XeNTaX

DMFDLancer wrote: ↑Sat Jul 03, 2021 6:56 amEDIT: Tried the save data decoder for Dragon. Uhhhhh... I think it worked? Either way it's totally unreadable. There's a bit at the start (#Ÿ®h ‘w and some NUL characters, according to Notepad++) that match but the rest is totally different. I'll mention that there's a config.json in the same folder, but that's just a display selector.

If you see a lot of 00 bytes everywhere in the file that's a good sign, especially if it's a new save file (but even if it isn't). That means descrambling worked properly. Won't be useful for actual editing of the save data though unless the format is figured out, there may even be checksums.

xttl wrote: ↑Sat Jul 03, 2021 8:49 amIf you see a lot of 00 bytes everywhere in the file that's a good sign, especially if it's a new save file (but even if it isn't). That means descrambling worked properly. Won't be useful for actual editing of the save data though unless the format is figured out, there may even be checksums.

Nope, it's all stuff like €Bæ%DXbÒ7>BîÝèB before and after decoding. No readable text, and there are precisely two pairs of 00 in the entire thing. It's a fairly fresh file, only one character on one save has been played.

If sharing save data is allowed on here I can give you a fresh one, if necessary.

Okay I removed the save3 filetype for now. I am not a moderator but I'd guess it's ok if you send the save file via PM.

Btw. I went ahead and got the zip file password for the big "disc" file (which is really a zip) in Mega Man Legacy Collection 2 on PC. Has it been published somewhere already? (do I just fail at searching the internet?)

It's a really long 254 byte chunk of garbage, so it's kind of difficult to share and use (are there any unzip programs which support eg. parsing C-style \x escapes when entering the password? not everyone and everything is using the same character encoding and it has a lot of non-ASCII chars), but I also made a modified version of the miniunz program from here which can read the password from a file.

Password in hexdump -C format here: I'll post the modified miniunz program + source later.

edit: here, get the minizip/miniunzip sources from the zlib github repo linked above and apply included diff if you want to compile it yourself

To extract "disc" zip from MMLC2 (password bin file is included in attachment): Note: if you want to replace files (to mod the game), it is not necessary to password protect the replacement files (so not having a modified minizip program also shouldn't be a problem)

It seems Dragon Marked for Death PC generates unique scrambling passwords for the save file based on the player's SteamID. The passwords used are last 32 bits of the SteamID as a hex number appended to the same old save data scrambling keys as seen in COTM1.

I updated the program in post viewtopic.php?p=176034#p176034 with support for entering a SteamID on the command line for filetype save3.

Sorry, was busy.

So it's supposed to be mostly null characters? Uh, any idea what I should try and change?

It seems that in-game files and characters just don't exist in the save until you make them...

DMFDLancer wrote: ↑Tue Jul 06, 2021 4:32 amSo it's supposed to be mostly null characters?

That's corrrect. It's also the case in COTM/COTM2.

DMFDLancer wrote: ↑Tue Jul 06, 2021 4:32 amUh, any idea what I should try and change?

None whatsoever. But to get started, you may try this:

1. make a backup copy of the save file
2. change settings or do something (progress) in the game
3. exit game and compare backup with new save file

However, it's very likely that the save file is checksummed, so any modifications would require knowledge of where the checksum is stored and how it is calculated. (you'll see if the game always says your savefile is corrupted whenever you make changes, or just discards the savefile) If you just want to cheat in the game, it's a lot easier to just use a tool like Cheat Engine and change values runtime.

DMFDLancer wrote: ↑Tue Jul 06, 2021 4:32 amIt seems that in-game files and characters just don't exist in the save until you make them...

Yeah most likely.

Welp, messed around and it's rejecting my modded save. That blows. I'd try more but it really feels like I'm getting nowhere fast.

Messing with Dragon specifically has always been weird... It loathes Cheat Engine and becomes unstable, it seems any progress with cheats was halted with the final patch, and tends to break saves if you tried anything.

In theory, I could decode somebody's save and make it my own. Just gotta find somebody willing to share lol

Edit: https://github.com/piratesephiroth/DMFDSaveTool

Huh, somebody made a save tool already. Dunno how this flew under my radar. Gonna try it later.

DMFDLancer wrote: ↑Wed Jul 07, 2021 5:14 amEdit: https://github.com/piratesephiroth/DMFDSaveTool

Huh, somebody made a save tool already. Dunno how this flew under my radar. Gonna try it later.

Ah cool, would have saved me some effort if I knew about that earlier since it contains the Inti scrambling algo.

Perhaps some of the other info available from that tool's code could be applicable to COTM(2) as well, such as the checksumming. Hmm..!

https://twitter.com/2612watts/status/14 ... 0794931201

Hey, did you see this? Or is this you?

The pics make it look like you can swap stages between BMZ2 and CotM2.

Found something, dunno how obvious or helpful it is.

https://steamcommunity.com/app/1149440/ ... 013117636/

Dragon Marked For Death seems to use Microsoft Visual C++ Runtime, as indicated by the error. I imagine all of the Steam ports use it?

Actually yeah, SteamDB says which versions they use. Dragon uses the 2019 version.

Hey, been a while.

BMZ3 dropped, and I wanna look through it. Do you need to update something, or need anything from me?

DMFDLancer wrote: ↑Sat Jul 10, 2021 5:15 pmHey, did you see this? Or is this you? The pics make it look like you can swap stages between BMZ2 and CotM2.

Not me. Yeah, seems the stage format is compatible between games. You can do that (swap stages) on PC too if you look up the hashed filenames for both games.

DMFDLancer wrote: ↑Tue Aug 03, 2021 6:35 amBMZ3 dropped, and I wanna look through it. Do you need to update something, or need anything from me?

Game executable and some sample files with proper (not MD5 hashed) filenames. To get unhashed filenames, you'll either need to look at a console version of the game (at least so far all the games have had hashed filenames only on PC), or play PC version which has been patched to log filenames. I'll ask a few people if they already have the game.

xttl wrote: ↑Wed Aug 04, 2021 12:28 am

DMFDLancer wrote: ↑Sat Jul 10, 2021 5:15 pmHey, did you see this? Or is this you? The pics make it look like you can swap stages between BMZ2 and CotM2.

Not me. Yeah, seems the stage format is compatible between games. You can do that (swap stages) on PC too if you look up the hashed filenames for both games.

DMFDLancer wrote: ↑Tue Aug 03, 2021 6:35 amBMZ3 dropped, and I wanna look through it. Do you need to update something, or need anything from me?

Game executable and some sample files with proper (not MD5 hashed) filenames. To get unhashed filenames, you'll either need to look at a console version of the game (at least so far all the games have had hashed filenames only on PC), or play PC version which has been patched to log filenames. I'll ask a few people if they already have the game.

Hello. I've sent you a pm regarding BMZ3 and one other thing couple days ago.
On another note, pc version of Gunvolt Chronicles - Luminous Avenger iX encrypts save files too, of course. I'm trying to possibly import my switch save data. The password I found in EXE seems to be this: "yC2YQDHx". It doesn't seem to be using the second password, or I didn't find it. Nor does it encrypt with the help of steamid. At least comparing to DMFD .exe. Could support be added for this one? I can send over my save data from PC and Switch version (switch doesn't look encrypted, extracted it with checkpoint app). Keep up the great work. : D

Kharaxel wrote: ↑Sun Aug 15, 2021 7:07 pmHello. I've sent you a pm regarding BMZ3 and one other thing couple days ago.
On another note, pc version of Gunvolt Chronicles - Luminous Avenger iX encrypts save files too, of course. I'm trying to possibly import my switch save data. The password I found in EXE seems to be this: "yC2YQDHx". It doesn't seem to be using the second password, or I didn't find it. Nor does it encrypt with the help of steamid. At least comparing to DMFD .exe. Could support be added for this one? I can send over my save data from PC and Switch version (switch doesn't look encrypted, extracted it with checkpoint app). Keep up the great work. : D

Yeah, I saw the PM. Been kind of busy with other (mostly non-computer) stuff.

So far all save files have been using double scrambling so my guess is this one does that too, but I haven't seen the executable so it's only a guess. Did you use Ghidra or IDA to check all calls to the password hashing / keygen functions but couldn't find another one which looks like it's being used together with the first? Or were you just looking at strings?

The next update of inti_encdec can read those "filetype" defs from a textfile so anyone can try new passwords and settings without a C compiler.

xttl wrote: ↑Wed Aug 18, 2021 4:47 am

Kharaxel wrote: ↑Sun Aug 15, 2021 7:07 pmHello. I've sent you a pm regarding BMZ3 and one other thing couple days ago.
On another note, pc version of Gunvolt Chronicles - Luminous Avenger iX encrypts save files too, of course. I'm trying to possibly import my switch save data. The password I found in EXE seems to be this: "yC2YQDHx". It doesn't seem to be using the second password, or I didn't find it. Nor does it encrypt with the help of steamid. At least comparing to DMFD .exe. Could support be added for this one? I can send over my save data from PC and Switch version (switch doesn't look encrypted, extracted it with checkpoint app). Keep up the great work. : D

Yeah, I saw the PM. Been kind of busy with other (mostly non-computer) stuff.

So far all save files have been using double scrambling so my guess is this one does that too, but I haven't seen the executable so it's only a guess. Did you use Ghidra or IDA to check all calls to the password hashing / keygen functions but couldn't find another one which looks like it's being used together with the first? Or were you just looking at strings?

The next update of inti_encdec can read those "filetype" defs from a textfile so anyone can try new passwords and settings without a C compiler.

Yeah, I was merely looking at strings. I actually have Ghidra, needed it a while back for some ue4 .pak password finding. I'll send over the .exe your way, though I'll also try to check this out myself. As a matter of fact, I might actually check with GV2 and 1 as well. And that update sounds very cool. Can't wait.