Obfuscation algorithm

[Samdou]

Is it possible to work out an obfuscation algorithm by comparing an obfuscated and deobfuscated version of the same file,
then use that algorithm to deobfuscate other files?

[atom0s]

It's possible but usually only works for basic algo's or things that have known header data that is easy to spot (or something similar). Otherwise, it generally requires looking at the actual code to see how the files are being used/loaded/etc. to figure out the algo.

[Samdou]

If I upload an obfuscated file, would you be able to help identify the algorithm?

[aluigi]

Try.
And please also specify the name of the game.

[Samdou]

The game is the Japanese version of Way of the Samurai 2 Special Edition/Samurai Dou 2 Kettouban [SLPM_742.09] for the PS2.

Obfuscated file.
https://www.solidfiles.com/v/DeN2YP4reZxpk

[aluigi]

It's like a sort of sequence of various data all starting with a 'J' followed by a filename like "JP\task\normal_beginner_area_a.bin".

I don't know if the data is obfuscated or compressed, or maybe that's a weird format.

[Samdou]

Is the "J" included in "JP\task\*", or is it a seperate one followed by the file name?

Here's the deobfuscated/decompressed/decrypted version of the file from the Japanese version of Way of the Samurai 2 Portable/Samurai Dou 2 Po-taburu [ULJS-00217] for the PSP.
https://www.solidfiles.com/v/nk3Q8Z25BNpRz

You can see lines of NPC dialogue in this one which are readable, whereas if you go to the same line in the first version of the file, it's unreadable.
e.g. at 0000077C the dialogue "おや、お侍さん 天原は初めてかい？".

Perhaps comparing the two versions will make it easier to identify the algorithm making the first version of the file unreadable.

[aluigi]

Ok, found it's lzss compression.

This script will automatically dump all the files contained in the BIN, the last file doesn't have any name:

Code: Select all

# Way of the Samurai 2 BIN

comtype lzss0
get BIN_SIZE asize
math OFFSET = 0
do
    findloc NEXT_OFF binary JP\\ 0 ""
    if NEXT_OFF == ""
        math NEXT_OFF = BIN_SIZE
        set NAME string ""
    else
        goto NEXT_OFF
        get NAME string
    endif

    xmath SIZE "NEXT_OFF - OFFSET"
    xmath XSIZE "SIZE * 10"
    clog NAME OFFSET SIZE XSIZE

    goto NEXT_OFF
    padding 0x800
    savepos OFFSET
while OFFSET < BIN_SIZE

[Samdou]

Thanks, worked with everything except that one nameless file. Any idea what that one could be? A header file perhaps?

I was hoping that by figuring out the algorithm, I could then apply it to other files and decompress them, but unfortunately when I use it on the desired file
it extracts multiple files, but they are still unreadable.

Do you mind if I upload this file for you to analyze?

[aluigi]

I can't help with the decompressed data

[Samdou]

Are you referring to the nameless file?

The other file I'm suggesting for upload is compressed.