Saint Seiya (APK) - Almost ready for a QuickBMS Script!

[griffon]

Hi folks!

I'm trying to access the model files of Saint Seiya APK.
It's a Unity game and I have access to both the ".apk files" and the "downloaded data files"

I've searched every file, most of them I was able to extract using Unity Studio, but I haven't found the character's models anywhere...

I did find around 56 CAB-* files that seem to be encrypted (they have __crypto__ written on them)
I'm really hoping that those are the model files.
Could you guys take a look at the sample and see if you can solve the challenge?

Couple of months ago the pros . and @Ekey managed to solve a similar problem on One Piece's APK (also created by Bandai)

Thanks in advance guys!

[Ekey]

Share APK with game.

[griffon]

Here you go: http://www.mediafire.com/download/gb5r2 ... iya_ZB.apk

*I had to upload it to media fire, because the game is for japanese people online, so you can't really download it from playstore. Just in case, here's the official link https://play.google.com/store/apps/deta ... .seiyazbjp

[griffon]

Guys, I've been trying hard over the past days to find extract those files. Not finding a way to extract them is like a itch i can't scratch.
There must be a way!!

I've managed to extract the APK's source code, maybe there's a clue in there but I don't know Java...

Could you guys take a look and see if you find the extraction key?

.APK Java code: http://www.mediafire.com/download/ud1my ... -+JAVA.zip

[griffon]

New version 1.5. Once again it's only downloadable if you are japanese, but here is an alternative https://drive.google.com/file/d/0ByqXZO ... ef=2&pli=1

Please guys, let's solve this challenge!

[aluigi]

Since it's a Unity game you can rely only on the Unity extraction tools available, like my unity.bms script and the other couple of tools.
No other ways.

[griffon]

Since it's a Unity game you can rely only on the Unity extraction tools available, like my unity.bms script and the other couple of tools.
No other ways.

Your script is great and works flawless with most of the CAB~ files, such as CAB~ containing .TEX, .MP3, .ANI and .SHADER.

However, when I use your script for some CAB~ the output is a __crypto__ file. So far, I haven't been able to extract / undestand that file using any known script.

I know you must be a very busy guy, but thanks for taking your time and answering

Sample of a __crypto__ (1,2mb): http://www.mediafire.com/download/hn32e ... 38c81c.rar

[aluigi]

That name didn't give much hope and indeed it looks encrypted.

[griffon]

Can anyone tell me where on the APK code should the key be stored?

I've been trying to search for it, but it's like a needle on a haystack since I don't really know what exactly am I look for

[griffon]

. @Ekey

I think I've found they way to decrypt the __crypto__ file !!!!

I suck at reading code, but I've found the part of the DLL that handles the decryption! Is this enough to create the QuickBMS Script ? Can you guys give it a try ?



Thanks in advance guys!

[griffon]

Annnnnd here's the _nativeDecryptToAssetbundle funcion that really does the decrypting:

I've found _nativeDecrypto function inside libarrow.so. I managed to disassemble it with IDA software
I believe the language IDA uses is called ARM (http://simplemachines.it/doc/arm_inst.pdf)

What do you think ., is this enough for a script?