Quote:
Originally Posted by WurstbrotQT
It's quite easy, they got a keytable with 2048 values, the first 5 bytes to read are at the offset eof-60, the first byte is something like an encryption key identifier, the last 4 the typical header size.
After that, you have to continue reading the header from the start of the file and decrypt it with the normal bit manipulate function of offi but passing the value at position i, which is the current position of the header loop, or the 2048th element if the current loop counter exceeds the amount of values.
Reading that header is quite the same as reading an offi header without the version.
The before mentioned key identifier determines the key for the rest of the file (decrypting the contents).
0x0b turns into 0x63
0x16 and 0x2c into 0x12
0x21 into 0xf1
0x37 into 0xe2
0x42 into 0x98
0x4d into 0xa5
anything else: 0xc4
You can find the key table with every disassembler, should be the offset 0x00AFF9E8.
|
more info for new decrpter ;P
->NOT [2048th element] JES [2047th]
->Var_324 IS; i
