Rayman Raving Rabbids (Wii) - encrypted archive header(.bf)

[AnonBaiter]

Here is a sample. It seems to be XOR judging from the beginning of the file.

[aluigi]

For example xored with the bytes: 0xb3 0x98 0xcc 0x66

[AnonBaiter]

Okay, now I`m getting somewhere with this.

The script shows the whole progress I`ve been having with some of those Ubisoft games that used Jade engine(Ubisoft Montpellier`s post-2003 games, and the Prince of Persia trilogy courtesy of Ubisoft Montreal), or we were never told it was used in the first place(Just Dance(2009) by Ubisoft Paris).

[aluigi]

It's a big script, the format seems quite complex

[AnonBaiter]

It's a big script, the format seems quite complex

Well, I decided to just go and look out for Ubisoft games that used this format. Which is why the script grew this much.

[ponaromixxx]

Okay, now I`m getting somewhere with this.

The script shows the whole progress I`ve been having with some of those Ubisoft games that used Jade engine(Ubisoft Montpellier`s post-2003 games, and the Prince of Persia trilogy courtesy of Ubisoft Montreal), or we were never told it was used in the first place(Just Dance(2009) by Ubisoft Paris).

And for the game Peter Jackson's King Kong does not work . Is it possible to alter the script for this game?

[AnonBaiter]

And for the game Peter Jackson's King Kong does not work . Is it possible to alter the script for this game?

It`s because the script is not ready and I would rather fill in the puzzles for an entire filename of just one file than just extract the archives without the filenames(a.k.a. hashes as filenames, or just "").

[ponaromixxx]

And for the game Peter Jackson's King Kong does not work . Is it possible to alter the script for this game?

It`s because the script is not ready and I would rather fill in the puzzles for an entire filename of just one file than just extract the archives without the filenames(a.k.a. hashes as filenames, or just "").

Clearly, we will wait for the development of the script)

[RibShark]

This tool was found in a (likely unofficial) Russian installer for the game. It was named bftool.exe but it self-identifies as dpktool. It seems to sucessfully unpack Rayman4.bf at least partially, but always crashes in the same place while unpacking. It's meant to also have a function to repack back into a BF but that hasn't sucessfully worked for me yet. Maybe this EXE could be analysed to further decode the BF format?

[AnonBaiter]

Interesting how you managed to find that...

[mzkoops56]

Hi! I have the .bf archive from Just Dance 1 but the script won't extract any files from it. I tried using the debug function of quickbms to see what is wrong but I can't see what is happening. I have uploaded a sample to see if you would like to test or edit the script for it.
https://drive.google.com/open?id=0B-YcY ... EoyM3Qxbmc

[AnonBaiter]

Hi! I have the .bf archive from Just Dance 1 but the script won't extract any files from it. I tried using the debug function of quickbms to see what is wrong but I can't see what is happening.

It actually works well with my script, but it's still skeleton at its core. I advise you to read the entire thread for details as to why it won't work as you expect it to.

[AnonBaiter]

Okay, now here's a question for aluigi(although anyone can answer as well).

So, I've already XOR-ed the header, right? However, turns out it also affects the entire archive as well, right after the entire header(which is TOTAL_INFO_SIZE) since they didn't go through the same encryption process anyway.

I had this solution that could've XOR-ed everything back to normal after all the information has been obtained but it doesn't work:

Code: Select all

      if BF_SIGN == "BUG"
         filexor "\xb3\x98\xcc\x66" OFFSET
      endif

See this file for example.

[AnonBaiter]

Never mind, I had thought of another method.

So I decided to do something like this:

Code: Select all

log MEMORY_FILE OFFSET SIZE

So by logging MEMORY_FILE with the OFFSET and SIZE field you can see the script trying to get away with the whole "filexor" process by saving every single byte that came from the original archive with an encrypted header(Rayman4.bf in this case). I have updated the script so it now supports extraction, although its filename is assigned through a DUMMY1 variable.

[ponaromixxx]

And there is a possibility how to extract files with names for example here such names are there for sounds en_de_03a_code_09.wad

Sound_Common.bf

[AnonBaiter]

And there is a possibility how to extract files with names for example here such names are there for sounds en_de_03a_code_09.wad

Figuring out the directory tree is my highest priority, so until I find a way to support this tree assigning the filename to what was the original filename might be considered.

[ponaromixxx]

And there is a possibility how to extract files with names for example here such names are there for sounds en_de_03a_code_09.wad

Figuring out the directory tree is my highest priority, so until I find a way to support this tree assigning the filename to what was the original filename might be considered.

So, so far there is no way to assign names in any other way?

[AnonBaiter]

And there is a possibility how to extract files with names for example here such names are there for sounds en_de_03a_code_09.wad

Figuring out the directory tree is my highest priority, so until I find a way to support this tree assigning the filename to what was the original filename might be considered.

So, so far there is no way to assign names in any other way?

There are currently two choices:
1. Assign the filename by the NAME variable, at which point you need to modify a few lines.
2. Assign the filename as a 32-bit hash value(what the script does).

[ponaromixxx]

Figuring out the directory tree is my highest priority, so until I find a way to support this tree assigning the filename to what was the original filename might be considered.

So, so far there is no way to assign names in any other way?

There are currently two choices:
1. Assign the filename by the NAME variable, at which point you need to modify a few lines.
2. Assign the filename as a 32-bit hash value(what the script does).

Sorry, but I do not understand scripts very well, and I can not fix it myself, could you help me !?

[AnonBaiter]

Sorry, but I do not understand scripts very well, and I can not fix it myself, could you help me !?

Help you through what exactly?
Also I just updated the script for you.