#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    4
    Rep Power
    0

    Not quiet sure what this is...


    I've been looking around now for the past few hours trying to research in to a file i'm trying to gain access to.

    The file is from a game "Call of Duty: Black Ops II" and i'm trying to manipulate the gamesave file. The file however was previously encrypted.

    I believe the file has some sort of obfuscation securing the rest of the file but as you may be aware I don't have a clue how to un-obfuscate it.

    Here's a screen shot of the file: http://d.pr/i/YlC8

    Since I can't paste the code it keeps dissapearing nor can I post it on pastebin for the same reason I have uploaded the file.

    Download:
    cl . ly/2F2H1v0V2Z3R (remove spaces)

    (Open in HxD Editor) < I assume you already know.

    Any help is appreciated, thanks.
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    4
    Rep Power
    0
    Originally Posted by WellysWorld
    I've been looking around now for the past few hours trying to research in to a file i'm trying to gain access to.

    The file is from a game "Call of Duty: Black Ops II" and i'm trying to manipulate the gamesave file. The file however was previously encrypted.

    I believe the file has some sort of obfuscation securing the rest of the file but as you may be aware I don't have a clue how to un-obfuscate it.

    Here's a screen shot of the file: http://d.pr/i/YlC8

    Since I can't paste the code it keeps dissapearing nor can I post it on pastebin for the same reason I have uploaded the file.

    Download:
    cl . ly/2F2H1v0V2Z3R (remove spaces)

    (Open in HxD Editor) < I assume you already know.

    Any help is appreciated, thanks.
    Seems like there is actually 2 types of encryption. It's either 3DES or AES i'm not quiet sure.

    Can anyone determine the encryption type? thanks.
  4. #3
  5. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,392
    Rep Power
    1871
    Your file isn't compressed.

    Data streams encrypted with a decent algorithm cannot be compressed.
    Code:
    $ ls -l GPAD0_MP.DEC
    -rw-rw-r-- 1 sc sc 1000 2012-12-18 01:10 GPAD0_MP.DEC
    $ gzip GPAD0_MP.DEC 
    $ ls -l GPAD0_MP.DEC.gz 
    -rw-rw-r-- 1 sc sc 262 2012-12-18 01:10 GPAD0_MP.DEC.gz
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    4
    Rep Power
    0
    Originally Posted by salem
    Your file isn't compressed.

    Data streams encrypted with a decent algorithm cannot be compressed.
    Code:
    $ ls -l GPAD0_MP.DEC
    -rw-rw-r-- 1 sc sc 1000 2012-12-18 01:10 GPAD0_MP.DEC
    $ gzip GPAD0_MP.DEC 
    $ ls -l GPAD0_MP.DEC.gz 
    -rw-rw-r-- 1 sc sc 262 2012-12-18 01:10 GPAD0_MP.DEC.gz
    Therefore I cannot gain access? Or is there anyway anyway possible to get in to it.
  8. #5
  9. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,392
    Rep Power
    1871
    All I can tell you is that it isn't encrypted with 3DES or AES, and it isn't compressed. If either of these things were true, then gzip would not have been able to take 1000 bytes down to 262 bytes.

    A casual visual inspection of the hex dump shows many 00 bytes, and several repeated sub-strings.

    If you're unsure of this, do some reading on information theory
    Compressed streams are devoid of entropy, so you can't compress it any further.
    Encrypted streams are indistinguishable from random noise, unless you know the algorithm and key. A truly random stream cannot be compressed either.

    Regarding reverse engineering of a game file format, it is generally assumed that you want to 'cheat' in some way. Now if this were an off-line game, and I was motivated enough to be curious about the game in that way, and you seemed to have some skill then I might have been interested in helping. The only people who can be affected are those who specifically choose to use a hacked file.

    As it is (an on-line game that I've got no interest in, and you lack some fundamentals) then I'm just going to check out of this conversation. I'm just not into helping people wander around a game in 'god' mode without other players being aware of it.

    Decoding the file is unlikely to be your only obstacle.

    Comments on this post

    • WellysWorld agrees : Thanks a lot man!
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    4
    Rep Power
    0
    Originally Posted by salem
    All I can tell you is that it isn't encrypted with 3DES or AES, and it isn't compressed. If either of these things were true, then gzip would not have been able to take 1000 bytes down to 262 bytes.

    A casual visual inspection of the hex dump shows many 00 bytes, and several repeated sub-strings.

    If you're unsure of this, do some reading on
    Compressed streams are devoid of entropy, so you can't compress it any further.
    Encrypted streams are indistinguishable from random noise, unless you know the algorithm and key. A truly random stream cannot be compressed either.

    Regarding reverse engineering of a game file format, it is generally assumed that you want to 'cheat' in some way. Now if this were an off-line game, and I was motivated enough to be curious about the game in that way, and you seemed to have some skill then I might have been interested in helping. The only people who can be affected are those who specifically choose to use a hacked file.

    As it is (an on-line game that I've got no interest in, and you lack some fundamentals) then I'm just going to check out of this conversation. I'm just not into helping people wander around a game in 'god' mode without other players being aware of it.

    Decoding the file is unlikely to be your only obstacle.
    The game will not be used to get online mods at all since I do not have a working console that allows me to transfer files across (Jailbroken Playstation Console). This is just to help gain and progress my knowledge and not put anything in to action for many reasons. The game consists of a ban if any type of file is modified online which would leave my account and my console banned forever.

    The file is known to be encrypted using 3DES (Treyach's) encryption and AES (Sony's) encryption. The 3DES has been decrypted and that was the first layer of encryption which has been removed from the file I uploaded. The AES encryption is the one i'm struggling to remove at first I thought it was obfuscated but indeed I was incorrect and the .svg are the only obfuscated files.

    I believe this is the only type of file which is obfuscated however removing the obfuscation is another type of thing that neither me or someone I know now how to do.

    cl .ly/2224341c0k3T < Remove the spaces.

    EDIT: Re-read and I had gotten mistaken, If the file is not encrypted via 3DES or AES then is it not encrypted at all? or..


    Regards, Welly.

IMN logo majestic logo threadwatch logo seochat tools logo