Results 1 to 8 of 8
  1. #1
    h4x0r
    h4x0r is offline
    h4x0r's Avatar
    Join Date
    2011 Aug
    Location
    ..\root\home\pgc
    Posts
    826
    Thanks Thanks Given 
    64
    Thanks Thanks Received 
    525
    Thanked in
    205 Posts
    Rep Power
    15

    Audition 2 SF Decrypting (Need some Help)

    I'm trying write unpacker for this game but need any help. All resource's contained in *.SF archives. They encrypted with custom algorithm. After hour debugging (****ing xTrap -> xCrap) i found algo :

    PHP Code:
    int __usercall A2Decrypt<eax>(int a1int a2)

    A2Decrypt    proc near

    arg_0        
    dword    ptr  4

            push    ebx
            push    ebp
            push    esi
            push    edi
            mov    edi
    eax
            mov    ecx
    edi
            
    and    ecx0FF00h
            mov    edx
    edi
            shl    edx
    10h
            
    or    ecxedx
            shl    ecx
    8
            movzx    edx
    di
            
    or    ecxedx
            
    xor    ecx0B11924E1h
            movsx    esi
    cl
            mov    edx
    ecx
            shr    edx
    8
            movsx    edx
    dl
            mov    ebx
    esi
            mov    ebp
    , [esp+10h+arg_0]
            
    shl    ebx5
            add    ebx
    esi
            add    edx
    ebx
            mov    esi
    edx
            shl    esi
    5
            add    esi
    edx
            mov    edx
    ecx
            shr    edx
    10h
            movsx    edx
    dl
            add    esi
    edx
            shr    ecx
    18h
            mov    edx
    esi
            shl    edx
    5
            add    edx
    esi
            movsx    ecx
    cl
            mov    ebx
    edi
            
    and    ebx3
            mov    eax
    96438AF7h
            lea    ecx
    , [edx+ecx+7C5D0F85h]
            
    mov    [esp+10h+arg_0], ebx
            jz    short loc_401645
            mov    esi
    ebp
            jmp    short loc_401600
    ; ---------------------------------------------------------------------------
            
    db 8Dh,    0A4h24h4 dup(0)
    ; ---------------------------------------------------------------------------
            
    jmp    short loc_401600
    ; ---------------------------------------------------------------------------
            
    align 10h

    loc_401600
    :
            
    mov    edxecx
            
    and    edx0FFh
            add      eax
    A2Key[edx*4]
            
    mov    ebpecx
            not    ebp
            shl    ebp
    15h
            mov    dl
    al
            add    dl
    cl
            
    xor    dl, [esi]
            
    add    ebp2611501h
            shr    ecx
    0Bh
            
    or    ecxebp
            mov    ebp
    eax
            shl    ebp
    5
            add    ebp
    eax
            movzx    eax
    dl
            mov    
    [esi], dl
            add    esi
    1
            sub    ebx
    1
            lea    eax
    , [eax+ebp+3]
            
    jnz    short loc_401600
            sub    edi
    , [esp+10h+arg_0]
            
    mov    ebpesi

    loc_401645
    :
            
    test    ediedi
            mov    esi
    ebp
            jz    short loc_40168B
            jmp    short loc_401650
    ; ---------------------------------------------------------------------------
            
    align 10h

    loc_401650
    :
            
    mov    edxecx
            
    and    edx0FFh
            add    eax
    A2Key[edx*4]
            
    mov    ebxecx
            not    ebx
            shl    ebx
    15h
            lea    edx
    , [ecx+eax]
            xor    
    edx, [esi]
            
    add    ebx3938731h
            shr    ecx
    0Bh
            
    or    ecxebx
            mov    ebx
    eax
            shl    ebx
    5
            add    ebx
    edx
            mov    
    [esi], edx
            add    esi
    4
            sub    edi
    4
            lea    eax
    , [eax+ebx+3]
            
    jnz    short loc_401650

    loc_40168B
    :
            
    pop    edi
            pop    esi
            pop    ebp
            pop    ebx
            retn
    A2Decrypt    endp 
    a1 - size (or length) , a2 - buffer ...

    A2Key (1024)

    PHP Code:
    static unsigned char A2Key[1024] = {
    0xD20x2F0xCF0x9C0x600x290x540x910xDC0xE20xA70x220x390x290x5F,
    0x2F0xE40x1B0xDF0x860xBA0x900xD20xF10x970x870xC20x5D0x040xD8,
    0x4A0x780xE20xFE0x430x130xBD0x920xA90xBE0x890xF80xB00x9E0xC0,
    0x4B0x340xB20xCA0xFF0xA90x3E0x530xC80x8E0x800x0B0x690x280xC0,
    0x140xEA0xAF0xAD0xA70xCA0x680x010x930x390x7A0x9E0xB90xC80x7C,
    0x3A0xA90x620x600x4C0xEC0x880x590xEC0xDB0xC90xD30x200x000x20,
    0x370xA90x520x1A0x520x660x9C0xED0x170x990x730x8A0x0B0x410xEF,
    0x860x300xC50x630xBC0x330x750x060x680xAD0x9B0x3D0x730xA70xFA,
    0xDB0x030xE60xAF0x380x2B0xFE0xE60xDE0x880x620x870x4A0xCF0x2A,
    0xCC0x730x420xA00x580x060x350x920x2D0x7E0xFE0x580x1F0x7D0xAF,
    0xA60xB40x130x080x010xC10x660x960x220xD80x0D0x900x240xA30x56,
    0x6F0x050x110x470x700x840x830x4D0x410x870xD00x680x920x440x76,
    0xC80x270xFA0xFE0xBD0xAF0x830xAD0xE20xED0x880xCC0xE60x1A0xF6,
    0xA80xAD0xE10x6A0xA00x9D0xBF0x870x1D0x650x820x8B0xC30x230x3E,
    0x400x100xC10xE50x550x410xFD0xC80x230xDF0x110xE30x140x100xD6,
    0xDA0x910x7D0x6F0xAB0xE50xE90x120x2F0x030x800xF40xB80x350xA3,
    0x660xDC0x350x430x620xAA0x760x600x210x440x390xB30xE80x330x1C,
    0xB50xA90x210x8D0x770xBA0x5F0x670x040x670x4A0x330x850x620x59,
    0xA10x6E0xC50xFA0xB00xA80xDD0x970x1F0x480x610x300xD00x450xC4,
    0xCB0x300x670xBA0xB80x440xE80xB20x4C0x100xE20x370x670xB00x2D,
    0x9A0x6E0x8E0x880xD60x780x7A0x610xE20xEA0xDC0x930x3A0xE10x59,
    0x0E0x380x2D0x430xA70xE20x030x970xC20x5E0xA80xCF0x0B0xD10x78,
    0x3C0x360x550xD00x0F0xAC0x8F0x3C0xD20x9E0xA40xA00x380x4D0xB8,
    0xA70x7E0xD10x030x1A0x760xA50x570x480x570x500xF40x760x4C0xAB,
    0x340x980x190xED0xD80x680xE50x6E0xFF0xF20x6F0xF20x160x320x31,
    0x750x710x960x5F0xFE0x6C0x470x020xB40x420xDA0x2B0xD30xAC0x0F,
    0xAE0x270x030x370xFC0x950xE20x9E0x9B0x360xD30xDC0xE70xCC0x99,
    0x710x2C0xA10xDE0x7B0x470x270x6A0xCC0x2D0xA30xC30x420x130x6A,
    0x780x540x1F0x0F0xD90xFB0x870xF90xF60x950x760x2A0x830x980xFA,
    0x0E0x2D0x1B0x2F0x5A0x670xE70x270x5F0xB70xF00x800xAA0x010x09,
    0x720xF60x040x660xD30x7E0x7E0xF80x950xED0xB50xC40x710x590xB0,
    0x590x8B0x320x0B0x6B0xE00x4A0x880xF60xAF0x6F0x8D0x640xA40x85,
    0x9D0x0A0x8B0x810xB20x830x960x040x500x420xC10x960xF90x440x73,
    0x2A0x200x210x0D0x4C0x8F0x410xE50x0C0xB50xD20xAA0xE60x6B0xAE,
    0x2F0x8E0xCD0xD10x440xBB0x980x950xF50xF10x870x430xB40xE50xAD,
    0xAB0x950x9D0x3D0x060xAB0x860xE10x0F0x0F0x060x6F0xC40x130xE3,
    0xA90xC50xA10xA40xE80xF30xA20xFC0x490x7D0x3F0xF30x460xD70x2A,
    0x7A0x9A0x790x500x0F0xD90xAC0x370xAD0xA40x890x030x200x160x32,
    0x120xA90x870x010x2B0xFB0x7D0x450x620x880x5D0x8E0x7D0xCF0xDE,
    0x2A0xC90xDC0x030xE60xB30x7D0x1C0x2E0xF20xE30x120xE40x0B0x2B,
    0x640xD00x950x570x9D0x040x7C0x5B0xD40x970xCB0x7C0x4B0x4D0xDB,
    0x8D0xBA0x630x9C0x2A0xA00xC40x5F0x7D0x9D0x840xF60x530xDD0xDD,
    0x450x700xCB0x830x1E0x8E0x710xC00x0B0x020x7D0x110x5E0x1F0x7A,
    0x5E0xA10x100x8F0x0F0x860x710x0F0xA80x2C0x820xE50xFF0xDD0xE6,
    0x270xB10x800x160xF10x0B0x060x940xE20xA60x3B0x110xE90x460xF7,
    0xF60x6E0xEE0x790xEB0x150x480x3A0x550xB80x9C0x260xAF0x290x42,
    0xE30xF60x590x410x940x7E0x880xBE0x380x480x290x2E0xB90xB30x68,
    0xE60x790xAC0xC40xB60x9F0xAB0x060x340xCB0xA70xCC0xDB0x2F0x4F,
    0x670x0B0x420xBA0x3B0x1C0xCE0x780x8E0x0A0x6D0xED0x8F0x6C0xD9,
    0xBC0xA50xC00xF10xB20xDD0x340x730x2F0x640x5D0x8D0x660x8D0x45,
    0xDA0x300xCB0x570x6E0x0B0x1F0xF90x000x000x090xA00x020xC40x53,
    0xE80x8D0xC40xFA0x040xAB0x890xB50x390xE00x7F0x020xCF0x830xED,
    0xFF0xBA0x000xD50xB10xCB0xDD0x660x7B0x3D0xAE0x770x110x1C0x28,
    0x3E0x5C0xFF0xFD0xAD0x7F0x500x5A0xBA0xAA0xC90x280xD50x0A0x4C,
    0x320x550x770x1A0x660x770xA10xAA0x0D0x5E0x910xE90x850x240xF4,
    0x020x260x8D0x2B0x9C0x9B0x960xC00x710x4B0x820xB50xF60x250x4F,
    0x540x7A0x840xEC0xBB0xC10xB90x680x650xF00x560xC70x3A0x810xEE,
    0x6D0xE00x3E0x7C0x6D0x820xD70xE50xC30x1A0x440x800x960x080x3E,
    0xEE0xF70xD30xDE0xE30x410xA50x600x100x9F0x390x110x6B0x860x08,
    0x5E0xA90x510x6C0x790x290x740x8A0x360xA70xC20xC40xCB0xA30x31,
    0x160x8A0x900x1E0xA90xE10xE90x3F0x750xE80xA70xB10x760x8F0x59,
    0x140x7D0xB50xAA0x270x9F0x250x4A0x4C0x2B0xDC0x330xBF0x3A0x34,
    0x190x700x4E0x740xB30x070x490xE80x8B0xE60x9E0x5D0x480x930x22,
    0x620x8E0x8C0x940x4C0xE20x150x0D0x7A0xCC0x610x1F0x750x310xB9,
    0xF80xB60x1A0x9C0x0A0xBE0x7E0x730x2F0x2B0xAD0xC40xF10x990x84,
    0xE70x610x080x690x020x370x280x600xB10x090xAE0x300x9E0xBC0xB3,
    0xBB0x230x410xF70x940xEB0x4F0x140x2F0xB10xD20xB10xDA0x490x15,
    0x070xAD0x220x1A0xDD0x880x950x1D0xC00x0B0x810x4A0x380x7A0x4A,
    0x740xA90x8F0xB7}; 
    IDA PseudoCode

    PHP Code:

    typedef unsigned char _BYTE
    ;
    typedef unsigned int _DWORD;

    int __usercall A2Decrypt(int a1int a2)
    {
      
    int v2// edi@1
      
    int v3// ebp@1
      
    int v4// edx@1
      
    int v5// ecx@1
      
    bool v6// zf@1
      
    int v7// ebx@1
      
    int result// eax@1
      
    int v9// ecx@1
      
    int v10// esi@2
      
    int v11// eax@3
      
    unsigned __int8 v12// dl@3
      
    int i// esi@5
      
    int v14// eax@6
      
    int v15// edx@6
      
    int v16// [sp+14h] [bp+4h]@1

      
    v2 a1;
      
    v3 a2;
      
    v4 33
         
    * ((char)((((unsigned __int16)a1 | (((a1 << 16) | (unsigned __int16)(a1 0xFF00)) << 8)) ^ 0xB11924E1u) >> 16)
          + 
    33
          
    * (33 * (char)((unsigned __int8)a1 0xE1) + (char)((unsigned __int16)((a1 | ((a1 0xFF00) << 8)) ^ 0x24E1) >> 8)));
      
    v5 = (char)((((unsigned __int16)a1 | (((a1 << 16) | (unsigned __int16)(a1 0xFF00)) << 8)) ^ 0xB11924E1u) >> 24);
      
    v7 a1 3;
      
    v6 = (a1 3) == 0;
      
    result = -1773958409;
      
    v9 v4 v5 2086473605;
      
    v16 v7;
      if ( !
    v6 )
      {
        
    v10 v3;
        do
        {
          
    v11 A2Key[(unsigned __int8)v9] + result;
          
    v12 = *(_BYTE *)v10 ^ (v9 + (_BYTE)v11);
          
    v9 = ((~v9 << 21) + 39916801) | ((unsigned int)v9 >> 11);
          *(
    _BYTE *)v10++ = v12;
          --
    v7;
          
    result v12 33 v11 3;
        }
        while ( 
    v7 );
        
    v2 -= v16;
        
    v3 v10;
      }
      for ( 
    v3v2result v14 v15 32 v14 )
      {
        
    v14 A2Key[(unsigned __int8)v9] + result;
        
    v15 = *(_DWORD *)^ (v9 v14);
        
    v9 = ((~v9 << 21) + 60000049) | ((unsigned int)v9 >> 11);
        *(
    _DWORD *)v15;
        
    += 4;
        
    v2 -= 4;
      }
      return 
    result;

    Trying to use but something wrong. For example first 12 bytes after decrypt should be 4C494643535953454D4554 (LIFCSYSEMET) -> CFILESYSTEM. My unreadable crap -> 2BCF7277CAE9088660E11E33

    Here sweet code

    PHP Code:
        FILE fi fopen(argv[1], "rb");

        
    fseek(fi0SEEK_END);
        
    size_t size ftell(fi);
        
    fseek(fi0SEEK_SET);

        
    char buffer = (char *)malloc(size);

        
    size_t read fread(buffer1sizefi);

        
    A2Decrypt((int)buffer,size);

        
    fclose(fi); 
    here example PseudoCode (how use it game)

    PHP Code:
    signed int __thiscall sub_411FA0(void *this, const char *Filename)
    {
      
    void *v2// ebx@1
      
    FILE *v3// eax@1
      
    int *v4// edi@2
      
    char *v5// esi@2
      
    signed int v6// ecx@2
      
    bool v7// zf@2
      
    char DstBuf// [sp+8h] [bp-14h]@1
      
    unsigned int v10// [sp+18h] [bp-4h]@1

      
    v10 = (unsigned int)&DstBuf dword_41E3D4// 4C494643535953454D4554 (LIFCSYSEMET) -> CFILESYSTEM
      
    v2 this;
      (*(
    void (**)(void))(*(_DWORD *)this 4))();
      
    v3 fopen(Filename"r+bc");
      *((
    _DWORD *)v2 136) = v3;
      if ( !
    v3 )
        return 
    0;
      
    fread(&DstBuf0xCu1uv3);
      
    A2Decrypt(12, (int)&DstBuf);
      
    v4 = &dword_419E54;
      
    v5 = &DstBuf;
      
    v6 12;
      
    v7 1;
      do
      {
        if ( !
    v6 )
          break;
        
    v7 = *v5++ == *(_BYTE *)v4;
        
    v4 = (int *)((char *)v4 1);
        --
    v6;
      }
      while ( 
    v7 );
      if ( !
    v7 )
      {
        
    fclose(*((FILE **)v2 136));
        *((
    _DWORD *)v2 136) = 0;
        return 
    0;
      }
      (*(
    void (__thiscall **)(void *, _DWORD))(*(_DWORD *)v2 76))(v2"/");
      return 
    1;

    Can someone tell whats wrong and how correct use it?
    here Example archive and C++ project

    Last edited by h4x0r; 2012-06-30 at 03:43 AM.

  2. The Following User Says Thank You to h4x0r For This Useful Post:


  3. #2
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    Nice thing... I like stuff like that. Will download this client and check it.
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  4. #3
    h4x0r
    h4x0r is offline
    h4x0r's Avatar
    Join Date
    2011 Aug
    Location
    ..\root\home\pgc
    Posts
    826
    Thanks Thanks Given 
    64
    Thanks Thanks Received 
    525
    Thanked in
    205 Posts
    Rep Power
    15
    I'm finish decrypting. Here source's

    Please register or login to download attachments.


  5. The Following 2 Users Say Thank You to h4x0r For This Useful Post:


  6. #4
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    you have stolen from me some fun hours ... Good, so can I remove Audition from agenda?
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  7. #5
    h4x0r
    h4x0r is offline
    h4x0r's Avatar
    Join Date
    2011 Aug
    Location
    ..\root\home\pgc
    Posts
    826
    Thanks Thanks Given 
    64
    Thanks Thanks Received 
    525
    Thanked in
    205 Posts
    Rep Power
    15
    It's only test project. Now you can make unpacker! (Inside archive u can found example SF pack)

  8. #6
    alenuar
    alenuar is offline
    New member
    Join Date
    2013 Feb
    Posts
    16
    Thanks Thanks Given 
    5
    Thanks Thanks Received 
    1
    Thanked in
    1 Post
    Rep Power
    0
    Is there an unpacker? Very need it xD

  9. #7
    liteshield
    liteshield is offline
    New member
    Join Date
    2013 Aug
    Posts
    6
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    Quote Originally Posted by h4x0r View Post
    I'm finish decrypting. Here source's
    I have tested and its not work for me.
    It decrypt only first 12 bytes of the file.
    When trying to decrypt the rest part of a string or another one it decrypt nothing.
    Even if try to copy first 12 bytes and paste to another place it always decrypt only one word "CFILESYSTEM" (if that is of the beginning of the file).
    In the attachment there is original (decrypted) file "ServerInfo.ini". I don't know where it came from there but it seems that the thing is hopeless.

  10. #8
    kuram4tw
    kuram4tw is offline
    New member
    Join Date
    2012 Aug
    Posts
    15
    Thanks Thanks Given 
    9
    Thanks Thanks Received 
    1
    Thanked in
    1 Post
    Rep Power
    0
    good *_*

Similar Threads

  1. [Tool] Audition ACV Packer / Extractor
    By h4x0r in forum Game Files
    Replies: 4
    Last Post: 2022-03-24, 12:12 PM
  2. [Asm] Dragonica Decrypting and Decompressing Table's
    By h4x0r in forum Game Researching Tutorials
    Replies: 4
    Last Post: 2013-05-25, 08:41 AM
  3. How to write a tool auto space in audition + xtrap?
    By iamhere in forum General Game Research
    Replies: 4
    Last Post: 2011-04-30, 05:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •