Can't decrypt this games files.

[Cat-gamer]

Hi,
So for a while now I have been trying to get at the sounds in this game because I really, really want to listen to them.
First, the game is at:
https://www.dropbox.com/sh/t1k8j6efph5k ... McRaa?dl=0
It's a folder, the sounds are in data\sounds.dat and this game is for windows, it works on windows 7 both 32 and 64 bit.
I do know the sounds.dat archive is a DPMX archive made by hot soup processor.
There's also a dpmx.txt quickbms script in the main folder, which can extract the archive, but the results don't look like any kind of audio at all.
I found a ruby app that says the key is "0xE3239B04", but my attempts at XOR and such didn't produce anything useful.
Has anyone got any idea on how to decrypt the files?
The games executable and DLLs are included, so you can download play.exe, the games executable and run it through a hex viewer or something.
Any help at all is appreciated!

[LokiReborn]

Hi,
So for a while now I have been trying to get at the sounds in this game because I really, really want to listen to them.
First, the game is at:
https://www.dropbox.com/sh/t1k8j6efph5k ... McRaa?dl=0
It's a folder, the sounds are in data\sounds.dat and this game is for windows, it works on windows 7 both 32 and 64 bit.
I do know the sounds.dat archive is a DPMX archive made by hot soup processor.
There's also a dpmx.txt quickbms script in the main folder, which can extract the archive, but the results don't look like any kind of audio at all.
I found a ruby app that says the key is "0xE3239B04", but my attempts at XOR and such didn't produce anything useful.
Has anyone got any idea on how to decrypt the files?
The games executable and DLLs are included, so you can download play.exe, the games executable and run it through a hex viewer or something.
Any help at all is appreciated!

Here ya go, it will create a sounds folder in the same location as the file and extract them all.

[Cat-gamer]

Thanks! Can you tell how you got it to work?

[LokiReborn]

Thanks! Can you tell how you got it to work?

Code: Select all

        private class sFile
        {
            public string fileName;
            public int unknown; // -1
            public uint hash;
            public uint offset;
            public uint length;

            public sFile(byte[] bytes,uint bOffset)
            {
                MemoryStream ms = new MemoryStream(bytes);
                BinaryReader br = new BinaryReader(ms);
                fileName = Encoding.ASCII.GetString(br.ReadBytes(16)).TrimEnd(new char[1] { (char)0x00 });
                unknown = br.ReadInt32();
                hash = br.ReadUInt32();
                offset = br.ReadUInt32() + bOffset;
                length = br.ReadUInt32();
            }
        }

        private byte[] decrypt(sFile sf,BinaryReader br)
        {
            byte v1 = (byte)((sf.hash >> 16) & 0xFF);
            byte v2 = (byte)(sf.hash & 0xFF);
            v2 += 0x5A;
            v2 ^= v1;

            byte v3 = (byte)((sf.hash >> 8) & 0xFF);
            byte v4 = (byte)((sf.hash >> 24) & 0xFF);
            v3 += 0xA5;
            v3 ^= v4;

            byte AL = (byte)((v2 + 0xA8) & 0xFF);
            byte DL;
            byte HL = 0;
            br.BaseStream.Position = sf.offset;
            byte[] file = br.ReadBytes((int)sf.length);

                for(int i = 0; i < file.Length;i++)
                {
                    byte BL = file[i];
                    DL = (byte)((v3 + 1) & 0xFF);

                    BL ^= AL;
                    BL -= DL;
                    DL = HL;
                    DL += BL;
                    file[i] = DL;
                    HL = DL;
                }
                return file;
        }

The values 0xA8 & 0x01 used to initialize AL & DL aren't entirely static but they appear to be for the sound.dat file, I didn't bother trying to map them properly as the request was strictly around the sound data and since this is all chained xor logic it's a pain to follow through the assembly.

Basically what was called the hash (which it may be, didn't bother to check the CRC32 on the files) is used with some byte logic to decrypt the files along with some statics & 2 other variables (0xA8 & 0x01)

[Cat-gamer]

Ah, I guess you'd need to scann the assembly for each game that has sounds like that.
I was hoping it was just a key embedded in the executable, but of course I'm not that lucky.
Thanks for this! These sounds are great!