Skip to content
View in the app

A better way to browse. Learn more.
ResHax

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Help us keep the site running.

Can it be updated clash royale.bms?

ZenHAX
in Zenhax

Featured Replies

  • Author
  • Localization

3IMiner, posted Wed Jul 06, 2022 11:33 am (72481)

It's been a month since CR was decrypted, and I've been looking for a replacement.
At present, the decompressed BMS will cause some of the intermediate content to be empty and some to exist, which makes the data incomplete.
Just yesterday, I found this, and it's available for personal testing.
The link is as follows:https://pythonrepo.com/repo/Fred31-pavel-sokov-SupercellSWF-python-game-development
I hope the moderator can get some help by referring to this.
Thanks.
  • Author
  • Localization

3IMiner, posted Thu Jul 07, 2022 3:58 am (72506)

Day2....
  • Author
  • Localization

3IMiner, posted Thu Jul 07, 2022 4:16 am (72508)

Attach commissioning results.

This is an old version.
Code:
- set output folder G:\Supercell\fi_cr3.2803.4
             >set quickbms_output_folder (4) to "G:\Supercell\fi_cr3.2803.4"

  offset   filesize   filename
--------------------------------------
             .start_bms start: -1 0 0/0

00000000 06  4   get NAME basename
             >set NAME (8) to "ui_tex1"

00000000 06  5   get EXT extension
             >set EXT (9) to "sc"

00000000 14  7   if EXT == "csv"
                          - variable "csv" seems uninitialized, I use its name
                          condition == is not met
             .start_bms start: 3 1 0/0
             .start_bms end: 3 1 0/0 (ret 12)

00000000 1b  19  endian big
  endianess changed to big endian

00000000 09  20  idstring "SC"

00000002 06  21  get VER long
             >set VER (17) to 0x00000004

00000006 14  22  if VER >= 4
                                                                                           condition >= is met
             .start_bms start: 17 0 0/0

00000006 06  23  get DUMMY long # 1
             >set DUMMY (19) to 0x00000001

0000000a 17  24  endif
             .start_bms end: 17 0 0/0 (ret 18)

0000000a 06  25  get DUMMYSZ long
             >set DUMMYSZ (20) to 0x00000010

0000000e 07  26  getdstring DUMMY DUMMYSZ
                                       >set DUMMY (19) to uv?QUA"

0000001e 06  27  get SIZE asize
             >set SIZE (13) to 0x00b19eb0

0000001e 1b  28  endian little
  endianess changed to little endian

0000001e 0f  30  savepos OFFSET
             >set OFFSET (14) to 0x0000001e

0000001e 07  31  getdstring SIGN 4
                                       >set SIGN (21) to "]"

00000022 08  32  goto OFFSET
                          
0000001e 06  33  get SIGN32 long
             >set SIGN32 (22) to 0x0400005d

00000022 0c  35  math XSIZE = -1
- variable "XSIZE" seems uninitialized, I use its name
                                       >set XSIZE (23) to 0xffffffff

00000022 14  36  if SIGN == "SCLZ"
                          - variable "SCLZ" seems uninitialized, I use its name
                          condition == is not met
             .start_bms start: 29 1 0/0
             .start_bms end: 29 1 0/0 (ret 31)
                                                                                           condition == is not met
             .start_bms start: 33 1 0/0
             .start_bms end: 33 1 0/0 (ret 35)
             .start_bms start: 37 0 0/0

00000022 08  43  goto OFFSET
                          
0000001e 07  44  getdstring LZMA_PROP 5
                                       >set LZMA_PROP (28) to "]"

00000023 19  45  comtype lzma_0 LZMA_PROP
                                                    >set QUICKBMS_COMTYPE (30) to "LZMA_0"

00000023 17  46  endif
             .start_bms end: 37 0 0/0 (ret 40)

00000023 14  48  if XSIZE < 0
                                                                                           condition < is met
             .start_bms start: 42 0 0/0

00000023 06  49  get XSIZE long
             >set XSIZE (23) to 0x0619b53d

00000027 0f  50  savepos OFFSET
             >set OFFSET (14) to 0x00000027

00000027 17  51  endif
             .start_bms end: 42 0 0/0 (ret 44)

00000027 0c  52  math SIZE - OFFSET
                                       >set SIZE (13) to 0x00b19e89

00000027 01  53  clog NAME OFFSET SIZE XSIZE
                                                      00000027 102348093  ui_tex1
- xfopen  rb: ui_tex1
- xfopen2 G:\Supercell\fi_cr3.2803.4\ui_tex1
- xfopen  wb: ui_tex1
- xfopen2 G:\Supercell\fi_cr3.2803.4\ui_tex1

- 1 files found in 1 seconds
  coverage file 0   100%   11640504   11640496   . offset 00000027


This is a new version. The data cannot execute the goto instruction.
Code:
- set output folder G:\Supercell\87779
             >set quickbms_output_folder (4) to "G:\Supercell\87779"

  offset   filesize   filename
--------------------------------------
             .start_bms start: -1 0 0/0

00000000 06  4   get NAME basename
             >set NAME (8) to "ui_tex"

00000000 06  5   get EXT extension
             >set EXT (9) to "sc"

00000000 14  7   if EXT == "csv"
                          - variable "csv" seems uninitialized, I use its name
                          condition == is not met
             .start_bms start: 3 1 0/0
             .start_bms end: 3 1 0/0 (ret 12)

00000000 1b  19  endian big
  endianess changed to big endian

00000000 09  20  idstring "SC"

00000002 06  21  get VER long
             >set VER (17) to 0x00000004

00000006 14  22  if VER >= 4
                                                                                           condition >= is met
             .start_bms start: 17 0 0/0

00000006 06  23  get DUMMY long # 1
             >set DUMMY (19) to 0x00000003

0000000a 17  24  endif
             .start_bms end: 17 0 0/0 (ret 18)

0000000a 06  25  get DUMMYSZ long
             >set DUMMYSZ (20) to 0x00000010

0000000e 07  26  getdstring DUMMY DUMMYSZ
                          >_"         >set DUMMY (19) to "q]PQ_|

0000001e 06  27  get SIZE asize
             >set SIZE (13) to 0x00d4f2f2

0000001e 1b  28  endian little
  endianess changed to little endian

0000001e 0f  30  savepos OFFSET
             >set OFFSET (14) to 0x0000001e

0000001e 07  31  getdstring SIGN 4
                                       >set SIGN (21) to "(/"

00000022 08  32  goto OFFSET
                          
0000001e 06  33  get SIGN32 long
             >set SIGN32 (22) to 0xfd2fb528

00000022 0c  35  math XSIZE = -1
- variable "XSIZE" seems uninitialized, I use its name
                                       >set XSIZE (23) to 0xffffffff

00000022 14  36  if SIGN == "SCLZ"
                          - variable "SCLZ" seems uninitialized, I use its name
                          condition == is not met
             .start_bms start: 29 1 0/0
             .start_bms end: 29 1 0/0 (ret 31)
                                                                                           condition == is met
             .start_bms start: 33 0 0/0

00000022 19  40  comtype zstd
             >set QUICKBMS_COMTYPE (30) to "ZSTD"

00000022 0c  41  math XSIZE = SIZE   # no matter
                                       >set XSIZE (23) to 0x00d4f2f2

00000022 40  42  else
             .start_bms end: 33 0 0/0 (ret 35)
             .start_bms start: 37 1 0/0
             .start_bms end: 37 1 0/0 (ret 40)

00000022 14  48  if XSIZE < 0
                                                                                           condition < is not met
             .start_bms start: 42 1 0/0
             .start_bms end: 42 1 0/0 (ret 44)

00000022 0c  52  math SIZE - OFFSET
                                       >set SIZE (13) to 0x00d4f2d4

00000022 01  53  clog NAME OFFSET SIZE XSIZE
                                                      0000001e 13955826   ui_tex
- xfopen  rb: ui_tex
- xfopen2 G:\Supercell\87779\ui_tex
Info:  algorithm   478
       offset      0000001e
       input size  0x00d4f2d4 13955796
       output size 0x00d4f2f2 13955826
       result      0xffffffb8 -72

Error: there is an error with the decompression
       the returned output size is negative (-72)

Last script line before the error or that produced the error:
  53  clog NAME OFFSET SIZE XSIZE
                                       
- OFFSET       0x0000001e
- ZSIZE        0x00d4f2d4
- SIZE         0x00d4f2f2

- Variable 0    quickbms_current_folder
    value:      G:\Supercell\87779
    value32:    0x00000000
    size:       0x00000111 / 0x00000012

- Variable 1    quickbms_bms_folder
    value:      D:\quickbms
    value32:    0x00000000
    size:       0x00000111 / 0x0000000b

- Variable 2    quickbms_exe_folder
    value:      D:\quickbms
    value32:    0x00000000
    size:       0x00000111 / 0x0000000b

- Variable 3    quickbms_file_folder
    value:      G:\Supercell\87779
    value32:    0x00000000
    size:       0x00000111 / 0x00000012

- Variable 4    quickbms_output_folder
    value:      G:\Supercell\87779
    value32:    0x00000000
    size:       0x00000111 / 0x00000012

- Variable 5    quickbms_temp_folder
    value:      C:\Users\3IMiner\AppData\Local\Temp\
    value32:    0x00000000
    size:       0x00000111 / 0x00000024

- Variable 6    quickbms_bms_script
    value:      D:\quickbms\clash_royale.bms
    value32:    0x00000000
    size:       0x00000111 / 0x0000001c

- Variable 7    QUICKBMS_REIMPORT
    value:
    value32:    0x00000000
    size:       0x00000111 / 0x00000000

- Variable 8    NAME
    value:      ui_tex
    value32:    0x00000000
    size:       0x00000111 / 0x00000006

- Variable 9    EXT
    value:      sc
    value32:    0x00000000
    size:       0x00000111 / 0x00000002

- Variable 11   PROP
    value:
    value32:    0x00000000
    size:       0x00000111 / 0x00000004

- Variable 13   SIZE
    value:
    value32:    0x00d4f2d4
    size:       0x00000111 / 0x00000000

- Variable 14   OFFSET
    value:
    value32:    0x0000001e
    size:       0x00000111 / 0x00000000

- Variable 15   ZSIZE
    value:
    value32:    0x00000000
    size:       0x00000111 / 0x00000005

- Variable 17   VER
    value:
    value32:    0x00000004
    size:       0x00000111 / 0x00000000

- Variable 19   DUMMY
>_ value:      q]PQ_|
    value32:    0x00000003
    size:       0x00000111 / 0x00000010

- Variable 20   DUMMYSZ
    value:
    value32:    0x00000010
    size:       0x00000111 / 0x00000000

- Variable 21   SIGN
    value:      (/
    value32:    0x00000000
    size:       0x00000111 / 0x00000004

- Variable 22   SIGN32
    value:
    value32:    0xfd2fb528
    size:       0x00000111 / 0x00000000

- Variable 23   XSIZE
    value:
    value32:    0x00d4f2f2
    size:       0x00000111 / 0x00000000

- Variable 26   FLAGS
    value:
    value32:    0x00000000
    size:       0x00000111 / 0x00000005

- Variable 28   LZMA_PROP
    value:
    value32:    0x00000000
    size:       0x00000111 / 0x00000009

- Variable 30   QUICKBMS_COMTYPE
    value:      ZSTD
    value32:    0x00000000
    size:       0x00000111 / 0x00000004
  coverage file 0   100%   13955834   13955826   . offset 00d4f2f2

Press ENTER or close the window to quit
  • Author
  • Localization

3IMiner, posted Fri Jul 08, 2022 8:27 am (72526)

Day3....
I think comtype
Code:
lzham "18 8 0 0 0"
should be changed
This is a BMS script
Code:
# Clash Royale / Clash of Clans (script 0.2.4)
# script for QuickBMS http://quickbms.aluigi.org

get NAME basename
get EXT extension

if EXT == "csv"
    getdstring PROP 5
    get SIZE long
    savepos OFFSET
    get ZSIZE asize
    math ZSIZE -= OFFSET
    string NAME p= "%s_unpack.%s" NAME EXT
    comtype lzma_0 PROP
    clog NAME OFFSET ZSIZE SIZE
    cleanexit
endif

endian big
idstring "SC"
get VER long
if VER >= 4
   get DUMMY long   # 1
endif
get DUMMYSZ long
getdstring DUMMY DUMMYSZ
get SIZE asize
endian little

savepos OFFSET
getdstring SIGN 4
goto OFFSET
get SIGN32 long

math XSIZE = -1
if SIGN == "SCLZ"
    get FLAGS byte      # 0x12
    comtype lzham "18 8 0 0 0"
elif SIGN32 == 0xfd2fb528
    comtype zstd
    math XSIZE = SIZE   # no matter
else
    goto OFFSET
    getdstring LZMA_PROP 5
    comtype lzma_0 LZMA_PROP
endif

if XSIZE < 0
    get XSIZE long
    savepos OFFSET
endif
math SIZE - OFFSET
clog NAME OFFSET SIZE XSIZE
  • Author
  • Localization

3IMiner, posted Mon Jul 11, 2022 1:13 pm (72570)

Day4....
"Novices on the road are destined to be novices"
I detected the format through BMS analysis and compression.
See the suitable in many compression.
Code:
- open input file C:\Users\3IMiner\Documents\Supercell\Test\ui_badges.sc
- open script comtype_scan2.bms
- set output folder C:\Users\3IMiner\Documents\Supercell\Test\

  offset   filesize   filename
--------------------------------------
test algorithm number 26: ZSIZE 38924, SIZE 778480
  00000000 778480     ASCII85.dmp

- 1 files found in 0 seconds
  coverage file 0   100%   38924      38924      . offset 00000000

These are two kinds of comparisons.
Test Version:
SC that can be decrypted before:
There are more files It's not listed here. I've packed it.
File:
However, how to find the offset corresponding to zsite and size here? Do you have a kind person to tell me...
Thanks.
  • Author
  • Localization

3IMiner, posted Wed Jul 20, 2022 10:32 am (72676)

Orz...
I hope someone can help...
Guest
This topic is now closed to further replies.
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.