View Full Version : Help, minori's .paz format..

2006-12-05, 07:49
I got ef~a fairy..~ trail version.
I success unpack ef data from .paz files with this tool (http://atelibet.s11.xrea.com/side_yuu/)
but I don't know that how can repack .paz format..
haven't anyone repacker program or ideas?
sorry for my poor english.

2006-12-05, 13:14
Try this.
It's best to use a list file for packing back, e.g.:

mkdir scr
cd scr
..\paz e ..\scr.paz
dir * /b >..\list.txt
..\paz a ..\scr1.paz @..\list.txt

2006-12-05, 19:36
thank you roxfan!
unpack and repack perfect.
but one more question.
I edited script file and repack..
but It can't display english&korean letter.
is ef using own fonts?
or windows fonts?
How can I fix for display Korean Letter or ef using korean fonts..?
my friends try to fix it, but looks failed.


- runs with original exe files.


- runs with temp-hexed exe files. Can't see fonts.

edit : english is shown well, but Korean letter never show up..

2006-12-05, 23:33
You need to edit the exe file because minori doesn't use unicode..

What's the format for the list file?
I tried to make a list.txt like that

and used this command, but it doesn't work..
paz a ..\scr.paz @c:\list.txt

EDIT:I didn't see the pictures..They look good to me.
Have you tried clicking on the little triangles beside the font preview?
Maybe it's due to the font doesn't have Korean characters or you need to edit one or two bytes in the exe file to make it use something like EUC-KR instead of Shift-js.
I think ef only lets you choose the fonts that can display Japanses characters. I don't know how to change it..maybe do something on the font file?

By the way..I've asked someone for the first fan disk key. Here it is.

2006-12-06, 00:28
How can I fix it?
someone told me "it's relation with Japanese Halfwidth and Fullwidth Forms check problem.. so I can solve it."
but he doesn't told solution to me because it's secret -_-


- this 'solved' ef setting screen shot, Korean Fonts works good. but I don't know how to it.

2006-12-06, 10:43
Just a list of filenames. You don't need full paths as long as they all reside in the current directory. If you use the commands I provided, dir/b should generate a proper list.
As for Korean text, you will probably need to patch in the exe:
1) lfCharset parameter to the CreateFontA call. Japanese is 128(0x80), Korean is 129(0x81)
2) Checks for lead bytes. Shift-JIS (CP932) has two ranges of lead bytes: 0x81-0x9F and 0xE0-0xFC, while Korean (CP949) only has one range - 0x81-0xFE. For example, in a code like this:

cmp eax, 81h
jb short loc_439933
cmp eax, 9Fh
jbe short loc_439927
cmp eax, 0E0h
jb short loc_439933
cmp eax, 0FCh
ja short loc_439933

Just patch the second jump to execute always:

cmp eax, 81h
jb short loc_439933
cmp eax, 9Fh
jmp short loc_439927

2006-12-06, 11:51
Hehe, it's working. Thanks roxfan.

2006-12-06, 19:19
thank you for answering roxfan.
I try it. but I failed.. can you fix it?
CreateFontA call was already solved.
but second step failed..

p.s : have anyone Haru no Ashioto key? roxfan's tool doesn't work with ef keys.

2006-12-07, 12:44
Use these for Haruoto:


2006-12-07, 19:16
ok. roxfan. I have some question.

first, I find 'CreateFontA' function but I can't found charset = 128

then edit here.

finally, I find cmp eax,81h... edit. all go to 00414701


but I still can't see Korean Font. (maybe eftrail.exe only read support japanese fonts..)
How can I edit it?

sorry for newbie's annoying questions.

2006-12-08, 01:17
first, I find 'CreateFontA' function but I can't found charset = 128
You have to set a break at 0x004714AE.

You're in the wrong area. If you put a break on it and run the program, nothing goes to that part so that part is useless. The one you should be editing is 0x00435735.

And there we go.

So to tell you exactly what to do:
0043573D JBE 004357CF

0043573D JMP 004357CF


2006-12-08, 02:40
Thank you, roxfan and kyun : I got the trial to show my lame french translation :)

2006-12-08, 07:51
Very thank you kyun!!!! I finally got it. I never forget it.


Korean works correctly.


Korean Font working (only gulimche. others not works. why?)


Korean test.

hm... one more question.
I edited script files. but every letters looks like correctly.
but they ignore every space( ). can I fix it?

2006-12-08, 16:21
It looks like it is trying to display japanese with the korean fonts enabled, which it doesn't like. Mine will do the same thing if I type in japanese when it expects korean.

I have no idea about the space thing. It's something in the engine and not related to the hack. I tried both the original and the hacked one and neither of them work with spaces. Sorry. :(

2006-12-08, 21:12

ok. I solve font problem. it's simple.
but I have more problem..
first, Korean mode. Character mouth doesn't animaited.
second, Space Problem. ( ) this space work correctly. but ( ) this space work incorrectly. (if ( ) space in sentence , sentence won't display)
third, I don't know that Character name , Character speech control code.
so 'Character name' ugly words display.



2006-12-09, 02:00
For the name thing, edit 0x000E855C in a edit editor. It's the japanese ???s that display when a character's name has a @ in front of it. 0x000E8554 is 】 and 0x000E8558 is 【. You'll want to edit all of those to work with the korean translation.

Do you think you could upload what you have done of the translation so far (or at least up until parts where there are speaking) so I could see what kind of changes you made? The character's mouths move when I'm using the original script so I think it's something you might've done.

2006-12-09, 07:32
For the space problem, I used umbreakable spaces ( ) (xA0 in the ansi-1252 charset), which are correctly displayed (but I don't know if there is the same kind of space in the charset you are using).

And I simply deleted all the control caracters, until I get something better to work. (and added a simple hack to remplace one specific caracter with a line break, thus I can make something not to ugly)

And for now I don't seem to have any voice problem.


2006-12-09, 08:42
for kyun

This is edited script and original script.
and Korean Edited Exefile..

Kyun, thank you for supporting me.

Would you join our Minori's game Korean Localizing project?
your support is great help.

for Vlobulle

your advice is thanks. but, A0 is not space in Korean.
and not voice problem. Character Mouth Animation Problem.

2006-12-09, 10:13
I just tried : the game can perfectly show normal spaces, the trick is to replace some useless character with the space just before it's drawn (and after it has been read, because usual space seems to be used as a control char by the script).

For exemple, let's say that x2A is an useless one-byte char in your charset (in fact it's a *, since I don't know the Korean charset at all, but I'm sure there are some other).

At 0043573D, simply insert something like:
if ESI == 2A, then ESI = 20

(of course there is the little problem of writing the if statement at the right position, I used a call to the end of the file, where there are plenty of zeros)

Thus, each time the game will read a x2A, it will display a space.

It's ugly (I'm not used to meddle with debugging), it requires to make a tool to convert an human-written script into a game-parsable one, but at least, it works (I use it for the space and the line break).

By the way, sorry, I was also speaking of the mouth animation.

2006-12-09, 11:01
Would you join our Minori's game Korean Localizing project?
your support is great help.
Sure, I'm willing to join. What's the most convenient way to communicate for you?

About the mouths, you have to be really careful about editing. I can do that part if you want. Here's the new EXE with the 【???】 fix and the new 100_01.sc.

2006-12-09, 11:36
[] Problem was solved. it's working. thank you.
but program with Korean text, Mouth animation still won't working....
and we have ( ) space problem.
hmph. it's not important, but ( )space for perfect Korean sentence..
( ) space is ugly.

Thank you for joining minori project.
If you need contact me, send email to blauerbrief_at_gmaildotcom (sorry. goddamnspam)
or MSN - blauerbrief_at_hotmaildotcom

2006-12-09, 11:55
I added you to my list but it looks like it added you to both of my accounts for some reason (I'm not sure if it sent an add from both, but it added you to both lists). Just ignore the other one if you received more than one. I'll talk to you some more about it on MSN.

2006-12-10, 06:29
I finally finish ef trial version Korean Localization.
Thank you, Nagato(kyun), Vlobulle, roxfan.

2006-12-11, 08:15
What is this (http://kr.img.dc.yahoo.com/b9/data/rubbish/efkorq1.jpg) program you are using? Does it let you edit in that view, too?

I'm still stuck in the dark ages, editing things manually in a hex editor... something a little easier to use without separate dis/re-assembly would be nice.

2006-12-11, 10:09
The program is called ollydbg (http://www.ollydbg.de/). Yes, you can edit in that view as well. It's a very useful program for ASM editing.

2006-12-22, 18:27
roxfan, is there any chance you'll be updating your paz tools for the full version of ef? They changed the paz format a bit. From what I could tell (I'm not sure how to decrypt blowfish stuff so I couldn't really do much), the first 4 bytes aren't there anymore and it goes right into the data. I already did the keys for it if it helps any:


2006-12-23, 00:17
the length of index is now located at 0x20, and it has been encrypted with simple byte-level xor.
you don't really have to know how blowfish works, though, just use open source libs that can be found everywhere. the blowfish part in full ver. of ef hasn't been changed much.

2006-12-23, 03:16
If it's not a problem, do you think you could check to make sure I'm doing the xoring part right? For the script file, I get 130Bh. What do you do with the 32 bytes before that? Ignore them?

2006-12-23, 11:15
most of the first 32 bytes seems to be garbage (but i'm not sure), but you want to notice the byte at 0x08, that's the byte you'll be xoring with before you get to BlowfishDecrypt.

so, you'd:

> read in the first 32 bytes in the archive, save the byte at offset 0x08, and then dump the rest of them
> xor this "key byte" with every byte of a 4-byte integer at offset 0x20, and that's the length of index
> read in the index, xor hrough it with the "key byte", then BlowfishDecrypt it with the first set of Blowfish key. now you've got the index ready to use
> to extract files from the rest of the archive, xor with the "key byte" first and then BlowfishDecrypt.

just to mention that, in full version of ef, the initialization of pbox is somehow different from standard Blowfish and from ef_trial. in ef_trial, you have to negate every key byte before it's used in an otherwise standard Blowfish init.

so if you had a standard implementation of Blowfish, in ef_trial you'd: (pseudo code)


now in full version you have to do something tricky, so let's get more into the details of what would be a part of BlowfishInit. the code snippet below should replace the round of xoring pbox with the key for Blowfish: (in C++)

unsigned int pbox[18]; // the pbox of Blowfish
byte* key; // pointer to the key for Blowfish, and that the length of key is always 0x20 in minori's games

unsigned int ofs = 0; // offset of current byte in key

for (int i = 0; i < 18; ++i) { // iterate though pbox
unsigned int build = 0;
for (int j = 0; j < 4; ++j) { // retrieve 4 bytes from the key at a time
byte currentByte = key[ofs];

// this switch is what's different from the standard Blowfish
switch (ofs &#37; 6) {
case 0:
currentByte ^= 0x6D;
case 1: case 5:
currentByte ^= 0x69;
case 2:
currentByte ^= 0x6E;
case 3:
currentByte ^= 0x6F;
case 4:
currentByte ^= 0x72;
build <<= 8;
build |= currentByte;
ofs &= 31; // ensure ofs doesn't go beyond 0x20
pbox[i] ^= build;

and that's about it...hopefully i made myself clear enough. read the algorithm of Blowfish should the code snippet above be confusing

2006-12-23, 12:30
That makes a lot of sense now. The code snippet I'm going to have to look at more, but the beginning part with 0x08 being used to XOR the 4 bytes at 0x20 helped a lot. :) I'm looking at the code now used for ExtractData and this is their decryption routine:

void Cef_first::Decrypt(LPVOID data, DWORD data_size)
BYTE deckey = m_deckey;
LPBYTE pData = (LPBYTE)data;
for (int i = 0; i < (int)data_size; i++)
pData[i] ^= deckey;

m_deckey is the byte at 0x08 if I'm reading the init code correctly. Cef_first::DecodeKeyTable() is very similar to what you have in your code snippet too, so it helps to see it in action.

I'll see what I can do with the information you've provided and the code I'm looking at now. Thanks for the help. :)

2006-12-23, 12:52
that's because DecodeKeyTable() method in class hierarchy of CPaz from ExtractData is equivalent to the first part of Blowfish init what might be called init()/SetKey()/whatsoever...

and that the mapping is found through debugging. this part of everyone's code should seem somewhat alike.

2006-12-31, 10:01
I use ExtractData successful unpack the files from ef_first(full ver.)
but I don\'t know how can I repack these files
and I know nothing about program...
does anyone have a tool for repack the paz?

2006-12-31, 10:11
I use ExtractData successful unpack the files from ef_first(full ver.)
but I don\'t know how can I repack these files
and I know nothing about program...
does anyone have a tool for repack the paz?

2007-01-08, 14:27
Here's the source. I don't have the game myself.

2007-04-28, 08:55
So is there a functional exe that can use english characters?

2007-04-28, 10:07
Yeah, Wind -a breath of heart- used this. If you need the functional exe, you can talk to GipFace of NNL for it.

2007-04-28, 10:13
Where can I ask them?

2007-04-28, 10:15
PM here, or you can head over to NNL's IRC Channel on irc.zirc.org/#NNL.
Gip requires a fairly compelling argument to hand out the exe though, so if your not going to work on a minori/musica based game, he probably wont hand it over to you.

2007-04-28, 10:24
Uh, my friend is willing to translated Ef - Fairy tale of Two complete game so I need to code that in engine...