Cosmic Break (*.KAR)

[Ekey]

The game was closed, but the game client can still be found

Code: Select all

# CyberStep (Cosmic Break) KAR format
# script for QuickBMS http://quickbms.aluigi.org

set MEMORY_FILE10 string "
unsigned int kar_gethash(const char* m_String, int dwLength) 
{
  unsigned int dwHash = 0;
  for(int i = 0; i < dwLength; ++i) 
  {
        dwHash = 31 * dwHash + m_String[i];
  }
 return dwHash;
}

static unsigned long mt_table[624];
static int mt_state = 0;

void mt_init(unsigned long dwSeed)
{
  mt_table[0] = dwSeed & 0xffffffffUL;
  for (mt_state = 1; mt_state < 624; ++mt_state)
  {
    mt_table[mt_state] = (69069 * mt_table[mt_state - 1]) & 0xffffffffUL;
  }
}

unsigned long mt_get_rand(void)
{
  unsigned long mt_result;
  static unsigned long mt_magic[2] = {0x0UL, 0x9908b0dfUL};

  int j = 0;

  if ( mt_state >= 624 )
  {
    if (mt_state == 624 + 1)
        mt_init(5489UL);

        for (j = 0; j < 624 - 397; j++)
        {
          mt_result = (mt_table[j] & 0x80000000UL) | (mt_table[j + 1] & 0x7fffffffUL);
          mt_table[j] = mt_table[j + 397] ^ (mt_result >> 1) ^ mt_magic[mt_result & 0x1UL];
        }
      
        for (;j < 624 - 1; j++)
        {
          mt_result = (mt_table[j] & 0x80000000UL) | (mt_table[j + 1] & 0x7fffffffUL);
          mt_table[j] = mt_table[j + (397 - 624)] ^ (mt_result >> 1) ^ mt_magic[mt_result & 0x1UL];
        }
      
        mt_result = (mt_table[624 - 1] & 0x80000000UL) | (mt_table[0] & 0x7fffffffUL);
        mt_table[624 - 1] = mt_table[397 - 1] ^ (mt_result >> 1) ^ mt_magic[mt_result & 0x1UL];

        mt_state = 0;
   }

   mt_result = mt_table[mt_state++];
   mt_result ^= (mt_result >> 11);
   mt_result ^= (mt_result << 7) & 0x9d2c5680UL;
   mt_result ^= (mt_result << 15) & 0xefc60000UL;
   mt_result ^= (mt_result >> 18);
   
   mt_result = ((mt_result << 8) & 0xff00ff00UL) | ((mt_result >> 8) & 0xff00ffUL); 
   return (mt_result << 16) | (mt_result >> 16);
}

void kar_decrypt(unsigned char* lpBuffer, unsigned int dwSeed, int dwSize)
{
  mt_init(dwSeed);
  for (int i = 0; i < dwSize; i++)
  {
     lpBuffer[i] ^= (unsigned char)mt_get_rand();
  }
}

int swap_int32(int val)
{
    val = ((val << 8) & 0xFF00FF00) | ((val >> 8) & 0xFF00FF ); 
    return (val << 16) | ((val >> 16) & 0xFFFF);
}

void kar_rebuild_table(unsigned char* lpSrcBuffer, int dwSize)
{
  int dwPosDest = 0;
  int dwPosBegin = 4;
  int dwBlocks = dwSize / 1024 + 1;
  for (int i = 0; i < dwBlocks; i++)
  {
     char bCheck = 0;
     int dwBlockSize = 0;

     memcpy(&bCheck, lpSrcBuffer + dwPosBegin, 1);
     memcpy(&dwBlockSize, lpSrcBuffer + dwPosBegin + 1, 4);

     dwBlockSize = swap_int32(dwBlockSize);
     memcpy(lpSrcBuffer + dwPosDest, lpSrcBuffer + dwPosBegin + 5, dwBlockSize);
     dwPosBegin += dwBlockSize + 5;
     dwPosDest += dwBlockSize;
  }
}
"
endian big
comtype gzip
get ARCHIVE_SIZE asize
get TABLE_SIZE long
math TABLE_SIZE ^= 0x85FD91A1
math TABLE_OFFSET = ARCHIVE_SIZE
math TABLE_OFFSET -= TABLE_SIZE

string TABLE_KEY p= "%d" TABLE_OFFSET
strlen TABLE_KEY_LENGTH TABLE_KEY

log MEMORY_FILE TABLE_OFFSET TABLE_SIZE
calldll MEMORY_FILE10 "kar_gethash" "tcc" TABLE_HASH TABLE_KEY TABLE_KEY_LENGTH
calldll MEMORY_FILE10 "kar_decrypt" "tcc" RET MEMORY_FILE TABLE_HASH TABLE_SIZE

get ARCHIVE_NAME filename
if ARCHIVE_NAME == "oni.dat"
   set ARCHIVE_PASSWORD string "dhfuhsudfh98vhdsovnfdhiouer8u8hgjbkjciudsuifsjdiosajfn"
   calldll MEMORY_FILE10 "kar_rebuild_table" "tcc" RET MEMORY_FILE TABLE_SIZE
   get DUMMY1 byte MEMORY_FILE #1,3
else
   set ARCHIVE_PASSWORD string "Jpy.beJdfC"
   get DUMMY1 byte MEMORY_FILE #1,3
   get DUMMY2 byte MEMORY_FILE #0,9
endif

get MD5_LENGTH short MEMORY_FILE
getdstring MD5_HASH MD5_LENGTH MEMORY_FILE
get TIMESTAMP longlong MEMORY_FILE
get DUMMY3 byte MEMORY_FILE #0,1,3

if DUMMY3 == 3
  get COMPRESSION_STR_LENGTH short MEMORY_FILE
  getdstring COMPRESSION COMPRESSION_STR_LENGTH MEMORY_FILE #deflate=-1 -> data is compressed with gzip
endif

get FILES long MEMORY_FILE
for i = 0 < FILES
  get FIRST_PATH_LENGTH short MEMORY_FILE
  getdstring FIRST_PATH FIRST_PATH_LENGTH MEMORY_FILE  
  get SECOND_PATH_LENGTH short MEMORY_FILE 
  getdstring SECOND_PATH SECOND_PATH_LENGTH MEMORY_FILE
  get SIZE long MEMORY_FILE
  get OFFSET longlong MEMORY_FILE
   
  string FILE_KEY p= "%s%s%s" ARCHIVE_PASSWORD FIRST_PATH TIMESTAMP
  strlen FILE_KEY_LENGTH FILE_KEY
  callfunction EXTRACT_FILE 1
next i

startfunction EXTRACT_FILE
  log MEMORY_FILE2 OFFSET SIZE
  
  if DUMMY3 == 0
     log FIRST_PATH 0 SIZE MEMORY_FILE2
  else if DUMMY3 == 1
     calldll MEMORY_FILE10 "kar_gethash" "tcc" FILE_HASH FILE_KEY FILE_KEY_LENGTH
     calldll MEMORY_FILE10 "kar_decrypt" "tcc" RET MEMORY_FILE2 FILE_HASH SIZE
     log FIRST_PATH 0 SIZE MEMORY_FILE2
  else if DUMMY3 == 3
     clog FIRST_PATH 0 SIZE SIZE MEMORY_FILE2
  else
     log FIRST_PATH 0 SIZE MEMORY_FILE2
  endif
endfunction

[Yune]

does it work on Cosmic League(Cosmic Break2)?

[Yune]

I have tried it on cosmic league ,and just music.kar can only be unpacked. and its text file is gibberish,it seems that unicode have sth wrong.
other .kar file showed that :

Code: Select all

QuickBMS generic files extractor and reimporter 0.11.0
by Luigi Auriemma
e-mail: me@aluigi.org
web:    aluigi.org
        (Apr  5 2021 - 13:56:34)

                          quickbms.com  Homepage
                            zenhax.com  ZenHAX Forum
                     @zenhax @quickbms  Twitter & Scripts

- GUI mode activated, remember that the tool works also from command-line
  where are available various options like folder scanning, filters and so on

- select BMS script. type ? for using the content of clipboard like a script
- select input archives/files, type * for the whole folder and subfolders
- select output folder where extracting files
- open input file J:\CosmicBreak2\resources\voices.kar
- open script J:\CosmicBreak2\cosmic_break.bms
- set output folder J:\CosmicBreak2\export

  offset   filesize   filename
--------------------------------------

- the script needs to load a pre-compiled function from the dll or code
  MEMORY_FILE10
  do you want to continue with this and any other requested dll/code (y/N)?
  y
<string>:76: warning: implicit declaration of function 'memcpy'
- library MEMORY_FILE10 loaded at address 0CA06890
- function found at offset 0CA2B2C0
- function found at offset 0CA2B5EC
  00000000 39296      voices\6313.snd
Info:  algorithm   14
       offset      00000000
       input size  0x00009980 39296
       output size 0x00009980 39296
       result      0xffffffff -1

Error: uncompressed data (-1) bigger than allocated buffer (39296)
       It usually means that data is not compressed or uses another algorithm

Last script line before the error or that produced the error:
  159 clog FIRST_PATH 0 SIZE SIZE MEMORY_FILE2

- OFFSET       0x00000000
- ZSIZE        0x00009980
- SIZE         0x00009980
  coverage file 0     0%   193462     270020575  . offset 00000004
  coverage file -1    0%   78         154162     . offset 0000004e
  coverage file -2  100%   39296      39296      . offset 00009980
  coverage file -10   0%   0          2691       . offset 00000000

Press ENTER or close the window to quit

[Yune]

sry forget that. when i unpacked music.kar file and after that it have many .nff files inside. idk how to deal with them

[Yune]

update: i have tried it on earlier game file, i can unpack all .kar files.but i cant open any file rightly,such as .snd(audio file) .png .jpg idk what cause that, is my unicode problem?
and maybe i cant unpack new game file because the developers have changed the new pwd?

[Yune]

i have upload my some game pack file (earlier and new)
https://drive.google.com/file/d/1nNCC39 ... sp=sharing

[Ekey]

idk about Cosmic Break 2, probably different encryption or keys.

[Oni-Zero]

I don't know how but i missed this thread, here's what i got, a leaked build of the old beta and some extra files hopefully it can be of use.
https://mega.nz/file/dPZk0JKB#EaExV8jw4 ... PRNNccE604
https://mega.nz/file/tKo1SIYK#85G5PqNV3 ... 7VAmzjmp-4

Considering that C$ tends to recycle the code, i hope these files can be used to make a private server of C21 kotetsu senki/steel battle chronicles considering the potential that game have, specially after the Medarot collab

[kusogame]

I am trying to load the model file which should be .kmd file
any idea how to load it?

[robotf]

Sorry kinda oot, im using this script trying to unpack .kar from getamped but get some error. Any idea or maybe someone have the script to unpack getamped .KAR?

[Oni-Zero]

Sorry kinda oot, im using this script trying to unpack .kar from getamped but get some error. Any idea or maybe someone have the script to unpack getamped .KAR?

I've heard that some folks in Brasil managed to make a GA1 private server, so if you find them and you know portuguese then you might be able to ask them

[Ekey]

i have upload my some game pack file (earlier and new)
https://drive.google.com/file/d/1nNCC39 ... sp=sharing

Script updated, check first post.