Pac-Man Museum - lpk archive

[AlphaTwentyThree]

Hello folks!

I've just stumbled over the main archive from Pac-Man Museum. I was trying to figure out the compression method of the file table at the end of the archive (ZPKI), but Luigi's algorithm scanner didn't turn up with anything.
Does anybody have any ideas? Here are the archives from PC, PS2 and XBLA: https://www.firedrive.com/file/9C711888DE6E7663
Thanks for your help!

Regards, Alpha23

[Ekey]

Well entry table and file datas xored + compressed (custom algo). Anyway, here table. Try to analyze it

Code: Select all

struct TableHeader
{
    DWORD dwFilesCount;
    DWORD dwFoldersCount;
};

[AlphaTwentyThree]

Huh... How did you uncompress the table? Is it the same compression algorithm with each platform?

[Ekey]

It's custom algorithm because while decompressing some bytes need to decrypt 2 times. Idk about other platforms. Here example entry datas:

Code: Select all

DEBUG\EuSmall.abc
ZSize: 0xBD5 (3029.)
Size: 0x210F8 (135416.)
Offset: 0x15864964
Data: 11 34 42 47 F4 27 32 20 05 60 02 17 30 0B ED 6A 90 0F 02 60 09 43

=======================================================================

SHADER\Win32\sashader.vsh
ZSize: 0xD42 (3394.)
Size: 0x2FE1 (12257.)
Offset: 0x106AB39D
Data: 12 17 26 22 97 0F C4 EA 32 34 11 0F B2 20 ED D9 4D 62 42 13 A9 39

=======================================================================

GuiData\Geui\PC\_TextTables.rs
ZSize: 0x17FD (6141.)
Size: 0x46FD (18173.)
Offset: 0x095CE4B3
Data: 1B 34 42 46 F1 30 03 F9 A9 20 06 8F 1D 6C 37 2E B0 24 DF FB 12 40

[AlphaTwentyThree]

Cool thing. To be honest, I don't know what I see here, I'm not that deep into the matter. My question is: Would Luigi be able to implement the algorithm in QuickBMS? I'd like to write a script.
Of course, THANKS A LOT for figuring this out, Ekey!

[Ekey]

I guess nope, because if this algo using in all platforms, key for decrypt can be different. You can make script for reading entries? I'll try make algo for qbms by loading function from memory

[AlphaTwentyThree]

Phew, not that easy to read the info I now notice... I'm not too familiar with this kind of info table with files and folders.
Anybody wants to help? I'd be really glad!

[Ekey]

Script for decompressing data ready. Waiting your script for reading entries

[AlphaTwentyThree]

Script for decompressing data ready. Waiting your script for reading entries

I'm afraid I'm not quite able to grasp the structure...
Can anybody help me with this?

[AlphaTwentyThree]

Hm, I was just looking at the pTable you uploaded and something seems to be missing: The offsets to the folder names seem to be biased by 0xc.

[Ekey]

Luigi..... I guess

[AlphaTwentyThree]

I almost got it anyway.
Can you write a script that only extracts the TOC table into memory? I need to test something.

[AlphaTwentyThree]

Ok, here's what I got. The problem is that the pTable you uploaded is truncated by 0x560 bytes.

Code: Select all

get FILES long
get FOLDERS long
get DUMMY long
get OFF_CRC long
get OFF_FOLDERNAMES_INFO long
get OFF_TOC_INFO long
get DUMMY long
get UNK long
get OFF_FILENAMES_INFO long

math OFF_CRC -= 0xc
math OFF_FOLDERNAMES_INFO -= 0xc
math OFF_UNK_INFO -= 0xc
math DUMMY -= 0xc
math UNK -= 0xc
math OFF_FILENAMES_INFO -= 0xc

goto OFF_CRC
for i = 0 < FILES
   get CRC long # not needed
next i

goto OFF_FOLDERNAMES_INFO
for i = 0 < FOLDERS
   get NAMEOFF long
   math NAMEOFF -= 0xc
   savepos MYOFF
   goto NAMEOFF
   get NAME_FOLDER string
   goto MYOFF
   putArray 0 i NAME_FOLDER
next i

goto OFF_FILENAMES_INFO
for i = 0 < FILES
   get NAMEOFF long
   math NAMEOFF -= 0xc
   savepos MYOFF
   goto NAMEOFF
   get NAME_FILE string
   goto MYOFF
   putArray 1 i NAME_FILE
next i

goto OFF_TOC_INFO
for i = 0 < FILES
   get OFFSET long
   get SIZE long
   get UNK short
   get FOLDERNUMBER short
   get UNK short
   get FILENUMBER short
   getArray NAME_FOLDER 0 FOLDERNUMBER
   getArray NAME_FILE 0 FILENUMBER
   set NAME NAME_FOLDER
   string NAME += "/"
   string NAME += NAME_FILE
   log NAME OFFSET SIZE
next i

[Ekey]

I guess with OFF_TOC_INFO something wrong because i got

Code: Select all

Error: the script uses more array indexes (2932) than supported (67)

Anyway script for decompress in attach

[AlphaTwentyThree]

I've finished the script. The key works for all platforms. However, some of the extracted files still seem to be compressed or encrypted. Look at the *.xsb files in sounddata, they should contain an index list.
Btw, I somehow can't append any files, message: "The uploaded file is empty.".

Code: Select all

# Pac-Man Museum - LPK format (PC)
# script written by AlphaTwentyThree
# decompressor written by Ekey (h4x0r)
# script for QuickBMS http://quickbms.aluigi.org

# Function for decompress > pDstBuffer, pDstSize, pScrBuffer, pScrSize
set MEMORY_FILE4 binary "\x55\x8B\xEC\x51\x8B\x4D\x10\x8B\x45\x14\x8D\x14\x08\x8B\x45\x0C\x53\x33\xDB\x57\x8B\x7D\x08\x89\x55\xFC\x89\x45\x10\x85\xC0\x0F\x8E\x55\x01\x00\x00\x56\xEB\x00\x85\xDB\x75\x07\xB8\x12\x00\x00\x00\xEB\x52\x83\xFB\x01\x75\x07\xB8\x34\x00\x00\x00\xEB\x46\x83\xFB\x02\x75\x07\xB8\x42\x00\x00\x00\xEB\x3A\x83\xFB\x03\x75\x07\xB8\x47\x00\x00\x00\xEB\x2E\x83\xFB\x04\x75\x07\xB8\xF1\x00\x00\x00\xEB\x22\x83\xFB\x05\x75\x07\xB8\x66\x00\x00\x00\xEB\x16\x83\xFB\x06\x75\x07\xB8\xAA\x00\x00\x00\xEB\x0A\x83\xFB\x07\x75\x05\xB8\x8F\x00\x00\x00\x0F\xB6\x11\x33\xC2\x43\x41\x89\x45\x14\x83\xE3\x07\xC7\x45\x08\x07\x00\x00\x00\xEB\x00\x84\xC0\x78\x54\x85\xDB\x75\x04\xB2\x12\xEB\x3D\x83\xFB\x01\x75\x04\xB2\x34\xEB\x34\x83\xFB\x02\x75\x04\xB2\x42\xEB\x2B\x83\xFB\x03\x75\x04\xB2\x47\xEB\x22\x83\xFB\x04\x75\x04\xB2\xF1\xEB\x19\x83\xFB\x05\x75\x04\xB2\x66\xEB\x10\x83\xFB\x06\x75\x04\xB2\xAA\xEB\x07\x83\xFB\x07\x75\x02\xB2\x8F\x32\x11\x43\x88\x17\x47\x41\x83\xE3\x07\xFF\x4D\x10\xEB\x6A\x0F\xB6\x01\x8B\xF0\xC1\xEE\x04\x83\xFE\x01\x7E\x03\x46\xEB\x35\x33\xD2\x83\xFE\x01\x0F\x94\xC2\x83\xE0\x0F\xC1\xE0\x04\x41\x8B\xF2\x8B\xD0\x85\xF6\x74\x12\x0F\xB6\x01\xC1\xE2\x04\x03\xD0\xC1\xE2\x04\x41\x81\xC2\x00\x01\x00\x00\x0F\xB6\x01\x8B\xF0\xC1\xEE\x04\x8D\x74\x16\x11\x0F\xB6\x51\x01\x29\x75\x10\x83\xE0\x0F\xC1\xE0\x08\x0B\xD0\x42\x8B\xC7\x83\xC1\x02\x2B\xC2\x8A\x10\x88\x17\x4E\x47\x40\x85\xF6\x7F\xF5\x8B\x45\x14\x83\x7D\x10\x00\x7E\x13\x03\xC0\xFF\x4D\x08\x89\x45\x14\x0F\x89\x2A\xFF\xFF\xFF\xE9\xB2\xFE\xFF\xFF\x8B\x55\xFC\x5E\x41\x5F\x5B\x3B\xCA\x77\x0D\x83\xC1\x03\x3B\xCA\x72\x06\x33\xC0\x8B\xE5\x5D\xC3\x83\xC8\xFF\x8B\xE5\x5D\xC3"

idstring "LPK\x00"
goto 0x18
get TABLE_OFFSET long
goto TABLE_OFFSET
idstring "ZPKI"
get VERSION long
get TABLE_SIZE long
get TABLE_ZSIZE long
savepos TABLE_OFFSET
log MEMORY_FILE TABLE_OFFSET TABLE_ZSIZE
putvarchr MEMORY_FILE2 TABLE_SIZE 0
goto 0 MEMORY_FILE2
calldll MEMORY_FILE4 0 cdecl RET MEMORY_FILE2 TABLE_SIZE MEMORY_FILE TABLE_ZSIZE

get FILES long MEMORY_FILE2
get FOLDERS long MEMORY_FILE2
get DUMMY long MEMORY_FILE2
get OFF_CRC long MEMORY_FILE2
get OFF_FOLDERNAMES_INFO long MEMORY_FILE2
get OFF_TOC_INFO long MEMORY_FILE2
get DUMMY long MEMORY_FILE2
get UNK long MEMORY_FILE2
get OFF_FILENAMES_INFO long MEMORY_FILE2

math OFF_CRC -= 0xc
math OFF_FOLDERNAMES_INFO -= 0xc
math OFF_TOC_INFO -= 0xc
math DUMMY -= 0xc
math UNK -= 0xc
math OFF_FILENAMES_INFO -= 0xc

goto OFF_CRC MEMORY_FILE2
for i = 0 < FILES
   get CRC long MEMORY_FILE2 # not needed
next i

goto OFF_FOLDERNAMES_INFO MEMORY_FILE2
for i = 0 < FOLDERS
   get NAMEOFF long MEMORY_FILE2
   math NAMEOFF -= 0xc
   savepos MYOFF MEMORY_FILE2
   goto NAMEOFF MEMORY_FILE2
   get NAME_FOLDER string MEMORY_FILE2
   goto MYOFF MEMORY_FILE2
   putArray 0 i NAME_FOLDER
next i

goto OFF_FILENAMES_INFO MEMORY_FILE2
for i = 0 < FILES
   get NAMEOFF long MEMORY_FILE2
   math NAMEOFF -= 0xc
   savepos MYOFF MEMORY_FILE2
   goto NAMEOFF MEMORY_FILE2
   get NAME_FILE string MEMORY_FILE2
   goto MYOFF MEMORY_FILE2
   putArray 1 i NAME_FILE
next i

goto OFF_TOC_INFO MEMORY_FILE2
for i = 0 < FILES
   get OFFSET long MEMORY_FILE2
   get SIZE long MEMORY_FILE2
   get UNK short MEMORY_FILE2
   get UNK short MEMORY_FILE2
   get FOLDERNUMBER short MEMORY_FILE2
   get FILENUMBER short MEMORY_FILE2
   get DUMMY long MEMORY_FILE2
   getArray NAME_FOLDER 0 FOLDERNUMBER
   getArray NAME_FILE 1 FILENUMBER
   set NAME NAME_FOLDER
   string NAME += "/"
   string NAME += NAME_FILE
   log NAME OFFSET SIZE
next i

[Ekey]

Hm.. Why you not using function for decompress files?

[AlphaTwentyThree]

Sorry, I've never worked with the calldll command before and I don't quite understand it to be honest. I've tried decompressing on test file but my script is wrong in I guess some cases because the resulting file is zero bytes. Where's the error?

Code: Select all

set MEMORY_FILE4 binary "\x55\x8B\xEC\x51\x8B\x4D\x10\x8B\x45\x14\x8D\x14\x08\x8B\x45\x0C\x53\x33\xDB\x57\x8B\x7D\x08\x89\x55\xFC\x89\x45\x10\x85\xC0\x0F\x8E\x55\x01\x00\x00\x56\xEB\x00\x85\xDB\x75\x07\xB8\x12\x00\x00\x00\xEB\x52\x83\xFB\x01\x75\x07\xB8\x34\x00\x00\x00\xEB\x46\x83\xFB\x02\x75\x07\xB8\x42\x00\x00\x00\xEB\x3A\x83\xFB\x03\x75\x07\xB8\x47\x00\x00\x00\xEB\x2E\x83\xFB\x04\x75\x07\xB8\xF1\x00\x00\x00\xEB\x22\x83\xFB\x05\x75\x07\xB8\x66\x00\x00\x00\xEB\x16\x83\xFB\x06\x75\x07\xB8\xAA\x00\x00\x00\xEB\x0A\x83\xFB\x07\x75\x05\xB8\x8F\x00\x00\x00\x0F\xB6\x11\x33\xC2\x43\x41\x89\x45\x14\x83\xE3\x07\xC7\x45\x08\x07\x00\x00\x00\xEB\x00\x84\xC0\x78\x54\x85\xDB\x75\x04\xB2\x12\xEB\x3D\x83\xFB\x01\x75\x04\xB2\x34\xEB\x34\x83\xFB\x02\x75\x04\xB2\x42\xEB\x2B\x83\xFB\x03\x75\x04\xB2\x47\xEB\x22\x83\xFB\x04\x75\x04\xB2\xF1\xEB\x19\x83\xFB\x05\x75\x04\xB2\x66\xEB\x10\x83\xFB\x06\x75\x04\xB2\xAA\xEB\x07\x83\xFB\x07\x75\x02\xB2\x8F\x32\x11\x43\x88\x17\x47\x41\x83\xE3\x07\xFF\x4D\x10\xEB\x6A\x0F\xB6\x01\x8B\xF0\xC1\xEE\x04\x83\xFE\x01\x7E\x03\x46\xEB\x35\x33\xD2\x83\xFE\x01\x0F\x94\xC2\x83\xE0\x0F\xC1\xE0\x04\x41\x8B\xF2\x8B\xD0\x85\xF6\x74\x12\x0F\xB6\x01\xC1\xE2\x04\x03\xD0\xC1\xE2\x04\x41\x81\xC2\x00\x01\x00\x00\x0F\xB6\x01\x8B\xF0\xC1\xEE\x04\x8D\x74\x16\x11\x0F\xB6\x51\x01\x29\x75\x10\x83\xE0\x0F\xC1\xE0\x08\x0B\xD0\x42\x8B\xC7\x83\xC1\x02\x2B\xC2\x8A\x10\x88\x17\x4E\x47\x40\x85\xF6\x7F\xF5\x8B\x45\x14\x83\x7D\x10\x00\x7E\x13\x03\xC0\xFF\x4D\x08\x89\x45\x14\x0F\x89\x2A\xFF\xFF\xFF\xE9\xB2\xFE\xFF\xFF\x8B\x55\xFC\x5E\x41\x5F\x5B\x3B\xCA\x77\x0D\x83\xC1\x03\x3B\xCA\x72\x06\x33\xC0\x8B\xE5\x5D\xC3\x83\xC8\xFF\x8B\xE5\x5D\xC3"

get SIZE asize
set ZSIZE SIZE
math ZSIZE *= 0x100
putVarChr MEMORY_FILE2 ZSIZE 0
log MEMORY_FILE2 0 0
log MEMORY_FILE 0 SIZE

goto 0 MEMORY_FILE2
calldll MEMORY_FILE4 0 cdecl RET MEMORY_FILE2 SIZE MEMORY_FILE ZSIZE

get NAME filename
string NAME += ".dec"
get SIZE asize MEMORY_FILE2
log NAME 0 SIZE MEMORY_FILE2

[Ekey]

Where's the error?

remove this line

Code: Select all

log MEMORY_FILE2 0 0

[vik]

Hello !

I found really interesting infos on this game:
It seems that the battleroyale game is the same than the arcade one, with ugly modifications to make it playable on computer.
(saw that by trying to reverse the executable, and discovered arcade service menus strings (see attached file))

I tried to use your decompressing program, but some files are, as you said, invalid (DDS files for example)
However I successfully extracted audio from XSB and XWB files !

I reuploaded the game data file here: http://dl.free.fr/kPYJsrlYS

Any help on getting the DDS files readable ? Thanks !

pmbr.png

[nahucirujano]

Hi again guys.

After watching videos about original Pac-Man Championship Edition over years I instant bought Pac-Man Museum as soon as it came out for PC, since it included Championship Edition.
You can actually find some superplays of this game on my Youtube channel (same nickname as here).

The thing is for a long time I'd been wanting to mod the default background song of Pac-Man Championship Edition for one of Pac-Man Championship Edition DX+ songs.
When I checked the game folder, I found a single game data archive called dataDX9.lpk

Is there any tool I can use to unpack (and repack) .lpk archives?

Here's the original file in case somebody want to check it out:
https://drive.google.com/open?id=1snXXgrfNO4limOkFHJ14HPPz07XE0zUm

I already checked this thread about this game:
https://zenhax.com/viewtopic.php?f=9&t=122

But I honestly don't understand what they were talking about :S

Any help would be appreciated.
Thanks.