Rockman X DiVE
-
- Posts: 719
- Joined: Sat Sep 28, 2019 7:00 pm
Rockman X DiVE
Here are two scripts for decrypting game assets, which are stored in AppData\LocalLow\CAPCOM folder, and also for LocalTextData.bin stored in the game folder. Audio acb files are compatible with vgmstream.
-
- Posts: 5
- Joined: Sat Apr 09, 2022 4:00 am
Re: Rockman X DiVE
now's not the time to post this while the game's still in service so please delete this post immediately. Otherwise you'll make things harder for us to datamine and also for them to change security measures.
Last edited by GeckoLuigi on Tue Jan 17, 2023 10:38 am, edited 1 time in total.
-
- Posts: 2
- Joined: Tue Jan 17, 2023 9:49 am
Re: Rockman X DiVE
Delete this please, it willl hurt the wiki contributors because the devs will increase the security of the game
Last edited by Megaman176 on Tue Jan 17, 2023 11:01 am, edited 1 time in total.
-
- Posts: 719
- Joined: Sat Sep 28, 2019 7:00 pm
Re: Rockman X DiVE
More than dataminers I only despise dataminers trying to keep their methods for private, despite them known for years (including private discords and such), for whatever reasons. Just don't mistake normal reverse engineers with dataminers, because first are not interested in particular games and their content in most cases and therefore release methods for public. General scheme for Rockman was explained in this topic more than a year ago and it's still the same, including keys and all, I simply implemented it in the script.
But since you've asked for it, I'll disclose the whole scheme based on steam version, while the script above is only a brute-force workaround.
First the game is obtaining manifest from the following link: manifest (date at the end is optional, it's using general format and can be generated manually if needed). It's a base64 encoded string, and after converting it to byte array, it should be decrypted with AES with the key and iv, provided in the linked topic (though iv is missing "=" symbol at the beginning). Decrypted file would be normal json with bundle names, date and crc per bundle.
Then the game is generating key pairs for bundles from manifest. Key is an byte array, derived from crc (in form of uint32 number) like this:
After that bundles are just xored with respective keys.
But the point is that header is always the same (UnityFS) and xor is reversible operation, while key length is limited to 7-10 bytes because of how generating scheme works (it can't exceed uint32.tostring max length value), and therefore you can simply brute-force required key for each bundle in just 4 iterations.
Things with textdata are around the same, though after decrypting AES with the given key and iv, result should be xored with key+iv concatenated string and then decompressed with lz4, where first 4 bytes would be uncompressed size.
But since you've asked for it, I'll disclose the whole scheme based on steam version, while the script above is only a brute-force workaround.
First the game is obtaining manifest from the following link: manifest (date at the end is optional, it's using general format and can be generated manually if needed). It's a base64 encoded string, and after converting it to byte array, it should be decrypted with AES with the key and iv, provided in the linked topic (though iv is missing "=" symbol at the beginning). Decrypted file would be normal json with bundle names, date and crc per bundle.
Then the game is generating key pairs for bundles from manifest. Key is an byte array, derived from crc (in form of uint32 number) like this:
Code: Select all
public static byte[] GenerateBytes(uint crc)
{
uint[] array = (from x in crc.ToString()
select Convert.ToUInt32(x) - 48U).ToArray<uint>();
byte[] array2 = new byte[array.Length];
for (int i = 0; i < array.Length; i++)
{
if (array[i] > 7U)
{
array[i] = 7U;
}
array2[i] = (byte)Math.Pow(2.0, array[i]);
}
return array2;
}
But the point is that header is always the same (UnityFS) and xor is reversible operation, while key length is limited to 7-10 bytes because of how generating scheme works (it can't exceed uint32.tostring max length value), and therefore you can simply brute-force required key for each bundle in just 4 iterations.
Things with textdata are around the same, though after decrypting AES with the given key and iv, result should be xored with key+iv concatenated string and then decompressed with lz4, where first 4 bytes would be uncompressed size.
Last edited by spiritovod on Tue Jan 17, 2023 4:31 pm, edited 2 times in total.
-
- Posts: 2
- Joined: Tue Jan 17, 2023 9:49 am
Re: Rockman X DiVE
There's good reasons why they keep the method private, because 1 if the method is public we would see leaks all over the social media sites and 2 There's a good chance the devs will increase the security which will make it very hard or impossible for the wiki contributors to extract sprites.spiritovod wrote:More than dataminers I only despise dataminers trying to keep their methods for private, despite them known for years (including private discords and such), for whatever reasons. Just don't mistake normal reverse engineers with dataminers, because first are not interested in particular games and their content in most cases and therefore release methods for public. General scheme for Rockman was explained in this topic more than a year ago and it's still the same, including keys and all, I simply implemented it in the script.
But since you've asked for it, I'll disclose the whole scheme based on steam version, while the script above is only a brute-force workaround.
First the game is obtaining manifest from the following link: manifest (date at the end is optional, it's using general format and can be generated manually if needed). It's a base64 encoded string, and after converting it to byte array, it should be decrypted with AES with the key and iv, provided in the linked topic (though iv is missing "=" symbol at the beginning). Decrypted file would be normal json with bundle names, date and crc per bundle.
Then the game is generating key pairs for bundles from manifest. Key is an byte array, derived from crc (in form of uint32 number) like this:After that bundles are just xored with respective keys.Code: Select all
public static byte[] GenerateBytes(uint key) { uint[] array = (from x in key.ToString() select Convert.ToUInt32(x) - 48U).ToArray<uint>(); byte[] array2 = new byte[array.Length]; for (int i = 0; i < array.Length; i++) { if (array[i] > 7U) { array[i] = 7U; } array2[i] = (byte)Math.Pow(2.0, array[i]); } return array2; }
But the point is that header is always the same (UnityFS) and xor is reversible operation, while key length is limited to 7-10 bytes because of how generating scheme works (it can't exceed uint32.tostring max length value), and therefore you can simply brute-force required key for each bundle in just 3 iterations.
Things with textdata are around the same, though after decrypting AES with the given key and iv, result should be xored with key+iv concatenated string and then decompressed with lz4, where first 4 bytes would be uncompressed size.
-
- Posts: 719
- Joined: Sat Sep 28, 2019 7:00 pm
Re: Rockman X DiVE
@Megaman176: You statement is only valid for games in beta or just released state, not when it's years in operation with the same scheme, which is already explained more than a year ago on this very site. Otherwise a game may be in state, when after servers closure some important for a scheme stuff would be already inaccessible and the whole thing becomes nonreversible, except for brute-forcing (if even). Releasing methods for public in the middle of lifetime cycle increasing chances of more data would be preserved, instead of just relying on so-called dataminers and their will to leak things or not. You're just trying to justify yourself and people like you, also taking words out of context in your favor.
-
- Posts: 5
- Joined: Sat Apr 09, 2022 4:00 am
Re: Rockman X DiVE
true, we all agree with your whole statement about this method but, what you're doing it even more publicly might make them even more worse for the devs to patrol some website for leaked content thus they're going to be strictly increasing maximum security thus changing the encryption method for the game. That's why some people are doing it privately to avoid being caught or attract attention to some people playing this game.
So, just for safety measures, i highly recommend that we just keep things private and also refrain from spoiling the game so kindly please delete this forum cause you're attracting leakers from other places as well.
So, just for safety measures, i highly recommend that we just keep things private and also refrain from spoiling the game so kindly please delete this forum cause you're attracting leakers from other places as well.