MAD MAX (.arc/.tab) archives

[darkking647]

MAD MAX released today, and it seems to have same ".arc/.tab" format as in Just Cause 2.

When I used aluigi's Just Cause 2 bms script :-

Code: Select all

http://aluigi.altervista.org/papers/bms/justcause2.bms

then it unpacked more than 12 GB data for a 500 MB file from the game, and moreover it was still unpacking, so I had to cancel it.

Can someone please check this game files and hopefully write bms script/repacker for it :- Samples below :-

Code: Select all

https://www.dropbox.com/s/hn2aruw62dffexz/madarc.zip?dl=0

NOTE: the above zip file contains 20MB data cut using file cutter from a 500MB archive from MAD MAX, so if any problem occurs then I can also upload the 500 MB file.

[michalss]

i could write repacker, just dont have a time to check if data are same from JC2. If aluigi check it and make correct bms scriopt i can write repacker from it i guess.

[Ekey]

Try this one > http://svn.gib.me/builds/avalanche/aval ... 71_b56.zip

[spider91]

.arc files looks like encrypted - http://puu.sh/jWbaT/fd4680b71a.png , http://puu.sh/jWb9k/2363cfb8ff.png

[Ekey]

Can some one make EXE dump? (for dump use Scylla x64 > Run Game, Run Scylla, Select process and dump it)

[spider91]

i don't have a game, but it uses new version of denuvo, so don't think it's possible to get a key.

[Ekey]

Anyway files not encrypted, just compressed > DEFLATE

[Ekey]

See below

[michalss]

looks easy, no filenames ? Im uploading dump be here in a few mins... also why did u use deflate_noerror Ekey ?

EXE dump:

Code: Select all

https://mega.nz/#!qpR3hDRb!e8j21FQsnIaJTvnPAp5V45CDtr5NtESPnaJF2JRdByE

[Ekey]

looks easy, no filenames ?
EXE dump:

Code: Select all

https://mega.nz/#!qpR3hDRb!e8j21FQsnIaJTvnPAp5V45CDtr5NtESPnaJF2JRdByE

Yeah no names. Need to find hash algorithm. Also some tab's have different structure.

[michalss]

found the texts, al in files with magic FDA all over the archives , not good

[Ekey]

Well what we have

Code: Select all

struct TABHeader
{
   uint32_t   dwAlign; //?
   uint32_t   dwUnknown; //? can be 0,1,2,3,4,5.... and etc
};

Code: Select all

struct TABEntry
{
   uint32_t   dwHash; // (Lookup3) https://github.com/akheron/jansson/blob/master/src/lookup3.h
   uint32_t   dwOffset;
   uint32_t   dwZSize;
   uint32_t   dwSize;
};

See below

[Ekey]

Ok, solved!

Code: Select all

# Mad Max (ARC/TAB format) 0.0.2a
# 
# Written by Ekey (h4x0r) / thx Haoose
# 
# script for QuickBMS http://quickbms.aluigi.org

comtype deflate_noerror
open FDDE "tab" 0
open FDDE "arc" 1

get FILES asize
get ALIGN long
get ADDITIONAL long

if ADDITIONAL >= 0
for i = 0 < ADDITIONAL
   get IHASH long
   get ITYPE long
   savepos ITEMP
   if ITYPE == 2
      math ITEMP += 16
   elif ITYPE == 3
      math ITEMP += 24
   elif ITYPE == 4
      math ITEMP += 32
   elif ITYPE == 5
      math ITEMP += 40
   else
      print "Unsupported type %ITYPE%"
     cleanexit
   endif
   goto ITEMP
next i

savepos CUROFFSET
math FILES -= CUROFFSET
math FILES /= 16

for i = 0 < FILES
   get HASH long   
   get OFFSET long
   get ZSIZE long
   get SIZE long
   string NAME p= "%08X" HASH
   if ZSIZE == SIZE
      log NAME OFFSET SIZE 1
   else
      clog NAME OFFSET ZSIZE SIZE 1
   endif
next i

[happyend]

thx,but,script not support game1.arc,game1.tab

[Ekey]

thx,but,script not support game1.arc,game1.tab

Updated script

[Ekey]

Hash found it's Lookup3. Some progress

[michalss]

Ekey gonna make also repacker or just unpacker? Just want to know coz if you do then i dont need to

[Ekey]

Ekey gonna make also repacker or just unpacker? Just want to know coz if you do then i dont need to

If you known mechanics for dwUnknown which is greater than 0 (because I do not understand what this) it is i guess yes.

[ShadowEagle]

Hi everyone,

i only found the script but not the unpacker with gui? Where to find?

How to repack these extracted files into the original files?

Thanks in advance and best regards

[Haoose]

i only found the script but not the unpacker with gui? Where to find?

It is under development