warrantyvoider, posted Wed Apr 12, 2017 6:57 pm (22166)

---

ok, last thing before attempting imports... a plugin system and a search plugin as demo


attached is as usual the release, but this time also the plugin as source code, so coders that cant wait for me, can already make use of the filesystems. I only made a basic interface currently, if you need more functions, let me know.

greetz WV

PluginDemo.rar

Release.rar

griggs111, posted Wed Apr 12, 2017 8:11 pm (22171)

---

We can't wait here in Hungary to start the translation of this game with the help of the talktable!
I'm also a programmer, so if I can help in anything, you just need to ask.

warrantyvoider, posted Wed Apr 12, 2017 8:17 pm (22172)

---

I know, I know, I keep coding simple import works like this: as everything is found by sha1, you can simply overwrite the entry in the cas.cat file for this sha1 with a pointer to a new cas, f.e. cas_99.cas at offset 0 or whatever. I just have to automate it and test it, before I can write tools like a talktable editor, thats based on it

greetz WV

PS: additional difficulty for language and other "emargoed" stuff: the chunks have to also be encrypted, or maybe I can move them to the unencrypted sha1 list, thats why I said, I need to test this^^
PPS: at some future point I plan to create real patches, because you also have to watch out for stuff that gets overwritten by patch after loading, in that case the patch can be prevented by overwriting the "toPatch"-sha1 with some invalid one, and now the system cant apply the patch anymore and loads the unpatched version (this is a very simplefied explanation, tho, there are also , -,- and -- patches to make things more complicated)
PPPS:going to sleep, lets see what I can do tomorrow

michalss, posted Thu Apr 13, 2017 5:00 am (22175)

---

warrantyvoider wrote:

I know, I know, I keep coding simple import works like this: as everything is found by sha1, you can simply overwrite the entry in the cas.cat file for this sha1 with a pointer to a new cas, f.e. cas_99.cas at offset 0 or whatever. I just have to automate it and test it, before I can write tools like a talktable editor, thats based on it

greetz WV

PS: additional difficulty for language and other "emargoed" stuff: the chunks have to also be encrypted, or maybe I can move them to the unencrypted sha1 list, thats why I said, I need to test this^^
PPS: at some future point I plan to create real patches, because you also have to watch out for stuff that gets overwritten by patch after loading, in that case the patch can be prevented by overwriting the "toPatch"-sha1 with some invalid one, and now the system cant apply the patch anymore and loads the unpatched version (this is a very simplefied explanation, tho, there are also , -,- and -- patches to make things more complicated)
PPPS:going to sleep, lets see what I can do tomorrow

We have try import but problem is with this hash in the 256 bytes header from 8th - 264. If you change anything in the game = crash. Means it is different then DAI..Look like RSA 2048

PKCS#1, "the" RSA standard, describes how a signature should be encoded, and it is a sequence of bytes with big-endian unsigned encoding, always of the size of the modulus. This means that for a 2048-bit modulus, all signatures have length exactly 256 bytes, never more, never less.

Prehaps key is in the exe file. Ekey or Rick can you please have a look

warrantyvoider, posted Thu Apr 13, 2017 5:18 am (22176)

---

Have you tried to zero the keys out as dai had? I think engine accepts that too

michalss, posted Thu Apr 13, 2017 6:32 am (22178)

---

warrantyvoider wrote:

Have you tried to zero the keys out as dai had? I think engine accepts that too

yes, not work... Not same as dai..

Rick, posted Thu Apr 13, 2017 9:48 am (22179)

---

Hook BCryptVerifySignature and make it return true. It's a proper RSA public private key pair, can't forge signatures. So either replace RSA keys or break signature validation.

warrantyvoider, posted Thu Apr 13, 2017 10:01 am (22180)

---

I like breaking things^^ you dont have the pattern by chance, right? (I used RSA on my tor servers, I know you cant break the key, but as you said, surely the implementation^^)

Rick, posted Thu Apr 13, 2017 10:37 am (22181)

---

warrantyvoider wrote:

I like breaking things^^ you dont have the pattern by chance, right? (I used RSA on my tor servers, I know you cant break the key, but as you said, surely the implementation^^)

It's an import...

https://msdn.microsoft.com/en-us/library/windows/desktop/aa375515(v=vs.85).aspx

warrantyvoider, posted Thu Apr 13, 2017 10:57 am (22183)

---

Dang, noticed too late. Nvm

michalss, posted Thu Apr 13, 2017 4:54 pm (22188)

---

Rick wrote:

Hook BCryptVerifySignature and make it return true. It's a proper RSA public private key pair, can't forge signatures. So either replace RSA keys or break signature validation.

Hmm thx Rick is there any chance to find key for us pls ? It is above my knowledge to be honest..

warrantyvoider, posted Thu Apr 13, 2017 5:14 pm (22189)

---

michalss wrote:

Rick wrote:

Hook BCryptVerifySignature and make it return true. It's a proper RSA public private key pair, can't forge signatures. So either replace RSA keys or break signature validation.

Hmm thx Rick is there any chance to find key for us pls ? It is above my knowledge to be honest..

thats mathematically impossible and replacing needs a way to inject code, its waaaay easier to hook the function he mentioned...

Rick wrote:

Hook BCryptVerifySignature and make it return true. It's a proper RSA public private key pair, can't forge signatures. So either replace RSA keys or break signature validation.

I attached an empty project that contains a proxy dll, for anyone needing a start to inject code, just use the main function, for now it just shows a hello world message box. compile it and put the resulting AnselSDK64.dll together with AnselSDK64_org.dll into the rootfolder of mea. code gets executed after denuvo and before engine start

greetz WV

PS: in case someone wonders how I make those dlls, I made myself a tool for that: https://www.youtube.com/watch?v=lAY_ww8SNmM

AnselSDK64.rar

michalss, posted Thu Apr 13, 2017 6:31 pm (22190)

---

warrantyvoider wrote:

michalss wrote:

Rick wrote:

Hook BCryptVerifySignature and make it return true. It's a proper RSA public private key pair, can't forge signatures. So either replace RSA keys or break signature validation.

Hmm thx Rick is there any chance to find key for us pls ? It is above my knowledge to be honest..

thats mathematically impossible and replacing needs a way to inject code, its waaaay easier to hook the function he mentioned...

Rick wrote:

Hook BCryptVerifySignature and make it return true. It's a proper RSA public private key pair, can't forge signatures. So either replace RSA keys or break signature validation.

I attached an empty project that contains a proxy dll, for anyone needing a start to inject code, just use the main function, for now it just shows a hello world message box. compile it and put the resulting AnselSDK64.dll together with AnselSDK64_org.dll into the rootfolder of mea. code gets executed after denuvo and before engine start

greetz WV

PS: in case someone wonders how I make those dlls, I made myself a tool for that: https://www.youtube.com/watch?v=lAY_ww8SNmM

Very interesting method. Find the key must be possible from exe if there is no denuvo i believe however i dont know how exactly use this dlls yet never done it before, so i guess need to learn smt about it.. As far as i understand only what we need is to hook this function where every call for header validation it needs return true right ?

warrantyvoider, posted Thu Apr 13, 2017 6:46 pm (22192)

---

I could print the key out, overwrite it, etc, but why? this works too...

michalss wrote:

... however i dont know how exactly use this dlls yet ...

just copy this dll and the AnselSDK64_org.dll from previous post into the folder, where the game exe is (overwrite the existing one, back it up if you want), then start the game

AnselSDK64.rar

michalss, posted Thu Apr 13, 2017 6:50 pm (22193)

---

warrantyvoider wrote:

I could print the key out, overwrite it, etc, but why? this works too...

Sure if this works no need to break the key. This is complete usable DLL can i try it with my modify files with original headers or it still need some modifications ? It might be a strange question but as i said i have zero experience with hooking and stuff... but im able to modify files for my needs..

michalss, posted Fri Apr 14, 2017 10:25 am (22201)

---

Thank you a lot WV and Rick it works like charm ..

warrantyvoider, posted Fri Apr 14, 2017 10:34 am (22202)

---

michalss wrote:

Thank you a lot WV and Rick it works like charm ..

np, any screenshots? trying import today too...

michalss, posted Fri Apr 14, 2017 10:50 am (22203)

---

warrantyvoider wrote:

michalss wrote:

Thank you a lot WV and Rick it works like charm ..

np, any screenshots? trying import today too...

Yes very soon during today...

warrantyvoider, posted Fri Apr 14, 2017 11:29 am (22205)

---

here some quick tests ive tried: (all on layout.toc because its on of the first files to load, and Data\Win32\streaminginstall\ayainstallpackage\cas.cat)
-as excpected, using the exported, unobfuscated preview of tocs from my browser loads fine if the footer is removed, so will have to fix my code for that
-without the dll a single change in the toc headers key will stall the exe on startup, with the dll I can see the verification access use, so works fine
-same goes for cat files

so I guess I can start writing an "SetDataBySha1(byte[] sha1, byte[] data);" function and later add it to my plugin interface for you to use

EDIT: first update was accepted^^

warrantyvoider, posted Fri Apr 14, 2017 4:13 pm (22209)

---

welcome to import/export business



notes:
-this automatically edits cat file, finds a new cas file (from 99 downwards) and appends the chunk data to it
-automatically compresses with zstd and creates chunk blocks
-importing encrypted emargo content IS NOT yet implemented (comes soon, dear translators^^)
-if you can have a hexpreview (of something in VFS), then you can also import (chunks, ebx and res data)
-works with my dll, game loads this happily

now im going to add this to my plugin interface and make a demo plugin to display and edit data by sha1

PS: backup your data, redownloading/rescanning 42gb is no fun!

Release.rar

Snowpiercer, posted Fri Apr 14, 2017 7:35 pm (22211)

---

Can you extract models with this tool? If not, any plans for that?

Thanks for your work WarrantyVoider.

michalss, posted Fri Apr 14, 2017 8:36 pm (22213)

---

warrantyvoider wrote:

michalss wrote:

Thank you a lot WV and Rick it works like charm ..

np, any screenshots? trying import today too...

Here you go

warrantyvoider, posted Fri Apr 14, 2017 8:41 pm (22214)

---

Snowpiercer wrote:

Can you extract models with this tool? If not, any plans for that?

Thanks for your work WarrantyVoider.

now you can, if you have some external tool for it^^

added import for encrypted/embargoed content, like the talktables!

this means, if you already have a working talktable editor, you can already try it out ingame, I have to make one before I can test that, but I clearly see the game still loads, as does my tools

greetz

EDIT:

michalss wrote:

warrantyvoider wrote:

michalss wrote:

Thank you a lot WV and Rick it works like charm ..

np, any screenshots? trying import today too...

Here you go

noice, ill get there too soon^^

Release.rar

paulscottttt, posted Fri Apr 14, 2017 8:59 pm (22215)

---

warrantyvoider wrote:

welcome to import/export business



notes:
-this automatically edits cat file, finds a new cas file (from 99 downwards) and appends the chunk data to it
-automatically compresses with zstd and creates chunk blocks
-importing encrypted emargo content IS NOT yet implemented (comes soon, dear translators^^)
-if you can have a hexpreview (of something in VFS), then you can also import (chunks, ebx and res data)
-works with my dll, game loads this happily

now im going to add this to my plugin interface and make a demo plugin to display and edit data by sha1

PS: backup your data, redownloading/rescanning 42gb is no fun!

i'll be the noob here.

how to you launch the browser?
i just get a pop up then nothing. log is empty.

warrantyvoider, posted Fri Apr 14, 2017 9:41 pm (22217)

---

paulscottttt wrote:

i'll be the noob here.

how to you launch the browser?
i just get a pop up then nothing. log is empty.

how about you say what you did and what the popup said?