Step 1: Find the initial PK2 loading code in the client. This is easiest done if you simply "search for all referenced text strings" and look for "169841" followed by the name of a PK2 file. Set a breakpoint as shown on the function call. When you step into the function call proceed to Step 2.
Step 2: Locate GFXFileManagers PK2 loading function. After you stepped into the function call from Step 1, you will need to locate the call to the GFXFileManager DLL. Luckily, this seems to always be shown as CALL EDX, so you should be able to track it down. Set a breakpoint as shown on the function call. When you step into the function call proceed to Step 3.
Step 3: Trace into the higher level function call. Now that we are inside the GFXFileManager DLL, we have to find the top level function that eventually causes the Blowfish key to be generated and used to setup encryption. Carefully refer to the screenshot to locate the function. Set a breakpoint as shown on the function call. When you step into the function call proceed to Step 4. NOTE: Before you step into the function call, the PK2 base key is at the top of the stack. This value is important for non-official versions for my old PK2 writing tools.
Step 4: Trace into the lower level function call. This step might take the longest due to how far down you have to scroll. However, since the format of the GFXFileManager is pretty much the same, it's not hard to find at all. Carefully refer to the screenshot to locate the function. Set a breakpoint as shown on the function call. When you step into the function call proceed to Step 5.
Step 5: "Borrow" the key! Once we step into the final function, we need to set a breakpoint as shown to trace the creation of the Blowfish key. After the breakpoint is hit, we should follow the address in the dump that is written to on the line marked "Blowfish Key" the first time through. The key is always 6 bytes, so as soon as the JL will not execute, you will know the key is complete. From there, you can simply copy it from the dump.
Now, you have the Blowfish Key (Step 5) and the Base PK2 Key (Step 3) required for working with the PK2 files. I'm not going to refer back to my old PK2 tools (which contain some serious flaws) and using these keys because I am in the process of updating them again. However, I still wanted to have a guide to reference about how I go about getting the PK2 keys for different Silkroad versions.