Ive made a long way on this format.
The files are encrypted with XOR. thats simple. however,
they use 2 Different XORs per file. and all files have 2 headers.
one encryption header, and one file header.
the Encryption header itself is XOR by using the 16th byte value
in the header.
however I have not yet found out what is making out the second
XOR value for the rest of the file.
here is an example of a WAVE file found in rofs15.dat
, you see the here that i have the first header decrypted by XORing
it with 6. and the rest of the file with value of 152.
and it is for sure a WAVE file. however, the 152 value was almost
bruteforced from my side. anyone else has something to come with? :/
Important information: this site is currently scheduled to go offline indefinitely by end of the year.
Resident Evil 3 - Decrypting
-
- Moderator
- Posts: 411
- Joined: Mon Oct 24, 2005 8:52 am
- Location: Sweden
- Been thanked: 16 times
- Contact:
Resident Evil 3 - Decrypting
You do not have the required permissions to view the files attached to this post.
-
- beginner
- Posts: 33
- Joined: Mon Oct 30, 2006 6:56 pm
- Location: France
- Been thanked: 2 times
- Contact:
Complete explanation?
Hello,
Could you please write down a complete explanation of how to decrypt the files, in the wiki for example?
Could you please write down a complete explanation of how to decrypt the files, in the wiki for example?
Last edited by PmData on Wed Apr 25, 2007 9:42 pm, edited 1 time in total.
-
- beginner
- Posts: 33
- Joined: Mon Oct 30, 2006 6:56 pm
- Location: France
- Been thanked: 2 times
- Contact:
Archive has also compression for some files.
I figured now how you did it. In fact, rofs15.dat archive contains WAV file as you said, and all files starts with 'RIFF' string, so it's easy to xoring it against the crypted value to find the key (single byte).
Now we need to find how this key is selected.
I started writing a wiki page about it, will rewrite it for xentax once I got it:
http://rewiki.regengedanken.de/wiki/.DA ... _Evil_3%29
As you can see the 'NotComp' string you found may refer to the fact that the file is not compressed. Other files I found have 'Hi_Comp' as string, and are not like what they should be (for example TIM files), so it may mean they are compressed.
Now we need to find how this key is selected.
I started writing a wiki page about it, will rewrite it for xentax once I got it:
http://rewiki.regengedanken.de/wiki/.DA ... _Evil_3%29
As you can see the 'NotComp' string you found may refer to the fact that the file is not compressed. Other files I found have 'Hi_Comp' as string, and are not like what they should be (for example TIM files), so it may mean they are compressed.
-
- beginner
- Posts: 33
- Joined: Mon Oct 30, 2006 6:56 pm
- Location: France
- Been thanked: 2 times
- Contact:
Found decryption algorithm!
Hello,
I finally found how decryption is done. I will post an example routine later on rewiki. Here is one of the background images (640x480 JPEG image directly from a rofs.dat file).
I finally found how decryption is done. I will post an example routine later on rewiki. Here is one of the background images (640x480 JPEG image directly from a rofs.dat file).
You do not have the required permissions to view the files attached to this post.
-
- beginner
- Posts: 33
- Joined: Mon Oct 30, 2006 6:56 pm
- Location: France
- Been thanked: 2 times
- Contact:
Example decryption routine
Hello,
For people interested, an example decryption routine is available at:
http://rewiki.regengedanken.de/wiki/.DA ... _Evil_3%29
Now, I need to do the same with the optionnal decompression step.
For people interested, an example decryption routine is available at:
http://rewiki.regengedanken.de/wiki/.DA ... _Evil_3%29
Now, I need to do the same with the optionnal decompression step.
-
- beginner
- Posts: 33
- Joined: Mon Oct 30, 2006 6:56 pm
- Location: France
- Been thanked: 2 times
- Contact:
I finished writing a base documentation for the rofs<n>.dat file archives.
However, I wonder if I should also add some pseudo-code for decryption and decompression steps, any hints?
http://wiki.xentax.com/index.php/Resident_Evil_3_DAT
However, I wonder if I should also add some pseudo-code for decryption and decompression steps, any hints?
http://wiki.xentax.com/index.php/Resident_Evil_3_DAT
-
- beginner
- Posts: 33
- Joined: Mon Oct 30, 2006 6:56 pm
- Location: France
- Been thanked: 2 times
- Contact:
\o/ Finally done
Hello,
I did more tests, and now everything is working correctly. The last error I made was to decrypt a whole file, then depack it. It does not work as the depacker must work on blocks of the file, and must be resetted.
So now, I updated everything in both Xentax and Rewiki pages. I also started writing a patch for PhysicsFS library so I can use it in my own programs.
I did more tests, and now everything is working correctly. The last error I made was to decrypt a whole file, then depack it. It does not work as the depacker must work on blocks of the file, and must be resetted.
So now, I updated everything in both Xentax and Rewiki pages. I also started writing a patch for PhysicsFS library so I can use it in my own programs.
You do not have the required permissions to view the files attached to this post.
-
- beginner
- Posts: 33
- Joined: Mon Oct 30, 2006 6:56 pm
- Location: France
- Been thanked: 2 times
- Contact:
What I've done is the equivalent of having documented the ZIP archive file format. It does not tell anything about the files stored in the archive.
The background images are stored as JPEG images (like the background above), some textures and other bitmapped images are stored as TIM images (like the Jill skin above).
From the various file extensions I see in the archive, it roughly use same file formats for models and the rest as previous RE games, which are still to be documented.
The background images are stored as JPEG images (like the background above), some textures and other bitmapped images are stored as TIM images (like the Jill skin above).
From the various file extensions I see in the archive, it roughly use same file formats for models and the rest as previous RE games, which are still to be documented.