Patapon (DATAMS.BND) unusal file

[OwocekTV]

So, I've tried use the patapon.bms plugin, and that worked very very well on normal files with header "BND".
But there are 2 files, DATAMS.HED and DATAMS.BND.
DATAMS.HED is Table of Content of this file (which every bnd file have)
DATAMS.BND is... some kind of encrypted/packed thing... even can't be open with patapon.bms.
I've used comtype_scan, and nothing.

http://i.imgur.com/AeHDoiF.png That's how it's look (image too big to post here)

Here's that two files:
https://dl.dropboxusercontent.com/u/105 ... DATAMS.BND
https://dl.dropboxusercontent.com/u/105 ... DATAMS.HED

Thanks!

[aluigi]

The files stored in the BND archive are encrypted probably with AES (or maybe also *TEA).

The following script is just a work-in-progress that will be updated when someone will provide the key and algorithm:

Code: Select all

encryption ???

open FDDE "HED"
open FDDE "BND" 1
idstring "BND\0"
get DUMMY long
get ALIGN long
get HEAD_OFF long
get INFO_OFF long
goto 0x20
get DUMMY long
get FILES long
goto INFO_OFF

for
    get ID byte
    get DUMMY byte
    get DUMMY byte
    get OFFSET long
    get NAME string

    savepos TMP
    goto OFFSET
    get CRC long
    get SIZE long
    get OFFSET long
    get ZSIZE long
    goto TMP

    if ID < 0x80
        putarray 0 ID NAME
    else
        xmath ID "0xff - ID"
        getarray FNAME 0 ID
        string FNAME += NAME
        if ZSIZE & 0x20000000
            math ZSIZE & 0x1fffffff
            clog FNAME OFFSET ZSIZE SIZE
        else
            log FNAME OFFSET SIZE
        endif
        math i += 1
    endif
next

[OwocekTV]

I think, that 8 encrypted bytes is 1 decrypted byte.
How do I know?
Some of 8 byte parts repeats very often, like 4E 29 F6 11 84 97 6C 1E, or 24 57 27 D2 8B AC E2 07, but It's not confirmed.
That's only my thought.

[OwocekTV]

i was totally wrong from the beginning, it's not an encryption method, its hashed up. Found reference of "HashEncrypt.cpp" inside Patapon 3 RAM dump.