Kimi ga Yobu, Megiddo no Oka de
Posted: Wed Jul 20, 2011 1:05 am
Another archive, and I am not sure how to do some things
Actually, I found an extractor for it written in C++
http://asmodean.reverse.net/pages/exlac.html
So that tells me what the fields are, but I still can't get the script to work lol
Ok so some problems I have with syntax:
1: The filename is encrypted. They are XOR'd by FF (so I use the filexor command). However, this means that the entire string is XOR'd, so the actual string is not null-terminated anymore and I get some really weird filename with lots of 0xFF in the end.
The string length is variable, I want to XOR the string, but I want to preserve all the nullbytes as well. How to do this?
2: Here is a picture of the problem
I have inverted the string to get the filename, and you can see the start of the data block has a DDS, but there is a "DF" and a long before that.
That long is what I think is the size, because it has a "good" value for an image file.
So I will need to jump to this offset, record the size, skip a single byte to skip that DF, and then after that the rest is just saving the file normally.
The data might be encrypted, seeing how it doesn't look like a correct DDS.
I have attached a sample.
Actually, I found an extractor for it written in C++
http://asmodean.reverse.net/pages/exlac.html
So that tells me what the fields are, but I still can't get the script to work lol
Code: Select all
get idstring long
get files long
for i = 0 < files
filexor "0xFF"
getdstring name 0x1C
#get compressFlag (from the source code, don't know how to check this later)
get size long
get offset long
#some more stuff
log name offset [don't know how to get size]
next i
1: The filename is encrypted. They are XOR'd by FF (so I use the filexor command). However, this means that the entire string is XOR'd, so the actual string is not null-terminated anymore and I get some really weird filename with lots of 0xFF in the end.
The string length is variable, I want to XOR the string, but I want to preserve all the nullbytes as well. How to do this?
2: Here is a picture of the problem
I have inverted the string to get the filename, and you can see the start of the data block has a DDS, but there is a "DF" and a long before that.
That long is what I think is the size, because it has a "good" value for an image file.
So I will need to jump to this offset, record the size, skip a single byte to skip that DF, and then after that the rest is just saving the file normally.
The data might be encrypted, seeing how it doesn't look like a correct DDS.
I have attached a sample.