Re: ArcheAge Online
Posted: Wed Aug 15, 2012 8:45 pm
My bad (forgot edit post)
TableOffset need take PAK Size (22418525696 bytes) and minus TotalFiles * 0x150
TableOffset need take PAK Size (22418525696 bytes) and minus TotalFiles * 0x150
Code: Select all
PAK Size = 5383f8e00 (22418525696)
Total Files in PAK = 140701 (2259D) + Unknown (0xD)
Correct Table Offset : 5356e1c00 (22371245056) - from begin file or 02d16f20 (47279904) from end.
Correct Table Size : 02d16f20 (47279904)
aluigi wrote:well done
Code: Select all
- signature of 4 bytes at offset 0x00000020 doesn't match the one
expected by the script:
this one: "аУQ_"
a0 93 51 5f ..Q_
expeceted: "WIBO"
57 49 42 4f WIBO
I'm just a beginner in reversing game's PAK's..... w8 0.2.2aluigi wrote: just as hypothesis, do you think 0x2e0 may be related to that new value?
like 0x2e0 = (0xd * 0x38) + 8
probably we need to wait the next versions of the game to know the answer
Code: Select all
00000000 0c 6 math SIZE = 0x200
- variable "SIZE" seems uninitialized, I use its name
<get SIZE (0) "SIZE"
<get 0x200 (1) 0x00000200
>set SIZE (0) to 0x00000200
00000000 06 7 get OFFSET asize
>set OFFSET (2) to 0x383f8e00
00000000 0c 9 math OFFSET -= SIZE
<get OFFSET (2) 0x383f8e00
<get SIZE (0) 0x00000200
>set OFFSET (2) to 0x383f8c00
00000000 2b 10 callfunction DECRYPT 1
.start_bms start: 34 0 0
00000000 26 42 encryption aes_128_cbc "\x32\x1F\x2A\xEE\xAA\x58\x4A\xB4\x9A\x6
C\x9E\x09\xD5\x9E\x9C\x6F"
- variable "aes_128_cbc" seems uninitialized, I use its name
<get aes_128_cbc (15) "aes_128_cbc"
- encryption with algorithm aes_128_cbc and key of 16 bytes
00000000 0b 43 log MEMORY_FILE OFFSET SIZE
<get MEMORY_FILE (16) "MEMORY_FILE"
<get OFFSET (2) 0x383f8c00
<get SIZE (0) 0x00000200
- create a memory file from offset 383f8c00 of 512 bytes
00000000 26 44 encryption "" ""
<get (17) ""
<get (17) ""
<get (17) ""
00000000 2c 45 endfunction
.start_bms end: 34 0 0 (ret 37)
00000000 09 12 idstring MEMORY_FILE "WIBO"
- signature of 4 bytes at offset 0x00000000 doesn't match the one
expected by the script:
this one: "♂ч9к"
0b e7 39 aa ..9.
expeceted: "WIBO"
57 49 42 4f WIBO
Code: Select all
http://download-xlgamesdn.cdn.x-cdn.com/cbt5/xlpak/106006to106040_pak
http://download-xlgamesdn.cdn.x-cdn.com/cbt5/xlpak/106040to106057_pak
Code: Select all
math OFFSET += 0x2e0
Code: Select all
math OFFSET -= 0x2e0 #Not fixed
Code: Select all
offset filesize filename
------------------------------
00000000 06 2 get SIZE asize
>set SIZE (0) to 0x383f8e00
00000000 27 3 print %SIZE%
- SCRIPT's MESSAGE:
<get SIZE (0) 0x383f8e00
943689216
I mean quickbms_4gb_filesaluigi wrote: @Ekey
you can't use quickbms.exe on an archive bigger than 4gb
Code: Select all
- signature of 4 bytes at offset 0x00000000 doesn't match the one
expected by the script:
this one: "♂ч9к"
0b e7 39 aa ..9.
expeceted: "WIBO"
57 49 42 4f WIBO
Code: Select all
00000000 0c 6 math SIZE = 0x200
- variable "SIZE" seems uninitialized, I use its name
<get SIZE (0) "SIZE"
<get 0x200 (1) 0x00000200
>set SIZE (0) to 0x00000200
00000000 06 7 get OFFSET asize
>set OFFSET (2) to 0x383f8e00
00000000 0c 8 math OFFSET -= SIZE
<get OFFSET (2) 0x383f8e00
<get SIZE (0) 0x00000200
>set OFFSET (2) to 0x383f8c00
00000000 2b 9 callfunction DECRYPT 1
.start_bms start: 54 0 0