麻辣江湖 - *.pak

[Viserion]

Web: http://mj.xoyo.com/
Examples: https://mega.co.nz/#!px9hCD7C!o9UQMpdIx ... M1d9lweHsE

Thanks.

[aluigi]

http://aluigi.org/papers/bms/others/wxsj_online.bms

I have updated it because now it uses "TYPE & 0x20" for the compressed files so I just used "if TYPE != 0".

[Ekey]

Code: Select all

    get ZSIZE long
    math ZSIZE &= 0x7FFFFFF

    if SIZE != ZSIZE
        clog "" OFFSET ZSIZE SIZE
    else
        log "" OFFSET SIZE
    endif

ps: First DWORD in entry it's hash from file name.

[Ekey]

I try make gui unpacker but decompression does not work for all files. Script does not work too. I guess large files are compressed by chunks?

Sample

Code: Select all

  offset   filesize   filename
--------------------------------------
  0000beb1 4286       00000000.dat
  0000c68f 4286       00000001.dat
  01e687bf 9223160    00000002.dat

Error: the compressed UCL input is wrong or incomplete (-203)
Info:  offset where the compression failed: 01e687bf

Error: there is an error with the decompression
       the returned output size is negative (-1)

[aluigi]

Ok, script updated.

The chunks are used if TYPE & 0x10.
Note that WXSJ Online used TYPE & 0x10 for the non-chunked compression so I guess it may not work with that game.

Anyway I have added a FORCE_WXSJ in case someone has problems with that (old?) game.

[Viserion]

Thanks Ekey and aluigi!

Have some problem with extensions and name:
http://i.imgur.com/4oBXHa2.png

[Ekey]

Thanks Ekey and aluigi!

Have some problem with extensions and name:
http://i.imgur.com/4oBXHa2.png

Archives don't contain file names, only hashes.

Well ok. I resolve this problem. Game check it like this:

Code: Select all

   dwCompType = dwZSize & 0xF0000000;

   if (dwCompType == 0x20000000)
   {
      //Single Data
      dwType = 1;
   }
   else if (dwCompType == 0x10000000)
   {
      //Compressed with chunks
      dwType = 2;
   }
   else
   {
      //Error
      dwType = -1;
   }

Now

Code: Select all

struct UCLChunksHeader
{
   ucl_uint   dwChunksCount;
   ucl_uint   dwChunksTableOffset;
};

struct UCLChunksEntry
{
   ucl_uint   dwChunksOffset;
   ucl_uint   dwChunksSize;
   ucl_uint   dwChunksZSize; // &0x7FFFFFF
};

And it works perfect. I will share unpacker with detecting file names later.

[Ekey]

Here my unpacker. I don't test it on biggest archives, I hope it works too

[aluigi]

What is the crc algorithm used for the names?

My scanner wasn't able to get 0x7a051963 from "\script\achievement\achievement_client.lua".

I'm implementing a new feature in quickbms

[Ekey]

My scanner wasn't able to get 0x7a051963 from "\script\achievement\achievement_client.lua".

It's valid hash from name. Here

Code: Select all

int __cdecl mljh_get_FileNameHash(int pString)
{
  char pTemp;
  unsigned int dwHash;

  dwHash = 0;
  for (int i = 0; *(BYTE *)(i + pString); ++i )
  {
    //tolower i guess? :]
    pTemp = *(BYTE *)(i + pString);
    if ( pTemp < 65 || pTemp > 90 )
    {
      if ( pTemp == 47 )
        pTemp = 92;
    }
    else
    {
      pTemp += 32;
    }
    dwHash = -17 * (dwHash + pTemp * (i + 1)) % 0x8000000B;
  }
  return dwHash ^ 0x12345678;
 }

[aluigi]

Ok so it's a custom algorithm.

[aluigi]

Do you have some "statistics" about the most used checksum algorithms used for names?

I have just finished to implement a NameCRC command in quickbms beta, it works perfectly and uses just the crc engine of quickbms, so it's highly customizable.
It pre-calculate the checksum on the original string, tolower, tolower + \, skipping any \/: at the beginning, inverting all the \ in / and viceversa.

I want to understand how much useful it will be, in theory it's great

[Ekey]

75% - CRC32 (also modified > tables)
50% - FNV1a
50% - StormHash (mostly used in Chinese's MMO's)
45% - Custom algorithms
35% - CRC64
10% - Jenkins
5% - sdbm (with 65599 constant)
5% - FNV64
1% - MD5 (yeah MD5)

[aluigi]

Thanks.
Do you have examples of "Stormhash"?
I have found no references online.

Regarding the others, I'm improving the crc engine to support everything.

[Ekey]

Stormhash it's from StormLib -> https://github.com/ladislav-zezula/StormLib

DWORD HashString(const char * szFileName, DWORD dwHashType)
DWORD HashStringSlash(const char * szFileName, DWORD dwHashType)
DWORD HashStringLower(const char * szFileName, DWORD dwHashType)

https://github.com/ladislav-zezula/Stor ... Common.cpp

[aluigi]

Interesting.
HashString, decryptmpq, Huffman and Sparse are interesting stuff to implement in the next quickbms.

I remember that 0xeeeeeeee seen in some of your dumped functions on xentax, so I guess it's just decryptmpqblock used in various games.

[Viserion]

Current tool don't working to new client version.

https://mega.co.nz/#!tl1QXDyY!q7nMRtsST ... EcPVJ2uogo

[aluigi]

The wxsj_online.bms script works.

[Viserion]

.
Yes, but are random names. :/

[aluigi]

Interesting.
All the files are perfect except the graphic data inside the dds that is not obfuscated in my opinion, but doesn't produce a valid image (all the headers are ok).

I have attached some dds in case someone wants to check them.