ZenHAX
https://www.zenhax.com/

DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption
https://www.zenhax.com/viewtopic.php?f=9&t=11093
Page 1 of 2

Author:  moiennepe [ Mon Mar 25, 2019 3:15 pm ]
Post subject:  DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

Hi all, I've found the decryption func in dffnt.exe here:
https://pastebin.com/KvkjYUrr

The Key is ahcTaNwLcATRE... and three bytes E2,5E,C8.

I am a noob to Cryptography and cannot recognize this, hope some of you can help.

BTW KT's doaxvv use the same algorithm.

Author:  chrrox [ Mon Mar 25, 2019 4:36 pm ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

is the key the same in vv?

Author:  moiennepe [ Mon Mar 25, 2019 4:49 pm ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

chrrox wrote:
is the key the same in vv?

different keys

Author:  chrrox [ Mon Mar 25, 2019 4:51 pm ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

Can you post the vv key I think I know how it works inthat game

Author:  chrrox [ Mon Mar 25, 2019 10:43 pm ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

Here is that function in psuedo code from ida.
https://pastebin.com/raw/mQuwMy4x

Author:  moiennepe [ Tue Mar 26, 2019 3:21 am ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

chrrox wrote:
Can you post the vv key I think I know how it works inthat game

I haven't update vv, and it's not runable on my pc now...

you can try find the key yourself, take the (outdated) doax_vv.exe below as example:
https://mega.nz/#!LjpABYpR!Y7FaF06WYfuS ... UyLvbIdSHA

1400FEEA0 (file offset FE2A0) is the decrypt function, find that in the current vv executable,
then you can get the key string in ram.

Author:  chrrox [ Tue Mar 26, 2019 10:07 pm ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

Thanks I thought that was the function I found it in the latest exe.
I am going to try to follow what is happening.

Author:  chrrox [ Thu Mar 28, 2019 9:33 am ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

in your dissidia code I know how it works we just need to find how to generate the 4 byte key for the file.
in the example

Code:
v57 = *(_BYTE *)(v13 % v50 + v51) ^ *((_BYTE *)v9 + v13 % v52 + 40);
v57 = v9[(v13 % v52) + 40] ^  v51[v13 % v50]


we need to figure out how to generate v9 if you can figure that out or tell me the function name and ill look at it.

in the older game v9 was generated with
Code:
def generate_key(num):
        A = num+0x3e7
        B = A*8 # FIXME: missing sth here to catch the possible overflow
        B -= A
        C = int(B / 0xB) + int(num % 0x11) + 0x1AC
        key=[]
        sh = 24
        while sh>=0:
                val = (C >> sh)&0xff
                if val > 0: key.append(val)
                sh-=8
        return bytes( key )


anyway how the encryption works is.
take the secret xor seed you posted
and the 4 byte secret per file key and xor them.
then take that result and xor the entire encrypted file with it starting at offset 0x4 (after the file size)
and you skip xoring the byte if it is 0 or the same byte as the xor.
thats it.

Author:  moiennepe [ Thu Mar 28, 2019 5:11 pm ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

chrrox wrote:
in your dissidia code I know how it works we just need to find how to generate the 4 byte key for the file.
in the example

Code:
v57 = *(_BYTE *)(v13 % v50 + v51) ^ *((_BYTE *)v9 + v13 % v52 + 40);
v57 = v9[(v13 % v52) + 40] ^  v51[v13 % v50]


we need to figure out how to generate v9 if you can figure that out or tell me the function name and ill look at it.

in the older game v9 was generated with
Code:
def generate_key(num):
        A = num+0x3e7
        B = A*8 # FIXME: missing sth here to catch the possible overflow
        B -= A
        C = int(B / 0xB) + int(num % 0x11) + 0x1AC
        key=[]
        sh = 24
        while sh>=0:
                val = (C >> sh)&0xff
                if val > 0: key.append(val)
                sh-=8
        return bytes( key )


anyway how the encryption works is.
take the secret xor seed you posted
and the 4 byte secret per file key and xor them.
then take that result and xor the entire encrypted file with it starting at offset 0x4 (after the file size)
and you skip xoring the byte if it is 0 or the same byte as the xor.
thats it.


Thanks, by your hint I have successfully decrypted the TOC file :)

Other files do not have first 4 bytes as unzipped size, they are recorded in the TOC.

Also the zip structure:
int32[zlib_blob size+0x8000]
zlib_blob
align 0x10
int32[zlib_blob size+0x8000]
....

some zip may have uncompressed ending data, see log.

Attachments:
File comment: algo updated
cryptfixed.rar [9.64 KiB]
Downloaded 291 times
ktcry_test.rar [534.52 KiB]
Downloaded 256 times

Author:  chrrox [ Fri Mar 29, 2019 12:34 pm ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

Very nice going to try this on vv tonight

Author:  Panzerdroid [ Mon Apr 01, 2019 1:58 am ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

Tools generate errors about missing files on Q: drive. I think you have hard-coded those links by mistake.

Author:  moiennepe [ Mon Apr 01, 2019 2:27 am ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

Panzerdroid wrote:
Tools generate errors about missing files on Q: drive. I think you have hard-coded those links by mistake.

The messy C# source here: pastebin.com/ySWUFhai (not more readable than dnspy .etc output i think)

The purpose of deRest.exe is to decompress all the asset ( which already moved to their real path ) and make them work with a patched TOC and dffnt.exe
I don't think anyone else needs that so...
I put that in package is for if someone wants a ktcry.dll usage example...

Author:  cyberspeed [ Tue Apr 02, 2019 12:57 am ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

moiennepe wrote:
The purpose of deRest.exe is to decompress all the asset ( which already moved to their real path ) and make them work with a patched TOC and dffnt.exe

Unfortunately I cant make it work, any chance for an example on how to use this stuff?

Author:  DeathChaos [ Wed Apr 17, 2019 5:18 am ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

It would be really nice if it could be properly explained how to use this to decrypt PC game files, I'd love to extract assets such as audio (character voices) and poke at the various message archive files.

Author:  EclipsedVisions [ Mon May 13, 2019 9:35 am ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

anything?

Author:  Doctor Loboto [ Fri May 17, 2019 11:42 pm ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

So any word on a method to extract Dissidia NT's files? It'd be really helpful for my projects.

Author:  xperiagenerator [ Sun Jun 16, 2019 7:28 am ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

Please make a step by step guide for DOAXVV

Author:  ChaoticFusion40 [ Sat Jun 22, 2019 1:07 pm ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

the key for the latest doaxvv version is "4686048e796cd48ad484ec7f6d22a8ea"

Author:  ChaoticFusion40 [ Sat Jun 22, 2019 6:47 pm ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

ChaoticFusion40 wrote:
the key for the latest doaxvv version is "4686048e796cd48ad484ec7f6d22a8ea"

the files uses aes instead of xor and are compressed in zlib inside the encryption.

Author:  ChaoticFusion40 [ Mon Jun 24, 2019 9:30 pm ]
Post subject:  Re: DISSIDIA FINAL FANTASY NT Free Edition/DOAXVV decryption

open the game in memory and look for the type of encryption

Page 1 of 2 All times are UTC
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/