search

Atvaark / BinderTool

Dark Souls II / Dark Souls III / Bloodborne / Elden Ring bdt, bhd, bnd, dcx, tpf, fmg and param unpacking tool
MIT License
310 stars 50 forks source link

Question #15

Closed WolfDan closed 7 years ago

WolfDan commented 7 years ago

Sorry if I spam this issues but I have a question for you, where do you learn do decrypt all this encripted files, like get rsa keys and so on, I know a bit how to read hex and I understand protocols, but where do you get decrypt keys for example, and know all this stuff of the data in the files?

Any resource to learn to make this? I know this kind of work it's full R&D but if you can suggest a good way to learn to be more easy to understand this stuff I'm glad to see it

Thanks!

Atvaark commented 7 years ago

where do you learn do decrypt all this encripted files,

Solely by debugging the application that does the decryption. At one point an application will read the encrypted file into memory and decrypt it with a public or a custom algorithm. Most of the work ist just figuring out which algorithm is used and (when applicable) where the keys to decrypt are stored.

but where do you get decrypt keys for example

Either they are stored inside the application or they are loaded from somewhere externally (another file or a remote server). DSII stored most keys related to the asset files inside external files in a human readable text format. FROM noticed that this wasn't a good idea and reworked it for DSIII. In DSIII the keys were embedded inside the application in an obfuscated (non human readable) format. The game will deobfuscare the key in memory when it is required and obfuscate it when it's done reading the encrypted file. This process is over in a few ms, so you're going to need to use a debugger to pause the application at the right instruction or moment. While it is deobfuscated it can be found in memory and saved for later use.

Any resource to learn to make this?

There are plenty of written or video tutorials that explain debugging applications, data encryption and tool programming on their own. I don't know of any that cover all aspects I needed to know to write this tool.

Write your own applications that use common encryption algorithms like RSA, AES, Blowfish etc. and use a disassembler and debugger like x64dbg, ollydbg or the free version of IDA to see how each algorithm looks like when compiled. Try searching for other open source tools for games that use file encryption and debug the decryption routines. I'd also recommend that you limit yourself to games that don't require a network connection/account and that don't use any DRM or anti debugging techniques.

WolfDan commented 7 years ago

Finally everything is clear to me! So many thanks to take the time to answer my question, now I have good guide to begin on it!

I close Issue ^^