[RELEASE] MRS File Specs

[Lambda]

I'm are releasing that because i think is usefull to understand the MRS File format, im now trying to crypt MRS files.

MRS File Specification by CBWhiz.
File version 1.0 - 11/12/05

This file spec / implementation design was helped greatly by the ZIP file format spec, located at PKWARE, Inc. - Developer’s Tools. It is assumed you read it.


When Gunz starts, it enumerates, starting at its local folder, all files.
Each file (unless it starts with mrs or zip, or is a folder) is treated exactly the same, wrapped in an MZFile class, and stored inside the MZFilesystem.
If it is a folder, it calls itself again to enumerate /that/ folder.
If it is a MRS / ZIP, it treats these as file system extentions. This means MZip::Initalize is called, and that adds each file inside to the MZFilesystem itself.
To access a file, Gunz talks to the MZFileSystem and asks for a file.
This subroutine checks the file list, sees if it is a MZFile or if it is stored in an MZip. If it is in a MZip, it calls MZip::Readfile and returns it, otherwise it just returns the file normally.

This has the following benifits:
-Gunz code doesnt care where the file comes from
-MAIET can easily debug by simply removeing (say) system.mrs and creating a folder called system.




How Gunz Reads MRS files:

MZip::Initalize(mrsfile, 4); //Called to set it up
MZip::ReadFile(filename, length);


--------------------------------------------------------------------------------------------

MZip::ReadFile(char* filename, int length) {
/*
lookup file in central directory
(not shown)
*/
SEEK to local file header for file
READ local file header beginning (1E bytes, doesnt include filename, etc)
DECRYPT lfh:
LEA ECX,DWORD PTR SS:[(lfh)]
MOV EDI,1E
L002:
MOV AL,BYTE PTR DS:[ECX]
MOV DL,AL
SHR DL,3
SHL AL,5
OR DL,AL
NOT DL
MOV BYTE PTR DS:[ECX],DL
INC ECX
DEC EDI
JNZ L002 //(same scheme as always)
CHECK lfh magic number:
CMP EAX, 4034B50 //ZIP lfh magic number - seems like all v2 MRS files have this also
CMP EAX,85840000 //Theoreticly MRS version 1 magic number, but I have no edvidance. I think MAIET just got lazy.
ADD filename length and extra feild length
CHECK if the file is uncompressed.
If so, READ it and return it.
CHECK compression method. If it is not deflate, it returns. (MZip can only handle delfate)
READ file

Credits to CBWhiz

[MentaL]

[kochon]

thanks, was a pleasant reading

[RepublicOfAstra]

You skipped a shitload of the post.

[quote]MRS File Specification by CBWhiz.
File version 1.0 - 11/12/05

This file spec / implementation design was helped greatly by the ZIP file format spec, located at PKWARE, Inc. - Developer’s Tools. It is assumed you read it.


When Gunz starts, it enumerates, starting at its local folder, all files.
Each file (unless it starts with mrs or zip, or is a folder) is treated exactly the same, wrapped in an MZFile class, and stored inside the MZFilesystem.
If it is a folder, it calls itself again to enumerate /that/ folder.
If it is a MRS / ZIP, it treats these as file system extentions. This means MZip::Initalize is called, and that adds each file inside to the MZFilesystem itself.
To access a file, Gunz talks to the MZFileSystem and asks for a file.
This subroutine checks the file list, sees if it is a MZFile or if it is stored in an MZip. If it is in a MZip, it calls MZip::Readfile and returns it, otherwise it just returns the file normally.

This has the following benifits:
-Gunz code doesnt care where the file comes from
-MAIET can easily debug by simply removeing (say) system.mrs and creating a folder called system.




How Gunz Reads MRS files:

MZip::Initalize(mrsfile, 4); //Called to set it up
MZip::ReadFile(filename, length);


--------------------------------------------------------------------------------------------

MZip::ReadFile(char* filename, int length) {
/*
lookup file in central directory
(not shown)
*/
SEEK to local file header for file
READ local file header beginning (1E bytes, doesnt include filename, etc)
DECRYPT lfh:
LEA ECX,DWORD PTR SS:[(lfh)]
MOV EDI,1E
L002:
MOV AL,BYTE PTR DS:[ECX]
MOV DL,AL
SHR DL,3
SHL AL,5
OR DL,AL
NOT DL
MOV BYTE PTR DS:[ECX],DL
INC ECX
DEC EDI
JNZ L002 //(same scheme as always)
CHECK lfh magic number:
CMP EAX, 4034B50 //ZIP lfh magic number - seems like all v2 MRS files have this also
CMP EAX,85840000 //Theoreticly MRS version 1 magic number, but I have no edvidance. I think MAIET just got lazy.
ADD filename length and extra feild length
CHECK if the file is uncompressed.
If so, READ it and return it.
CHECK compression method. If it is not deflate, it returns. (MZip can only handle delfate)
READ file
}




MZip::Initialize(FILE* mrsfile, LOADTYPE loadwhichtypes) {
note: loadwhichtypes seems to be a global variable, not a function param

READ offset 0x0 as a 4 byte DWORD
Compare the first four bytes:
50 4B 03 04 ( ASCII: PK.. ) = ZIP file
00 00 84 85 ( ASCII: ..

[xHalloweenX]

wow lol that was intresting

[Hymn]

So if I were to put in a custom .mrs file, as long as it has the correct listing (like for instance, update2.mrs updates a few model files) filewise, it opens and treats those files as normal, regardless?

This is interesting...

[ThievingSix]

Should I just post my mrs class as a useable dll?

[alextepes]

Its the same as a GRF file pretty much lol, in a sense where it sees directories in gayassfilewethoughtwecouldtrickyouwith.lol

[ThievingSix]

No, it's a ZIP file with encryption on the file headers. Without the file header encryption you can rename it to .zip and extract.

[WGFreak]

So, i can reverse MZip routine in the client and make my own encryption?

[ThievingSix]

So, i can reverse MZip routine in the client and make my own encryption?

You can sure try =)

[WGFreak]

@thiev: May you tell me how your custom encryption works?

[ThievingSix]

It's not nessecarily reversing the MZip routine, it can be as simple as editing it. Basically easy byte goes into the encryption algorithm and gets changed by xors, nots, ors, shls, shrs, sub, add, IMUL, IDIV, etc. It's understanding all that and the knowledge to apply it is the key.

[bounty-hunter]

....... i get this feeling ThievingSix is gona code something .......

[ThievingSix]

....... i get this feeling ThievingSix is gona code something .......

I will as soon as a finish with my kernel driver and TCP encapsulation for LG's new antihack. I've been real busy lately and haven't found enough time in the day todo everything I need. I've started work on a .dll that works with the MRS file class and can be used by anyone. I just haven't had the time.

...and that being said, its 12:30 am..again...shit...

[Lambda]

im now trying to change the encryption of the header