Suggestion

[Henry1887]

Would it be possible to add some kind of analyze feature to the website where u upload the Game_Data folder of the game and it checks all files if the Decryption Password is found in plain text?

I had made a python script that analyzes all files within a Folder searching for "ES3Defaults" and it logs out all hits. With this i could find the key for some games though for a few other games the decryption password in the files is "password" which can be invalid when the game doesnt use the ES3 Defaults for storing the password.

Heres the Script: https://pixeldrain.com/u/NPwPwrX6 And heres what the output looks like: (1. The Keyword my script looked for, 2: if this is present, afterwards should be the decryption password, 3: the decryption password)

[Henry1887]

I have also written a tool with this method: https://github.com/Henry1887/ES3KeyExtractor

[alextusinean]

It would be nice, I previously tried to automate the process of finding the key. For all the games I encountered, the key way either in the data.unity3d or the resources.assets (iirc) file depending on the Unity version I believe.

I'm trying to make as lightweight as possible all the tools I make. es3-editor runs entirely on the browser and I want to keep it that way, so I wouldn't go for "uploading" a whole folder containing all assets of the game but only what's necessary.

Feel free to provide here some games' data.unity3d/resources.assets files and their keys and I'll try to make something.

[Henry1887]

I have made a browser version of it: https://henrymlbb.me While you have to upload the whole apk or all assets its still pretty fast and reliable for (most) unity games on android and pc. Everything is processed locally in your own browser. I tested it with a 1.2GB apk file and it took 1.4 seconds to find the key.

[zeobviouslyfakeacc]

@Henry1887 That's an extremely cool idea!

I tried that on the resources.assets file from the game SULFUR, but unfortunately, it didn't work. I think your code runs into 2 issues, first it expects the default path to always be "SaveFile.es3" (SULFUR uses "Profile.es3"), and second it thinks that the length of the password, 32 bytes, is a printable character, so it would end up printing a single space character (0x20 -> 32) as the password.

The file you're reverse engineering is highly structured - perhaps you could have more success just skipping some fixed number of bytes to the start of the password string? 😄

Here's a screenshot of the ES3Defaults MonoBehavior from Unity Asset Bundle Extractor:

And the relevant section from resources.assets for good measure (zipped to please the GitHub gods): resources.assets-ES3Defaults.zip

Once you've found the literal "ES3Defaults" in the byte array (that name appears to be hardcoded in EasySave3.dll, so it should not change), you could move the current position to just after that string, and then:

• align the position to 4 bytes
• skip the next 4 bytes (_location)
• read the next 4 bytes -> pathLength
• skip the next pathLength bytes (path string)
• align to 4 bytes
• skip 8 bytes (encryptionType & compressionType)
• read the next 4 bytes -> encryptionPasswordLength
• read the next encryptionPasswordLength bytes -> encryptionPassword 🥳 🎉

@alextusinean Thanks for this awesome tool! In case this is of any use to you, the password for SULFUR (and the SULFUR demo) is h!9VLSj*cDyrR!WK^iBcN3dLooLrXq3m 😄