Page 1 of 1
Mario the Music Box Remastered .ari file
Posted: Mon Jul 24, 2023 9:13 pm
by guranoa
hello, theres a game called mario the music box remastered the uses a custom encrypted file format by the name of .ari i tried asking in the developers official discord server one person said that they and their friend made an exe that decrypts the file here's a quote on how they did it: "it uses some fiddling with the header and xor encryption" when i asked if could get access to it they said "no, thanks" here's the file:
https://mega.nz/file/lAhkjTKI#x4QFGcNQr ... IvkSyvxmYg
If anyone responds i'll be happy.
Re: Mario the Music Box Remastered .ari file
Posted: Tue Jul 25, 2023 10:48 pm
by ikskoks
So I've done a little research for this game. It turns out it's free to download on itch.io
https://teamari.itch.io/mario-the-music-box-remastered
In the readme file the authors revealed that they've used
RPG MAKER XP Engine to create this game.
And if you'll check online, you'll see that this engine usually uses RGSSAD archives. Even if you'll create a new project in rpg maker and you'll export game files, you'll get "Game.exe" executable and *.rgssad archive as a result.
http://wiki.xentax.com/index.php/Enterb ... SAD_RGSS3A
You can even find a hint in the "Game.ini" file:
game_ini.PNG
But "Team Ari" have used some custom tools as you can read in this twitter post
https://twitter.com/Team_Ari_Games/stat ... 1025684480
Here's the link to the encryptor they've probably used
https://github.com/ogniK5377/RPGMakerXpEncryptor
Your ARI archive doesn't have "RGSSAD" signature at the beginning, so I think thay've added some additional layer of encryption before releasing final version to the public. So now you could start analyzing main game's executable and search for decryption method.
If it really uses XOR, then most of the code can be copied from github.
Re: Mario the Music Box Remastered .ari file
Posted: Wed Jul 26, 2023 8:17 am
by guranoa
How should an rgssad signature should look like? I just redownloaded the game. Also this probably what they used to encrypt it:
https://github.com/ogniK5377/RPGMakerXpCustomContainer
Re: Mario the Music Box Remastered .ari file
Posted: Wed Jul 26, 2023 9:38 am
by guranoa
Couldn't find anything on how it uses it the thing, what i managed to find is the MZ string in the begging of the hex code i
highly doubt this is related rpg maker MZ but who knows
Re: Mario the Music Box Remastered .ari file
Posted: Wed Jul 26, 2023 7:33 pm
by ikskoks
How should an rgssad signature should look like?
Like this:
screenshot000508.png
what i managed to find is the MZ string in the begging of the hex code i
highly this is related rpg maker MZ but who knows
No, it's standard signature for windows executable
http://wiki.xentax.com/index.php/Windows_Executable_EXE
Re: Mario the Music Box Remastered .ari file
Posted: Wed Jul 26, 2023 9:25 pm
by guranoa
Is it possible to overwrite the signature in the .ari file to a rgssad signature?
Re: Mario the Music Box Remastered .ari file
Posted: Wed Jul 26, 2023 11:04 pm
by ikskoks
Yes, by reverse engineering decryption function and writing custom script/program to do it.
Re: Mario the Music Box Remastered .ari file
Posted: Thu Jul 27, 2023 9:08 am
by guranoa
I don't even have a pc to do that.