Skip to content
View in the app

A better way to browse. Learn more.
ResHax

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Help us keep the site running.

Unreal Engine 4 - "repak" encrypted and signed (.pak & .sig)

ZenHAX
in Zenhax

Featured Replies

  • Author
  • Localization

JM69, posted Wed May 08, 2019 6:26 pm (47674)

Does anyone in here knows how to obtain the RSA Modulus, Public Exponent, Private Exponent from a Unreal Engine 4 game binary executable when it has "pak" signing enabled?

My question is because I wanted to do a modification for a game called "KurtzPel" but it has this enabled.
So by just "repaking" with encryption only doesn't works because it won't match the "sig" signature file.

I originally posted about this at Gildor's Forums https://www.gildor.org/smf/index.php/to ... l#msg32543

Does anyone in here knows how to obtain the following values for "repaking"?

Code:
EncryptionKey=
SigningPublicExponent=
SigningModulus=
SigningPrivateExponent=


So far I know "EncryptionKey" is AES-256 (32 bytes) which once converted from HEX to Base64 is 44 characters long and can be used directly in UE 4.19 Editor.

(KurtzPel EncryptionKey)

HEX:
Code:
0x38D519D3867059256FFEAA9C7F575787EF2C048D38BF5C33CD1798A445570EE3

Base64:
Code:
ONUZ04ZwWSVv/qqcf1dXh 8sBI04v1wzzReYpEVXDuM=

Tested and working, you can encrypt your own paks with the same encryption used by the game.

But there is a problem, additionally the game needs the paks to be signed with a RSA key, so it cannot read modified paks by just encrypting them (Store encrypted CRCs of each 128kb chunk of the pak file in a separate sig file alongside the pak file.).

So as the UE4 documentation says,

"SigningPublicExponent" is the RSA key public exponent used for signing a pak file.
"SigningModulus" is the RSA key modulus used for signing a pak file.
"SigningPrivateExponent" is the RSA key private exponent used for signing a pak file.

Here is a random generated signing key by UE 4.19,

Base64:
Code:
SigningPublicExponent=/XDcMShioGFM4oCec6JvT/G0TOC95biIJC7 sydYzRkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
SigningModulus=V/SAydLKBE4r5ix7Bi/7FdUe5qA5sSqabYr6G3cIaE0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
SigningPrivateExponent=9VKVlXgm4STlpoLbWudO7tMe5qA5sSqabYr6G3cIaE0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==

HEX:
Code:
SigningPublicExponent=0xFD70DC312862A0614CE2809E73A26F4FF1B44CE0BDE5B888242EFEB32758CD190000000000000000000000000000000000000000000000000000000000000000
SigningModulus=0x57F480C9D2CA044E2BE62C7B062FFB15D51EE6A039B12A9A6D8AFA1B7708684D0000000000000000000000000000000000000000000000000000000000000000
SigningPrivateExponent=0xF55295957826E124E5A682DB5AE74EEED31EE6A039B12A9A6D8AFA1B7708684D0000000000000000000000000000000000000000000000000000000000000000


By the way instead of using the Unreal Editor you can also generate them with UnrealPak.exe by using parameters.

Code:
GenerateKeys= P= Q= [-NoVerifyPrimes]


Quote:
An RSA public-key / private-key pair can be generated by the following steps:
1. Generate a pair of large, random primes p and q.
2. Compute the modulus n as n = pq.
3. Select an odd public exponent e between 3 and n-1 that is relatively prime to p-1
and q-1.
4. Compute the private exponent d from e, p and q. (See below.)
5. Output (n, e) as the public key and (n, d) as the private key.


So technically those can be obtained, but here I'm just theory, no idea how to approach this.
Help on how to obtain this would be really appreciated.
  • Author
  • Localization

masterx244, posted Sat May 11, 2019 4:45 pm (47717)

No way to go from public key to private without brute-force and that is too much work for the used key sizes. A way for that would break almost all certificate based stuff (https included). google pointers: RSA & factorisation
  • Author
  • Localization

JM69, posted Mon May 13, 2019 1:34 pm (47744)

masterx244 wrote:
No way to go from public key to private without brute-force and that is too much work for the used key sizes. A way for that would break almost all certificate based stuff (https included). google pointers: RSA & factorisation


The game executable is supposed to have the private key, otherwise it couldn't decrypt the game files.
  • Author
  • Localization

akintos, posted Tue May 14, 2019 4:30 am (47751)

JM69 wrote:
The game executable is supposed to have the private key, otherwise it couldn't decrypt the game files.


No, game exe does not need to have private key to check signature. You only need RSA public key to do it.

AES key(for encrypting pak index) and RSA private key(for generating pak signature) are different. Game executable only contains AES key and RSA public key.
  • Author
  • Localization

Kein, posted Sun Jul 11, 2021 2:41 pm (65139)

You ever found answer or workaround for your needs? Got a game that has any sideloading restricted so the only way is to modify original PAK
Guest
This topic is now closed to further replies.
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.