Closed MishaIac closed 2 years ago
According to different games, the extra_encrypt, Seed and Extra.bin are also different.
Wow, its works! Thank you very much! But the question still remains, how do I get extra_encrypt, Seed and Extra.bin? Or is there no easy way to explain it? I want to hack Nukitashi 2, too. Although, I haven't tested it yet, but could it be encrypted the same way as the first game?
Keys are also different. I will introduce a method of finding this information by observation and reasoning, which I think can cope with most situations. Decode.bin is not change in most cases. (I rarely deal with RioShiina engine, so I'm not sure). RioShiina.jpg and RioShiina2.png can be found in exe.But most of the time they are not change. RioShiina_Extra.png is not used in all v2.50 games. Nukitashi isn't use.
So, most of the time we must find the change of Key, Extra.bin and extra_decrypt() when this game is v2.50.
First of all, the simplest is to find the key. Search the ending of RioShiina2.png in exe,the keys are behind RioShiina2.png. So,the keys of Nukitashi 2 are: Key1=0x96BF8FA9 Key2=0x66BC6CBE Key3=0x80BFE0BF Key4=0xF5BF9FBF Key5=0x6CBFBAAE
Next, the Extra.bin. Extra.bin is a part of the exe, so each game is different.
1.Find the size of Extra.bin. The game use RioShiina.jpg behind decrypt_helper4(), so we can search FileTimeToSystemTime().Then we can find the ImageSize of Image(line 612).
In Nukitashi 2,ImageSize is 0xBA31. We know the size of RioShiina.jpg is 33484 bytes. So the size of Extra.bin is 0xBA31 - 33484 = 0x3793.
2.Dump Extra.bin. Search the ending of RioShiina.jpg in exe,the Extra.bin is behind RioShiina.jpg. Start from 0xDEFE6,and dump 0x3793 bytes. Yes,so easy.
Finally, analysis extra_decrypt(),the hardest step. 1.Find extra_decrypt(). Search 0x202 or 0xFF82AD82 in the debugger, extra_decrypt() is under push 202.
2.Analysis it! You can dump the encrypted file like me.Then analyze it step by step.
I see. Maybe I can handle keys and Extra.bin, but I definitely can't handle extra_decrypt(), because, unfortunately, I don't know C and C++ very well, and assembler is even worse :( I thought it would be easier...
Anyway, thanks for the instructions! Maybe when I learn more C and assembler, I'll manage it, but not now. If you have already analyzed everything, is it possible to get tools for Nukitashi 2 too? I would be grateful.
A few hours for analysis, tired... NUKITASHI2.zip
Omg, thank you so much for your work! You are the best! The English version of Nukitashi should be out soon, and I hope they don't change the encryption, and if they do, I'll try to hack the game with your instructions. In any case, thanks and good luck :)
In the translation credits, we will be sure to mention you as the author of the tools. I hope you don't mind?
OK.I don't mind.
Ok. Thanks again.
Hi. I want to ask you, is it possible to add Nukitashi (https://vndb.org/v22899) support for Shiina Rio tools? I tried the latest version, which has Sorcery Joker support, but nothing works, although the engine version is the same (2500) and I know the keys. Maybe because I need Decode.bin and Extra.bin files and some kind of Seed? If so, unfortunately, I don't know what these files and Seed, and there are no instructions how to get them.
Here's what I know: Version=2500 Key1=0x90B989AF Key2=0x60BA6AB8 Key3=0x86B9E6B9 Key4=0xF3B999B9 Key5=0xF2B9BCA
RioShiinaImage, Region, EXE Nukitashi and sample WAR archives are in the zip archive: RioShiina_Nukitashi.zip
Thanks in advance.
大大,最近想研究这个引擎了,但是不是软件不同啊,我 试了一下这个exe,看了一下,十六进制和大大的图不同哎,我是准备先试下这种已经确定能改的,为啥不同呢
Hi. I want to ask you, is it possible to add Nukitashi (https://vndb.org/v22899) support for Shiina Rio tools? I tried the latest version, which has Sorcery Joker support, but nothing works, although the engine version is the same (2500) and I know the keys. Maybe because I need Decode.bin and Extra.bin files and some kind of Seed? If so, unfortunately, I don't know what these files and Seed, and there are no instructions how to get them.
Here's what I know: Version=2500 Key1=0x90B989AF Key2=0x60BA6AB8 Key3=0x86B9E6B9 Key4=0xF3B999B9 Key5=0xF2B9BCA
RioShiinaImage, Region, EXE Nukitashi and sample WAR archives are in the zip archive: RioShiina_Nukitashi.zip
Thanks in advance.