pm

@ekey can you take a look at the following script?
Unfortunately your examples don't match the steps you provide.

Code: Select all

get wVersion short
get bEncryption byte
get bFlag byte
get dwDataSize long

get p_PKG_Name filename
set p_PKG_Password_1 binary "hs2kbuj37shgh&@4n!2;"
set p_PKG_Password_2 binary "[wospo-02i"

string p_PKG_Set_Password_1 p= "%s%s" p_PKG_Password_1 p_PKG_Name
string p_PKG_Set_Password_2 p= "%s%s" p_PKG_Password_2 p_PKG_Name

encryption md5 p_PKG_Set_Password_1
print "%QUICKBMS_HEXHASH%"
string KEY l QUICKBMS_HEXHASH
string KEY >>= 16
print "key  %KEY% %p_PKG_Set_Password_1%"

encryption md5 p_PKG_Set_Password_2
print "%QUICKBMS_HEXHASH%"
string IVEC l QUICKBMS_HEXHASH
string IVEC << 16
#string IVEC r IVEC # reverse?
print "ivec %IVEC% %p_PKG_Set_Password_2%"

if bEncryption == 0
    encryption blowfish KEY IVEC
else
    encryption aes_128_cbc KEY IVEC
endif

savepos OFFSET
log "dump.dat" OFFSET dwDataSize

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1711
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 81 times
Been thanked: 901 times

Re: Counter-Strike Online 2 (.PKG) Archive

Post by Ekey » Thu Jun 26, 2014 10:53 pm

Well this part not needed because it's only for 1b87c6b551e518d11114ee21b7645a47.pkg

Code: Select all

get wVersion short
get bEncryption byte
get bFlag byte
get dwDataSize long
In other PKGs with datas > Header is 32 bytes - just md5 hash null terminated string of full file.

PS: and yes my bad > password 1 -> kbuj37shgh&@4n!2;

Code: Select all

--------------------------------------
- SCRIPT's MESSAGE:
  6F24769EBE7C9ACC6328AD7D3BE1EBC3

- SCRIPT's MESSAGE:
  key  6f24769ebe7c9acc kbuj37shgh&@4n!2;006c2458c2c24beb0b08e45e1ea3874e.pkg

- SCRIPT's MESSAGE:
  4422261F9839D54F7FECE6448B062522

- SCRIPT's MESSAGE:
  ivec 7fece6448b062522 [wospo-02i006c2458c2c24beb0b08e45e1ea3874e.pkg
Last edited by Ekey on Thu Jun 26, 2014 11:44 pm, edited 1 time in total.

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1711
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 81 times
Been thanked: 901 times

Re: Counter-Strike Online 2 (.PKG) Archive

Post by Ekey » Thu Jun 26, 2014 11:14 pm

Ok here correct one

Code: Select all

goto 0x21
savepos OFFSET
get SIZE asize
math SIZE -= 0x21

get p_PKG_Name filename
set p_PKG_Password_1 binary "kbuj37shgh&@4n!2;"
set p_PKG_Password_2 binary "[wospo-02i"
string p_PKG_Set_Password_1 p= "%s%s" p_PKG_Password_1 p_PKG_Name
string p_PKG_Set_Password_2 p= "%s%s" p_PKG_Password_2 p_PKG_Name

encryption md5 p_PKG_Set_Password_1
print "%QUICKBMS_HEXHASH%"
string KEY l QUICKBMS_HEXHASH
string KEY >>= 16
print "key  %KEY% %p_PKG_Set_Password_1%"

encryption md5 p_PKG_Set_Password_2
print "%QUICKBMS_HEXHASH%"
string IVEC l QUICKBMS_HEXHASH
string IVEC << 16
print "ivec %IVEC% %p_PKG_Set_Password_2%"

encryption aes_128_cbc KEY IVEC
log "dump.dat" OFFSET SIZE
After use script

Image

Simple PKG in attach
You do not have the required permissions to view the files attached to this post.

User avatar
aluigi
VVIP member
VVIP member
Posts: 1917
Joined: Thu Dec 08, 2005 12:26 pm
Location: www.ZENHAX.com
Has thanked: 4 times
Been thanked: 645 times
Contact:

Re: Counter-Strike Online 2 (.PKG) Archive

Post by aluigi » Fri Jun 27, 2014 10:43 am

Thanks for the update Ekey.
But there are still a couple of things that don't work:

1)
how to decrypt 1b87c6b551e518d11114ee21b7645a47.pkg?
I tried the following but doesn't work:

Code: Select all

encryption aes_128_ecb "\x51\xFE\xAA\x02\x43\x0A\xFE\xC6\xC2\x9E\x24\x24\x2B\x99\xFF\x77"
log "dump.dat" 8 0x100
2)
the files in the archives (like those in 006c2458c2c24beb0b08e45e1ea3874e.pkg) are encrypted

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1711
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 81 times
Been thanked: 901 times

Re: Counter-Strike Online 2 (.PKG) Archive

Post by Ekey » Fri Jun 27, 2014 11:11 am

aluigi wrote:Thanks for the update Ekey.
But there are still a couple of things that don't work:

1)
how to decrypt 1b87c6b551e518d11114ee21b7645a47.pkg?
I tried the following but doesn't work:

Code: Select all

encryption aes_128_ecb "\x51\xFE\xAA\x02\x43\x0A\xFE\xC6\xC2\x9E\x24\x24\x2B\x99\xFF\x77"
log "dump.dat" 8 0x100
Hm i will check it later.
aluigi wrote:2)
the files in the archives (like those in 006c2458c2c24beb0b08e45e1ea3874e.pkg) are encrypted
Yeah files inside also encrypted. I guess it's AES but not sure.

PS: Also it is necessary while decrypt need align the blocks by 16 bytes each. I use XySSL and for correct decrypt need set XYSSL_PADLOCK_C and YSSL_HAVE_X86, otherwise the first and the last block will be in the form of trash like this >
You do not have the required permissions to view the files attached to this post.

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1711
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 81 times
Been thanked: 901 times

Re: Counter-Strike Online 2 (.PKG) Archive

Post by Ekey » Fri Jun 27, 2014 5:38 pm

aluigi wrote:Thanks for the update Ekey.
But there are still a couple of things that don't work:

1)
how to decrypt 1b87c6b551e518d11114ee21b7645a47.pkg?
I tried the following but doesn't work:

Code: Select all

encryption aes_128_ecb "\x51\xFE\xAA\x02\x43\x0A\xFE\xC6\xC2\x9E\x24\x24\x2B\x99\xFF\x77"
log "dump.dat" 8 0x100
Strange because generated key is \x51\xFE\xAA\x02\x43\x0A\xFE\xC6\xC2\x9E\x24\x24\x2B\x99\xFF\x77
Try BlowFish :scaredy:
aluigi wrote:2)
the files in the archives (like those in 006c2458c2c24beb0b08e45e1ea3874e.pkg) are encrypted
Files data also encrypted with AES. As key using MD5 string from header ;)
You do not have the required permissions to view the files attached to this post.

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1711
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 81 times
Been thanked: 901 times

Re: Counter-Strike Online 2 (.PKG) Archive

Post by Ekey » Fri Jun 27, 2014 8:16 pm

:keke:
You do not have the required permissions to view the files attached to this post.

User avatar
cra0
ultra-veteran
ultra-veteran
Posts: 432
Joined: Fri Apr 27, 2012 9:37 am
Has thanked: 29 times
Been thanked: 184 times
Contact:

Re: Counter-Strike Online 2 (.PKG) Archive

Post by cra0 » Fri Jun 27, 2014 10:16 pm

11/10 Bravo

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1711
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 81 times
Been thanked: 901 times

Re: Counter-Strike Online 2 (.PKG) Archive

Post by Ekey » Fri Jun 27, 2014 11:00 pm

Well final : how file data decrypting? it's easyyyyyyyyyy :)

Example:

FileName: cstrike/materials/dev/identitylightwarp.vtf
Extract Filename from full path: > identitylightwarp.vtf
Split with Password_3 > 37uh@!jsn;b
You get filename like > 37uh@!jsn;bidentitylightwarp.vtf
Now calculate md5 hash
Set output hash as key and iv
Read file data
Set Key/IV
Decrypt data
Save data
Profit! huh! :]

Ekey
M-M-M-Monster veteran
M-M-M-Monster veteran
Posts: 1711
Joined: Wed Mar 31, 2010 6:54 am
Has thanked: 81 times
Been thanked: 901 times

Re: Counter-Strike Online 2 (.PKG) Archive

Post by Ekey » Fri Jun 27, 2014 11:45 pm

Okay. Unpacker for tests > here

Enjoy! :)

Post Reply