Strings from a game called Warframe. Anybody who can identify how to decode/decrypt it?

[angorr]

I'm out of ideas as to what it could be.

Code: Select all

[°Z8²ÿ7vJ¡§›Ž`z!âÌïWëωÇ=Î÷þ)±…E=6a3¹ÜÞ9EGêrÈÞ<~ú›«Ø€<½Ÿ
×ûd"Õ#Åî³2Æ(Í51¹°ö‘6<õŒ“Í2[œ¤A£ìîîr’[±Ï¥—ä‰%8¶>;äçy)ƒÁSqöxŠª(µÍ–‰Ã¯Do‰JQæ°Ñ`z¾)+dñbóÝzR|m,À[+dñbóÝzR|m,À[+dñbóÝzR|m,À[

Code: Select all

E÷\ÌhBü>Î…Àî0ùô‰îåñ¾a™øPÛtÊÌ¡Áʺ—ÑS‘4{·Á¦³Éõ,¼×kb/`¦ç2pD¹1L©=ܲ”4zÉl&O1³ß4³HIŸ¤u—»ÍÃËM;#±*+k{óoªÖ³Š)„ß“¾‰É™û00ϨÄþmè|ÿºxƒ° FŽÃä¸Ö¶ÂT!µ“oò™–ÿ홈S’õu»¢Gå7¼­.‚ ˳ݨ좪)“ˆ7¼­.‚ ˳ݨ좪)“ˆ7¼­.‚ ˳ݨ좪)“ˆ

Code: Select all

Žœ%ìFÐŽúrŠÉäÿè-;µŠ”[þM†—œ²êÈOÄÑu(ÒfRðЈ}Úä‚ZAíjˆ¬f9›íøCƒtð¸Nl‰œØßÑÞ]­ºyö!0c†FîÆwµ%ÚS3\Ž(J±~õ,§à×5¾±”Þ4>̶ûÕŽ0—¤Æãðdg_’GjõÆ7Ÿf­‚ƃ©:`ÊcNànå5LÓ®ª
–0?³
ö“
]$¢…ð¿\P>a’ 7"ÚϏ§]>Œo
˜ÈXw³âÉÒsTv
}À,ò‰÷“ÄÀ•k7òÐr…™ò4Ú>ù‡ùÃ~$Oªâ¶A j`dÉ6®Yyª[ê#ðí™ÄMXš‡&k|Å+#äQÆíQ‘Pª7½B
1Õž®ærÀ‘ó‘Ý6"KíÓ20“òñ±Î/ÈÌ‹jx·bÅ=ž}`¹¹éqPIoì“ËÈR»UõQY‰syqiÙ;:IÕÜ„¯X}TÌ@3>÷Ûzò•¶uø—XåOŸ
4úžüît-³’»ï_
Ka‚|ÒÃÀ¦iXˆËr G*!øb©2&(ßËË
ãÃÓìâ‹j_W½
ÈëÔÞ«CÕÌ2µŸ¥Áë5­ö‰ƒ}ùš„m„Ã~µ}ÁˆÂ¥Áœ¡¹µyJ0…#ÿ¸™†w>$•±«J¿ÚQP«ž•,|   ðÅWùÂkÀt wö-¦(érÝû8_ŽwØ­b·6íy&dùÛ}ºÃÄÅ ©~ŠðçS_(žGcœ-7×è=šb„êwÃñ<ܦd¸3ááþŸáTy¼˜AgK›‚i<¹éqPIoì“ËÈR»UõQY‰syqiÙ;:IÕÜ„¯X}TÌ@3>÷Ûzò•¶uÀÏýÁç‰Ú–{Ù¡!¬gšb„êwÃñ<ܦd¸3ááÌ‹jx·bÅ=ž}`¹¹éqPIoì“ËÈR»UõQY‰syqiÙ;:IÕÜ„¯X}TÌ@3>÷Ûzò•¶u:Ù›   ?g!Kbz¨ù…Áûˆíw}ö…0‹“ò8ƒ ㈊<½í©twãTÄêá;ÝãŠ<½í©twãTÄêá;ÝãŠ<½í©twãTÄêá;Ýã

edit: added two more strings.

[angorr]

Scan results of the exe using signsrch. So far i've not found any matching encryption algorithms.

Code: Select all

offset   num  description [bits.endian.size]
  --------------------------------------------
  000a3761 3048 DMC compression [32.le.16&]
  00132a1b 1018 MD5 digest [32.le.272&]
  00132a30 2053 RIPEMD-128 InitState [32.le.16&]
  0013c105 937  camellia [32.le.48&]
  012115ed 876  SHA256 Initial hash value H (0x6a09e667UL) [32.le.32&]
  0125fb94 1036 SHA1 / SHA0 / RIPEMD-160 initialization [32.le.20&]
  0139b0f0 1996 rfc3548 Base 64 Encoding with URL and Filename Safe Alphabet [..62]
  0139b0f0 2005 B64EncodeTable [..64]
  0139b180 641  CRC-32-IEEE 802.3 [crc32.0x04c11db7 le rev int_min.1024]
  0139b180 648  CRC-32-IEEE 802.3 [crc32.0xedb88320 lenorev 1.1024]
  0139b580 129  Adler CRC32 (0x191b3141) [32.le.1024]
  0139b980 131  Adler CRC32 (0x01c26a37) [32.le.1024]
  0139bd80 133  Adler CRC32 (0xb8bc6765) [32.le.1024]
  0139c180 645  CRC-32-IEEE 802.3 [crc32.0x04c11db7 be rev int_min.1024]
  0139c180 652  CRC-32-IEEE 802.3 [crc32.0xedb88320 benorev 1.1024]
  0139c580 130  Adler CRC32 (0x191b3141) [32.be.1024]
  0139c980 132  Adler CRC32 (0x01c26a37) [32.be.1024]
  0139cd80 134  Adler CRC32 (0xb8bc6765) [32.be.1024]
  0139d648 939  camellia_sp1110 [32.le.1024]
  0139da48 941  camellia_sp0222 [32.le.1024]
  0139de48 943  camellia_sp3033 [32.le.1024]
  0139e248 945  camellia_sp4404 [32.le.1024]
  013d766f 1038 padding used in hashing algorithms (0x80 0 ... 0) [..64]
  01543820 1290 __popcount_tab (compression?) [..256]
  0158a6e8 2875 libavcodec ff_mjpeg_val_ac_luminance [..162]
  0158a7a0 2876 libavcodec ff_mjpeg_val_ac_chrominance [..162]
  0158a9a8 1115 Jpeg dct 14 bit aanscales [16.le.128]
  0158aa28 1119 Jpeg dct AA&N scale factor [double.le.64]
  0158aba0 3038 unlzx table_three [32.le.64]
  0158aca0 1809 libdjvu GPixmap dither table [..256]
  0158db88 1087 Zlib length_code [..256]
  0158dc88 1086 Zlib dist_code [..512]
  0158de88 2294 zinflate_lengthExtraBits [32.le.116]
  0158df10 2303 zinflate_distanceExtraBits [32.le.120]
  0158e4d0 1089 Zlib base_length [32.le.116]
  0158e548 1091 Zlib base_dist [32.le.120]
  0158e5f0 2289 zinflate_lengthStarts [16.le.58]
  0158e670 2296 zinflate_distanceStarts [16.le.60]
  01598810 878  Hash constant words K for SHA-384 and SHA-512 [64.le.640]
  0159a2c0 874  SHA256 Hash constant words K (0x428a2f98) [32.le.256]
  0159b320 951  DES semi weak keys [..96]
  0159b380 950  DES odd_parity [..256]
  0159b480 952  DES skb [32.le.2048]
  0159b500 2229 DES2_DS [32.le.128]
  0159bfe0 1009 ASCII to BIN table [..128]
  0159c0b8 896  Rijndael Te0 (0xc66363a5U) [32.le.1024]
  0159c4b8 898  Rijndael Te1 (0xa5c66363U) [32.le.1024]
  0159c8b8 900  Rijndael Te2 (0x63a5c663U) [32.le.1024]
  0159ccb8 902  Rijndael Te3 (0x6363a5c6U) [32.le.1024]
  0159d0b8 905  Rijndael Td0 (0x51f4a750U) [32.le.1024]
  0159d4b8 907  Rijndael Td1 (0x5051f4a7U) [32.le.1024]
  0159d8b8 909  Rijndael Td2 (0xa75051f4U) [32.le.1024]
  0159dcb8 911  Rijndael Td3 (0xf4a75051U) [32.le.1024]
  0159e0b8 895  AES Rijndael Si / ARIA X1 [..256]
  0159e1b8 914  Rijndael rcon [32.le.40]
  0159e1bb 915  Rijndael rcon [32.be.40]
  015b0b98 994  EC curve _EC_SECG_CHAR2_193R2_SEED [..20]
  015b0d20 995  EC curve _EC_NIST_CHAR2_233B_SEED [..20]
  015b0fa8 996  EC curve _EC_NIST_CHAR2_283B_SEED [..20]
  015b11f0 997  EC curve _EC_NIST_CHAR2_409B_SEED [..20]
  015b1510 998  EC curve _EC_NIST_CHAR2_571B_SEED [..20]
  015b16e8 999  EC curve _EC_X9_62_CHAR2_163V1_SEED [..20]
  015b1790 1000 EC curve _EC_X9_62_CHAR2_163V2_SEED [..20]
  015b1838 1001 EC curve _EC_X9_62_CHAR2_163V3_SEED [..20]
  015b1980 1002 EC curve _EC_X9_62_CHAR2_191V1_SEED [..20]
  015b1a38 1003 EC curve _EC_X9_62_CHAR2_191V2_SEED [..20]
  015b1af0 1004 EC curve _EC_X9_62_CHAR2_191V3_SEED [..20]
  015b1c60 1005 EC curve _EC_X9_62_CHAR2_239V1_SEED [..20]
  015b1d38 1006 EC curve _EC_X9_62_CHAR2_239V2_SEED [..20]
  015b1e10 1007 EC curve _EC_X9_62_CHAR2_239V3_SEED [..20]
  015b20d0 1008 EC curve _EC_X9_62_CHAR2_359V1_SEED [..20]
  015b3818 971  EC curve _EC_NIST_PRIME_192_SEED [..20]
  015b38d0 972  EC curve _EC_NIST_PRIME_224_SEED [..20]
  015b39a0 973  EC curve _EC_NIST_PRIME_384_SEED [..20]
  015b3ae8 974  EC curve _EC_NIST_PRIME_521_SEED [..20]
  015b3c98 975  EC curve _EC_X9_62_PRIME_192V2_SEED [..20]
  015b3d50 976  EC curve _EC_X9_62_PRIME_192V3_SEED [..20]
  015b3e08 977  EC curve _EC_X9_62_PRIME_239V1_SEED [..20]
  015b3ee0 978  EC curve _EC_X9_62_PRIME_239V2_SEED [..20]
  015b3fb8 979  EC curve _EC_X9_62_PRIME_239V3_SEED [..20]
  015b4090 980  EC curve _EC_X9_62_PRIME_256V1_SEED [..20]
  015b4178 981  EC curve _EC_SECG_PRIME_112R1_SEED [..20]
  015b41f0 982  EC curve _EC_SECG_PRIME_112R2_SEED [..20]
  015b4268 983  EC curve _EC_SECG_PRIME_128R1_SEED [..20]
  015b42f0 984  EC curve _EC_SECG_PRIME_128R2_SEED [..20]
  015b4408 985  EC curve _EC_SECG_PRIME_160R1_SEED [..20]
  015b44b0 986  EC curve _EC_SECG_PRIME_160R2_SEED [..20]
  015b4940 987  EC curve _EC_SECG_CHAR2_113R1_SEED [..20]
  015b49c0 988  EC curve _EC_SECG_CHAR2_113R2_SEED [..20]
  015b4a40 989  EC curve _EC_SECG_CHAR2_131R1_SEED [..20]
  015b4ad0 990  EC curve _EC_SECG_CHAR2_131R2_SEED [..20]
  015b4d10 993  EC curve _EC_SECG_CHAR2_193R1_SEED [..20]
  015b5d48 954  DES SPR SPtrans [32.le.2048]
  015bae40 1021 RC2 skey key_table [..256]
  015baf48 2065 Haval init [32.le.32&]
  015baf48 919  Blowfish bfp table [32.le.72]
  015baf68 1054 Haval hash pass2 [32.le.128&]
  015baf90 921  Blowfish ks0 table [32.le.1024]
  015baf90 2335 Blowfish_s_init [32.le.4096]
  015bafe8 2067 Haval mc3 [32.le.128]
  015bb048 2219 HAVAL2_DS [32.le.32]
  015bb068 2069 Haval mc4 [32.le.128]
  015bb0c8 2217 HAVAL1_DS [32.le.32]
  015bb0e8 2071 Haval mc5 [32.le.128]
  015bb390 923  Blowfish ks1 table [32.le.1024]
  015bb790 925  Blowfish ks2 table [32.le.1024]
  015bbb90 927  Blowfish ks3 table [32.le.1024]
  015bbfa0 2333 CAST_S [32.le.8192]
  015bbfa0 2121 CAST128 / CAST256 sbox1 [32.le.1024]
  015bc3a0 2123 CAST128 / CAST256 sbox2 [32.le.1024]
  015bc7a0 2125 CAST128 / CAST256 sbox3 [32.le.1024]
  015bcba0 2127 CAST128 / CAST256 sbox4 [32.le.1024]
  015bcfa0 2113 CAST128 sbox5 [32.le.1024]
  015bd3a0 2115 CAST128 sbox6 [32.le.1024]
  015bd7a0 2117 CAST128 sbox7 [32.le.1024]
  015bdba0 2119 CAST128 sbox8 [32.le.1024]
  015bdfb8 2152 seed_SS0 [32.le.1024]
  015be3b8 2154 seed_SS1 [32.le.1024]
  015be7b8 2156 seed_SS2 [32.le.1024]
  015bebb8 2158 seed_SS3 [32.le.1024]
  015c07aa 1947 small prime numbers used in libgcrypt [16.le.1336]
  015c1fb5 2079 Generic squared map [32.be.64]
  015c1fb8 2078 Generic squared map [32.le.64]
  015c40a0 1051 Whirlpool rc [64.be.80]
  015c7638 2170 WHIRILPOOL_DS [64.le.64]
  015c7638 1048 Whirlpool C0 table [64.le.2048]
  015c7e38 1046 Whirlpool obsolete C0 table [64.le.2048]
  015c8638 2025 Whirlpool C2 [64.le.2048]
  015c8e38 2027 Whirlpool C3 [64.le.2048]
  015cb640 1050 Whirlpool rc [64.le.80]
  015d9b24 2545 anti-debug: IsDebuggerPresent [..17]
  0160b0f0 843  ima_adpcm step table [32.le.356]
  01664518 1039 SSL3 pad 1 and 2 [..96]
  0169f1c8 3032 PADDINGXXPADDING [..16]
  017c2276 917  SSH RSA id-sha1 OBJ.ID. oiw(14) secsig(3) algorithms(2) 26 [..15]

[aluigi]

I think you need to add more details like for example where are located these strings.

[Golem]

I think you need to add more details like for example where are located these strings.

I'll provide some context to this.
The strings OP posted are copied directly from unpacked game files and are supposed to provide drop chances for various items obtained by completing missions.
Those files most likely only contain plain text which has been published in a more readable form by some group for the previous versions of the game.

Example of what OP posted:

Code: Select all

;•¤´·ŐąĽ‰LµŃżQX5Ť…ŻM‰Ĺ’mYłĺ°Ĺ`3|“üUĘč–EŠk5ˇz
ˆT{ü˝sŤŐ±k,$
t»

in hex:

Code: Select all

3B 95 A4 B4 B7 D5 B9 BC 89 4C B5 D1 BF 03 51 58 
35 8D 85 1B AF 4D 89 C5 92 6D 59 B3 E5 B0 C5 60 
33 7C 93 FC 55 CA E8 96 45 8A 6B 35 A1 7A 01 88 
06 54 7B FC BD 73 14 8D D5 B1 6B 2C 24 0A 74 BB 
0F 

and most likely contains the following text:

Code: Select all

 - Mercury, Terminus, MT_SABOTAGE, FC_INFESTATION, NT_MISSION
 - Mercury, Neruda, MT_SABOTAGE, FC_GRINEER, NT_EVENT
 - Venus, Ishtar, MT_SABOTAGE, FC_CORPUS, NT_MISSION
 - Mars, Gradivus, MT_SABOTAGE, FC_CORPUS, NT_MISSION
Stripped=True

But we don't know in what ways that plain text was edited by the publishing group.

We can expect developers to change the encryption methods soon (they have done it in the past) because there's some drama going on atm.

[angorr]

Golem is correct. I was going to fill in this information as well but was unable to at the time. Thanks for clearing things up!

[diana55]

I think you need to add more details like for example where are located these strings.

I'll provide some context to this.
The strings OP posted are copied directly from unpacked game files and are supposed to provide drop chances for various items obtained by completing missions.
Those files most likely only contain plain text which has been published in a more readable form by some group for the previous versions of the game.

Example of what OP posted:

Code: Select all

;•¤´·ŐąĽ‰LµŃżQX5Ť…ŻM‰Ĺ’mYłĺ°Ĺ`3|“üUĘč–EŠk5ˇz
ˆT{ü˝sŤŐ±k,$
t»

in hex:

Code: Select all

3B 95 A4 B4 B7 D5 B9 BC 89 4C B5 D1 BF 03 51 58 
35 8D 85 1B AF 4D 89 C5 92 6D 59 B3 E5 B0 C5 60 
33 7C 93 FC 55 CA E8 96 45 8A 6B 35 A1 7A 01 88 
06 54 7B FC BD 73 14 8D D5 B1 6B 2C 24 0A 74 BB 
0F 

and most likely contains the following text:

Code: Select all

 - Mercury, Terminus, MT_SABOTAGE, FC_INFESTATION, NT_MISSION
 - Mercury, Neruda, MT_SABOTAGE, FC_GRINEER, NT_EVENT
 - Venus, Ishtar, MT_SABOTAGE, FC_CORPUS, NT_MISSION
 - Mars, Gradivus, MT_SABOTAGE, FC_CORPUS, NT_MISSION
Stripped=True

But we don't know in what ways that plain text was edited by the publishing group.

We can expect developers to change the encryption methods soon (they have done it in the past) because there's some drama going on atm.

Hello,

How did you translate the code to English? I can't make it work.

[Golem]

Hello,

How did you translate the code to English? I can't make it work.

The text I posted is not decrypted from game files directly. It's what was posted by a group that previously released decrypted data on their repository.
I just assumed the content because they also included the path to the correct file.