This topic was archived here:

https://web.archive.org/web/20230000000000fw_/https://www.zenhax.com/viewtopic.php?t=13966

mikoamoy, posted Wed Aug 12, 2020 6:32 am (58036)

---

I found the files within the hash json
the file should be unity but it was .bundles
and it's encrypted and this bundle shuld be contain model files
samples
https://mega.nz/folder/00wj2ZwZ#vz_jIhCcJAQY-BPLyAOrAQ

aluigi could u help me?

chrrox, posted Wed Aug 19, 2020 8:30 pm (58191)

---

Here is The main exe and metadata.
https://transferxl.com/00j3fNs9tCwsHg
I believe the decryption function is

Code:

void Athena.Asset.Loader.AthenaAssetBundleCachingResource$$LoadFromFileStream

in here it calls

Quote:

uVar3 = Dress.Core.DressEnv$$GetEncryptKey(0);
plVar4 = (longlong *)System.Text.Encoding$$get_UTF8(0);
uVar5 = Dress.Core.DressEnv$$GetEncryptSalt(0);

then i calls

Code:

void Athena.Utility.SeekableAesStream$$.ctor

I believe this generates the static xor key

Code:

  System.IO.Stream$$.ctor(param_1,0);
  *(undefined8 *)(param_1   0x28) = param_2;
  plVar3 = (longlong *)
           thunk_FUN_100cbcb9c(System.Security.Cryptography.PasswordDeriveBytes_TypeInfo);
  System.Security.Cryptography.PasswordDeriveBytes$$.ctor(plVar3,param_3,param_4,0);
  plVar6 = (longlong *)thunk_FUN_100cbcb9c(System.Security.Cryptography.AesManaged_TypeInfo);
  System.Security.Cryptography.AesManaged$$.ctor(plVar6,0);

sample encrypted file

Ekey, posted Wed Aug 19, 2020 9:06 pm (58192)

---

Upload to another filesharing, on this site I get an error.

Code:

NoSuchKey
The specified key does not exist.
a556f6b73cd43dec27d345e6a677c06b-0.zip
m-use1-09
/m-use1-09/a556f6b73cd43dec27d345e6a677c06b-0.zip
us-east-1
162CC748D03081C3
c355d7fb-3390-4b20-b108-c9331f9103a5

As i see by your snipped of code, here is a very similar encryption scheme as in "Prison Princess"

chrrox, posted Wed Aug 19, 2020 9:12 pm (58193)

---

https://file.io/YpEuA0jdwfo9

Ekey, posted Wed Aug 19, 2020 10:47 pm (58195)

---

chrrox wrote:

https://file.io/YpEuA0jdwfo9

Where do you find such filesharing service's?



Upload to Mediafire, GoogleDrive, Mega or Zippyshare

Edited: Full game name is "Fate/Grand Order Waltz in the MOONLIGHT/LOSTROOM" ?

chrrox, posted Wed Aug 19, 2020 11:07 pm (58196)

---

Yes that is the game.
https://www17.zippyshare.com/v/0LSWU4aD/file.html

it will run in nox emulator if you change model information to huawei in all 3 fields and use android 7.

Ekey, posted Thu Aug 20, 2020 2:12 am (58200)

---

Do you have a cache of files like obb or something like this?

chrrox, posted Thu Aug 20, 2020 3:18 am (58203)

---

Yes this is complete game directory
https://www64.zippyshare.com/v/LoKDgSXY/file.html

android cs generation.

dump.7z

chrrox, posted Mon Sep 28, 2020 12:18 am (58923)

---

The b64 encoded keys are here

void __cdecl Dress_Core_DressEnv___cctor(const MethodInfo *method)

Code:

m_Items[0] = PqW6CKKXvwBZA1KJfzDRafWGzWcNFQIYLblOUintwbaXPtLHdarvX4XzWvXAyLIccfqfpxHv946OpukGTNNku7q4Z7WzKlhJ2GCfSsVC2a90rgP9qsc2sMYdlDguDL0W
m_Items[1] = OjNsqG9RpXxY3kwjl9f4XkyplPffbSMZolFgCxX1xchxTbIVJxV6zFpt0QALdT6LMSjOljgOLjEQSJtKs01Y1edWaCPi3H9UchktItWcBXusjhsuyH9GHjmx3HhAL8YZ
m_Items[2] = rOCRMGuSqwTsXmGcjQH4qNqSDoi6rzvZ4c1BSNBekGFG0lLkR3PxNPozhgOQbQGQpVBS4YAZ3Cr6MavKCEeuxw3Vqnwuktqk9uP7OigAV2qAaegdibkOMovUFIQO4Ol0
m_Items[3] = hiwA5RDasdzt7RKJyZnSE3bnY6P82NIPMdqwVPT1IL9bTjVgVH3qUhPzRAYJuLBZCSdPiaeRBraghAqiDWF2bqU9rY2Mpr5oBvfsZyZFv8tHEH0wt46sX3AWV6aZScaf
m_Items[4] = LKBnipPpd2DNJWX9bjYTBly2OPqtcDTQuT5eFI38dGV3AC5tK32qUh9bMcQB4csAaAIuxCwHw44DEuO7Hm7VZnfjAoUyr8pjQuXIdgwn5lCkNrxcvOPhxlcCloPSDVZl
m_Items[5] = 2mToFoinYnrkSTBvTpKWyZQR3bgIDTF1414ti8Xobz36Ha4PcNjMh6QlkxSTX2gIPcV5qJ65mVIaBosgMuBwozLtxd2p6ky0h1HZ2dnqvIsLKZu3SFXrZJtvmMHZK59m

referenced
Dress_Core_DressEnv_TypeInfo->static_fields->encryptKeys;

m_Items are encryptKeys

chrrox, posted Mon Sep 28, 2020 10:15 am (58934)

---

These are the 2 functions called for generating the password.
https://pastebin.com/nqJmw1Bs
https://pastebin.com/5y0y3EHR

I also see this in memory hat lines up with the array it building

Code:

Dress_Core_DressEnv__GetEncryptKey

OjNsqG9RpXxY3kwjl9f4XkyplPffbSMZolFgCxX1xchxTbIVJxV6zFpt0QALdT6LMSjOljgOLjEQSJtKs01Y1edWaCPi3H9UchktItWcBXusjhsuyH9GHjmx3HhAL8YZ - 1

LKBnipPpd2DNJWX9bjYTBly2OPqtcDTQuT5eFI38dGV3AC5tK32qUh9bMcQB4csAaAIuxCwHw44DEuO7Hm7VZnfjAoUyr8pjQuXIdgwn5lCkNrxcvOPhxlcCloPSDVZl - 4

hiwA5RDasdzt7RKJyZnSE3bnY6P82NIPMdqwVPT1IL9bTjVgVH3qUhPzRAYJuLBZCSdPiaeRBraghAqiDWF2bqU9rY2Mpr5oBvfsZyZFv8tHEH0wt46sX3AWV6aZScaf - 3

PqW6CKKXvwBZA1KJfzDRafWGzWcNFQIYLblOUintwbaXPtLHdarvX4XzWvXAyLIccfqfpxHv946OpukGTNNku7q4Z7WzKlhJ2GCfSsVC2a90rgP9qsc2sMYdlDguDL0W - 0


Dress_Core_DressEnv__GetEncryptSalt

hiwA5RDasdzt7RKJyZnSE3bnY6P82NIPMdqwVPT1IL9bTjVgVH3qUhPzRAYJuLBZCSdPiaeRBraghAqiDWF2bqU9rY2Mpr5oBvfsZyZFv8tHEH0wt46sX3AWV6aZScafg - 3

OjNsqG9RpXxY3kwjl9f4XkyplPffbSMZolFgCxX1xchxTbIVJxV6zFpt0QALdT6LMSjOljgOLjEQSJtKs01Y1edWaCPi3H9UchktItWcBXusjhsuyH9GHjmx3HhAL8YZa - 1

rOCRMGuSqwTsXmGcjQH4qNqSDoi6rzvZ4c1BSNBekGFG0lLkR3PxNPozhgOQbQGQpVBS4YAZ3Cr6MavKCEeuxw3Vqnwuktqk9uP7OigAV2qAaegdibkOMovUFIQO4Ol0  - 2

2mToFoinYnrkSTBvTpKWyZQR3bgIDTF1414ti8Xobz36Ha4PcNjMh6QlkxSTX2gIPcV5qJ65mVIaBosgMuBwozLtxd2p6ky0h1HZ2dnqvIsLKZu3SFXrZJtvmMHZK59m  - 5



*SPAM* - ?

chrrox, posted Fri Jul 30, 2021 8:56 pm (65419)

---

Here is the solution to fgo waltz decryption.

Code:

#script for quickbms by chrrox
#special thanks to aluigi for xorpad fast function.
set MEMORY_FILE10 string "
void decrypt(unsigned char *data, int size) {
    int i, c;
    for(i = 0; i         c = i >> 4;
        switch(i & 15) {
            case 0:            break;
            case 1:  c >>= 8;  break;
            case 2:  c >>= 16; break;
            case 3:  c >>= 24; break;
            default: c = 0;
        }
        data[i] ^= c;
    }
}
"

get NAME basename
string NAME   .dec
get SIZE asize
math SIZE   16
putvarchr MEMORY_FILE SIZE 0
calldll MEMORY_FILE10 decrypt tcc RET MEMORY_FILE SIZE
encryption mcrypt_rijndael-128_ecb "\x43\x20\x68\x9B\x21\x9A\x85\xBF\x9F\x66\x5D\xFB\xEF\x90\xBF\x49"  "" 1 16
math SIZE - 16
log MEMORY_FILE2 16 SIZE MEMORY_FILE
encryption "" ""
getdstring KEY SIZE MEMORY_FILE2
encryption xor KEY
log NAME 0 SIZE

mikoamoy, posted Sat Jul 31, 2021 1:29 pm (65432)

---

After years it finally worked!

Thanks Chrox

Yuzu, posted Wed Jan 19, 2022 3:18 am (69170)

---

Hey, does anyone still have the OBB? I need the file to continue playing offline

breakdown64, posted Wed Dec 07, 2022 8:54 am (74477)

---

Yuzu wrote:

Hey, does anyone still have the OBB? I need the file to continue playing offline

Yo. I happened to stumble upon this forum so hello.

Android 10 has broken this app (I think) and I have got it to work on an emulator running android 7, but a fresh apk needs to be downloaded since it is no longer on the play store. The app just shows an "Unable to contact servers" error message and kicks you out of the app.

Either I am not doing the correct method of importing this data on a fresh apk or the code needs to be modified so it does not need to attempt to contact the servers? I just copy pasted the data into the Android>Obb file. Would love to know more. Cheers.


https://file.io/S1Y6NCjzvZc0

Noellers181, posted Wed Feb 08, 2023 2:52 am (75338)

---

breakdown64 wrote:

Yuzu wrote:

Hey, does anyone still have the OBB? I need the file to continue playing offline

Yo. I happened to stumble upon this forum so hello.

Android 10 has broken this app (I think) and I have got it to work on an emulator running android 7, but a fresh apk needs to be downloaded since it is no longer on the play store. The app just shows an "Unable to contact servers" error message and kicks you out of the app.

Either I am not doing the correct method of importing this data on a fresh apk or the code needs to be modified so it does not need to attempt to contact the servers? I just copy pasted the data into the Android>Obb file. Would love to know more. Cheers.


https://file.io/S1Y6NCjzvZc0

Would you happen to sill have the OBB file? I would love to play this game again and rip the files from it