search

Yggdrasill-Moe / Niflheim

PC平台游戏程序
158 stars 32 forks source link

Shiina Rio (Nukitashi support) #23

Closed MishaIac closed 2 years ago

MishaIac commented 2 years ago

Hi. I want to ask you, is it possible to add Nukitashi (https://vndb.org/v22899) support for Shiina Rio tools? I tried the latest version, which has Sorcery Joker support, but nothing works, although the engine version is the same (2500) and I know the keys. Maybe because I need Decode.bin and Extra.bin files and some kind of Seed? If so, unfortunately, I don't know what these files and Seed, and there are no instructions how to get them.

Here's what I know: Version=2500 Key1=0x90B989AF Key2=0x60BA6AB8 Key3=0x86B9E6B9 Key4=0xF3B999B9 Key5=0xF2B9BCA

RioShiinaImage, Region, EXE Nukitashi and sample WAR archives are in the zip archive: RioShiina_Nukitashi.zip

Thanks in advance.

Darkness-TX commented 2 years ago

RioShiina_Nukitashi.zip

Darkness-TX commented 2 years ago

According to different games, the extra_encrypt, Seed and Extra.bin are also different.

MishaIac commented 2 years ago

Wow, its works! Thank you very much! But the question still remains, how do I get extra_encrypt, Seed and Extra.bin? Or is there no easy way to explain it? I want to hack Nukitashi 2, too. Although, I haven't tested it yet, but could it be encrypted the same way as the first game?

Darkness-TX commented 2 years ago

Keys are also different. I will introduce a method of finding this information by observation and reasoning, which I think can cope with most situations. Decode.bin is not change in most cases. (I rarely deal with RioShiina engine, so I'm not sure). RioShiina.jpg and RioShiina2.png can be found in exe.But most of the time they are not change. RioShiina_Extra.png is not used in all v2.50 games. Nukitashi isn't use.

So, most of the time we must find the change of Key, Extra.bin and extra_decrypt() when this game is v2.50.

Darkness-TX commented 2 years ago

First of all, the simplest is to find the key. Search the ending of RioShiina2.png in exe,the keys are behind RioShiina2.png. So,the keys of Nukitashi 2 are: Key1=0x96BF8FA9 Key2=0x66BC6CBE Key3=0x80BFE0BF Key4=0xF5BF9FBF Key5=0x6CBFBAAE

QQ20211105-163828@2x
Darkness-TX commented 2 years ago

Next, the Extra.bin. Extra.bin is a part of the exe, so each game is different.

1.Find the size of Extra.bin. The game use RioShiina.jpg behind decrypt_helper4(), so we can search FileTimeToSystemTime().Then we can find the ImageSize of Image(line 612).

QQ20211105-164822@2x

In Nukitashi 2,ImageSize is 0xBA31. We know the size of RioShiina.jpg is 33484 bytes. So the size of Extra.bin is 0xBA31 - 33484 = 0x3793.

2.Dump Extra.bin. Search the ending of RioShiina.jpg in exe,the Extra.bin is behind RioShiina.jpg. Start from 0xDEFE6,and dump 0x3793 bytes. Yes,so easy.

QQ20211105-165013@2x
Darkness-TX commented 2 years ago

Finally, analysis extra_decrypt(),the hardest step. 1.Find extra_decrypt(). Search 0x202 or 0xFF82AD82 in the debugger, extra_decrypt() is under push 202.

QQ20211105-171233@2x

2.Analysis it! You can dump the encrypted file like me.Then analyze it step by step.

QQ20211105-171515@2x
MishaIac commented 2 years ago

I see. Maybe I can handle keys and Extra.bin, but I definitely can't handle extra_decrypt(), because, unfortunately, I don't know C and C++ very well, and assembler is even worse :( I thought it would be easier...

MishaIac commented 2 years ago

Anyway, thanks for the instructions! Maybe when I learn more C and assembler, I'll manage it, but not now. If you have already analyzed everything, is it possible to get tools for Nukitashi 2 too? I would be grateful.

Darkness-TX commented 2 years ago

A few hours for analysis, tired... NUKITASHI2.zip

MishaIac commented 2 years ago

Omg, thank you so much for your work! You are the best! The English version of Nukitashi should be out soon, and I hope they don't change the encryption, and if they do, I'll try to hack the game with your instructions. In any case, thanks and good luck :)

MishaIac commented 2 years ago

In the translation credits, we will be sure to mention you as the author of the tools. I hope you don't mind?

Darkness-TX commented 2 years ago

OK.I don't mind.

MishaIac commented 2 years ago

Ok. Thanks again.

wycstc353 commented 8 months ago

Hi. I want to ask you, is it possible to add Nukitashi (https://vndb.org/v22899) support for Shiina Rio tools? I tried the latest version, which has Sorcery Joker support, but nothing works, although the engine version is the same (2500) and I know the keys. Maybe because I need Decode.bin and Extra.bin files and some kind of Seed? If so, unfortunately, I don't know what these files and Seed, and there are no instructions how to get them.

Here's what I know: Version=2500 Key1=0x90B989AF Key2=0x60BA6AB8 Key3=0x86B9E6B9 Key4=0xF3B999B9 Key5=0xF2B9BCA

RioShiinaImage, Region, EXE Nukitashi and sample WAR archives are in the zip archive: RioShiina_Nukitashi.zip

Thanks in advance.

大大,最近想研究这个引擎了,但是不是软件不同啊,我 image 试了一下这个exe,看了一下,十六进制和大大的图不同哎,我是准备先试下这种已经确定能改的,为啥不同呢