How to crack an encrypted XML file

[IGBT001]

As mentioned in the title, I found in localizing a game called "Ship Simulator Extreme Edition",
All the strings of the game are stored in XML files, try to open and modify, but it is garbled.
But when I entered the game, I found that he could load and display normally. I tried to use OllyDbg to analyze it, but I still couldn't analyze how he decrypted the XML file normally.
I used Google Translator to translate all the above words.

[IGBT001]

After Mr. ikskoks' analysis, Language_EN.xml Those XML files are not encrypted, they are compressed with ZLIB. He recommended me to use offzip software for decompression operation.
Yes, it's perfect. I successfully extracted the string I wanted, but I'm having problems with the packing operation.
If you use offzip for packaging, the program will report an error:

Code: Select all

C:\Users\pengzhen\Desktop\5555\offzip>offzip.exe -a -r Language_EN.xml

Offzip 0.4.1
by Luigi Auriemma
e-mail: aluigi@autistici.org
web:    aluigi.org

- open input file:    Language_EN.xml
- zip data to check:  32 bytes
- zip windowBits:     15
- seek offset:        0x00000000  (0)

+------------+-----+----------------------------+----------------------+
| hex_offset | ... | zip -> unzip size / offset | spaces before | info |
+------------+-----+----------------------------+----------------------+
  0x00000008 . < reimporting 00000008.wdproj
.........
Error: the compressed data is bigger than the original one by 0x17 bytes

[IGBT001]

If I use pakzip for packaging, the file is successfully generated, but the game cannot be loaded normally, even if I don't modify a single byte.

Code: Select all

packzip -o 0x00000008

[h3x3r]

Use this script to decompress loc files.

Code: Select all

####################################
get FILESIZE asize
get FILENAME basename
idstring "ENC"
get VERSION byte
get SIZE long
string NAME p= "%s/%s.xml" decompressed FILENAME
math FILESIZE -= 8
math ZSIZE = FILESIZE
savepos OFFSET
clog NAME OFFSET ZSIZE SIZE

Replace original file with decompressed. Game loads decompressed files. Tested on Language_EN.xml

[IGBT001]

Use this script to decompress loc files.

Code: Select all

####################################
get FILESIZE asize
get FILENAME basename
idstring "ENC"
get VERSION byte
get SIZE long
string NAME p= "%s/%s.xml" decompressed FILENAME
math FILESIZE -= 8
math ZSIZE = FILESIZE
savepos OFFSET
clog NAME OFFSET ZSIZE SIZE

Replace original file with decompressed. Game loads decompressed files. Tested on Language_EN.xml

Thank you for your reply, the decrypted file has been loaded into the game normally, but quickbms encryption will report an error, prompting:

Code: Select all

QuickBMS generic files extractor and reimporter 0.11.0
by Luigi Auriemma
e-mail: me@aluigi.org
web:    aluigi.org
        (Apr  5 2021 - 13:56:34)

                          quickbms.com  Homepage
                            zenhax.com  ZenHAX Forum
                     @zenhax @quickbms  Twitter & Scripts

- GUI mode activated, remember that the tool works also from command-line
  where are available various options like folder scanning, filters and so on

- select BMS script. type ? for using the content of clipboard like a script
- select input archives/files, type * for the whole folder and subfolders
- select output folder where extracting files
- open input file C:\Users\pengzhen\Desktop\002\解压后的\Language_EN.xml
- open script C:\Users\pengzhen\Desktop\002\001.txt
- set output folder C:\Users\pengzhen\Desktop\002\解压后的

  offset   filesize   filename
--------------------------------------

- signature of 3 bytes at offset 0x00000000 doesn't match the one
  expected by the script:

  this one: "<!-"
  3c 21 2d                                          <!-

  expected: "ENC"
  45 4e 43                                          ENC

- 0 files found in 0 seconds
  coverage file 0     0%   3          135134     . offset 00000003

[IGBT001]

The text encryption is done, and the Chinese font library has to be done. Thanks for the help of h3x3r, thank you!