It's been a month since CR was decrypted, and I've been looking for a replacement.
At present, the decompressed BMS will cause some of the intermediate content to be empty and some to exist, which makes the data incomplete.
Just yesterday, I found this, and it's available for personal testing.
The link is as follows:https://pythonrepo.com/repo/Fred31-pavel-sokov-SupercellSWF-python-game-development
I hope the moderator can get some help by referring to this.
Thanks.
Can it be updated clash royale.bms?
-
3IMiner
- Posts: 14
- Joined: Wed Jul 06, 2022 9:39 am
-
3IMiner
- Posts: 14
- Joined: Wed Jul 06, 2022 9:39 am
Re: Can it be updated clash royale.bms?
Attach commissioning results.
This is an old version.
This is a new version. The data cannot execute the goto instruction.
This is an old version.
Code: Select all
- set output folder G:\Supercell\fi_cr3.2803.4
>set quickbms_output_folder (4) to "G:\Supercell\fi_cr3.2803.4"
offset filesize filename
--------------------------------------
.start_bms start: -1 0 0/0
00000000 06 4 get NAME basename
>set NAME (8) to "ui_tex1"
00000000 06 5 get EXT extension
>set EXT (9) to "sc"
00000000 14 7 if EXT == "csv"
<get EXT (9) "sc"
<get EXT (9) "sc"
- variable "csv" seems uninitialized, I use its name
<get csv (10) "csv"
condition == is not met
.start_bms start: 3 1 0/0
.start_bms end: 3 1 0/0 (ret 12)
00000000 1b 19 endian big
endianess changed to big endian
00000000 09 20 idstring "SC"
00000002 06 21 get VER long
>set VER (17) to 0x00000004
00000006 14 22 if VER >= 4
<get VER (17) 0x00000004
<get 4 (18) 0x00000004
<get VER (17) 0x00000004
<get 4 (18) 0x00000004
<get VER (17) 0x00000004
<get 4 (18) 0x00000004
condition >= is met
.start_bms start: 17 0 0/0
00000006 06 23 get DUMMY long # 1
>set DUMMY (19) to 0x00000001
0000000a 17 24 endif
.start_bms end: 17 0 0/0 (ret 18)
0000000a 06 25 get DUMMYSZ long
>set DUMMYSZ (20) to 0x00000010
0000000e 07 26 getdstring DUMMY DUMMYSZ
<get DUMMYSZ (20) 0x00000010
<get DUMMYSZ (20) 0x00000010
>set DUMMY (19) to uv?QUA"
0000001e 06 27 get SIZE asize
>set SIZE (13) to 0x00b19eb0
0000001e 1b 28 endian little
endianess changed to little endian
0000001e 0f 30 savepos OFFSET
>set OFFSET (14) to 0x0000001e
0000001e 07 31 getdstring SIGN 4
<get 4 (18) 0x00000004
<get 4 (18) 0x00000004
>set SIGN (21) to "]"
00000022 08 32 goto OFFSET
<get OFFSET (14) 0x0000001e
<get OFFSET (14) 0x0000001e
0000001e 06 33 get SIGN32 long
>set SIGN32 (22) to 0x0400005d
00000022 0c 35 math XSIZE = -1
- variable "XSIZE" seems uninitialized, I use its name
<get XSIZE (23) "XSIZE"
<get -1 (24) 0xffffffff
>set XSIZE (23) to 0xffffffff
00000022 14 36 if SIGN == "SCLZ"
<get SIGN (21) "]"
<get SIGN (21) "]"
- variable "SCLZ" seems uninitialized, I use its name
<get SCLZ (25) "SCLZ"
condition == is not met
.start_bms start: 29 1 0/0
.start_bms end: 29 1 0/0 (ret 31)
<get SIGN32 (22) 0x0400005d
<get 0xfd2fb528 (27) 0xfd2fb528
<get SIGN32 (22) 0x0400005d
<get 0xfd2fb528 (27) 0xfd2fb528
<get SIGN32 (22) 0x0400005d
<get 0xfd2fb528 (27) 0xfd2fb528
condition == is not met
.start_bms start: 33 1 0/0
.start_bms end: 33 1 0/0 (ret 35)
.start_bms start: 37 0 0/0
00000022 08 43 goto OFFSET
<get OFFSET (14) 0x0000001e
<get OFFSET (14) 0x0000001e
0000001e 07 44 getdstring LZMA_PROP 5
<get 5 (12) 0x00000005
<get 5 (12) 0x00000005
>set LZMA_PROP (28) to "]"
00000023 19 45 comtype lzma_0 LZMA_PROP
<get LZMA_PROP (28) "]"
<get LZMA_PROP (28) "]"
<get LZMA_PROP (28) "]"
>set QUICKBMS_COMTYPE (30) to "LZMA_0"
00000023 17 46 endif
.start_bms end: 37 0 0/0 (ret 40)
00000023 14 48 if XSIZE < 0
<get XSIZE (23) 0xffffffff
<get 0 (29) 0x00000000
<get XSIZE (23) 0xffffffff
<get 0 (29) 0x00000000
<get XSIZE (23) 0xffffffff
<get 0 (29) 0x00000000
condition < is met
.start_bms start: 42 0 0/0
00000023 06 49 get XSIZE long
>set XSIZE (23) to 0x0619b53d
00000027 0f 50 savepos OFFSET
>set OFFSET (14) to 0x00000027
00000027 17 51 endif
.start_bms end: 42 0 0/0 (ret 44)
00000027 0c 52 math SIZE - OFFSET
<get SIZE (13) 0x00b19eb0
<get OFFSET (14) 0x00000027
>set SIZE (13) to 0x00b19e89
00000027 01 53 clog NAME OFFSET SIZE XSIZE
<get NAME (8) "ui_tex1"
<get OFFSET (14) 0x00000027
<get SIZE (13) 0x00b19e89
<get XSIZE (23) 0x0619b53d
00000027 102348093 ui_tex1
- xfopen rb: ui_tex1
- xfopen2 G:\Supercell\fi_cr3.2803.4\ui_tex1
- xfopen wb: ui_tex1
- xfopen2 G:\Supercell\fi_cr3.2803.4\ui_tex1
- 1 files found in 1 seconds
coverage file 0 100% 11640504 11640496 . offset 00000027This is a new version. The data cannot execute the goto instruction.
Code: Select all
- set output folder G:\Supercell\87779
>set quickbms_output_folder (4) to "G:\Supercell\87779"
offset filesize filename
--------------------------------------
.start_bms start: -1 0 0/0
00000000 06 4 get NAME basename
>set NAME (8) to "ui_tex"
00000000 06 5 get EXT extension
>set EXT (9) to "sc"
00000000 14 7 if EXT == "csv"
<get EXT (9) "sc"
<get EXT (9) "sc"
- variable "csv" seems uninitialized, I use its name
<get csv (10) "csv"
condition == is not met
.start_bms start: 3 1 0/0
.start_bms end: 3 1 0/0 (ret 12)
00000000 1b 19 endian big
endianess changed to big endian
00000000 09 20 idstring "SC"
00000002 06 21 get VER long
>set VER (17) to 0x00000004
00000006 14 22 if VER >= 4
<get VER (17) 0x00000004
<get 4 (18) 0x00000004
<get VER (17) 0x00000004
<get 4 (18) 0x00000004
<get VER (17) 0x00000004
<get 4 (18) 0x00000004
condition >= is met
.start_bms start: 17 0 0/0
00000006 06 23 get DUMMY long # 1
>set DUMMY (19) to 0x00000003
0000000a 17 24 endif
.start_bms end: 17 0 0/0 (ret 18)
0000000a 06 25 get DUMMYSZ long
>set DUMMYSZ (20) to 0x00000010
0000000e 07 26 getdstring DUMMY DUMMYSZ
<get DUMMYSZ (20) 0x00000010
<get DUMMYSZ (20) 0x00000010
>_" >set DUMMY (19) to "q]PQ_|
0000001e 06 27 get SIZE asize
>set SIZE (13) to 0x00d4f2f2
0000001e 1b 28 endian little
endianess changed to little endian
0000001e 0f 30 savepos OFFSET
>set OFFSET (14) to 0x0000001e
0000001e 07 31 getdstring SIGN 4
<get 4 (18) 0x00000004
<get 4 (18) 0x00000004
>set SIGN (21) to "(/"
00000022 08 32 goto OFFSET
<get OFFSET (14) 0x0000001e
<get OFFSET (14) 0x0000001e
0000001e 06 33 get SIGN32 long
>set SIGN32 (22) to 0xfd2fb528
00000022 0c 35 math XSIZE = -1
- variable "XSIZE" seems uninitialized, I use its name
<get XSIZE (23) "XSIZE"
<get -1 (24) 0xffffffff
>set XSIZE (23) to 0xffffffff
00000022 14 36 if SIGN == "SCLZ"
<get SIGN (21) "(/"
<get SIGN (21) "(/"
- variable "SCLZ" seems uninitialized, I use its name
<get SCLZ (25) "SCLZ"
condition == is not met
.start_bms start: 29 1 0/0
.start_bms end: 29 1 0/0 (ret 31)
<get SIGN32 (22) 0xfd2fb528
<get 0xfd2fb528 (27) 0xfd2fb528
<get SIGN32 (22) 0xfd2fb528
<get 0xfd2fb528 (27) 0xfd2fb528
<get SIGN32 (22) 0xfd2fb528
<get 0xfd2fb528 (27) 0xfd2fb528
condition == is met
.start_bms start: 33 0 0/0
00000022 19 40 comtype zstd
>set QUICKBMS_COMTYPE (30) to "ZSTD"
00000022 0c 41 math XSIZE = SIZE # no matter
<get XSIZE (23) 0xffffffff
<get SIZE (13) 0x00d4f2f2
>set XSIZE (23) to 0x00d4f2f2
00000022 40 42 else
.start_bms end: 33 0 0/0 (ret 35)
.start_bms start: 37 1 0/0
.start_bms end: 37 1 0/0 (ret 40)
00000022 14 48 if XSIZE < 0
<get XSIZE (23) 0x00d4f2f2
<get 0 (29) 0x00000000
<get XSIZE (23) 0x00d4f2f2
<get 0 (29) 0x00000000
<get XSIZE (23) 0x00d4f2f2
<get 0 (29) 0x00000000
condition < is not met
.start_bms start: 42 1 0/0
.start_bms end: 42 1 0/0 (ret 44)
00000022 0c 52 math SIZE - OFFSET
<get SIZE (13) 0x00d4f2f2
<get OFFSET (14) 0x0000001e
>set SIZE (13) to 0x00d4f2d4
00000022 01 53 clog NAME OFFSET SIZE XSIZE
<get NAME (8) "ui_tex"
<get OFFSET (14) 0x0000001e
<get SIZE (13) 0x00d4f2d4
<get XSIZE (23) 0x00d4f2f2
0000001e 13955826 ui_tex
- xfopen rb: ui_tex
- xfopen2 G:\Supercell\87779\ui_tex
Info: algorithm 478
offset 0000001e
input size 0x00d4f2d4 13955796
output size 0x00d4f2f2 13955826
result 0xffffffb8 -72
Error: there is an error with the decompression
the returned output size is negative (-72)
Last script line before the error or that produced the error:
53 clog NAME OFFSET SIZE XSIZE
<get XSIZE (23) 0x00d4f2f2
<get SIZE (13) 0x00d4f2d4
<get OFFSET (14) 0x0000001e
- OFFSET 0x0000001e
- ZSIZE 0x00d4f2d4
- SIZE 0x00d4f2f2
- Variable 0 quickbms_current_folder
value: G:\Supercell\87779
value32: 0x00000000
size: 0x00000111 / 0x00000012
- Variable 1 quickbms_bms_folder
value: D:\quickbms
value32: 0x00000000
size: 0x00000111 / 0x0000000b
- Variable 2 quickbms_exe_folder
value: D:\quickbms
value32: 0x00000000
size: 0x00000111 / 0x0000000b
- Variable 3 quickbms_file_folder
value: G:\Supercell\87779
value32: 0x00000000
size: 0x00000111 / 0x00000012
- Variable 4 quickbms_output_folder
value: G:\Supercell\87779
value32: 0x00000000
size: 0x00000111 / 0x00000012
- Variable 5 quickbms_temp_folder
value: C:\Users\3IMiner\AppData\Local\Temp\
value32: 0x00000000
size: 0x00000111 / 0x00000024
- Variable 6 quickbms_bms_script
value: D:\quickbms\clash_royale.bms
value32: 0x00000000
size: 0x00000111 / 0x0000001c
- Variable 7 QUICKBMS_REIMPORT
value:
value32: 0x00000000
size: 0x00000111 / 0x00000000
- Variable 8 NAME
value: ui_tex
value32: 0x00000000
size: 0x00000111 / 0x00000006
- Variable 9 EXT
value: sc
value32: 0x00000000
size: 0x00000111 / 0x00000002
- Variable 11 PROP
value:
value32: 0x00000000
size: 0x00000111 / 0x00000004
- Variable 13 SIZE
value:
value32: 0x00d4f2d4
size: 0x00000111 / 0x00000000
- Variable 14 OFFSET
value:
value32: 0x0000001e
size: 0x00000111 / 0x00000000
- Variable 15 ZSIZE
value:
value32: 0x00000000
size: 0x00000111 / 0x00000005
- Variable 17 VER
value:
value32: 0x00000004
size: 0x00000111 / 0x00000000
- Variable 19 DUMMY
>_ value: q]PQ_|
value32: 0x00000003
size: 0x00000111 / 0x00000010
- Variable 20 DUMMYSZ
value:
value32: 0x00000010
size: 0x00000111 / 0x00000000
- Variable 21 SIGN
value: (/
value32: 0x00000000
size: 0x00000111 / 0x00000004
- Variable 22 SIGN32
value:
value32: 0xfd2fb528
size: 0x00000111 / 0x00000000
- Variable 23 XSIZE
value:
value32: 0x00d4f2f2
size: 0x00000111 / 0x00000000
- Variable 26 FLAGS
value:
value32: 0x00000000
size: 0x00000111 / 0x00000005
- Variable 28 LZMA_PROP
value:
value32: 0x00000000
size: 0x00000111 / 0x00000009
- Variable 30 QUICKBMS_COMTYPE
value: ZSTD
value32: 0x00000000
size: 0x00000111 / 0x00000004
coverage file 0 100% 13955834 13955826 . offset 00d4f2f2
Press ENTER or close the window to quit-
3IMiner
- Posts: 14
- Joined: Wed Jul 06, 2022 9:39 am
Re: Can it be updated clash royale.bms?
Day3....
I think comtypeshould be changed
This is a BMS script
I think comtype
Code: Select all
lzham "18 8 0 0 0"This is a BMS script
Code: Select all
# Clash Royale / Clash of Clans (script 0.2.4)
# script for QuickBMS http://quickbms.aluigi.org
get NAME basename
get EXT extension
if EXT == "csv"
getdstring PROP 5
get SIZE long
savepos OFFSET
get ZSIZE asize
math ZSIZE -= OFFSET
string NAME p= "%s_unpack.%s" NAME EXT
comtype lzma_0 PROP
clog NAME OFFSET ZSIZE SIZE
cleanexit
endif
endian big
idstring "SC"
get VER long
if VER >= 4
get DUMMY long # 1
endif
get DUMMYSZ long
getdstring DUMMY DUMMYSZ
get SIZE asize
endian little
savepos OFFSET
getdstring SIGN 4
goto OFFSET
get SIGN32 long
math XSIZE = -1
if SIGN == "SCLZ"
get FLAGS byte # 0x12
comtype lzham "18 8 0 0 0"
elif SIGN32 == 0xfd2fb528
comtype zstd
math XSIZE = SIZE # no matter
else
goto OFFSET
getdstring LZMA_PROP 5
comtype lzma_0 LZMA_PROP
endif
if XSIZE < 0
get XSIZE long
savepos OFFSET
endif
math SIZE - OFFSET
clog NAME OFFSET SIZE XSIZE
-
3IMiner
- Posts: 14
- Joined: Wed Jul 06, 2022 9:39 am
Re: Can it be updated clash royale.bms?
Day4....
"Novices on the road are destined to be novices"
I detected the format through BMS analysis and compression.
See the suitable in many compression.
These are two kinds of comparisons.
Test Version:
SC that can be decrypted before:
There are more files It's not listed here. I've packed it.
File:
However, how to find the offset corresponding to zsite and size here? Do you have a kind person to tell me...
Thanks.
"Novices on the road are destined to be novices"
I detected the format through BMS analysis and compression.
See the suitable in many compression.
Code: Select all
- open input file C:\Users\3IMiner\Documents\Supercell\Test\ui_badges.sc
- open script comtype_scan2.bms
- set output folder C:\Users\3IMiner\Documents\Supercell\Test\
offset filesize filename
--------------------------------------
test algorithm number 26: ZSIZE 38924, SIZE 778480
00000000 778480 ASCII85.dmp
- 1 files found in 0 seconds
coverage file 0 100% 38924 38924 . offset 00000000These are two kinds of comparisons.
Test Version:
SC that can be decrypted before:
There are more files It's not listed here. I've packed it.
File:
However, how to find the offset corresponding to zsite and size here? Do you have a kind person to tell me...
Thanks.
-
3IMiner
- Posts: 14
- Joined: Wed Jul 06, 2022 9:39 am
Re: Can it be updated clash royale.bms?
Orz...
I hope someone can help...
I hope someone can help...