Evolve Stage Two PAK

[lolwatt]

Hey,

Here is the thing with Evolve; Development is done, it won't be updated anymore.
There are scripts for the models, but we can no longer extract the PAK contents.

There is a tool to extract the PAK, where you have to input a RSA key of 140 bytes, but I had no luck finding the key for the last version of the game.

Supposedly all you had to do was this, but it no longer works:

1) Run the game exe. I did this with the release exe.
2) Alt tab out of it and run NTCore's Explorer Suite.
3) Find the evolve process in Explorer Suite. Right click, hit "Dump PE". You can now close the game and this program.
4) Open the dump in a hex editor and search for hex values (in HxD that's Search > Find > Data Type set to Hex-Values)
5) Search for 3081890281. There are multiple keys in the file, but this is how they all begin. I've found it's the second one that allows you to unpack the .pak files.
6) When you've found a value copy it from the start of the text you searched for 140 bytes. The length of the selection in HxD is 8C.
7) Open RSAKeyData.bin in your hex editor and paste the data. Double check the file size is 140 bytes.

In hopes I can be helped, I uploaded the dumped the .EXE with NTCore, the original .EXE and a few PAK samples.

Link: https://drive.google.com/open?id=1TYILz ... 45erxVUSJB

Any clues?

Thanks!

[lolwatt]

7 days passed. I think I can bump?!

[aluigi]

CryEngine and PakDecrypt, right?
Just adding keywords for future searches

[lolwatt]

Yes, exactly
I suppose it's a real pain to find the new key. Or perhaps more stuff was changed before the free release.


aluigi, if I can request a quick help from you;
The first release of Evolve is also widely available on the internet and that method on the first post kinda works.

I can find two keys starting with 3081890281, in fact, it's the exact same key cra0 posted here. ----> http://forum.xentax.com/viewtopic.php?p=103962#p103962
However, when I try to use the PAK extract, it does not work with any of those keys. (Yes, I made sure it's 140 bytes.)

Now, I'm not sure if I'm doing something dumb or it's really something else.

In case you or someone else wants to have a look, I uploaded everything that you should need here;
The dumped exe, the PakDecrypt and a few .PAKs.

Link: https://drive.google.com/open?id=1rBqbI ... Cyt0oTWN2t

Thanks!

[aluigi]

aluigi, if I can request a quick help from you;

I never worked on this stuff so it's not for me. Sorry.

[lolwatt]

aluigi, if I can request a quick help from you;

I never worked on this stuff so it's not for me. Sorry.

Oh, forgive me.
I thought this was somewhat similar to Unreal encryption or something like that.
If you are not dealing with that, I imagine it's a real pain.
I can list a bunch of CRYENGINE games that were not touched because of the encryption thing, but yeah, c'est la vie.

Thanks anyway!

[cyberspeed]

I never worked on this stuff so it's not for me. Sorry.

Hey Luigi,
I just noticed that while using this key:

Code: Select all

30818902818100A2D11F0C51FA6B451D7E05FE3F06725610A9A77B674FB665F4A12BCF07CD944F6EBF9DF30FCC7B63EB3DA5E659523AA7D854AC389D5922693BBA599E82951272D71F1F55434B7BBC9CDDE60507714CE53D8411F91AB0C124905ADE7B249E988606351AEF2C59F5F4CA28CA3C7ACBE77AA55691E0984E16433624A15BE375B0530203010001

The zip produced, has some data at the end of the file, and the rest is all 00, that means because of modified ZIP structure. according to others who dealt with this format in different games.

So basically the decryption happens but it cant read data inside .pak due to new ZIP structure.
If you are curious about it and would like to look at it please do.
Because if decryption works means you can read and analyze the archive, correct?

I have included an old sample that works and the new one that does decrypt but different structure, for you to analyze the differences between them, and maybe actual extraction can happen.

Sample