How to extend this decryption script?

Programming related discussions related to game research
TheEleh
Posts: 2
Joined: Mon Nov 22, 2021 12:13 am

How to extend this decryption script?

Post by TheEleh »

So I've been on a long journey to decrypt a mobile game, Mass for the Dead, right? I'm no coding expert by any means, but I've been doing what I can to try and make progress.

Essentially, what I want to do is take the "overlord" script from this thread: viewtopic.php?f=9&t=15671&hilit=mass+for+the+dead (I've already modified it to try more XOR key combinations because the original only decrypts a handful (I'll attach the original work in this post)--

Code: Select all

# Set up a list of possible xor keys

PutArray 0 0 "\x00\xff\xff\xff\x00\x00\x00\x00"
PutArray 0 1 "\x00\xff\xff\xff\xff\x00\x00\x00\x00\x00"
PutArray 0 2 "\x00\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00"
PutArray 0 3 "\x00\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 4 "\x00\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 5 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 6 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 7 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 8 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
PutArray 0 9 "\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"


Get SIZE asize
Get TEMPNAME basename
String FILENAME P "%TEMPNAME%_dec"

For A = 0 To 9
   GetArray KEY 0 A

   FileXor KEY 0
   Goto 0
   GetDString TEXT1 7
   Goto 0x0c
   GetDString TEXT2 5
   Goto 0x12
   GetDString TEXT3 4

   String TEMP1 P "%TEXT1% %TEXT2% %TEXT3%"

   If TEMP1 = "UnityFS 5.x.x 2017"
      Log FILENAME 0 SIZE
      Exit
   Endif

Next A



--and extend it in a way that it will try more XOR keys to decrypt files. I want to go beyond 5 keys (I added “PutArray”’s 6-9), but I keep breaking the script in the process trying to adapt the rest. There’s also a disconnect between what I’ve added and the rest of the script, so it’s hardly better than the original.

It's probably something somewhat simple, but having some direction to decipher the logic would be nice.

If anyone wants to try any specific sample files to decrypt, I'll post a link to a thread that has most, if not all the files for the game: https://forum.xentax.com/viewtopic.php?f=16&t=24400 (I'm specifically looking at the files in the "u" folder if you want to look at it.) I would attach the files more directly here, but it seems the forum doesn't support the file type.
Top
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: How to extend this decryption script?

Post by aluigi »

Here we go:

Code: Select all

# Overlord decrypter

Get SIZE asize
Get TEMPNAME basename
String FILENAME P "%TEMPNAME%_dec"

for i = 8 < 32
    set KEY binary ""
    for x = 0 < i
        putvarchr KEY x 0
    next x
    xmath j "i / 2"
    for x = 1 < j
        putvarchr KEY x 0xff
    next x

    encryption xor KEY "" 0 i
    log MEMORY_FILE 0 0x20

    Goto 0 MEMORY_FILE
    GetDString TEXT1 7 MEMORY_FILE
    Goto 0x0c MEMORY_FILE
    GetDString TEXT2 5 MEMORY_FILE
    Goto 0x12 MEMORY_FILE
    GetDString TEXT3 4 MEMORY_FILE
    String TEMP1 P "%TEXT1% %TEXT2% %TEXT3%"

    If TEMP1 = "UnityFS 5.x.x 2017"
        encryption xor KEY "" 0 i
        Log FILENAME 0 SIZE
        cleanexit
    Endif
next i

It looks like the key has a size of N bytes where the first half is 0xff except for the first byte (0x00) and the second half is 0x00.
Top

Return to “Code Talk”