XeNTaX

Game Research Forum
https://forum.xentax.com/

quickbms XOR and offset issue

https://forum.xentax.com/viewtopic.php?t=10157

Page 1 of 1

quickbms XOR and offset issue

Posted: Thu Feb 21, 2013 5:34 pm
by finale00
The archive I am looking at starts by storing its key in the first 16 bytes of the file.
It then gives you some info about the file table, and then the file entries themselves.

The file entries are encrypted using the 16-byte key that was read at the top.
Here is my script

Code: Select all

getdstring key 16
get FILES long
get entrySize long
get nameLen long
print "%key|16h%"
print %FILES%

for i = 0 < 1
    filexor key 
    get OFFSET long
    get SIZE long
    get null long
    get null long
    getdstring NAME 32
    print %NAME%
next i
But it's not xor'ing properly (or...at all)
What am I missing? I think I should have some sort of offset for the filexor command, but I've tried several offsets (like, where the entries begin) but no luck.

Here's the relevant header containing only one entry.

Re: quickbms XOR and offset issue

Posted: Mon Feb 25, 2013 4:33 pm
by Ekey
Would you give name of game.

Re: quickbms XOR and offset issue

Posted: Tue Feb 26, 2013 11:07 pm
by aluigi
because filexor wants the key as a sequence of numbers ("0x01 0x02 0x03").

I suggest you to build the key byte-per-byte:

Code: Select all

set KEY string ""
for i = 0 < 16
    get B byte
    string B p= " 0x%02x" B
    string KEY += B
next i
...
filexor KEY 0
the 0 after KEY means that the offset is 0 and not the current one

Re: quickbms XOR and offset issue

Posted: Fri Mar 01, 2013 6:21 pm
by finale00
Having another issue with filexor and offset with a different game.
Here is the script:

Code: Select all

# Touhou Gensoukyo Rensa

string KEY = "\x45\xE9\xE2\x15\xD2\x39\xB1\xB9\x18\x5F\xE4\xFA\xF9\xEF\x00\xC0\xC8\x64\xD0\xDF\x31\x0B\xF6\x8B\x60\x4D\x98\x64\x40\x5A\x24\x4B\x80\x5E\x40\xC0\xA2\x62\x04\x54\x52\xED\x34\x9D\x3E\xBE\x8D\xCD\x0D\x71\x7E\x71\x22\xC5\x18\x24\x48\x87\x29\xBE\x79\xD0\x80\x56\x7E\x14\xFB\x4B\xC8\x50\x00\xAC\xC8\x95\xEC\xF1\xDD\xE4\x9A\x2B\xC6\x1D\xCB\x34\xCD\x58\xE7\x83\x58\x1A\xE7\x2C\x0C\x4D\xA0\xB4\x80\x6D\x20\x06\x67\x89\xC0\xD3\x36\x40\xAF\x31\xDA\x4D\xF4\x62\x46\xA4\xE0\x74\x08\xF6\x3C\xD5\x92\x8D\x27\xFE\x50\xE9\xA4\xFE\xA0\xD6\x2F\x69\x98\xAD\x15\x10\x3C\x24\x2F\x12\x15\x76\xD6\x03\x9F\xAF\x0D\xA3\x64\xD8\x95\x65\xDA\x48\xC7\xE4\x6F\x36\x5D\xA7\x7A\x5A\x8B\x69\xE0\x43\x2C\x95\x47\x5A\x10\x3A\x0A\xB1\x9D\x94\xFB\x1D\xD8\xD3\x31\x71\xE9\x05\x56\x1A\x6F\xB6\x8D\x9A\xED\x86\xB6\x29\x02\xCD\x90\x3E\xDA\x2C\x9A\x7B\x23\x78\x83\x43\xB6\xAD\xC3\x36\xBB\x6C\x69\xF1\xE2\x60\xEF\xA7\x48\xFB\x92\x09\x7B\x20\x76\x3B\xA9\x83\xC3\x0D\x6D\x89\xBC\x27\x55\xA9\xBC\xB1\xAB\x90\x07\xF4\x52\xF8\x88\xB4\xF1\x1A\x74\x7B\x12\xCB\xBA\xDE\xA4\x1F"

idstring "CONTFILE"
get unk short
get FILES long
filexor KEY 14
for i = 0 < FILES
  
  getdstring NAME 16
  get SIZE long
  get OFFSET long
  
  putarray 0 i NAME
  putarray 1 i SIZE
  putarray 2 i OFFSET
next i

for i = 0 < 1
  getarray NAME 0 i
  getarray SIZE 1 i
  getarray OFFSET 2 i
 
  print "%NAME%, %OFFSET%, %SIZE%"
  filexor KEY OFFSET
  log NAME OFFSET SIZE
next i
The file table is read correctly, but the files are not being xor'd properly.
When I manualy copied bytes from the archive out using the size and offset, I ran the xor tool and they all were decrypted correctly, so I would conclude that the key restarts for each file.

Here is a sample: http://www.mediafire.com/?c6dwiksgwl2x2yi

Re: quickbms XOR and offset issue

Posted: Sat Mar 02, 2013 10:14 am
by aluigi
if you use " 0x" instead of "\x" it works.

at the moment I don't know why with \x it works the first time but doesn't work for all the other files :) maybe I will investigate

EDIT: I found the reason, fixing

Re: quickbms XOR and offset issue

Posted: Sat Mar 02, 2013 7:31 pm
by Ekey

Code: Select all

# Touhou Gensoukyo Rensa

set KEYNEW "0x45 0xE9 0xE2 0x15 0xD2 0x39 0xB1 0xB9 0x18 0x5F 0xE4 0xFA 0xF9 0xEF 0x00 0xC0 0xC8 0x64 0xD0 0xDF 0x31 0x0B 0xF6 0x8B 0x60 0x4D 0x98 0x64 0x40 0x5A 0x24 0x4B 0x80 0x5E 0x40 0xC0 0xA2 0x62 0x04 0x54 0x52 0xED 0x34 0x9D 0x3E 0xBE 0x8D 0xCD 0x0D 0x71 0x7E 0x71 0x22 0xC5 0x18 0x24 0x48 0x87 0x29 0xBE 0x79 0xD0 0x80 0x56 0x7E 0x14 0xFB 0x4B 0xC8 0x50 0x00 0xAC 0xC8 0x95 0xEC 0xF1 0xDD 0xE4 0x9A 0x2B 0xC6 0x1D 0xCB 0x34 0xCD 0x58 0xE7 0x83 0x58 0x1A 0xE7 0x2C 0x0C 0x4D 0xA0 0xB4 0x80 0x6D 0x20 0x06 0x67 0x89 0xC0 0xD3 0x36 0x40 0xAF 0x31 0xDA 0x4D 0xF4 0x62 0x46 0xA4 0xE0 0x74 0x08 0xF6 0x3C 0xD5 0x92 0x8D 0x27 0xFE 0x50 0xE9 0xA4 0xFE 0xA0 0xD6 0x2F 0x69 0x98 0xAD 0x15 0x10 0x3C 0x24 0x2F 0x12 0x15 0x76 0xD6 0x03 0x9F 0xAF 0x0D 0xA3 0x64 0xD8 0x95 0x65 0xDA 0x48 0xC7 0xE4 0x6F 0x36 0x5D 0xA7 0x7A 0x5A 0x8B 0x69 0xE0 0x43 0x2C 0x95 0x47 0x5A 0x10 0x3A 0x0A 0xB1 0x9D 0x94 0xFB 0x1D 0xD8 0xD3 0x31 0x71 0xE9 0x05 0x56 0x1A 0x6F 0xB6 0x8D 0x9A 0xED 0x86 0xB6 0x29 0x02 0xCD 0x90 0x3E 0xDA 0x2C 0x9A 0x7B 0x23 0x78 0x83 0x43 0xB6 0xAD 0xC3 0x36 0xBB 0x6C 0x69 0xF1 0xE2 0x60 0xEF 0xA7 0x48 0xFB 0x92 0x09 0x7B 0x20 0x76 0x3B 0xA9 0x83 0xC3 0x0D 0x6D 0x89 0xBC 0x27 0x55 0xA9 0xBC 0xB1 0xAB 0x90 0x07 0xF4 0x52 0xF8 0x88 0xB4 0xF1 0x1A 0x74 0x7B 0x12 0xCB 0xBA 0xDE 0xA4 0x1F"

idstring "CONTFILE"
get UNKNOWN short
get FILES long

for i = 0 < FILES
  filexor KEYNEW
  getdstring NAME 16
  get SIZE long
  get OFFSET long
  log NAME OFFSET SIZE
next i
Edited: aluigi outstripped me :)

Re: quickbms XOR and offset issue

Posted: Mon Mar 04, 2013 4:22 am
by finale00
This one decrypts the files as required

Code: Select all

# Touhou Gensoukyo Rensa

set KEYNEW "0x45 0xE9 0xE2 0x15 0xD2 0x39 0xB1 0xB9 0x18 0x5F 0xE4 0xFA 0xF9 0xEF 0x00 0xC0 0xC8 0x64 0xD0 0xDF 0x31 0x0B 0xF6 0x8B 0x60 0x4D 0x98 0x64 0x40 0x5A 0x24 0x4B 0x80 0x5E 0x40 0xC0 0xA2 0x62 0x04 0x54 0x52 0xED 0x34 0x9D 0x3E 0xBE 0x8D 0xCD 0x0D 0x71 0x7E 0x71 0x22 0xC5 0x18 0x24 0x48 0x87 0x29 0xBE 0x79 0xD0 0x80 0x56 0x7E 0x14 0xFB 0x4B 0xC8 0x50 0x00 0xAC 0xC8 0x95 0xEC 0xF1 0xDD 0xE4 0x9A 0x2B 0xC6 0x1D 0xCB 0x34 0xCD 0x58 0xE7 0x83 0x58 0x1A 0xE7 0x2C 0x0C 0x4D 0xA0 0xB4 0x80 0x6D 0x20 0x06 0x67 0x89 0xC0 0xD3 0x36 0x40 0xAF 0x31 0xDA 0x4D 0xF4 0x62 0x46 0xA4 0xE0 0x74 0x08 0xF6 0x3C 0xD5 0x92 0x8D 0x27 0xFE 0x50 0xE9 0xA4 0xFE 0xA0 0xD6 0x2F 0x69 0x98 0xAD 0x15 0x10 0x3C 0x24 0x2F 0x12 0x15 0x76 0xD6 0x03 0x9F 0xAF 0x0D 0xA3 0x64 0xD8 0x95 0x65 0xDA 0x48 0xC7 0xE4 0x6F 0x36 0x5D 0xA7 0x7A 0x5A 0x8B 0x69 0xE0 0x43 0x2C 0x95 0x47 0x5A 0x10 0x3A 0x0A 0xB1 0x9D 0x94 0xFB 0x1D 0xD8 0xD3 0x31 0x71 0xE9 0x05 0x56 0x1A 0x6F 0xB6 0x8D 0x9A 0xED 0x86 0xB6 0x29 0x02 0xCD 0x90 0x3E 0xDA 0x2C 0x9A 0x7B 0x23 0x78 0x83 0x43 0xB6 0xAD 0xC3 0x36 0xBB 0x6C 0x69 0xF1 0xE2 0x60 0xEF 0xA7 0x48 0xFB 0x92 0x09 0x7B 0x20 0x76 0x3B 0xA9 0x83 0xC3 0x0D 0x6D 0x89 0xBC 0x27 0x55 0xA9 0xBC 0xB1 0xAB 0x90 0x07 0xF4 0x52 0xF8 0x88 0xB4 0xF1 0x1A 0x74 0x7B 0x12 0xCB 0xBA 0xDE 0xA4 0x1F"

idstring "CONTFILE"
get UNKNOWN short
get FILES long

for i = 0 < FILES
  filexor KEYNEW 14
  getdstring NAME 16
  get SIZE long
  get OFFSET long
  filexor KEYNEW OFFSET
  log NAME OFFSET SIZE
next i
Since the XOR is relative to the beginning of each file.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited