Escape From Paradise City .LFM

Extraction and unpacking of game archives and compression, encryption, obfuscation, decoding of unknown files
StreamThread
Posts: 54
Joined: Fri May 27, 2016 2:28 pm

Escape From Paradise City .LFM

Post by StreamThread »

Hello

I write a unpack script for Escape From Paradise City .lfm archives:

Code: Select all

#Escape_From_Paradise_City.bms
endian big
get offset long #offset to data or header size
get flag byte #flags: 0x0 - regular, 0x02 - files selective encrypted, 0x05 - encrypted header
log MEMORY_FILE 5 offset #log header

if flag == 0x05
   #do decryption of header
endif

get files short MEMORY_FILE
for i = 1 to files
   get name string MEMORY_FILE
   get size long MEMORY_FILE
   
   log MEMORY_FILE2 offset size
   if flag == 0x02
      get type byte MEMORY_FILE   # 0x01 - encrypted
      if type == 1
         #do decryption of file
      endif
   endif
   
   log name 0 size MEMORY_FILE2
   math offset + size
next i


It works for most part of .lfm. Only two - text.lfm & lua.lfm have encrypted header, and one - locale.lfm, have encrypted english.lcl file. Use script on that last archive and some dds's with encrypted lcl file will unpacked.
I can't figure out what encryption type is used.
Also in game folder have a localized english.lcl file without encryption. But for notice, it might have some differences from encrypted.
Top
Ekey
Posts: 1383
Joined: Sat Aug 09, 2014 2:34 pm

Re: Escape From Paradise City .LFM

Post by Ekey »

Keys

Code: Select all

0xE6C2CF - Text
0xE7017A - Lua


Code: Select all

BYTE *__cdecl lfm_decrypt(int dwKey, BYTE *pBuffer, int dwSize)
{
  int v3; // edx@1
  unsigned int v4; // ecx@1
  int v5; // ebx@1
  BYTE *result; // eax@2
  unsigned int v7; // ebp@2
  BYTE *v8; // eax@3
  int v9; // edx@7

  v3 = dwSize;
  v4 = 0x1001 * dwKey - 0x6F0B34D9;
  v5 = 0;
  if ( (signed int)(dwSize & 0xFFFFFFFC) <= 0 )
  {
    result = pBuffer;
  }
  else
  {
    result = pBuffer;
    v7 = (((dwSize & 0xFFFFFFFC) - 1) >> 2) + 1;
    v5 = 4 * v7;
    do
    {
      *result ^= v4 >> 4;
      v8 = result + 1;
      *v8++ ^= v4 >> 10;
      *v8++ ^= v4 >> 16;
      *v8 ^= v4 >> 22;
      result = v8 + 1;
      v4 = (dwKey ^ (dwKey << 8) ^ 0xE08ADA15) + (0x10001 * dwKey + 0x4D3B1949) * v4;
      --v7;
    }
    while ( v7 );
    v3 = dwSize;
  }
  if ( v5 < v3 )
  {
    v9 = v3 - v5;
    do
    {
      *result++ ^= v4;
      --v9;
    }
    while ( v9 );
  }
  return result;
}
Top
aluigi
Site Admin
Posts: 12984
Joined: Wed Jul 30, 2014 9:32 pm

Re: Escape From Paradise City .LFM

Post by aluigi »

I have made a script but:
- the key for Text seems wrong
- Lua decrypts correctly but the last file has a wrong size, not a fault of the script
- the last file of locale.lfm is encrypted but we have no key
- there is a very very low chance of brute forcing the keys in some specific situation (for example when the header is encrypted)

http://aluigi.org/bms/escape_paradise_city_lfm.bms

I will update the script if you have more info and details.
Top

Return to “Game Archive”