ArcheAge Online

[Ekey]

My bad (forgot edit post)

TableOffset need take PAK Size (22418525696 bytes) and minus TotalFiles * 0x150

[aluigi]

are you sure I don't need to remove also 0x200 of the header to get the correct offset?
I mean: offset = pak_size - (files * 0x150) - 0x200

because if I do only "pak_size - (files * 0x150)" then we have an overlapping of the last 2 entries

[Ekey]

Ok. Let's do it again because after patсh there some changes:

Full Header Size = (2e0)
Encrypted Data offset same = -0x200
Encrypted Data size = 0x20

In decrypted header after total files is now unknown value = 13 (0xD) (before patch this value = 0)

Code: Select all

PAK Size = 5383f8e00 (22418525696)
Total Files in PAK = 140701 (2259D) + Unknown (0xD)

Correct Table Offset : 5356e1c00 (22371245056) - from begin file or 02d16f20 (47279904) from end.
Correct Table Size : 02d16f20 (47279904)

Get Table Size:
Total Files (2259D) + Unknown (0xD) * 0x150 = 2d16f20 (<- This value can also be used as an offset from end of file for Table Offset)

Get Table Offset: from begin of file
PAK Size (5383f8e00) - Table Size (2d16f20) = 5356e1ee0 + Full Header Size (2e0) = 5356e21c0

http://img809.imageshack.us/img809/971/23997401.png

All rechecked!

[aluigi]

well done, I have updated the script and verified all the values using those you gave me as example.

just as hypothesis, do you think 0x2e0 may be related to that new value?
like 0x2e0 = (0xd * 0x38) + 8
probably we need to wait the next versions of the game to know the answer :)

[Ekey]

well done

Code: Select all

- signature of 4 bytes at offset 0x00000020 doesn't match the one
  expected by the script:

  this one: "аУQ_"
  a0 93 51 5f                                       ..Q_

  expeceted: "WIBO"
  57 49 42 4f                                       WIBO

:}

just as hypothesis, do you think 0x2e0 may be related to that new value?
like 0x2e0 = (0xd * 0x38) + 8
probably we need to wait the next versions of the game to know the answer

I'm just a beginner in reversing game's PAK's..... w8 0.2.2

[aluigi]

I have removed "goto 0x20 MEMORY_FILE", now "WIBO" should be there so exactly at PAK size - 0x200

[Ekey]

Code: Select all

00000000 0c  6   math SIZE = 0x200
- variable "SIZE" seems uninitialized, I use its name
             <get SIZE (0) "SIZE"
             <get 0x200 (1) 0x00000200
             >set SIZE (0) to 0x00000200

00000000 06  7   get OFFSET asize
             >set OFFSET (2) to 0x383f8e00

00000000 0c  9   math OFFSET -= SIZE
             <get OFFSET (2) 0x383f8e00
             <get SIZE (0) 0x00000200
             >set OFFSET (2) to 0x383f8c00

00000000 2b  10  callfunction DECRYPT 1
             .start_bms start: 34 0 0

00000000 26  42  encryption aes_128_cbc "\x32\x1F\x2A\xEE\xAA\x58\x4A\xB4\x9A\x6
C\x9E\x09\xD5\x9E\x9C\x6F"
- variable "aes_128_cbc" seems uninitialized, I use its name
             <get aes_128_cbc (15) "aes_128_cbc"
- encryption with algorithm aes_128_cbc and key of 16 bytes

00000000 0b  43  log MEMORY_FILE OFFSET SIZE
             <get MEMORY_FILE (16) "MEMORY_FILE"
             <get OFFSET (2) 0x383f8c00
             <get SIZE (0) 0x00000200
- create a memory file from offset 383f8c00 of 512 bytes

00000000 26  44  encryption "" ""
             <get  (17) ""
             <get  (17) ""
             <get  (17) ""

00000000 2c  45  endfunction
             .start_bms end: 34 0 0 (ret 37)

00000000 09  12  idstring MEMORY_FILE "WIBO"

- signature of 4 bytes at offset 0x00000000 doesn't match the one
  expected by the script:

  this one: "♂ч9к"
  0b e7 39 aa                                       ..9.

  expeceted: "WIBO"
  57 49 42 4f                                       WIBO

[aluigi]

I have verified everything here using even the image you posted and it's all correct.

the data "56 97 b3..." is located at -0x200 so it's ok.
I hope it's not a problem of quickbms_4gb_files...

anyway I guess that most of the fields there are longlong so the nulls are just the 64bit part

[iaw]

Sample pak:

Code: Select all

http://download-xlgamesdn.cdn.x-cdn.com/cbt5/xlpak/106006to106040_pak
http://download-xlgamesdn.cdn.x-cdn.com/cbt5/xlpak/106040to106057_pak

wrong:

Code: Select all

math OFFSET += 0x2e0

correct:

Code: Select all

math OFFSET -= 0x2e0  #Not fixed

Filename is wrong

[Ekey]

quickbms get same incorrect full PAK size.

Code: Select all

  offset   filesize   filename
------------------------------

00000000 06  2   get SIZE asize
             >set SIZE (0) to 0x383f8e00

00000000 27  3   print %SIZE%
- SCRIPT's MESSAGE:
               <get SIZE (0) 0x383f8e00
943689216

Correct -> 22418525696 (5383F8E00)

[aluigi]

@iaw
thanx a lot for the files, if you have other links about newer pak versions I would be happy to check them

@Ekey
you can't use quickbms.exe on an archive bigger than 4gb

and now the new script:
*edit* check next posts

[Ekey]

@Ekey
you can't use quickbms.exe on an archive bigger than 4gb

I mean quickbms_4gb_files



New Script

Code: Select all

- signature of 4 bytes at offset 0x00000000 doesn't match the one
  expected by the script:

  this one: "♂ч9к"
  0b e7 39 aa                                       ..9.

  expeceted: "WIBO"
  57 49 42 4f                                       WIBO

[iaw]

Sample pak Working properly

[Ekey]

For main archive not work because get invalid pak size

Code: Select all

00000000 0c  6   math SIZE = 0x200
- variable "SIZE" seems uninitialized, I use its name
             <get SIZE (0) "SIZE"
             <get 0x200 (1) 0x00000200
             >set SIZE (0) to 0x00000200

00000000 06  7   get OFFSET asize
             >set OFFSET (2) to 0x383f8e00

00000000 0c  8   math OFFSET -= SIZE
             <get OFFSET (2) 0x383f8e00
             <get SIZE (0) 0x00000200
             >set OFFSET (2) to 0x383f8c00

00000000 2b  9   callfunction DECRYPT 1
             .start_bms start: 54 0 0

[iaw]

The problem of quickbms_4gb_files.exe?