My bad (forgot edit post)
TableOffset need take PAK Size (22418525696 bytes) and minus TotalFiles * 0x150
Important information: this site is currently scheduled to go offline indefinitely by end of the year.
ArcheAge Online
-
- M-M-M-Monster veteran
- Posts: 1823
- Joined: Wed Mar 31, 2010 6:54 am
- Has thanked: 92 times
- Been thanked: 1058 times
- aluigi
- VVIP member
- Posts: 1916
- Joined: Thu Dec 08, 2005 12:26 pm
- Location: www.ZENHAX.com
- Has thanked: 4 times
- Been thanked: 664 times
- Contact:
Re: ArcheAge Online
are you sure I don't need to remove also 0x200 of the header to get the correct offset?
I mean: offset = pak_size - (files * 0x150) - 0x200
because if I do only "pak_size - (files * 0x150)" then we have an overlapping of the last 2 entries
I mean: offset = pak_size - (files * 0x150) - 0x200
because if I do only "pak_size - (files * 0x150)" then we have an overlapping of the last 2 entries
-
- M-M-M-Monster veteran
- Posts: 1823
- Joined: Wed Mar 31, 2010 6:54 am
- Has thanked: 92 times
- Been thanked: 1058 times
Re: ArcheAge Online
Ok. Let's do it again because after patсh there some changes:
Full Header Size = (2e0)
Encrypted Data offset same = -0x200
Encrypted Data size = 0x20
In decrypted header after total files is now unknown value = 13 (0xD) (before patch this value = 0)
Get Table Size:
Total Files (2259D) + Unknown (0xD) * 0x150 = 2d16f20 (<- This value can also be used as an offset from end of file for Table Offset)
Get Table Offset: from begin of file
PAK Size (5383f8e00) - Table Size (2d16f20) = 5356e1ee0 + Full Header Size (2e0) = 5356e21c0
http://img809.imageshack.us/img809/971/23997401.png
All rechecked!
Full Header Size = (2e0)
Encrypted Data offset same = -0x200
Encrypted Data size = 0x20
In decrypted header after total files is now unknown value = 13 (0xD) (before patch this value = 0)
Code: Select all
PAK Size = 5383f8e00 (22418525696)
Total Files in PAK = 140701 (2259D) + Unknown (0xD)
Correct Table Offset : 5356e1c00 (22371245056) - from begin file or 02d16f20 (47279904) from end.
Correct Table Size : 02d16f20 (47279904)
Total Files (2259D) + Unknown (0xD) * 0x150 = 2d16f20 (<- This value can also be used as an offset from end of file for Table Offset)
Get Table Offset: from begin of file
PAK Size (5383f8e00) - Table Size (2d16f20) = 5356e1ee0 + Full Header Size (2e0) = 5356e21c0
http://img809.imageshack.us/img809/971/23997401.png
All rechecked!
Last edited by Ekey on Wed Aug 15, 2012 10:27 pm, edited 2 times in total.
My Github repo
- aluigi
- VVIP member
- Posts: 1916
- Joined: Thu Dec 08, 2005 12:26 pm
- Location: www.ZENHAX.com
- Has thanked: 4 times
- Been thanked: 664 times
- Contact:
Re: ArcheAge Online
well done, I have updated the script and verified all the values using those you gave me as example.
just as hypothesis, do you think 0x2e0 may be related to that new value?
like 0x2e0 = (0xd * 0x38) + 8
probably we need to wait the next versions of the game to know the answer :)
just as hypothesis, do you think 0x2e0 may be related to that new value?
like 0x2e0 = (0xd * 0x38) + 8
probably we need to wait the next versions of the game to know the answer :)
-
- M-M-M-Monster veteran
- Posts: 1823
- Joined: Wed Mar 31, 2010 6:54 am
- Has thanked: 92 times
- Been thanked: 1058 times
Re: ArcheAge Online
aluigi wrote:well done
Code: Select all
- signature of 4 bytes at offset 0x00000020 doesn't match the one
expected by the script:
this one: "аУQ_"
a0 93 51 5f ..Q_
expeceted: "WIBO"
57 49 42 4f WIBO
I'm just a beginner in reversing game's PAK's..... w8 0.2.2aluigi wrote: just as hypothesis, do you think 0x2e0 may be related to that new value?
like 0x2e0 = (0xd * 0x38) + 8
probably we need to wait the next versions of the game to know the answer
My Github repo
- aluigi
- VVIP member
- Posts: 1916
- Joined: Thu Dec 08, 2005 12:26 pm
- Location: www.ZENHAX.com
- Has thanked: 4 times
- Been thanked: 664 times
- Contact:
Re: ArcheAge Online
I have removed "goto 0x20 MEMORY_FILE", now "WIBO" should be there so exactly at PAK size - 0x200
-
- M-M-M-Monster veteran
- Posts: 1823
- Joined: Wed Mar 31, 2010 6:54 am
- Has thanked: 92 times
- Been thanked: 1058 times
Re: ArcheAge Online
Code: Select all
00000000 0c 6 math SIZE = 0x200
- variable "SIZE" seems uninitialized, I use its name
<get SIZE (0) "SIZE"
<get 0x200 (1) 0x00000200
>set SIZE (0) to 0x00000200
00000000 06 7 get OFFSET asize
>set OFFSET (2) to 0x383f8e00
00000000 0c 9 math OFFSET -= SIZE
<get OFFSET (2) 0x383f8e00
<get SIZE (0) 0x00000200
>set OFFSET (2) to 0x383f8c00
00000000 2b 10 callfunction DECRYPT 1
.start_bms start: 34 0 0
00000000 26 42 encryption aes_128_cbc "\x32\x1F\x2A\xEE\xAA\x58\x4A\xB4\x9A\x6
C\x9E\x09\xD5\x9E\x9C\x6F"
- variable "aes_128_cbc" seems uninitialized, I use its name
<get aes_128_cbc (15) "aes_128_cbc"
- encryption with algorithm aes_128_cbc and key of 16 bytes
00000000 0b 43 log MEMORY_FILE OFFSET SIZE
<get MEMORY_FILE (16) "MEMORY_FILE"
<get OFFSET (2) 0x383f8c00
<get SIZE (0) 0x00000200
- create a memory file from offset 383f8c00 of 512 bytes
00000000 26 44 encryption "" ""
<get (17) ""
<get (17) ""
<get (17) ""
00000000 2c 45 endfunction
.start_bms end: 34 0 0 (ret 37)
00000000 09 12 idstring MEMORY_FILE "WIBO"
- signature of 4 bytes at offset 0x00000000 doesn't match the one
expected by the script:
this one: "♂ч9к"
0b e7 39 aa ..9.
expeceted: "WIBO"
57 49 42 4f WIBO
My Github repo
- aluigi
- VVIP member
- Posts: 1916
- Joined: Thu Dec 08, 2005 12:26 pm
- Location: www.ZENHAX.com
- Has thanked: 4 times
- Been thanked: 664 times
- Contact:
Re: ArcheAge Online
I have verified everything here using even the image you posted and it's all correct.
the data "56 97 b3..." is located at -0x200 so it's ok.
I hope it's not a problem of quickbms_4gb_files...
anyway I guess that most of the fields there are longlong so the nulls are just the 64bit part
the data "56 97 b3..." is located at -0x200 so it's ok.
I hope it's not a problem of quickbms_4gb_files...
anyway I guess that most of the fields there are longlong so the nulls are just the 64bit part
-
- advanced
- Posts: 52
- Joined: Wed Oct 21, 2009 12:52 pm
- Has thanked: 9 times
- Been thanked: 10 times
Re: ArcheAge Online
Sample pak:
wrong:
correct:
Filename is wrong
Code: Select all
http://download-xlgamesdn.cdn.x-cdn.com/cbt5/xlpak/106006to106040_pak
http://download-xlgamesdn.cdn.x-cdn.com/cbt5/xlpak/106040to106057_pak
Code: Select all
math OFFSET += 0x2e0
Code: Select all
math OFFSET -= 0x2e0 #Not fixed
-
- M-M-M-Monster veteran
- Posts: 1823
- Joined: Wed Mar 31, 2010 6:54 am
- Has thanked: 92 times
- Been thanked: 1058 times
Re: ArcheAge Online
quickbms get same incorrect full PAK size.
Correct -> 22418525696 (5383F8E00)
Code: Select all
offset filesize filename
------------------------------
00000000 06 2 get SIZE asize
>set SIZE (0) to 0x383f8e00
00000000 27 3 print %SIZE%
- SCRIPT's MESSAGE:
<get SIZE (0) 0x383f8e00
943689216
My Github repo
- aluigi
- VVIP member
- Posts: 1916
- Joined: Thu Dec 08, 2005 12:26 pm
- Location: www.ZENHAX.com
- Has thanked: 4 times
- Been thanked: 664 times
- Contact:
Re: ArcheAge Online
@iaw
thanx a lot for the files, if you have other links about newer pak versions I would be happy to check them
@Ekey
you can't use quickbms.exe on an archive bigger than 4gb
and now the new script:
*edit* check next posts
thanx a lot for the files, if you have other links about newer pak versions I would be happy to check them
@Ekey
you can't use quickbms.exe on an archive bigger than 4gb
and now the new script:
*edit* check next posts
Last edited by aluigi on Thu Aug 16, 2012 9:03 pm, edited 1 time in total.
-
- M-M-M-Monster veteran
- Posts: 1823
- Joined: Wed Mar 31, 2010 6:54 am
- Has thanked: 92 times
- Been thanked: 1058 times
Re: ArcheAge Online
I mean quickbms_4gb_filesaluigi wrote: @Ekey
you can't use quickbms.exe on an archive bigger than 4gb
New Script
Code: Select all
- signature of 4 bytes at offset 0x00000000 doesn't match the one
expected by the script:
this one: "♂ч9к"
0b e7 39 aa ..9.
expeceted: "WIBO"
57 49 42 4f WIBO
My Github repo
-
- M-M-M-Monster veteran
- Posts: 1823
- Joined: Wed Mar 31, 2010 6:54 am
- Has thanked: 92 times
- Been thanked: 1058 times
Re: ArcheAge Online
For main archive not work because get invalid pak size
Code: Select all
00000000 0c 6 math SIZE = 0x200
- variable "SIZE" seems uninitialized, I use its name
<get SIZE (0) "SIZE"
<get 0x200 (1) 0x00000200
>set SIZE (0) to 0x00000200
00000000 06 7 get OFFSET asize
>set OFFSET (2) to 0x383f8e00
00000000 0c 8 math OFFSET -= SIZE
<get OFFSET (2) 0x383f8e00
<get SIZE (0) 0x00000200
>set OFFSET (2) to 0x383f8c00
00000000 2b 9 callfunction DECRYPT 1
.start_bms start: 54 0 0
My Github repo