Page 1 of 1

Basaltic Online

Posted: Thu Apr 28, 2011 1:59 am
by chrrox
The contents of this post was deleted because of possible forum rules violation.

Re: Basaltic Online

Posted: Thu Apr 28, 2011 11:33 am
by aluigi
the script for quickbms is the following, but I have no idea what's the algorithm for the obfuscated XML files:

Code: Select all

# Basaltic Online
# script for QuickBMS http://aluigi.org/papers.htm#quickbms

idstring "PAK\0"
goto 0x19
get OFFSET long
get SIZE long
get ZSIZE long
get BASE_OFF long
clog MEMORY_FILE OFFSET ZSIZE SIZE
set PATH string ""
set NAME string ""
callfunction EXTRACT

startfunction EXTRACT
    get FILES long MEMORY_FILE
    get FOLDERS long MEMORY_FILE
    get NAME string MEMORY_FILE
    string PATH += NAME
    string PATH += /

    for i = 0 < FOLDERS
        callfunction EXTRACT
    next i
    for i = 0 < FILES
        get OFFSET long MEMORY_FILE
        get SIZE long MEMORY_FILE
        get NAME string MEMORY_FILE
        math OFFSET += BASE_OFF
        set FNAME string PATH
        string FNAME += NAME
        log FNAME OFFSET SIZE
    next i
endfunction