kiwidog
Site Admin
Posts: 21
Joined: Thu Jan 22, 2015 10:11 am
Location: On VACcation
Contact: Website

Mass Effect Andromeda

Tue Mar 28, 2017 8:57 am

Edit: They just added some weaksauce obfuscation on some of the files. I will be posting my research on the game here until I can work in proper support for Rime. If any more research is posted, I will be sure to update this main post.

Engine:
Import Addresses:

Code: Select all

1.0.0.0 - VAT: 0x0000000147BE4000 Size: 0x1770
File Verification Checks (kiwidog):

Code: Select all

.xcode:0000000144D73AB0 fb::FileObfuscationHeader::validateSignature .xcode:0000000144D73B12 call cs:j_BCryptOpenAlgorithmProvider_0 .xcode:0000000144D73B54 call cs:j_BCryptImportKeyPair .xcode:0000000144D73C08 call cs:j_BCryptVerifySignature .xcode:0000000144D73C18 call cs:j_BCryptDestroyKey .xcode:0000000144D73C25 call cs:j_BCryptCloseAlgorithmProvider
Unobfuscating the files:

Thanks to WV + weiyun

Code: Select all

private void Decrypt(byte[] p_Buffer, byte p_Key) { var s_Key = p_Key; for (var i = 0; i < p_Buffer.Length; ++i) { var l_Key = p_Key; l_Key ^= p_Buffer[i]; l_Key -= (byte)i; p_Buffer[i] ^= s_Key; s_Key = l_Key; } } private void Decrypt_MEA2() { var s_Dialog = new OpenFileDialog { Filter = "Encrypted File (*.*)|*.*", FileName = ".toc", Title = "Open Encrypted File" }; if (s_Dialog.ShowDialog() != DialogResult.OK) return; using (var s_Reader = new RimeReader(new MemoryStream(File.ReadAllBytes(s_Dialog.FileName)))) { if (s_Reader.BaseStream.Length < 36) { MessageBox.Show("File is not encrypted."); return; } // Seek to 36 bytes to the end of the file s_Reader.Seek(s_Reader.BaseStream.Length - 36, SeekOrigin.Begin); // Read out the encrypted footer length var s_FooterLength = s_Reader.ReadUInt32(); // Read out the static magic var s_FooterMagic = new string(s_Reader.ReadChars(32)); // Check that this file is actually encrypted if (s_FooterMagic != "@e!adnXd$^!rfOsrDyIrI!xVgHeA!6Vc") { MessageBox.Show("File is not encrypted."); return; } // Seek back to the beginning of the file s_Reader.Seek(0, SeekOrigin.Begin); var s_Data = s_Reader.ReadBytes((int)s_Reader.BaseStream.Length - (int)s_FooterLength); Decrypt(s_Data, s_Data[0]); var s_SaveDialog = new SaveFileDialog { Title = "Save decrypted data", FileName = s_Dialog.FileName + ".decrypted", Filter = "Save decrypted file (*.*)|*.*" }; if (s_SaveDialog.ShowDialog() == DialogResult.OK) { File.WriteAllBytes(s_SaveDialog.FileName, s_Data); MessageBox.Show("File decrypted."); } } }
modders.link | kiwidog.me
kiwidog > NoFaTe.

Return to “Development”