new AION .pak file format.need help!

titanic · Post by **titanic** » Sun Nov 18, 2007 8:08 pm

The contents of this post was deleted because of possible forum rules violation.

Post by **Rheini** » Mon Nov 19, 2007 12:29 am

Could you upload the game's exe and dll files?

john_doe · Post by **john_doe** » Mon Nov 19, 2007 10:00 am

Yes, that would be good.
I checked, and the bytes used to XOR against are different for each file. I guess it's calculated via one or more values from the file header.

titanic · Post by **titanic** » Mon Nov 19, 2007 2:14 pm

The contents of this post was deleted because of possible forum rules violation.

Post by **Rheini** » Mon Nov 19, 2007 2:47 pm

Fuck. Koreans seem to like Themida ^^
Ragnarök also used it I think.

Post by **Rheini** » Tue Nov 20, 2007 2:22 am

Unfortunately UnThemida can't unpack the dll

Mark · Post by **Mark** » Wed Dec 05, 2007 4:25 am

Oh, hey, someone made a thread for this before I did. Awesome! Any files that you guys need that you don't have?

Post by **Rheini** » Wed Dec 05, 2007 10:45 am

No we'd need someone that is able to unpack Themida.

GameZelda · Post by **GameZelda** » Wed Dec 05, 2007 6:51 pm

john_doe wrote:Yes, that would be good.
I checked, and the bytes used to XOR against are different for each file. I guess it's calculated via one or more values from the file header.

EDIT: Solved

titanic · Post by **titanic** » Tue Dec 11, 2007 10:50 am

GameZelda wrote:
john_doe wrote:Yes, that would be good.
I checked, and the bytes used to XOR against are different for each file. I guess it's calculated via one or more values from the file header.
EDIT: Solved

whats mean?

Mark · Post by **Mark** » Sun Dec 23, 2007 1:20 am

It means this thread gets bumped.

Mark · Post by **Mark** » Thu Dec 27, 2007 5:45 am

Who should I bribe around here to find a solution to us AION fans little predicament?

Post by **Rheini** » Thu Dec 27, 2007 2:25 pm

As I already said the exe seems to be protected by themida. We need an unpacked exe to figure out the encryption algorithm.

Hiam · Post by **Hiam** » Mon Jan 07, 2008 3:28 pm

What you need is not a unpacked exe. What you need is a unpacked CrySystem.dll. Also, you won't need a fully working one, what you need is to be able to read the code section. And that is pretty easy, since Themida anti codes are pretty simple.

http://geekserv.hornycat.org/~dick/CrySystem_dumped.rar

There you go, you will have all strings, all code. Just offsets is wrong.
Im myself investigating whats been happening to the first 32bytes of the compressedData. And i can say its not a simple xor, shr, shl method.
It's a dynamic value that's been tampered with more than that.

I'll be cross checking with the orginal CrySystem to see what they've added.

Many kisses

Post by **Rheini** » Mon Jan 07, 2008 6:52 pm

Pretty simple? Doesn't this old version of Themida/Xtreme Protector use an aggressive ring0 driver?
And what about some tools identifying Xtreme Protector (though that one section is named Themida)?
Are both protections used?

XeNTaX

XeNTaX

new AION .pak file format.need help!

new AION .pak file format.need help!

No