Reverse engineering a world map file

Page 2 of 2 FirstFirst 12
Results 16 to 27 of 27
  1. #16
    Member AcarX is offline
    MemberRank
    Aug 2015 Join Date
    79Posts

    Re: Reverse engineering a world map file

    Reverse engineering a world map file
    The word 'DXT1' is pretty common in .ma2 files which as far as I know is a compressed texture format so they could be non-encrypted/uncompressed by a common method. From what I could figure, each file has 256 files(bodies) in them. I could try and write an extractor if it would help.

    Edit:
    Not much but it extracts all files just fine
    Last edited by AcarX; 20-05-16 at 04:32 PM.

  2. #17
    only asm, only hardcore! lastfun is offline
    DeveloperRank
    Apr 2012 Join Date
    RussiaLocation
    422Posts

    Re: Reverse engineering a world map file

    I'm not interested in this game, but!
    I like it when someone does something
    Thank you, @AcarX

  3. #18
    Member AcarX is offline
    MemberRank
    Aug 2015 Join Date
    79Posts

    Re: Reverse engineering a world map file

    @lastfun
    Thank YOU for taking the time to help out even though you're not interested in the game.

  4. #19
    only asm, only hardcore! lastfun is offline
    DeveloperRank
    Apr 2012 Join Date
    RussiaLocation
    422Posts

    Re: Reverse engineering a world map file

    hi bro, @AcarX ;)
    i was really stupid in C and C ++ (i don't show my code, i am ashamed)) ... i used C++ just to insert assembler unit)
    i know you write in C
    insert this assembly code in your project
    the output will be unpacked file
    Code:
    ...
    std::ifstream is ("d.b", std::ifstream::binary);
      if (is) {
        is.seekg (0, is.end);
        int length = is.tellg();
        is.seekg (0, is.beg);
    
        char * pack = new char [length];
        char * unpack = new char [0x410]; //<-- unpack size
        std::cout << "Reading " << length*2 << " bytes... ";
        is.read (pack,length);
    ...
    Code:
    __asm{
    
    		mov esi,pack             //pointer for pack body
    		mov edi,unpack       //pointer for unpack body
    		cld
    		mov dl,0x80                                   
    loop99:	mov al,byte ptr ds:[esi] 
    		inc esi
    		mov byte ptr ds:[edi],al 
    		inc edi
    loop111:add dl,dl
    		jne loop1                                    
    		mov dl,byte ptr ds:[esi]                           
    		inc esi                                     
    		adc dl,dl                               
    loop1:  jae loop99                        
    		add dl,dl           
    		jne loop2                                    
    		mov dl,byte ptr ds:[esi]                
    		inc esi               
    		adc dl,dl              
    loop2:  jae loop3                     
    		xor eax,eax         
    		add dl,dl          
    		jne loop4     
    		mov dl,byte ptr ds:[esi]                            
    		inc esi                                             
    		adc dl,dl                                           
    loop4:  jae loop5                                   
    		add dl,dl                                           
    		jne loop6                                    
    		mov dl,byte ptr ds:[esi]                            
    		inc esi                                             
    		adc dl,dl                                           
    loop6:  adc eax,eax                                         
    		add dl,dl                                           
    		jne loop7                                   
    		mov dl,byte ptr ds:[esi]                            
    		inc esi                                             
    		adc dl,dl                                           
    loop7: 	adc eax,eax                                         
    		add dl,dl                                           
    		jne loop8                                   
    		mov dl,byte ptr ds:[esi]                            
    		inc esi                                             
    		adc dl,dl                                           
    loop8:  adc eax,eax                                         
    		add dl,dl                                           
    		jne loop10
    		mov dl,byte ptr ds:[esi]                            
    		inc esi                                             
    		adc dl,dl                                           
    loop10: adc eax,eax                                         
    		je loop11                                     
    		push edi                                            
    		sub edi,eax                                         
    		mov al,byte ptr ds:[edi]                            
    		pop edi                                             
    loop11: mov byte ptr ds:[edi],al                            
    		inc edi                                             
    		jmp loop111                                    
    loop3:	mov eax,1                                           
    loop23: add dl,dl                                           
    		jne loop25                                   
    		mov dl,byte ptr ds:[esi]                            
    		inc esi                                             
    		adc dl,dl                                           
    loop25: adc eax,eax                                         
    		add dl,dl                                           
    		jne loop24
    		mov dl,byte ptr ds:[esi]                            
    		inc esi                                             
    		adc dl,dl                                           
    loop24: jb loop23
    		sub eax,2                                           
    		jne loop22                                    
    		mov ecx,1                                           
    loop19: add dl,dl                                           
    		jne loop21                                    
    		mov dl,byte ptr ds:[esi]                            
    		inc esi                                             
    		adc dl,dl                                           
    loop21: adc ecx,ecx                                         
    		add dl,dl                                           
    		jne loop20                                    
    		mov dl,byte ptr ds:[esi]                            
    		inc esi                                             
    		adc dl,dl                                           
    loop20: jb loop19                                     
    		push esi                                            
    		mov esi,edi                                         
    		sub esi,ebp   
    		rep movsb     
    		pop esi                                             
    		jmp loop111                                    
    loop22: dec eax                                             
    		shl eax,8                                           
    		mov al,byte ptr ds:[esi]                            
    		inc esi                                             
    		mov ebp,eax                                         
    		mov ecx,1                                           
    loop15: add dl,dl                                           
    		jne loop16                                    
    		mov dl,byte ptr ds:[esi]                            
    		inc esi                                             
    		adc dl,dl                                           
    loop16: adc ecx,ecx                                         
    		add dl,dl                                           
    		jne loop17                                    
    		mov dl,byte ptr ds:[esi]                            
    		inc esi                                             
    		adc dl,dl                                           
    loop17: jb loop15                                     
    		cmp eax,0x7D00                                        
    		jae loop18                                    
    		cmp eax,0x500                                         
    		jb loop12
    		inc ecx                                             
    		push esi                                            
    		mov esi,edi                                         
    		sub esi,eax   
    		rep movsb   
    		pop esi                                             
    		jmp loop111                                    
    loop12: cmp eax,0x7F                                          
    		ja loop13                                     
    loop18: add ecx,2                                           
    loop13: push esi                                            
    		mov esi,edi                                         
    		sub esi,eax  
    		rep movsb    
    		pop esi                                             
    		jmp loop111                                    
    loop5:  mov al,byte ptr ds:[esi]                            
    		inc esi                                             
    		xor ecx,ecx                                         
    		shr al,1                                            
    		je loop14                                    
    		adc ecx,2                                           
    		mov ebp,eax                                         
    		push esi                                            
    		mov esi,edi                                         
    		sub esi,eax   
    		rep movsb  
    loop1001: pop esi                                             
    		  jmp loop111                                   
    loop14: sub edi,dword ptr ss:[esp+28]                       
    		mov dword ptr ss:[esp+0x1C],edi                       
                                                  
    	};
    You right)
    /body pack file/

    p.s. asm insert real work (i check output in XDBG)
    p.s.2. i just ripped the unpacking of exe, i no tried to make out the algorithm)
    p/s/3 screen pack -> unpack in my tools and client (debug) i show tomorrow (working code on work computer)
    Last edited by lastfun; 26-05-16 at 09:14 PM.

  5. #20
    Member AcarX is offline
    MemberRank
    Aug 2015 Join Date
    79Posts

    Re: Reverse engineering a world map file

    @lastfun
    Great work thanks. I stumbled upon same routine but couldn't make much sense of it. So if I pass the files to that assembly block I'll get the unpacked file data?

  6. #21
    only asm, only hardcore! lastfun is offline
    DeveloperRank
    Apr 2012 Join Date
    RussiaLocation
    422Posts

    Re: Reverse engineering a world map file

    yes, after asm 'pack' (see in screen 'body size pack') in 'unpack' -> decompressed file
    ---upd---
    as i promised, a few screenshots ...
    from client (pack/unpack):


    from my program (pack/unpack):

    Last edited by lastfun; 27-05-16 at 06:43 AM.

  7. #22
    Member AcarX is offline
    MemberRank
    Aug 2015 Join Date
    79Posts

    Re: Reverse engineering a world map file

    Don't know how to thank.. Amazing work man really appreciate everything you've done

    I do have one little problem though. When I try to unpack a file it's giving me access violation exception at:

    Code:
    jb loop12
    inc ecx
    push esi
    mov esi, edi
    sub esi, eax
    rep movsb // here
    Last edited by AcarX; 27-05-16 at 09:55 AM.

  8. #23
    only asm, only hardcore! lastfun is offline
    DeveloperRank
    Apr 2012 Join Date
    RussiaLocation
    422Posts

    Re: Reverse engineering a world map file

    link u version "C" (we will deal )) )
    p.s. Š”++ also had problems due REP

  9. #24
    Member AcarX is offline
    MemberRank
    Aug 2015 Join Date
    79Posts

    Re: Reverse engineering a world map file


  10. #25
    only asm, only hardcore! lastfun is offline
    DeveloperRank
    Apr 2012 Join Date
    RussiaLocation
    422Posts

    Re: Reverse engineering a world map file

    @AcarX
    wait, friend)
    i'll write you a dll
    (x64 with (my laptop) problems - solved, i think ... not at once)
    offtop: @DNC
    I'm glad to see you) you long time not been)

  11. #26
    only asm, only hardcore! lastfun is offline
    DeveloperRank
    Apr 2012 Join Date
    RussiaLocation
    422Posts

    Re: Reverse engineering a world map file

    win )))
    i'm an idiot)))
    this is aPlib compression @AcarX use this - http://www.ibsensoftware.com/files/aPLib-1.1.1.zip
    method - aP_depack_asm_fast (src, dst)
    Last edited by lastfun; 30-05-16 at 02:14 PM.

  12. #27
    Member AcarX is offline
    MemberRank
    Aug 2015 Join Date
    79Posts

    Re: Reverse engineering a world map file

    @lastfun
    Thanks that one is working pretty well for both .ma2, ma1 files. I also wrote a packer to put extracted files back into .ma1,ma2 format. Here it is if anyone is interested:
    Link









Page 2 of 2 FirstFirst 12

Advertisement