ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Tue Jan 25, 2022 1:15 am

All times are UTC




Post new topic  Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Thu Dec 13, 2018 12:37 am 
User avatar

Joined: Fri Apr 20, 2018 12:41 am
Posts: 839
These files aren't encrypted, they are obfuscated with the XOX2 header. The files should deobfuscate to plain XML files, I got this info from debugging ABGO with GDB (Likely similar for ABT). Any advice for deobfuscating and reobfuscating these files? If so thanks so much. (XML samples are from ABGO). I'm guessing the format is XGS Obfuscated XML version 2 (I've seen version 1 before, it's pretty similar except the top and bottom binary metadata bytes, starting with <e and ending with \>), these files are mostly in the PAKs and little in the APKs. Could edit them fine as long as no bytes are added or removed. The loading mechanism is using a checksum check for ABGO, editing a file and editing to revert changes makes the game read it fine.

This is what I got so far out of them:

Code:
4bytes - magic (XOX2, black)
1byte (grey) - total amount of strings, values and floats present combined in hex form (for sure), file metadata necessary to allow reading, including the empty byte at the end.
7bytes (dark red) - zero, first byte may not be 0 if the file has more than 227 (max negative byte value) plaintext data lines, to relate to the above value but inverted (like 16 01 to 01 16).
1byte (red) - Byte count for first text data offset (Main XML category header), including the the empty byte at end, OK if is zero or something random.
3bytes (not present in diagram) - Zero, can be sequenced many times with 1-3 bytes in large files
1-3bytes (not present in diagram) - zero, uses two-three bytes inverted if binary metadata uses two-three bytes to display,
1-2bytes (red) - binary metadata size for ending metadata including the beginning byte, file metadata necessary to allow reading, INVERTED value if using two bytes, not possibly to modify if so (?), small files skip this
2-3bytes (red) - zero, two to three inverted bytes if binary metadata for the ending metadata is large, small files skip this
1-3bytes (red) - binary metadata size, dependent on how many strings and values totals are present, always bigger if filesize is greater than previous, includes the ending byte and excluding the last binary metadata section, mismatches will crash the game among trying to read, INVERTED value if using two or three bytes
?-2334720bytes (yellow) - strings and values in plaintext followed by empty bytes for dividing each other
?-1784884bytes (blue) - binary metadata (?) dependent on string and values present, starting with <x> (main file indicator), file data starting with <e (Main XML group name) and ending with </x> (main file indicator ender).
1byte (blue/dark blue) - empty byte to end the file


Code:
48B (small) files:

4bytes - magic (XOX2, black)
1byte (grey) - total amount of strings, values and floats present combined in hex form (for sure), file metadata necessary to allow reading
7bytes (dark red) - zero
1byte (red) - Byte count for first text data offset (Main XML category header), including the the empty byte at end, OK if is zero or something random.
3bytes - zero
12-?bytes (yellow) - strings and values in plaintext followed by empty bytes for dividing each other
?-?bytes (blue) - binary metadata (?) dependent on string and values present, starting with <x> (main file indicator), file data starting with <e (Main XML group name) and ending with </x> (main file indicator ender).
1byte (blue/dark blue) - empty byte to end the file


Code:
73B (bigger) files:

4bytes - magic (XOX2, black)
1byte (grey) - total amount of strings, values and floats present combined in hex form (for sure), file metadata necessary to allow reading
7bytes (dark red) - zero
1byte (red) - Byte count for first text data offset (Main XML category header), including the the empty byte at end, OK if is zero or something random.
3bytes - zero
1byte - Plaintext data count for two sets, including two empty bytes
3bytes - zero
1byte - Total value count for plaintext strings and values, including ending byte
14-?bytes (yellow) - strings and values in plaintext followed by empty bytes for dividing each other
?-?bytes (blue) - binary metadata (?) dependent on string and values present, starting with <x> (main file indicator), file data starting with <e (Main XML group name) and ending with </x> (main file indicator ender).
1byte (blue/dark blue) - empty byte to end the file


http://www.filedropper.com/f12016androidxmls (Some of these have XGS_XML version 1/2 in their strings and values areas).


Attachments:
XOX2XMLDiagram.png [5.91 KiB]
Not downloaded yet
ABGOXMLs(OBB).zip [1.02 MiB]
Downloaded 204 times
ABGOXMLs(APK).zip [1.5 MiB]
Downloaded 209 times

_________________
Hacking Angry Birds since 2016


Last edited by LolHacksRule on Thu Dec 26, 2019 9:36 pm, edited 20 times in total.
Top
   
PostPosted: Thu Dec 26, 2019 9:37 pm 
User avatar

Joined: Fri Apr 20, 2018 12:41 am
Posts: 839
Anyone planning to write a converter to convert these to plaintext then back to XOX2 XML (unnecessary, but memory saving) or fix my hex info?

_________________
Hacking Angry Birds since 2016


Top
   
PostPosted: Fri Dec 27, 2019 10:19 pm 
User avatar

Joined: Fri Apr 20, 2018 12:41 am
Posts: 839
https://zenhax.com/viewtopic.php?f=20&t=9057 can de/reserialize them, you need a little bit of a modification to the script to work with XOX1 XMLs (afaik, there's no XOX0).

_________________
Hacking Angry Birds since 2016


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 3 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited