Who can help unpacked format obb from Gameloft android game ?
Thank.
Spider-Man-2. Unpacked format obb.
-
aluigi
- Site Admin
- Posts: 12984
- Joined: Wed Jul 30, 2014 9:32 pm
Re: Spider-Man-2. Unpacked format obb.
It's a ZIP file with obfuscated ZIP headers (except the last one).
Filenames are XORed with 0xcd while the obfuscation of the other parts of the ZIP headers are different and mixed (like some parts XORed with 0x42 0xc2).
The PK\x03\x04 sign is replaced by 0D F0 AD 8B.
The content of the files is clear and apparently not even compressed.
So, no compression is used, name size is known, name is known, start and end position are known... let's dump them in this way:
Filenames are XORed with 0xcd while the obfuscation of the other parts of the ZIP headers are different and mixed (like some parts XORed with 0x42 0xc2).
The PK\x03\x04 sign is replaced by 0D F0 AD 8B.
The content of the files is clear and apparently not even compressed.
So, no compression is used, name size is known, name is known, start and end position are known... let's dump them in this way:
Code: Select all
# Spider-Man 2 OBB (Gameloft)
findloc OFFSET binary "\x0d\xf0\xad\x8b"
do
goto OFFSET
get DUMMY long
findloc NEXT_OFFSET binary "\x0d\xf0\xad\x8b" 0 ""
if NEXT_OFFSET == ""
get SIZE asize
else
math SIZE = NEXT_OFFSET
endif
goto OFFSET
getdstring DUMMY 0x1a
get NAMESZ short
get comm_len short
math NAMESZ ^ 0xc242
math comm_len ^ 0xc242
filexor 0xcd
getdstring NAME NAMESZ
getdstring COMM COMM_LEN
filexor ""
savepos OFFSET
math SIZE -= OFFSET
log NAME OFFSET SIZE
math OFFSET = NEXT_OFFSET
while NEXT_OFFSET != ""-
Vitalik
- Posts: 35
- Joined: Wed Apr 07, 2021 9:12 am
Re: Spider-Man-2. Unpacked format obb.
aluigi wrote:It's a ZIP file with obfuscated ZIP headers (except the last one).
Filenames are XORed with 0xcd while the obfuscation of the other parts of the ZIP headers are different and mixed (like some parts XORed with 0x42 0xc2).
The PK\x03\x04 sign is replaced by 0D F0 AD 8B.
The content of the files is clear and apparently not even compressed.
So, no compression is used, name size is known, name is known, start and end position are known... let's dump them in this way:Code: Select all
# Spider-Man 2 OBB (Gameloft)
findloc OFFSET binary "\x0d\xf0\xad\x8b"
do
goto OFFSET
get DUMMY long
findloc NEXT_OFFSET binary "\x0d\xf0\xad\x8b" 0 ""
if NEXT_OFFSET == ""
get SIZE asize
else
math SIZE = NEXT_OFFSET
endif
goto OFFSET
getdstring DUMMY 0x1a
get NAMESZ short
get comm_len short
math NAMESZ ^ 0xc242
math comm_len ^ 0xc242
filexor 0xcd
getdstring NAME NAMESZ
getdstring COMM COMM_LEN
filexor ""
savepos OFFSET
math SIZE -= OFFSET
log NAME OFFSET SIZE
math OFFSET = NEXT_OFFSET
while NEXT_OFFSET != ""
Hello. I want to say thank you very much for your help. Thank.
-
Vitalik
- Posts: 35
- Joined: Wed Apr 07, 2021 9:12 am
Re: Spider-Man-2. Unpacked format obb.
aluigi wrote:It's a ZIP file with obfuscated ZIP headers (except the last one).
Filenames are XORed with 0xcd while the obfuscation of the other parts of the ZIP headers are different and mixed (like some parts XORed with 0x42 0xc2).
The PK\x03\x04 sign is replaced by 0D F0 AD 8B.
The content of the files is clear and apparently not even compressed.
So, no compression is used, name size is known, name is known, start and end position are known... let's dump them in this way:Code: Select all
# Spider-Man 2 OBB (Gameloft)
findloc OFFSET binary "\x0d\xf0\xad\x8b"
do
goto OFFSET
get DUMMY long
findloc NEXT_OFFSET binary "\x0d\xf0\xad\x8b" 0 ""
if NEXT_OFFSET == ""
get SIZE asize
else
math SIZE = NEXT_OFFSET
endif
goto OFFSET
getdstring DUMMY 0x1a
get NAMESZ short
get comm_len short
math NAMESZ ^ 0xc242
math comm_len ^ 0xc242
filexor 0xcd
getdstring NAME NAMESZ
getdstring COMM COMM_LEN
filexor ""
savepos OFFSET
math SIZE -= OFFSET
log NAME OFFSET SIZE
math OFFSET = NEXT_OFFSET
while NEXT_OFFSET != ""
Hello. Please excuse me for worrying, but maybe can you tell me something with this viewtopic.php?f=9&t=15509&p=65137#p65137