If you see a lot of 00 bytes everywhere in the file that's a good sign, especially if it's a new save file (but even if it isn't). That means descrambling worked properly. Won't be useful for actual editing of the save data though unless the format is figured out, there may even be checksums.DMFDLancer wrote: ↑Sat Jul 03, 2021 6:56 amEDIT: Tried the save data decoder for Dragon. Uhhhhh... I think it worked? Either way it's totally unreadable. There's a bit at the start (#Ÿ®h ‘w and some NUL characters, according to Notepad++) that match but the rest is totally different. I'll mention that there's a config.json in the same folder, but that's just a display selector.
Important information: this site is currently scheduled to go offline indefinitely by end of the year.
Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
Re: Bloodstained: Curse of the Moon 1 & 2 stuff
-
- n00b
- Posts: 11
- Joined: Sat Jun 26, 2021 5:02 am
Re: Bloodstained: Curse of the Moon 1 & 2 stuff
Nope, it's all stuff like €Bæ%DXbÒ7>BîÝèB before and after decoding. No readable text, and there are precisely two pairs of 00 in the entire thing. It's a fairly fresh file, only one character on one save has been played.xttl wrote: ↑Sat Jul 03, 2021 8:49 amIf you see a lot of 00 bytes everywhere in the file that's a good sign, especially if it's a new save file (but even if it isn't). That means descrambling worked properly. Won't be useful for actual editing of the save data though unless the format is figured out, there may even be checksums.
If sharing save data is allowed on here I can give you a fresh one, if necessary.
Re: Bloodstained: Curse of the Moon 1 & 2 stuff
Okay I removed the save3 filetype for now. I am not a moderator but I'd guess it's ok if you send the save file via PM.
Btw. I went ahead and got the zip file password for the big "disc" file (which is really a zip) in Mega Man Legacy Collection 2 on PC. Has it been published somewhere already? (do I just fail at searching the internet?)
It's a really long 254 byte chunk of garbage, so it's kind of difficult to share and use (are there any unzip programs which support eg. parsing C-style \x escapes when entering the password? not everyone and everything is using the same character encoding and it has a lot of non-ASCII chars), but I also made a modified version of the miniunz program from here which can read the password from a file.
Password in hexdump -C format here:
I'll post the modified miniunz program + source later.
edit: here, get the minizip/miniunzip sources from the zlib github repo linked above and apply included diff if you want to compile it yourself
To extract "disc" zip from MMLC2 (password bin file is included in attachment):
Note: if you want to replace files (to mod the game), it is not necessary to password protect the replacement files (so not having a modified minizip program also shouldn't be a problem)
Btw. I went ahead and got the zip file password for the big "disc" file (which is really a zip) in Mega Man Legacy Collection 2 on PC. Has it been published somewhere already? (do I just fail at searching the internet?)
It's a really long 254 byte chunk of garbage, so it's kind of difficult to share and use (are there any unzip programs which support eg. parsing C-style \x escapes when entering the password? not everyone and everything is using the same character encoding and it has a lot of non-ASCII chars), but I also made a modified version of the miniunz program from here which can read the password from a file.
Password in hexdump -C format here:
Code: Select all
00000000 9f 82 90 ac e0 e7 83 47 3f 94 fc 90 dd 88 bc 9d |.......G?.......|
00000010 dc 90 63 e0 e3 90 c8 9e 52 92 ad 94 42 8b 50 9f |..c.....R...B.P.|
00000020 9e 81 cc 9c 91 94 e0 e8 eb 8a f8 8d 61 8e 87 34 |............a..4|
00000030 96 79 e9 71 e7 cd 33 e6 43 96 82 9a ba 9d 91 e1 |.y.q..3.C.......|
00000040 fb e3 ef 9f 67 e0 df 77 81 40 2e 84 9f 8b d4 9b |....g..w.@......|
00000050 a9 95 98 8f ee e3 9f 88 a9 90 98 9c ad 95 d7 e3 |................|
00000060 4d 96 f0 e7 74 e4 40 ea 46 9c aa 81 93 e2 58 92 |[email protected].|
00000070 98 e7 ef 8b d9 8d 8c 8f dd 8c 40 8b f6 e2 cf e2 |..........@.....|
00000080 e3 9f 66 99 60 96 a8 83 7e 83 83 e6 e9 92 73 e2 |..f.`...~.....s.|
00000090 c4 90 a0 95 90 e0 c4 e4 ce 9e fb 9d 62 96 65 e7 |............b.e.|
000000a0 c0 81 4b e5 6f 92 b4 8c 47 9f 53 8b 99 82 64 8d |..K.o...G.S...d.|
000000b0 b4 e0 a2 81 e1 99 56 e9 6d e6 e6 8c cb e4 91 e6 |......V.m.......|
000000c0 e4 96 e1 81 6f 83 90 91 9b 8d 42 8a 86 c6 e4 69 |....o.....B....i|
000000d0 e8 8c 90 72 8e 86 9a b0 e4 95 9d 8d 8f bd 8a ca |...r............|
000000e0 84 5f 93 e7 89 b5 94 7c 95 63 95 62 e7 56 e6 80 |._.....|.c.b.V..|
000000f0 e7 a9 9b eb e1 5a 8d be 9d d7 9c 52 e9 c5 |.....Z.....R..|
edit: here, get the minizip/miniunzip sources from the zlib github repo linked above and apply included diff if you want to compile it yourself
To extract "disc" zip from MMLC2 (password bin file is included in attachment):
Code: Select all
miniunz -s mmlc2pass.bin -x <path_to_discfile> [-d targetdir]
You do not have the required permissions to view the files attached to this post.
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
It seems Dragon Marked for Death PC generates unique scrambling passwords for the save file based on the player's SteamID. The passwords used are last 32 bits of the SteamID as a hex number appended to the same old save data scrambling keys as seen in COTM1.
I updated the program in post viewtopic.php?p=176034#p176034 with support for entering a SteamID on the command line for filetype save3.
I updated the program in post viewtopic.php?p=176034#p176034 with support for entering a SteamID on the command line for filetype save3.
-
- n00b
- Posts: 11
- Joined: Sat Jun 26, 2021 5:02 am
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
Sorry, was busy.
So it's supposed to be mostly null characters? Uh, any idea what I should try and change?
It seems that in-game files and characters just don't exist in the save until you make them...
So it's supposed to be mostly null characters? Uh, any idea what I should try and change?
It seems that in-game files and characters just don't exist in the save until you make them...
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
That's corrrect. It's also the case in COTM/COTM2.
None whatsoever. But to get started, you may try this:
1. make a backup copy of the save file
2. change settings or do something (progress) in the game
3. exit game and compare backup with new save file
However, it's very likely that the save file is checksummed, so any modifications would require knowledge of where the checksum is stored and how it is calculated. (you'll see if the game always says your savefile is corrupted whenever you make changes, or just discards the savefile) If you just want to cheat in the game, it's a lot easier to just use a tool like Cheat Engine and change values runtime.
Yeah most likely.DMFDLancer wrote: ↑Tue Jul 06, 2021 4:32 amIt seems that in-game files and characters just don't exist in the save until you make them...
-
- n00b
- Posts: 11
- Joined: Sat Jun 26, 2021 5:02 am
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
Welp, messed around and it's rejecting my modded save. That blows. I'd try more but it really feels like I'm getting nowhere fast.
Messing with Dragon specifically has always been weird... It loathes Cheat Engine and becomes unstable, it seems any progress with cheats was halted with the final patch, and tends to break saves if you tried anything.
In theory, I could decode somebody's save and make it my own. Just gotta find somebody willing to share lol
Edit: https://github.com/piratesephiroth/DMFDSaveTool
Huh, somebody made a save tool already. Dunno how this flew under my radar. Gonna try it later.
Messing with Dragon specifically has always been weird... It loathes Cheat Engine and becomes unstable, it seems any progress with cheats was halted with the final patch, and tends to break saves if you tried anything.
In theory, I could decode somebody's save and make it my own. Just gotta find somebody willing to share lol
Edit: https://github.com/piratesephiroth/DMFDSaveTool
Huh, somebody made a save tool already. Dunno how this flew under my radar. Gonna try it later.
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
Ah cool, would have saved me some effort if I knew about that earlier since it contains the Inti scrambling algo.DMFDLancer wrote: ↑Wed Jul 07, 2021 5:14 amEdit: https://github.com/piratesephiroth/DMFDSaveTool
Huh, somebody made a save tool already. Dunno how this flew under my radar. Gonna try it later.
Perhaps some of the other info available from that tool's code could be applicable to COTM(2) as well, such as the checksumming. Hmm..!
-
- n00b
- Posts: 11
- Joined: Sat Jun 26, 2021 5:02 am
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
https://twitter.com/2612watts/status/14 ... 0794931201
Hey, did you see this? Or is this you?
The pics make it look like you can swap stages between BMZ2 and CotM2.
Hey, did you see this? Or is this you?
The pics make it look like you can swap stages between BMZ2 and CotM2.
-
- n00b
- Posts: 11
- Joined: Sat Jun 26, 2021 5:02 am
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
Found something, dunno how obvious or helpful it is.
https://steamcommunity.com/app/1149440/ ... 013117636/
Dragon Marked For Death seems to use Microsoft Visual C++ Runtime, as indicated by the error. I imagine all of the Steam ports use it?
Actually yeah, SteamDB says which versions they use. Dragon uses the 2019 version.
https://steamcommunity.com/app/1149440/ ... 013117636/
Dragon Marked For Death seems to use Microsoft Visual C++ Runtime, as indicated by the error. I imagine all of the Steam ports use it?
Actually yeah, SteamDB says which versions they use. Dragon uses the 2019 version.
-
- n00b
- Posts: 11
- Joined: Sat Jun 26, 2021 5:02 am
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
Hey, been a while.
BMZ3 dropped, and I wanna look through it. Do you need to update something, or need anything from me?
BMZ3 dropped, and I wanna look through it. Do you need to update something, or need anything from me?
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
Not me. Yeah, seems the stage format is compatible between games. You can do that (swap stages) on PC too if you look up the hashed filenames for both games.DMFDLancer wrote: ↑Sat Jul 10, 2021 5:15 pmHey, did you see this? Or is this you? The pics make it look like you can swap stages between BMZ2 and CotM2.
Game executable and some sample files with proper (not MD5 hashed) filenames. To get unhashed filenames, you'll either need to look at a console version of the game (at least so far all the games have had hashed filenames only on PC), or play PC version which has been patched to log filenames. I'll ask a few people if they already have the game.DMFDLancer wrote: ↑Tue Aug 03, 2021 6:35 amBMZ3 dropped, and I wanna look through it. Do you need to update something, or need anything from me?
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
Hello. I've sent you a pm regarding BMZ3 and one other thing couple days ago.xttl wrote: ↑Wed Aug 04, 2021 12:28 amNot me. Yeah, seems the stage format is compatible between games. You can do that (swap stages) on PC too if you look up the hashed filenames for both games.DMFDLancer wrote: ↑Sat Jul 10, 2021 5:15 pmHey, did you see this? Or is this you? The pics make it look like you can swap stages between BMZ2 and CotM2.
Game executable and some sample files with proper (not MD5 hashed) filenames. To get unhashed filenames, you'll either need to look at a console version of the game (at least so far all the games have had hashed filenames only on PC), or play PC version which has been patched to log filenames. I'll ask a few people if they already have the game.DMFDLancer wrote: ↑Tue Aug 03, 2021 6:35 amBMZ3 dropped, and I wanna look through it. Do you need to update something, or need anything from me?
On another note, pc version of Gunvolt Chronicles - Luminous Avenger iX encrypts save files too, of course. I'm trying to possibly import my switch save data. The password I found in EXE seems to be this: "yC2YQDHx". It doesn't seem to be using the second password, or I didn't find it. Nor does it encrypt with the help of steamid. At least comparing to DMFD .exe. Could support be added for this one? I can send over my save data from PC and Switch version (switch doesn't look encrypted, extracted it with checkpoint app). Keep up the great work. : D
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
Yeah, I saw the PM. Been kind of busy with other (mostly non-computer) stuff.Kharaxel wrote: ↑Sun Aug 15, 2021 7:07 pmHello. I've sent you a pm regarding BMZ3 and one other thing couple days ago.
On another note, pc version of Gunvolt Chronicles - Luminous Avenger iX encrypts save files too, of course. I'm trying to possibly import my switch save data. The password I found in EXE seems to be this: "yC2YQDHx". It doesn't seem to be using the second password, or I didn't find it. Nor does it encrypt with the help of steamid. At least comparing to DMFD .exe. Could support be added for this one? I can send over my save data from PC and Switch version (switch doesn't look encrypted, extracted it with checkpoint app). Keep up the great work. : D
So far all save files have been using double scrambling so my guess is this one does that too, but I haven't seen the executable so it's only a guess. Did you use Ghidra or IDA to check all calls to the password hashing / keygen functions but couldn't find another one which looks like it's being used together with the first? Or were you just looking at strings?
The next update of inti_encdec can read those "filetype" defs from a textfile so anyone can try new passwords and settings without a C compiler.
Re: Bloodstained: Curse of the Moon 1 & 2 (and other Inti Creates) stuff
Yeah, I was merely looking at strings. I actually have Ghidra, needed it a while back for some ue4 .pak password finding. I'll send over the .exe your way, though I'll also try to check this out myself. As a matter of fact, I might actually check with GV2 and 1 as well. And that update sounds very cool. Can't wait.xttl wrote: ↑Wed Aug 18, 2021 4:47 amYeah, I saw the PM. Been kind of busy with other (mostly non-computer) stuff.Kharaxel wrote: ↑Sun Aug 15, 2021 7:07 pmHello. I've sent you a pm regarding BMZ3 and one other thing couple days ago.
On another note, pc version of Gunvolt Chronicles - Luminous Avenger iX encrypts save files too, of course. I'm trying to possibly import my switch save data. The password I found in EXE seems to be this: "yC2YQDHx". It doesn't seem to be using the second password, or I didn't find it. Nor does it encrypt with the help of steamid. At least comparing to DMFD .exe. Could support be added for this one? I can send over my save data from PC and Switch version (switch doesn't look encrypted, extracted it with checkpoint app). Keep up the great work. : D
So far all save files have been using double scrambling so my guess is this one does that too, but I haven't seen the executable so it's only a guess. Did you use Ghidra or IDA to check all calls to the password hashing / keygen functions but couldn't find another one which looks like it's being used together with the first? Or were you just looking at strings?
The next update of inti_encdec can read those "filetype" defs from a textfile so anyone can try new passwords and settings without a C compiler.