3.1 x86 - fails to decrypt .text section if byte count of data is not aligned to 16 bytes

[szlobipeti]

Issue encountered while trying to unpack Saboteur.exe from The Saboteur Steam version.

Issue location: Steamless.API.Crypto.AesHelper.cs line 157

cStream.Read throws an exception after reading the entirety of the .text section. Since the data in this section is not 16 bytes aligned for some reason, the decryption throws.

Manually setting the raw size of codeSectionData in Steamless.Unpacker.Variant31.x86.Main.cs line 407 to be aligned to 16 bytes (adding +1 while debug break) fixed the issue and the executable was correctly decrypted with no immediately obvious corruption resulting from the hacky fix.

[szlobipeti]

Upon closer inspection I am pretty sure that the last 16 bytes in the .text section did not decode correctly and were filled with seemingly random 0x10 bytes. I was able to manually fix this error using another .exe of the same game, but the naive solution of just extending the buffer will likely not suffice as a proper solution. That being said, as long as the game does not hit an execution where those last 16 bytes are relevant, the fix should work for other games that trip on this exception.

[atom0s]

Hello, can you please upload the game exe somewhere and link it here?

[szlobipeti]

Provided requested file in a private message on Discord.

[atom0s]

Thank you for the sample submission! This file has helped track down and fix a long-standing issue with the AES decryption handling for two of the unpackers. This file should now unpack properly using the latest update v3.1.0.5 (or newer).

https://github.com/atom0s/Steamless/releases/tag/v3.1.0.5