PDA

View Full Version : Thoughts/help on reverse engineering a script


Merek
2008-10-03, 09:30
Yeah, it's another one of "those" threads *Laughs*. I'll do my best to be thorough and clear though.

So, I've started trying to translate one of Clockup's games, which is difficult on the technical end as they use their own funky, non-kirikiri engine. The game directory is basically the exe and a bunch of ".arc" files, and since one is named "script", it's a good bet that's the one I want.

Thanks to the work of Asmodean (http://asmodean.reverse.net/pages/tools_index.html), I can use extvkarc to unpack the .arc file. There are two problems though: First, there's no utility to re-pack them (I'm guessing he was mostly interested in CG extraction), and second, unpacking the script file results in a bunch of ".asb" files.

These ".asb" files aren't plain text, and I'm at a loss as to how I can unpack or reverse-engineer them. I've used hex editors before: I'm just not really sure where to start to get usable text out of these files. Are they compressed? Encrypted? Both? How would I tell, and how would I reverse it?

Understand I'm not asking anyone to do this for me, but some pointers/help/thoughts to get me on my way would be greatly appreciated.

I also have a working AGTH "Hook" into the exe, so if I need actual text from the game at some point to help find/decode something, I've got it.

Oh, and for what it's worth, here's a screen of one of the ASB files open in Mad edit:

http://img377.imageshack.us/img377/521/screentranslationcw1.th.jpg (http://img377.imageshack.us/my.php?image=screentranslationcw1.jpg)http://img377.imageshack.us/images/thpix.gif (http://g.imageshack.us/thpix.php)

I've also attached a zip of a few random .asb file, if anyone wants to look at them directly.

Thanks much.

roxfan
2008-10-03, 09:56
Looks encrypted. Upload the exe.

P.S. for quicker communication, come over to #denpa.

Merek
2008-10-03, 11:11
I'm kinda in and out today, but thanks for the tip, might stop by later.

As for the exe: here ya go: http://www.mediafire.com/?2n0hz51i22l .

So, n00b question: how does the exe help with decrypting the data files?

Serke
2008-10-03, 11:39
So, n00b question: how does the exe help with decrypting the data files?
Somewhere in the exe is the code that decrypts the data, so you just have to locate it and then decompile it (or figure out how it works and write similar code in high level language of your choice). It's much easier than working with just data, actually (if you have a good grasp of asm that is).

roxfan
2008-10-03, 16:11
Scripts decrypted and unpacked successfully (except 01_yuu.asb - gives an error unpacking and the checksum doesn't seem to match...). Will look into dumping strings on the weekend.

Merek
2008-10-03, 19:58
Somewhere in the exe is the code that decrypts the data, so you just have to locate it and then decompile it (or figure out how it works and write similar code in high level language of your choice). It's much easier than working with just data, actually (if you have a good grasp of asm that is).


Something like that started to occur to me as I pushed "submit", but I figured it was a good question to ask anyway. Interesting. As for Assembly language..*Laughs* I know OF it. In general terms, I know how it works. But I'm certainly not fluent.

Scripts decrypted and unpacked successfully (except 01_yuu.asb - gives an error unpacking and the checksum doesn't seem to match...). Will look into dumping strings on the weekend.

Holy...you guys are awesome :D. Don't worry too much about one stray file though: I fully expect that that one file might have been screwed up in transit, or in the extraction from the arc file: from what I understand Asmodean's tool was a pretty quick-and-dirty hack.

But if you'll tolerate my slowness a moment Roxfan, what exactly does "unpacked" mean? You have plain-text files sitting in front of you? And if so, why go searching any further? Again, my apologies: I'm a noobie here, so I'm going to be going "what do you mean by ___?" over and over :P. But I'll do my best to be a quick learner. That said, what do you mean by "dumping strings?" Oh, and like I said, I'll try to stop in and hang out in the IRC channel tomorrow for a while, see if I can catch any of you.

Till then though, thanks for all the input thus far. Thanks to your help this is looking a lot more feasible then it used to :D.

roxfan
2008-11-27, 16:33
Support for .asb scripts has been added to VASTT.