Download at the blog: blog/?p=1177
It's basically a ZIP file, but with different signatures and encrypted file headers. Instead of "PK\x03\x04" for each file header, you've got "SB" followed by a short of the header length. Not sure why they did it that way, but that's how it works. Oddly enough, the compressed data is not encrypted, so just copy that verbatim. Near the end you'll find the central ZIP directory, which starts with "SDIR", and goes on until the end of the file. Note this directory is a single block instead of the many repeating blocks you find in a normal .zip file. Everything after the "SDIR" is encrypted, so to get this block back just write "PK\x01\x02" to your output and dump the decrypted block to it. No need to differentiate between a central directory entry and the end-of-central-directory block. Regarding the encryption, it's just scrolling XOR, with the file name being the key.
- Initial release