Atvaark
commented
8 years ago I analyzed the DCX encryption a bit more.
Example file (which gets read on each ingame loading screen):
aiscript:/aicommon.luabnd.dcx (_1877593259Data1.dcx), which can be found at offfset 544383255 in Data1.bdt. The AES ECB 128 decryption key is 7182000033000000FEFFFFFFFFFFFFFF.
Edit The issue seems to have been resolved by 1cd97a7. Now I'll have to check if there are still some files that get unpacked incorrectly.
Currently there is an issue with DCX and BHF4 files unpacked from the BHD5 (Data1.bhd - Data5.bhd) files. This only appears to happen when the files are encrypted with an AES 128 key in ECB mode. It is also possible that files other than DCX and BHF4 are impacted by this, but so far I could only notice it with these two file types.
DCX A DCX file that has been decrypted with AES has a valid DCX header (76 bytes) and a valid zlib header (2 bytes). The remaining bytes are decrypted one more time by the game engine to be valid zlib data.
BHF4 Same issue as the DCX files but the the first 1024 bytes are decrypted correctly and the remaining bytes are unreadable.