Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 16:52

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 98 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
 Post subject: Re: Race wtcc research
PostPosted: 14 Jan 2009 01:13 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
here I have no problems, but I have found what is yours.
seems that yours extractor for the file MAS is wrong, in fact it has "eated" the first 16 bytes of that dds.
I can confirm this hyphotesis because I have deleted the first 16 bytes of the same file and I see the same signature in your error.
so please check your mas2files tool first.


Top
 Profile  
 
 
 Post subject: Re: Race wtcc research
PostPosted: 14 Jan 2009 02:57 

Joined: 30 Nov 2008 06:15
Posts: 16
weird

i use the official mas.exe from ISI


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 15 Jan 2009 22:27 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
offtopic: just for fun I tested the old critical vulnerabilities I found in the 2007 in the rfactor/gmotor engine and ARCA Sim Racing 1.138 (the latest version exist, relaesed the 30 december 2008) is vulnerable too: rfactorx.exe 1 t 127.0.0.1
http://aluigi.org/adv/gmotor2-adv.txt
http://aluigi.org/adv/rfactorx-adv.txt


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 16 Jan 2009 18:11 

Joined: 29 Aug 2008 05:20
Posts: 2
Hello all,
It's possible, to make the "same" great decrypter but for "Simulador turismo carretera", very good cars and tracks but impossible to convert for other ISI motor.
Thanks in advance, if it's possible.

Bye


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 16 Jan 2009 18:34 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
upload somewhere a couple of the encrypted files of that game and I will take a look at it to see if it's a common format


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 17 Jan 2009 01:15 

Joined: 17 Jan 2009 01:04
Posts: 7
Hi, when running the rfactordec it always skips 4bytes of data when trying to decrypt files. I unpacked the mas files using Mas2File tool (dos version).

Attachment:
rfactordec.JPG
rfactordec.JPG [ 46.09 KiB | Viewed 3504 times ]


Using the rfacordec version from 16/01/2009.

Below is a mas file i have been using.
http://postdownload.filefront.com/12996 ... a5769a1abc


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 17 Jan 2009 01:33 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
argh, a bug introduced in the last version affecting the GMT (the first 4 bytes of the output file were the first 4 of the input), solved immediately in 0.1.2a.
thanx


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 17 Jan 2009 01:42 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
and released also version 0.1.2b with the signature of Turismo Carrettera, luckily it was based on the same gMotor2 engine :)


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 17 Jan 2009 11:16 

Joined: 17 Jan 2009 01:04
Posts: 7
great news about Turismo Carrettera, a game i bought but being in europe nobody plays so finally can have it on rFactor as a mod and make life simple.

I still appear to have problems writing new files, all i've done is used the find.exe and altered the wtcced_all.bat file to suit the rfactordec, with the lines below but it seems to fail to write the new files to the decrypt directory.

Code:
md c:\rfactored\decrypt
c:\rfactored\find GameData -exec c:\rfactored\rfactordec.exe "{}" "c:\rfactored\decrypt\{}" ;


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 17 Jan 2009 13:27 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
ok, released version 0.1.2c which automatically creates the output folder if doesn't exist


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 17 Jan 2009 16:15 

Joined: 29 Aug 2008 05:20
Posts: 2
this new version work perfectly, thanks luigi U are a BOSS

Max


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 18 Jan 2009 13:15 

Joined: 17 Jan 2009 01:04
Posts: 7
Hi, was wondering is it possible to decrypt an F1C file, currently the rfactor dec doesn't do it, due to possible file format difference, rfactor uses .gmt where as f1c uses .mts. Both use the gMotor2 engine though.

Attached are 2 .mts files, one that is unlocked, and one that was encrypted using zmodeler 1.07 that has been used to encrypt other .mts files.

Attachment:
v8.zip [84.99 KiB]
Downloaded 233 times


Thanks for all the help :)


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 18 Jan 2009 15:05 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
it's not an encryption, it's only a byte at offset 0xd74 of the file which if is not zero (or another specific positive value) means that the file is locked.
so if you put a zero at that offset with a hex editor you can open the file without problems.


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 18 Jan 2009 16:41 

Joined: 17 Jan 2009 01:04
Posts: 7
ok thanks :) have no idea about the encryption/locking, just modding the games.


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 18 Jan 2009 19:18 

Joined: 17 Jan 2009 01:04
Posts: 7
hate to be a pain, but i haven't got a clue where the offset 0xd74 is in the hex. offset letters only range from A to E.


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 18 Jan 2009 21:26 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
*EDIT* removed attachment


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 18 Jan 2009 21:50 

Joined: 17 Jan 2009 01:04
Posts: 7
works on the file i sent, but doesn't work on other .mts locked files, can't work out why as they were locked using zmodeler. Perhaps should of sent more file first time so you could check.

Attachment:
v8_vy.zip [161.96 KiB]
Downloaded 213 times


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 18 Jan 2009 22:27 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
in this case patching the filters is the best solution.

the filters are mts01.zmf and mts02.zmf which are packed with UPX so after decompressing them (upx -d file.zmf) it's enough to modify them as follows:
Code:
Filters\mts01.zmf
0000165F   0F       90
00001660   84       E9

Filters\mts02.zmf
00001795   0F       90
00001796   84       E9
in case of problems I have attached the files already patched to this thread.


Attachments:
mts_unlocked.zip [23.99 KiB]
Downloaded 227 times
Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 19 Jan 2009 00:09 

Joined: 17 Jan 2009 01:04
Posts: 7
thanks for all your help


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 21 Feb 2009 04:17 

Joined: 30 Nov 2008 06:15
Posts: 16
bad news

arca sim format seems to have changed a bit, again

the files decrypt, but they wont load in rF or in 3dsimedit


Attachments:
STARTBOX.rar [1.5 KiB]
Downloaded 193 times
Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 31 May 2009 17:47 

Joined: 31 May 2009 17:38
Posts: 5
i get som Permission Denied for race07 files... thats ok ?

Image


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 31 May 2009 17:57 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
don't worry it's all ok.
practically the "find" program seaches anything inside the specified input folder (GameData) included files and folders so when wtcced is launched using a folder as input it gives the "Permission Denied" error and find continues its scanning.
so it's all perfectly normal

P.S.: is possible to avoid the executing of wtcced on the folders simply specifying "-type f" in the find command like in the following example:
Code:
md c:\wtcced\decrypt
c:\wtcced\find GameData -type f -exec c:\wtcced\wtcced.exe "{}" "c:\wtcced\decrypt\{}" ;


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 11 Sep 2009 15:16 

Joined: 31 May 2009 17:38
Posts: 5
Hi aluigi

can u add a support for Top Race 2009 ? is the same gmotor2 engine by Turismo Carretera with some updates.

see the attach, pls.

thx


Attachments:
OBJ6527.rar [133.97 KiB]
Downloaded 190 times
Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 11 Sep 2009 15:20 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I have already added the signature of Top Race 2009 in both rfactordec and rfactorgmdec:
http://aluigi.org/papers.htm#rfactordec
http://aluigi.org/papers.htm#rfactorgmdec


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 11 Sep 2009 16:24 

Joined: 31 May 2009 17:38
Posts: 5
wow, great aluigi... ;)


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 11 Sep 2009 17:14 

Joined: 31 May 2009 17:38
Posts: 5
well, i cant decrypt this file in attach... :\
here is my bat

md c:\gmt\decrypt
c:\gmt\find GameData -exec c:\gmt\rfactordec.exe "{}" "c:\gmt\decrypt\{}" ;


Attachments:
ROAD1.rar [77.24 KiB]
Downloaded 175 times
Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 11 Sep 2009 17:31 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
that file can't be decrypted because it's not a file encrypted using the algorithms of the rfactor-engine.

*edit, it's not a activemark file*

anyway at the moment I don't know what algorithm (and key) is used to encrypt those particular GMT files


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 12 Sep 2009 15:21 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I have just updated the rfactordec tool: http://aluigi.org/papers.htm#rfactordec
practically thes files have an additional 7bytes header and the bytes decreased of one, but for the rest are exactly like the others and so decryptable without problems.

an interesting thing I have noticed during my tests:
TopRace2009 uses a "horrible" way to decrypt these "CHTN1R1" files, practically it:
- copies the content of the whole file decreased of one in Resource\temp.tmp
- check the BGSM0Q0 header
- copies the new content without the first 7 headers in the old file

this method is horrible not only for the performances (uses fgetc for all the operations and a new file) but also for the integrity of the files because if there is a loss of energy just in the moment of these operations you lose one or more files... imho bad


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 30 Sep 2009 04:51 

Joined: 30 Sep 2009 04:49
Posts: 16
aluigi wrote:
it's not an encryption, it's only a byte at offset 0xd74 of the file which if is not zero (or another specific positive value) means that the file is locked.
so if you put a zero at that offset with a hex editor you can open the file without problems.


Sorry, I have the same issue and am unable to locate 0xd74 in my hexeditor. as it is displaying all in the 0-f range....

Thanks in advance


Top
 Profile  
 
 Post subject: Re: Race wtcc research
PostPosted: 30 Sep 2009 11:53 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
uffff, in attachment there is a simple lpatch file:
- download lpatch: http://aluigi.org/mytoolz.htm#lpatch
- launch lpatch.exe
- select mtsunlock.lpatch
- select the mts file to unlock
- you should see a success message

remember that I don't know the exact format of the mts files so 0xd74 could be the wrong offset for some of them.

*edit* check the patch in my next post


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 98 posts ]  Go to page Previous  1, 2, 3, 4  Next

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: