Request support for mhrise demo pc version

dtlnor commented 2 years ago

when I do path search, it panic (WSL ubuntu)


0
100
200
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: Unknown frame descriptor', src/main.rs:653:49
stack backtrace:
   0: rust_begin_unwind
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:515:5
   1: core::panicking::panic_fmt
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/panicking.rs:92:14
   2: core::result::unwrap_failed
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/result.rs:1355:5
   3: core::result::Result<T,E>::unwrap
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/result.rs:1037:23
   4: mhrice::search_path::{{closure}}
             at /mnt/c/Users/dtlnor/Documents/GitHub/mhrice/src/main.rs:653:43
   5: core::ops::function::impls::<impl core::ops::function::FnMut<A> for &F>::call_mut
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/ops/function.rs:247:13
   6: core::iter::adapters::map::map_try_fold::{{closure}}
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/iter/adapters/map.rs:89:28
   7: core::iter::adapters::map::map_try_fold::{{closure}}
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/iter/adapters/map.rs:89:21
   8: core::iter::traits::iterator::Iterator::try_fold
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/iter/traits/iterator.rs:1972:21
   9: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::try_fold
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/iter/adapters/map.rs:115:9
  10: <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::try_fold
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/iter/adapters/map.rs:115:9
  11: <core::iter::adapters::fuse::Fuse<I> as core::iter::adapters::fuse::FuseImpl<I>>::try_fold
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/iter/adapters/fuse.rs:448:9
  12: <core::iter::adapters::fuse::Fuse<I> as core::iter::traits::iterator::Iterator>::try_fold
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/iter/adapters/fuse.rs:97:9
  13: <core::iter::adapters::flatten::FlattenCompat<I,U> as core::iter::traits::iterator::Iterator>::try_fold
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/iter/adapters/flatten.rs:316:16
  14: <core::iter::adapters::flatten::FlatMap<I,U,F> as core::iter::traits::iterator::Iterator>::try_fold
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/iter/adapters/flatten.rs:66:9
  15: <core::iter::adapters::take_while::TakeWhile<I,P> as core::iter::traits::iterator::Iterator>::try_fold
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/iter/adapters/take_while.rs:93:13
  16: <core::iter::adapters::take_while::TakeWhile<I,P> as core::iter::traits::iterator::Iterator>::fold
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/core/src/iter/adapters/take_while.rs:108:9
  17: <rayon::iter::fold::FoldFolder<C,ID,F> as rayon::iter::plumbing::Folder<T>>::consume_iter
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/fold.rs:158:20
  18: <rayon::iter::flat_map_iter::FlatMapIterFolder<C,F> as rayon::iter::plumbing::Folder<T>>::consume_iter
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/flat_map_iter.rs:136:20
  19: <rayon::iter::map::MapFolder<C,F> as rayon::iter::plumbing::Folder<T>>::consume_iter
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/map.rs:248:21
  20: rayon::iter::plumbing::Producer::fold_with
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:110:9
  21: rayon::iter::plumbing::bridge_producer_consumer::helper
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:438:13
  22: rayon::iter::plumbing::bridge_producer_consumer::helper::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:418:21
  23: rayon_core::join::join_context::call_a::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:124:17
  24: <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:347:9
  25: std::panicking::try::do_call
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:401:40
  26: __rust_try
  27: std::panicking::try
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:365:19
  28: std::panic::catch_unwind
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:434:14
  29: rayon_core::unwind::halt_unwinding
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/unwind.rs:17:5
  30: rayon_core::join::join_context::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:141:24
  31: rayon_core::registry::in_worker
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/registry.rs:875:13
  32: rayon_core::join::join_context
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:132:5
  33: rayon::iter::plumbing::bridge_producer_consumer::helper
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:416:47
  34: rayon::iter::plumbing::bridge_producer_consumer::helper::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:418:21
  35: rayon_core::join::join_context::call_a::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:124:17
  36: <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:347:9
  37: std::panicking::try::do_call
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:401:40
  38: __rust_try
  39: std::panicking::try
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:365:19
  40: std::panic::catch_unwind
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:434:14
  41: rayon_core::unwind::halt_unwinding
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/unwind.rs:17:5
  42: rayon_core::join::join_context::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:141:24
  43: rayon_core::registry::in_worker
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/registry.rs:875:13
  44: rayon_core::join::join_context
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:132:5
  45: rayon::iter::plumbing::bridge_producer_consumer::helper
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:416:47
  46: rayon::iter::plumbing::bridge_producer_consumer::helper::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:418:21
  47: rayon_core::join::join_context::call_a::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:124:17
  48: <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:347:9
  49: std::panicking::try::do_call
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:401:40
  50: __rust_try
  51: std::panicking::try
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:365:19
  52: std::panic::catch_unwind
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:434:14
  53: rayon_core::unwind::halt_unwinding
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/unwind.rs:17:5
  54: rayon_core::join::join_context::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:141:24
  55: rayon_core::registry::in_worker
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/registry.rs:875:13
  56: rayon_core::join::join_context
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:132:5
  57: rayon::iter::plumbing::bridge_producer_consumer::helper
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:416:47
  58: rayon::iter::plumbing::bridge_producer_consumer::helper::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:418:21
  59: rayon_core::join::join_context::call_a::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:124:17
  60: <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:347:9
  61: std::panicking::try::do_call
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:401:40
  62: __rust_try
  63: std::panicking::try
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:365:19
  64: std::panic::catch_unwind
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:434:14
  65: rayon_core::unwind::halt_unwinding
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/unwind.rs:17:5
  66: rayon_core::join::join_context::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:141:24
  67: rayon_core::registry::in_worker
             at 300/home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/registry.rs
:875:13
  68: rayon_core::join::join_context
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:132:5
  69: rayon::iter::plumbing::bridge_producer_consumer::helper
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:416:47
  70: rayon::iter::plumbing::bridge_producer_consumer::helper::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:418:21
  71: rayon_core::join::join_context::call_a::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:124:17
  72: <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:347:9
  73: std::panicking::try::do_call
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:401:40
  74: __rust_try
  75: std::panicking::try
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:365:19
  76: std::panic::catch_unwind
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:434:14
  77: rayon_core::unwind::halt_unwinding
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/unwind.rs:17:5
  78: rayon_core::join::join_context::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:141:24
  79: rayon_core::registry::in_worker
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/registry.rs:875:13
  80: rayon_core::join::join_context
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:132:5
  81: rayon::iter::plumbing::bridge_producer_consumer::helper
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:416:47
  82: rayon::iter::plumbing::bridge_producer_consumer::helper::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-1.5.1/src/iter/plumbing/mod.rs:418:21
  83: rayon_core::join::join_context::call_a::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:124:17
  84: <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:347:9
  85: std::panicking::try::do_call
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:401:40
  86: __rust_try
  87: std::panicking::try
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panicking.rs:365:19
  88: std::panic::catch_unwind
             at /rustc/a178d0322ce20e33eac124758e837cbd80a6f633/library/std/src/panic.rs:434:14
  89: rayon_core::unwind::halt_unwinding
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/unwind.rs:17:5
  90: rayon_core::join::join_context::{{closure}}
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:141:24
  91: rayon_core::registry::in_worker
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/registry.rs:875:13
  92: rayon_core::join::join_context
             at /home/dtlnor/.cargo/registry/src/github.com-1ecc6299db9ec823/rayon-core-1.9.1/src/join/mod.rs:132:5
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
400
500```

wwylele commented 2 years ago

Code to look at https://github.com/wwylele/mhrice/blob/8a162889ef22096628198a829308936295c62835/src/pak.rs#L144-L159

dtlnor commented 2 years ago

Code to look at

https://github.com/wwylele/mhrice/blob/8a162889ef22096628198a829308936295c62835/src/pak.rs#L144-L159

ummm, maybe because I'm not familiar to rust, I can't figure out why it report err and how to fix it. during the process, I got these err message:

thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: Unknown frame descriptor', src/main.rs:653:49
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: invalid block code', src/main.rs:653:49
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: invalid static size', src/main.rs:653:49
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: huffman tree too large', src/main.rs:653:49

For the pak format, it seems remain the same as switch version, 0 for uncompress, 1 for deflate, 2 for zstd

Edit: ah, I get what you mean now. I am trying to look at it

dtlnor commented 2 years ago

edit: there are some file has a special flag which casue ERR. Those file has a flag like 02 00 01 00 00 00 00 00, While other files are just fine to decode in deflate or zstd

index:2412, Offset:980358075, flag:02-01 
index:3777, Offset:980041051, flag:02-01 
index:4084, Offset:985410023, flag:02-01 
index:5189, Offset:985331799, flag:02-01 
index:7295, Offset:979554907, flag:02-01 
index:7874, Offset:979913915, flag:02-01 
index:9305, Offset:979843883, flag:02-01 
index:9320, Offset:980216971, flag:02-01 
index:9926, Offset:985285839, flag:01-01 
index:10739, Offset:985135007, flag:02-01 
index:10893, Offset:980072035, flag:02-01 
index:11833, Offset:980161787, flag:02-01 
index:12813, Offset:980185219, flag:02-01 
index:13474, Offset:979700355, flag:02-01 
index:14089, Offset:979759763, flag:02-01 
index:14836, Offset:979884467, flag:02-01 
index:15871, Offset:980405707, flag:02-01 
index:17621, Offset:985247919, flag:02-01 
index:17923, Offset:985056023, flag:02-01 
index:20715, Offset:979631731, flag:02-01 
index:20777, Offset:979579875, flag:02-01 
index:21134, Offset:985356767, flag:01-01 
index:21146, Offset:979612779, flag:02-01 
index:21456, Offset:979730187, flag:02-01 
index:22296, Offset:980001875, flag:02-01 
index:23793, Offset:985462135, flag:02-01 
index:23904, Offset:980103275, flag:02-01 
index:24150, Offset:980132083, flag:02-01 
index:24556, Offset:980335667, flag:02-01 
index:25116, Offset:979941827, flag:02-01 
index:27777, Offset:979786267, flag:02-01 
index:28275, Offset:979661307, flag:02-01 
index:28582, Offset:980287779, flag:02-01 
index:28987, Offset:980311979, flag:02-01 
index:30731, Offset:985269311, flag:01-01 
index:34248, Offset:980263323, flag:02-01 
index:34898, Offset:985438575, flag:02-01 
index:34947, Offset:985257655, flag:02-01 
index:36916, Offset:980240019, flag:02-01 
index:37388, Offset:985271367, flag:02-01 
index:37669, Offset:979970123, flag:02-01 
index:38773, Offset:1034348893, flag:01-01 
index:38845, Offset:985212199, flag:02-01 
index:38850, Offset:980381635, flag:02-01 
index:39769, Offset:979814179, flag:02-01

wwylele commented 2 years ago

This is either a variant of zstd, or a different compression method...

wwylele commented 2 years ago

So I am getting back to this. This actually looks more like a encryption layer...

Silvris commented 2 years ago

Just to keep you up to date with what we've found, this is almost definitely an encryption layer. The encrypted paks store their key using the same method (the 128 bytes following the table of contents becomes the 32 byte key). Once the files are decrypted, they're regular zstd (confirmed looking at it in memory).

Andoryuuta commented 2 years ago

To add to that: The 32-byte key (recovered from the 128bytes) is a SHA3 hash of the unencrypted TOC data.

Silvris commented 2 years ago

I believe the first initial function of it is at MonsterHunterRise.exe+2C638D0.

wwylele commented 2 years ago

Thank you for the information. Are you saying that the encryption key/algorithm for the individual files is the same as the one for the content table at the beginning of the pak file?

Silvris commented 2 years ago

No, the key for the pak file is stored in the same "obfuscated" format as the individual files (it takes 128 bytes and produces a 32 byte output from that somehow). So solving one will solve both.

wwylele commented 2 years ago

Oh I see. That's good to know. Are they also using the same algorithm (the decryption algorithm using a known key), though?

Silvris commented 2 years ago

The individual files are not encrypted, just "obfuscated" through this method. The resulting data from it is a valid zstd/deflate stream.

Andoryuuta commented 2 years ago

I kinda doubt you want a Windows only black-box dependency in mhrice, but I feel like I should mentioned that I've isolated the decryption functionality and have it building with masm on Windows, wrapped in a small DLL: https://github.com/Andoryuuta/MHRPakDecrypt

wwylele commented 2 years ago

haha, I was thinking about this kind of solution just now. Thank you for providing this.

wwylele commented 2 years ago

The CRYPTO_HASH_KEY_0 "01h, 00h, 01h" (0x10001) reminds me of the common RSA public key exponent. If this is RSA-like, the other CRYPTO_HASH_KEY_1 would be the modulus part of the public key. Could this be RSA algorithm?

wwylele commented 2 years ago

OK yep, this is a bare bone RSA. To recover the key, you just plug in your favorite big int library, and compute

key = pow(the_128_byte_after_TOC, CRYPTO_HASH_KEY_0) % CRYPTO_HASH_KEY_1;

wwylele commented 2 years ago

And as for individual sub files, the decryption procedure seems to be like

skip the first 8 bytes (this is a u64, representing the length after decryption, before decompression)
For each 0x80 bytes block, take a = first 0x40 bytes, b = second 0x40 bytes
compute d = b / (pow(a, e) % m). Here e and m are two byte sequences that can be dumped from the memory.
d will be an integer representable within 8 bytes. This is a piece of plain data
repeat for the next 0x80 block (Good job crapcom, you successfully inflated the file size by 16x for no good reason)

wwylele commented 2 years ago

Should be fixed in https://github.com/wwylele/mhrice/commit/9d927ad8044b512fdba45bc04240338304a43cfc . I will close this once I verify path searching works

wwylele / mhrice

Request support for mhrise demo pc version #13