Skip to content
View in the app

A better way to browse. Learn more.
ResHax

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Help us keep the site running.

RayGigant (data0x.bin)

ZenHAX
in Zenhax

Featured Replies

  • Author
  • Localization

aluigi, posted Tue Aug 16, 2016 9:00 am (16526)

Ehmmm... that bin is just a video :D
  • Author
  • Localization

aluigi, posted Wed Aug 17, 2016 7:37 am (16581)

It seems obfuscated probably with a custom algorithm.
  • Author
  • Localization

sigroon365, posted Wed Aug 17, 2016 12:22 pm (16594)

aluigi wrote:
It seems obfuscated probably with a custom algorithm.


Oh, that's too bad! :o
  • Author
  • Localization

Ekey, posted Wed Aug 17, 2016 1:13 pm (16596)

Code:
char Decrypt(int pScrBuffer, unsigned int *pDstBuffer, unsigned int dwSize, int dwKey, int dwFlag)
{
  int v5;
  unsigned int v6;
  int v7;
  unsigned int *v8;
  unsigned int v9;
  int v10;
  int v11;
  unsigned int v12;
  unsigned int *v13;
  int v14;
  unsigned int v15;
  int v16;
  int v17;
  char v18;
  int v20;
  int v21;
  int v22;
  int v23;
  int v24;

  v5 = dwFlag;
  v6 = dwSize;
  v7 = pScrBuffer;
  v21 = pScrBuffer;
  v8 = pDstBuffer;
  v9 = dwSize;
  if ( !(dwFlag & 3) )
  {
    if ( dwSize >> 2 )
    {
      v24 = (dwFlag   3)       v10 = (dwFlag   1)       v11 = (dwFlag   2)       v20 = v7 - (DWORD)v8;
      v12 = dwSize >> 2;
      v22 = (dwFlag   1)       v23 = (dwFlag   2)       v13 = v8;
      do
      {
        v14 = (unsigned __int16)(v10 & 0xFF00) | v11 & 0xFF0000;
        v10 = v24;
        v24  = 0x4000000;
        v15 = (unsigned __int8)v5 | v10 & 0xFF000000 | v14;
        v5  = 4;
        LOWORD(v10) = v22   1024;
        *v13 = dwKey ^ *(unsigned int *)((char *)v13   v20) ^ v15;
        v11 = v23   0x40000;
        v23  = 0x40000;
        v22  = 1024;
          v13;
        --v12;
      }
      while ( v12 );
      v7 = v21;
      v6 = dwSize;
    }
    v9 = v6 & 3;
    v16 = v6 - v9;
    v8 = (unsigned int *)((char *)v8   v16);
    v7  = v16;
  }
  if ( v9 )
  {
    v17 = (int)v8 - v7;
    do
    {
      v18 = *(BYTE *)(  v7 - 1) ^ v5 ^ *((BYTE *)&dwKey   (v5 & 3));
        v5;
      *(BYTE *)(v7   v17 - 1) = v18;
      --v9;
    }
    while ( v9 );
  }
  return 1;
}


Two headers at begin and at the end of archive with size 0x20.

Usage
Code:
Decrypt((int)&SrcBuf, (unsigned int *)&DstBuf, 0x20u, 0xFABACEDA, 0);


I am lazy to restore this code, but it works anyway :)
  • Author
  • Localization

sigroon365, posted Sat Aug 20, 2016 1:09 pm (16690)

Thank you. is there someone who can use it to decrypt the bin file?
  • Author
  • Localization

aluigi, posted Sat Aug 20, 2016 1:59 pm (16692)

I'm not interested, after a quick look it seems to take time and the huge size of the archive doesn't help.
Anyway the following is a test ONLY FOR WHO WANTS TO MAKE TESTS WITH QUICKBMS (this is not an extraction script and will never work with a huge file like that):
Code:
math KEY = 0xFABACEDA
set MEMORY_FILE3 binary "\x55\x89\xe5\x57\x56\x53\x83\xec\x24\x8b\x45\x18\x8b\x55\x10\xa8\x03\x0f\x85\xbf\x00\x00\x00\x89\xd6\xc1\xee\x02\x0f\x84\xa5\x00\x00\x00\x8b\x7d\x14\x8d\x48\x02\x8d\x58\x01\xc1\xe6\x02\x89\x45\xd8\xc1\xe1\x10\xc1\xe3\x08\x89\x7d\xe0\x8b\x7d\x0c\x89\x4d\xec\x8d\x48\x03\x89\x5d\xe8\x29\xc7\xc1\xe1\x18\x89\x7d\xd4\x8b\x7d\x08\x89\x4d\xf0\x8d\x0c\x06\x29\xc7\x89\x4d\xdc\x89\x7d\xd0\x8b\x7d\xf0\x0f\xb6\xc8\x81\xe3\x00\xff\x00\x00\x81\x45\xe8\x00\x04\x00\x00\x83\xc0\x04\x81\xe7\x00\x00\x00\xff\x09\xcf\x8b\x4d\xec\x81\x45\xec\x00\x00\x04\x00\x81\xe1\x00\x00\xff\x00\x09\xd9\x0f\xb7\x5d\xe8\x09\xf9\x8b\x7d\xf0\x89\x4d\xe4\x8b\x4d\xd0\x81\x45\xf0\x00\x00\x00\x04\x66\x31\xff\x09\xfb\x8b\x7d\xe0\x33\x7c\x01\xfc\x8b\x4d\xe4\x31\xf9\x3b\x45\xdc\x8b\x7d\xd4\x89\x4c\x07\xfc\x75\x9d\x8b\x45\xd8\x01\xf0\x89\xd1\x83\xe1\x03\x29\xca\x01\x55\x0c\x01\x55\x08\x89\xca\x85\xd2\x74\x23\x01\xc2\x8b\x5d\x08\x8b\x75\x0c\x29\xc3\x29\xc6\x89\xc7\x88\xc1\x32\x0c\x03\x83\xe7\x03\x40\x32\x4c\x3d\x14\x39\xd0\x88\x4c\x06\xff\x75\xe9\x83\xc4\x24\xb0\x01\x5b\x5e\x5f\x5d\xc3"

encryption calldll "MEMORY_FILE3 0 cdecl RET #INPUT# #OUTPUT# #INPUT_SIZE# KEY 0"

math SIZE = 0x10000000 # the size of the archive is too big for quickbms
log "dump.dat" 0 SIZE
  • Author
  • Localization

sigroon365, posted Mon Aug 22, 2016 1:52 am (16733)

Ok. thank you!
Guest
This topic is now closed to further replies.
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.