On the file encryption format of online game tianlong x

Source: Internet
Author: User

In March, I played the online game tianlong X of a Fox Company. I thought it was quite interesting, so I studied it.
This game was developed using the open-source game engine ogre. After reading the file structure in the directory
Data is stored in the data directory. However, files are basically suffixed with. AXP. Each file may be dozens of megabytes.
Google attempted to package game files together and encrypt them. Start to open this AXP file with ue, and send
In fact, most of the files are in plain text. At first, I thought it was just to list the files together.
Each file has an interval, and there is a data header before it, and the file and name cannot match. Open
Od manual analysis, the main process is actually relatively simple, the createfile function is disconnected, find the File Buffer location,
Now let's move the memory access breakpoint to the key.CodeRegion. Skip the specific tracking details and file Verification Section.
The format is analyzed as follows:

The entire AXP file can be divided into four parts: 1. File Header 2. File name index 3. File index 4. file data

1. File Header:
The entire file header is fixed to 0x28 bytes. An integer starting from 20th bytes multiplied by 12 represents the third part.
That is, the length of the file index part (because each index has three integers)
2. File name index:
The entire file name index is fixed to 0x60000 bytes, which contains the file index location corresponding to each compressed file

3. File index:
The length of this part is determined by the data related to the file header, which contains the actual offset of each compressed file in. AXP.
Set and file size
4. file data:
This section contains the specific data of all compressed files. Each file is filled with zero padding.

First, let's talk about the general process of decompression: for example, if we want to extract a file named file.txt from a.axp
File Name file.txt to the file name index to find the corresponding file index, and then find the file according to the file index
Position and size of the file in the AXP file, and decompress it.

The decompression process is as follows:
Convert the name of the file to lowercase (if it is an English letter) and use the getdisp (char * s, int v) function.
Calculate related data. s indicates the file name, V indicates the calculation parameters, and getdisp (fname, 1) and getdisp are calculated respectively.
(Fname, 2 ),
Getdisp (fname, 3). Three values are obtained: A1, A2, and A3. The low A3 position is related to the position in the file name index, and the lowest A3 position.
High positions and A1 and A2 are used for verification. If the three values cannot meet the requirements at the same time, the offset position will be moved forward for verification,
I am too lazy to write the details.
The following describes the specific content of the getdisp function. I directly transformed the assembly in the tracking code and used it out.
Ucks is a random number array, which is not listed here.
Unsigned int tlbbunpacker: getdisp (char * s, int V)
{
_ ASM
{
Push ESI
MoV ESI, S
MoV Cl, byte ptr ds: [esi]
Test Cl, Cl
MoV eax, 0x7fed7fed
MoV edX, 0 xeeeeeeee
Je end
Push EBX
Push EBP
Push EDI
MoV EDI, V
Shl edi, 0x8
ITER:
Add eax, EDX
Imul edX, EDX, 0x21
Movsx ECx, Cl
Lea EBX, dword ptr ds: [EDI + ECx]
MoV EBP, dword ptr ds: [EBX * 4 + sucks]
INC ESI
Add edX, ECx
MoV Cl, byte ptr ds: [esi]
XOR eax, EBP
Test Cl, Cl
Lea edX, dword ptr ds: [edX + eax + 3]
Jnz ITER
Pop EDI
Pop EBP
Pop EBX
End:
Pop ESI
}
}
This is the function generatefile for extracting a single file. QT is used as the GUI. Let's look at the pseudo code.
Bool tlbbunpacker: generatefile (qstring name)
{
Name = Name. tolower ();
Unsigned int A = getdisp (name. tolocal8bit (). Data (), 3), a2 = getdisp (name. tolocal8b
It (). Data (), 2), a1 = getdisp (name. tolocal8bit (). Data (), 1), B, DISP, length;
A & = 0x7fff;
While (! (B = (int *) buffer2) [A * 3 + 2]) & 0x80000000) | A1! = (Int *) buffer2) [A * 3] | A2!
= (Int *) buffer2) [A * 3 + 1])
{
A ++;
A & = 0x7fff;
}
B & = 0x3fffffff;
Disp = (int *) buffer3) [B * 3];
Length = (int *) buffer3) [B * 3 + 1];

Qfile pdata (this-> package_name );
If (pdata. Open (qfile: readonly) & pdata. Seek (disp )){

Qstring wdir = qdir: currentpath () + qdir: separator () + qfileinfo (pdata). filename
() + Qdir: separator ();
Qdir dir;
Qdatastream pfin (& pdata );
Qfile file (wdir + name );
Qfileinfo Info (File );
Dir. mkpath (info. absolutepath ());
If (file. Open (qfile: writeonly ))
{
Char * pbuffer = new char [length];
Qdatastream fout (& file );
Pfin. readrawdata (pbuffer, length );
Fout. writerawdata (pbuffer, length );
Delete [] pbuffer;
Return true;
}
}
Return false;
}
After obtaining the location of the file to be decompressed in the file index, you can find the specific offset and file of the file in the AXP file.
Size, and then directly fseek and then get it out.
Finally, the AXP package contains a file list file called list.
Compress the file and decompress it one by one based on the file list.

The above is the general file format, which is relatively simple. You can also consider using similar methods in your own project.
File compression.

PS: This article is for study only. I am not responsible for it ....

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.