FGO Waltz
- 
				chrrox
- Posts: 388
- Joined: Thu Aug 07, 2014 10:28 pm
Re: FGO Waltz
Here is The main exe and metadata.
https://transferxl.com/00j3fNs9tCwsHg
I believe the decryption function is
in here it calls
then i calls
I believe this generates the static xor key
sample encrypted file
			
			
									
						
										
						https://transferxl.com/00j3fNs9tCwsHg
I believe the decryption function is
Code: Select all
void Athena.Asset.Loader.AthenaAssetBundleCachingResource$$LoadFromFileStream
in here it calls
uVar3 = Dress.Core.DressEnv$$GetEncryptKey(0);
plVar4 = (longlong *)System.Text.Encoding$$get_UTF8(0);
uVar5 = Dress.Core.DressEnv$$GetEncryptSalt(0);
then i calls
Code: Select all
void Athena.Utility.SeekableAesStream$$.ctorI believe this generates the static xor key
Code: Select all
  System.IO.Stream$$.ctor(param_1,0);
  *(undefined8 *)(param_1 + 0x28) = param_2;
  plVar3 = (longlong *)
           thunk_FUN_100cbcb9c(System.Security.Cryptography.PasswordDeriveBytes_TypeInfo);
  System.Security.Cryptography.PasswordDeriveBytes$$.ctor(plVar3,param_3,param_4,0);
  plVar6 = (longlong *)thunk_FUN_100cbcb9c(System.Security.Cryptography.AesManaged_TypeInfo);
  System.Security.Cryptography.AesManaged$$.ctor(plVar6,0);sample encrypted file
- 
				Ekey
- Posts: 1383
- Joined: Sat Aug 09, 2014 2:34 pm
Re: FGO Waltz
Upload to another filesharing, on this site I get an error.
As i see by your snipped of code, here is a very similar encryption scheme as in "Prison Princess"
			
			
									
						
										
						Code: Select all
<Error>
<Code>NoSuchKey</Code>
<Message>The specified key does not exist.</Message>
<Key>a556f6b73cd43dec27d345e6a677c06b-0.zip</Key>
<BucketName>m-use1-09</BucketName>
<Resource>/m-use1-09/a556f6b73cd43dec27d345e6a677c06b-0.zip</Resource>
<Region>us-east-1</Region>
<RequestId>162CC748D03081C3</RequestId>
<HostId>c355d7fb-3390-4b20-b108-c9331f9103a5</HostId>
</Error>As i see by your snipped of code, here is a very similar encryption scheme as in "Prison Princess"
- 
				Ekey
- Posts: 1383
- Joined: Sat Aug 09, 2014 2:34 pm
Re: FGO Waltz
chrrox wrote:https://file.io/YpEuA0jdwfo9
Where do you find such filesharing service's?


Upload to Mediafire, GoogleDrive, Mega or Zippyshare

Edited: Full game name is "Fate/Grand Order Waltz in the MOONLIGHT/LOSTROOM" ?
- 
				chrrox
- Posts: 388
- Joined: Thu Aug 07, 2014 10:28 pm
Re: FGO Waltz
Yes that is the game.
https://www17.zippyshare.com/v/0LSWU4aD/file.html
it will run in nox emulator if you change model information to huawei in all 3 fields and use android 7.
			
			
									
						
										
						https://www17.zippyshare.com/v/0LSWU4aD/file.html
it will run in nox emulator if you change model information to huawei in all 3 fields and use android 7.
- 
				Ekey
- Posts: 1383
- Joined: Sat Aug 09, 2014 2:34 pm
Re: FGO Waltz
Do you have a cache of files like obb or something like this?
			
			
									
						
										
						- 
				chrrox
- Posts: 388
- Joined: Thu Aug 07, 2014 10:28 pm
Re: FGO Waltz
Yes this is complete game directory
https://www64.zippyshare.com/v/LoKDgSXY/file.html
android cs generation.
			
			
									
						
										
						https://www64.zippyshare.com/v/LoKDgSXY/file.html
android cs generation.
- 
				chrrox
- Posts: 388
- Joined: Thu Aug 07, 2014 10:28 pm
Re: FGO Waltz
The b64 encoded keys are here
void __cdecl Dress_Core_DressEnv___cctor(const MethodInfo *method)
referenced
Dress_Core_DressEnv_TypeInfo->static_fields->encryptKeys;
m_Items are encryptKeys
			
			
									
						
										
						void __cdecl Dress_Core_DressEnv___cctor(const MethodInfo *method)
Code: Select all
m_Items[0] = PqW6CKKXvwBZA1KJfzDRafWGzWcNFQIYLblOUintwbaXPtLHdarvX4XzWvXAyLIccfqfpxHv946OpukGTNNku7q4Z7WzKlhJ2GCfSsVC2a90rgP9qsc2sMYdlDguDL0W
m_Items[1] = OjNsqG9RpXxY3kwjl9f4XkyplPffbSMZolFgCxX1xchxTbIVJxV6zFpt0QALdT6LMSjOljgOLjEQSJtKs01Y1edWaCPi3H9UchktItWcBXusjhsuyH9GHjmx3HhAL8YZ
m_Items[2] = rOCRMGuSqwTsXmGcjQH4qNqSDoi6rzvZ4c1BSNBekGFG0lLkR3PxNPozhgOQbQGQpVBS4YAZ3Cr6MavKCEeuxw3Vqnwuktqk9uP7OigAV2qAaegdibkOMovUFIQO4Ol0
m_Items[3] = hiwA5RDasdzt7RKJyZnSE3bnY6P82NIPMdqwVPT1IL9bTjVgVH3qUhPzRAYJuLBZCSdPiaeRBraghAqiDWF2bqU9rY2Mpr5oBvfsZyZFv8tHEH0wt46sX3AWV6aZScaf
m_Items[4] = LKBnipPpd2DNJWX9bjYTBly2OPqtcDTQuT5eFI38dGV3AC5tK32qUh9bMcQB4csAaAIuxCwHw44DEuO7Hm7VZnfjAoUyr8pjQuXIdgwn5lCkNrxcvOPhxlcCloPSDVZl
m_Items[5] = 2mToFoinYnrkSTBvTpKWyZQR3bgIDTF1414ti8Xobz36Ha4PcNjMh6QlkxSTX2gIPcV5qJ65mVIaBosgMuBwozLtxd2p6ky0h1HZ2dnqvIsLKZu3SFXrZJtvmMHZK59mreferenced
Dress_Core_DressEnv_TypeInfo->static_fields->encryptKeys;
m_Items are encryptKeys
- 
				chrrox
- Posts: 388
- Joined: Thu Aug 07, 2014 10:28 pm
Re: FGO Waltz
These are the 2 functions called for generating the password.
https://pastebin.com/nqJmw1Bs
https://pastebin.com/5y0y3EHR
I also see this in memory hat lines up with the array it building
			
			
									
						
										
						https://pastebin.com/nqJmw1Bs
https://pastebin.com/5y0y3EHR
I also see this in memory hat lines up with the array it building
Code: Select all
Dress_Core_DressEnv__GetEncryptKey
OjNsqG9RpXxY3kwjl9f4XkyplPffbSMZolFgCxX1xchxTbIVJxV6zFpt0QALdT6LMSjOljgOLjEQSJtKs01Y1edWaCPi3H9UchktItWcBXusjhsuyH9GHjmx3HhAL8YZ - 1
LKBnipPpd2DNJWX9bjYTBly2OPqtcDTQuT5eFI38dGV3AC5tK32qUh9bMcQB4csAaAIuxCwHw44DEuO7Hm7VZnfjAoUyr8pjQuXIdgwn5lCkNrxcvOPhxlcCloPSDVZl - 4
hiwA5RDasdzt7RKJyZnSE3bnY6P82NIPMdqwVPT1IL9bTjVgVH3qUhPzRAYJuLBZCSdPiaeRBraghAqiDWF2bqU9rY2Mpr5oBvfsZyZFv8tHEH0wt46sX3AWV6aZScaf - 3
PqW6CKKXvwBZA1KJfzDRafWGzWcNFQIYLblOUintwbaXPtLHdarvX4XzWvXAyLIccfqfpxHv946OpukGTNNku7q4Z7WzKlhJ2GCfSsVC2a90rgP9qsc2sMYdlDguDL0W - 0
Dress_Core_DressEnv__GetEncryptSalt
hiwA5RDasdzt7RKJyZnSE3bnY6P82NIPMdqwVPT1IL9bTjVgVH3qUhPzRAYJuLBZCSdPiaeRBraghAqiDWF2bqU9rY2Mpr5oBvfsZyZFv8tHEH0wt46sX3AWV6aZScafg - 3
OjNsqG9RpXxY3kwjl9f4XkyplPffbSMZolFgCxX1xchxTbIVJxV6zFpt0QALdT6LMSjOljgOLjEQSJtKs01Y1edWaCPi3H9UchktItWcBXusjhsuyH9GHjmx3HhAL8YZa - 1
rOCRMGuSqwTsXmGcjQH4qNqSDoi6rzvZ4c1BSNBekGFG0lLkR3PxNPozhgOQbQGQpVBS4YAZ3Cr6MavKCEeuxw3Vqnwuktqk9uP7OigAV2qAaegdibkOMovUFIQO4Ol0  - 2
2mToFoinYnrkSTBvTpKWyZQR3bgIDTF1414ti8Xobz36Ha4PcNjMh6QlkxSTX2gIPcV5qJ65mVIaBosgMuBwozLtxd2p6ky0h1HZ2dnqvIsLKZu3SFXrZJtvmMHZK59m  - 5
*SPAM* - ?
- 
				chrrox
- Posts: 388
- Joined: Thu Aug 07, 2014 10:28 pm
Re: FGO Waltz
Here is the solution to fgo waltz decryption.

			
			
									
						
										
						
Code: Select all
#script for quickbms by chrrox
#special thanks to aluigi for xorpad fast function.
set MEMORY_FILE10 string "
void decrypt(unsigned char *data, int size) {
    int i, c;
    for(i = 0; i < size; i++) {
        c = i >> 4;
        switch(i & 15) {
            case 0:            break;
            case 1:  c >>= 8;  break;
            case 2:  c >>= 16; break;
            case 3:  c >>= 24; break;
            default: c = 0;
        }
        data[i] ^= c;
    }
}
"
get NAME basename
string NAME + .dec
get SIZE asize
math SIZE + 16
putvarchr MEMORY_FILE SIZE 0
calldll MEMORY_FILE10 decrypt tcc RET MEMORY_FILE SIZE
encryption mcrypt_rijndael-128_ecb "\x43\x20\x68\x9B\x21\x9A\x85\xBF\x9F\x66\x5D\xFB\xEF\x90\xBF\x49"  "" 1 16
math SIZE - 16
log MEMORY_FILE2 16 SIZE MEMORY_FILE
encryption "" ""
getdstring KEY SIZE MEMORY_FILE2
encryption xor KEY
log NAME 0 SIZE
- 
				mikoamoy
- Posts: 14
- Joined: Thu Jun 15, 2017 5:12 am
Re: FGO Waltz
After years it finally worked!
Thanks Chrox
			
			
									
						
										
						Thanks Chrox

- 
				Yuzu
- Posts: 1
- Joined: Wed Jan 19, 2022 2:58 am
Re: FGO Waltz
Hey, does anyone still have the OBB? I need the file to continue playing offline
			
			
									
						
										
						- 
				breakdown64
- Posts: 1
- Joined: Wed Dec 07, 2022 7:13 am
Re: FGO Waltz
Yo. I happened to stumble upon this forum so hello.Yuzu wrote:Hey, does anyone still have the OBB? I need the file to continue playing offline
Android 10 has broken this app (I think) and I have got it to work on an emulator running android 7, but a fresh apk needs to be downloaded since it is no longer on the play store. The app just shows an "Unable to contact servers" error message and kicks you out of the app.
Either I am not doing the correct method of importing this data on a fresh apk or the code needs to be modified so it does not need to attempt to contact the servers? I just copy pasted the data into the Android>Obb file. Would love to know more. Cheers.
https://file.io/S1Y6NCjzvZc0