Skip to content
View in the app

A better way to browse. Learn more.
ResHax

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Help us keep the site running.

Retrieving ZIP passwords from games - the debugger way

ZenHAX
in Zenhax

Featured Replies

  • Author
  • Localization

aluigi, posted Thu May 30, 2019 8:41 pm (48123)

Ops I forgot the most important part of the step-by-step :D
Now fixed.
  • Author
  • Localization

cyberspeed, posted Tue Jul 16, 2019 4:46 pm (49341)

Ok, so I wanted to give this a try as well, and I have the following result on the original executable
Code:
  offset   num  description [bits.endian.size]
  --------------------------------------------
  41351b70 3048 DMC compression [32.le.16&]
  413cca40 2005 B64EncodeTable [..64]
  413cca40 1996 rfc3548 Base 64 Encoding with URL and Filename Safe Alphabet [..62]
  41599a20 895  AES Rijndael Si / ARIA X1 [..256]
  41599b20 894  AES Rijndael S / ARIA S1 [..256]
  41599c20 874  SHA256 Hash constant words K (0x428a2f98) [32.le.256]
  41606460 641  CRC-32-IEEE 802.3 [crc32.0x04c11db7 le rev int_min.1024]
  41606460 648  CRC-32-IEEE 802.3 [crc32.0xedb88320 lenorev 1.1024]
  41606860 129  Adler CRC32 (0x191b3141) [32.le.1024]
  41606c60 131  Adler CRC32 (0x01c26a37) [32.le.1024]
  41607060 133  Adler CRC32 (0xb8bc6765) [32.le.1024]
  41607460 645  CRC-32-IEEE 802.3 [crc32.0x04c11db7 be rev int_min.1024]
  41607460 652  CRC-32-IEEE 802.3 [crc32.0xedb88320 benorev 1.1024]
  41607860 130  Adler CRC32 (0x191b3141) [32.be.1024]
  41607c60 132  Adler CRC32 (0x01c26a37) [32.be.1024]
  41608060 134  Adler CRC32 (0xb8bc6765) [32.be.1024]
  41608490 2289 zinflate_lengthStarts [16.le.58]
  41608510 2296 zinflate_distanceStarts [16.le.60]
  4162c465 2417 MBC2 [32.le.248&]
  4162d7a0 2418 MBC2 [32.be.248&]
  4162ecf8 1299 classical random incrementer 0x343FD 0x269EC3 [32.le.8&]
  41786600 639  CRC-32-IEEE 802.3 [crc32.0x04c11db7 lenorev int_min.1024]
  41786600 650  CRC-32-IEEE 802.3 [crc32.0xedb88320 le rev 1.1024]
  41786a70 3038 unlzx table_three [32.le.64]
  41786a70 1605 Generic bitmask table [32.le.128]
  41786a74 2588 bitmask [32.le.128]
  41786ae4 3051 compression algorithm seen in the game DreamKiller [32.be.12&]
  41786ae7 3050 compression algorithm seen in the game DreamKiller [32.le.12&]
  41794780 1933 Vorbis FLOOR1_fromdB_LOOKUP [float.le.1024]
  41796870 896  Rijndael Te0 (0xc66363a5U) [32.le.1024]
  41796c70 898  Rijndael Te1 (0xa5c66363U) [32.le.1024]
  41797070 900  Rijndael Te2 (0x63a5c663U) [32.le.1024]
  41797470 902  Rijndael Te3 (0x6363a5c6U) [32.le.1024]
  41797870 904  Rijndael Te4 (0x63636363U) [32.le.1024]
  41797c70 905  Rijndael Td0 (0x51f4a750U) [32.le.1024]
  41798070 907  Rijndael Td1 (0x5051f4a7U) [32.le.1024]
  41798470 909  Rijndael Td2 (0xa75051f4U) [32.le.1024]
  41798870 911  Rijndael Td3 (0xf4a75051U) [32.le.1024]
  41798c70 913  Rijndael Td4 (0x52525252U) [32.le.1024]
  41799070 914  Rijndael rcon [32.le.40]
  4179a860 1087 Zlib length_code [..256]
  4179a960 1086 Zlib dist_code [..512]
  4179ab60 2294 zinflate_lengthExtraBits [32.le.116]
  4179abdd 2304 zinflate_distanceExtraBits [32.be.120]
  4179abe0 2303 zinflate_distanceExtraBits [32.le.120]
  4179b1cd 1090 Zlib base_length [32.be.116]
  4179b1d0 1089 Zlib base_length [32.le.116]
  4179b250 1091 Zlib base_dist [32.le.120]
  417a1068 3036 unlzx table_three [16.le.32]
  4199cb4a 2545 anti-debug: IsDebuggerPresent [..17]
  44432c4f 1038 padding used in hashing algorithms (0x80 0 ... 0) [..64]
  4456938f 1295 TEA encryption/decryption (0xc6ef3720  0x9e3779b9) [32.le.8&]
  4456941c 2249 TEA1_DS [32.le.4]
  4298192a 917  SSH RSA id-sha1 OBJ.ID. oiw(14) secsig(3) algorithms(2) 26 [..15]
  429831f6 2319 PKCS_DigestDecoration_SHA256 [..19]

- 55 signatures found in the file in 9 seconds

and following result on the dumped/unpacked executable.
Code:
  offset   num  description [bits.endian.size]
  --------------------------------------------
  404b54b2 3048 DMC compression [32.le.16&]
  40b210ed 2249 TEA1_DS [32.le.4]
  40c37b93 876  SHA256 Initial hash value H (0x6a09e667UL) [32.le.32&]
  4106825a 1299 classical random incrementer 0x343FD 0x269EC3 [32.le.8&]
  413cca40 1996 rfc3548 Base 64 Encoding with URL and Filename Safe Alphabet [..62]
  413cca40 2005 B64EncodeTable [..64]
  41599a20 895  AES Rijndael Si / ARIA X1 [..256]
  41599b20 894  AES Rijndael S / ARIA S1 [..256]
  41599c20 874  SHA256 Hash constant words K (0x428a2f98) [32.le.256]
  41606460 648  CRC-32-IEEE 802.3 [crc32.0xedb88320 lenorev 1.1024]
  41606460 641  CRC-32-IEEE 802.3 [crc32.0x04c11db7 le rev int_min.1024]
  41606860 129  Adler CRC32 (0x191b3141) [32.le.1024]
  41606c60 131  Adler CRC32 (0x01c26a37) [32.le.1024]
  41607060 133  Adler CRC32 (0xb8bc6765) [32.le.1024]
  41607460 652  CRC-32-IEEE 802.3 [crc32.0xedb88320 benorev 1.1024]
  41607460 645  CRC-32-IEEE 802.3 [crc32.0x04c11db7 be rev int_min.1024]
  41607860 130  Adler CRC32 (0x191b3141) [32.be.1024]
  41607c60 132  Adler CRC32 (0x01c26a37) [32.be.1024]
  41608060 134  Adler CRC32 (0xb8bc6765) [32.be.1024]
  41608490 2289 zinflate_lengthStarts [16.le.58]
  41608510 2296 zinflate_distanceStarts [16.le.60]
  4162c465 2417 MBC2 [32.le.248&]
  4162d7a0 2418 MBC2 [32.be.248&]
  41786600 639  CRC-32-IEEE 802.3 [crc32.0x04c11db7 lenorev int_min.1024]
  41786600 650  CRC-32-IEEE 802.3 [crc32.0xedb88320 le rev 1.1024]
  41786a70 3038 unlzx table_three [32.le.64]
  41786a70 1605 Generic bitmask table [32.le.128]
  41786a74 2588 bitmask [32.le.128]
  41786ae4 3051 compression algorithm seen in the game DreamKiller [32.be.12&]
  41786ae7 3050 compression algorithm seen in the game DreamKiller [32.le.12&]
  41794780 1933 Vorbis FLOOR1_fromdB_LOOKUP [float.le.1024]
  41796870 896  Rijndael Te0 (0xc66363a5U) [32.le.1024]
  41796c70 898  Rijndael Te1 (0xa5c66363U) [32.le.1024]
  41797070 900  Rijndael Te2 (0x63a5c663U) [32.le.1024]
  41797470 902  Rijndael Te3 (0x6363a5c6U) [32.le.1024]
  41797870 904  Rijndael Te4 (0x63636363U) [32.le.1024]
  41797c70 905  Rijndael Td0 (0x51f4a750U) [32.le.1024]
  41798070 907  Rijndael Td1 (0x5051f4a7U) [32.le.1024]
  41798470 909  Rijndael Td2 (0xa75051f4U) [32.le.1024]
  41798870 911  Rijndael Td3 (0xf4a75051U) [32.le.1024]
  41798c70 913  Rijndael Td4 (0x52525252U) [32.le.1024]
  41799070 914  Rijndael rcon [32.le.40]
  4179a860 1087 Zlib length_code [..256]
  4179a960 1086 Zlib dist_code [..512]
  4179ab60 2294 zinflate_lengthExtraBits [32.le.116]
  4179abdd 2304 zinflate_distanceExtraBits [32.be.120]
  4179abe0 2303 zinflate_distanceExtraBits [32.le.120]
  4179b1cd 1090 Zlib base_length [32.be.116]
  4179b1d0 1089 Zlib base_length [32.le.116]
  4179b250 1091 Zlib base_dist [32.le.120]
  417a1068 3036 unlzx table_three [16.le.32]
  4199cb4a 2545 anti-debug: IsDebuggerPresent [..17]
  43ff08bb 1038 padding used in hashing algorithms (0x80 0 ... 0) [..64]
  4456938f 1295 TEA encryption/decryption (0xc6ef3720  0x9e3779b9) [32.le.8&]

- 54 signatures found in the file in 93 seconds

I have no clue how to progress from here on out, any help please?
What would I pick, and also, if is a Steam 64bit game, what would be best debugger to make that breakpoint?
  • Author
  • Localization

alwayslookin2, posted Tue Jun 23, 2020 7:17 am (57346)

Is it possible to do the reverse of this? For example, I know the password of the zip (I can see it in memory and have tested it). And find exactly where it is used in the program using a debugger? I assume you might be able to log every step from the debugger maybe (and then search for that string in the log), or is there another way? Any help is appreciated
  • Author
  • Localization

moonpaladin, posted Sat Feb 27, 2021 11:22 pm (62542)

Hello, I tried this method to get the password from Nyxlauncher.exe from Rakion Chaos Force from Steam, but have no success, is there any other way to get the password? :(. I need to open the Rakion.xfs with the SoIFS Explorer, but it required a password. :cry:
  • Author
  • Localization

aluigi, posted Sun Feb 28, 2021 10:48 am (62547)

@moonpaladin
How do you expect that a method meant for ZIP passwords would magically work on something totally different?
Please don't go off-topic.
  • Author
  • Localization

aluigi, posted Tue Jul 27, 2021 5:35 am (65381)

@ufo77
Code:
A30e41CZcGEFDH^2
  • Author
  • Localization

ufo77, posted Tue Jul 27, 2021 9:17 am (65383)

aluigi wrote:
@ufo77
Code:
A30e41CZcGEFDH^2

aluigi, Thanks to
Could you write a detailed sequence of steps for finding a password?
Is it possible to make a video? I have little experience. There are similar games from this developer.
Guest
This topic is now closed to further replies.
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.