Results 1 to 4 of 4

Thread: decrypting an unknown file type

  1. #1
    Dionysus
    Guest

    Question decrypting an unknown file type

    This looked like a forum made just for this question I want to be able to take a file that is "encrypted" and convert it to readable format. Then "reencrypt" it. I am working on a game by NovaLogic that encodes files using cbin format, that is the first 4 letters in the files are cbin. I have a not encrypted template (its just a text file) that I can edit and the game will accept it and use it unencrypted. But i would like to be able to decrypt the files to read them and even more important i would like to reencrypt them. any way thats the background. I need to know where I can find information on breaking new file formats.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    הבּרוּ נשׂאי כּלי יהוה mike's Avatar
    Join Date
    Mar 2001
    Posts
    491

    reversing encryption

    Stream ciphers usually work by XORing the plaintext with a pseudo-random byte stream. This means that if you XOR the ciphertext with some byte, the decrypted plaintext will be XORed with the same byte.

    How do the ciphertexts corresponding to similar plaintexts compare?

    Unless you have to type in a password, the file could be called "obscured" or "obfuscated", since there's no secret information other than the algorithm.

    Except for VERY simple ciphers, it's almost impossible to figure out the encryption just by looking at the plaintext and ciphertext. Set breakpoints on function calls and/or API's that access the file. Then watch what happens to the buffer.

  3. #3
    Dionysus
    Guest

    hrmm i might be on the wrong track

    actualy thrte is little corospondence in the template and the other file, im thinking that it may be some sort of compresion\encryption the ecnrypted file is 7k the text is 12k also there is part where the encoded files are similar at the beginning of the file.
    here are 2 sample headers


    43 42 49 4E 30 0C 00 00 E6 07 00 00 A2 00 00 00
    CE 77 E1 01 1A 78 2E 7C 71 07 C2 77 EE 80 3C 17
    BC 38 03 E1 BA F3 C0 1E 08 DF 9C 01 F7 5D F9 E0
    0B 85 EF CE 02 78 2E 7C 75 07 C2 77 E2 80 3C 17
    B8 38 03 E1 BA F3 C0 1E 0C DF 9C 01 F7 5D F9 EO


    43 42 49 4E 70 13 00 00 43 09 00 00 BB 00 00 00
    CE 77 E1 01 29 78 2E 7C 71 07 C2 77 EE 80 3C 17
    BC 38 03 E1 BA F3 C0 1E 08 DF 9C 01 FC 5D F9 E0
    0B 85 EF CE 02 78 2E 7C 75 07 C2 77 E2 80 3C 17
    B8 38 03 E1 BA F3 C0 1E 0C DF 9C 01 F7 5D F9 EO

    Manny other places in the program, they use "]" (5D) to seperate things so i was thinking that the part before that could be some sort of "key" or important in some way.


    also no password, the game decrypts the files on its own when it needs them.

    ill try useing SI on it but I am not good with that program. I can use it to make trainers and junk, but I never could get BPX to work right.

    thanks for the idea.

    also, any sites/tutorial on the subject would be good.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    goatass
    Guest
    Hey Dionysus, if you look at the two heads you can see that there are similar patterns which make me believe that the structure and layout of these files are similar. You said the program uses ] to seperate things, could it be that it uses [ ] which will be used in INI files to identify sections and keys. Does it use the INI APIs for anything ?
    Try also bpx CreateFileA do "d *(esp+4)" and check to see when it open these encoded files and trace on from there. Also try ReadFile, etc.

    Once you find where the game opens the file and starts reading from it you should be able to locate how it decodes it pretty easily since games normaly don't hide these sort of routines.

    goatass
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. anyone know what type of hash this is?
    By twisted in forum RCE Cryptographics
    Replies: 2
    Last Post: November 26th, 2010, 04:57
  2. Help with decrypting the contents in the file
    By chiali in forum The Newbie Forum
    Replies: 3
    Last Post: January 16th, 2008, 04:23
  3. new type of hasp ?
    By saber in forum The Newbie Forum
    Replies: 4
    Last Post: May 23rd, 2006, 09:25
  4. Tips pointers for cracking a crypted license file type protection
    By SuperCali in forum Malware Analysis and Unpacking Forum
    Replies: 14
    Last Post: October 1st, 2001, 10:35
  5. Asm help needed: What type of CRC is this?
    By morlac in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: February 12th, 2001, 08:52

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •