Padding Encryption [infuriating]

[JohnHudeski]

So I cam across an old xbox game that uses the most annoying encryption of all time. It injects FF at seemingly random intervals (mostly 9).
I think its a zip/ pak file not too sure (Signature: DF? 50 4B 03 04 14 E9 32)
Anyone have any tips on dealing with this?

[JohnHudeski]

I think it is a zip file but there are characters injected at fixed intervals
like 0xDF means the next one is in 9 bytes 0xFF in 8 bytes
This was my working assumption until they started potentially xoring
so it is ridiculous

I made the assumption due to the consistent nature of the padding

[Allen]

It looks like LZSS compression. From the data after decompression, it seems that only the PK file header of ZIP is added, but there is no compression, not double compression.
Just a hint, it may not be correct.

[JohnHudeski]

That's a little confusing considering there are multiple pk headers in the file .
I'm still new to this. What tool did you use for your decompression (python is refusing to install lzss for me right now)

I tried using offzip on the file you uploaded but no luck so it is probably not a zip at all

[Allen]

I reviewed the data today and found that it is LZSS compression, but the buffer size is 1024 bytes. Not 4096.
lzss.c in the attachment can be used after compilation.
test_lzss.exe is a C # program that I ported from C.
test_lzss usage, drag directly file to the program.
You can also refer to the C source code to port to Python.

[aluigi]

BMS Script:

Code: Select all

comtype lzss "10 4 2 2 0"
get ZSIZE asize
xmath SIZE "ZSIZE * 10"
clog "output.zip" 0 ZSIZE SIZE

[Allen]

BMS Script:

Code: Select all

comtype lzss "10 4 2 2 0"
get ZSIZE asize
xmath SIZE "ZSIZE * 10"
clog "output.zip" 0 ZSIZE SIZE

Thank you Aluigi.
Learned.

[JohnHudeski]

Wait what?