When you see only single line buf.xor , it means the game is using a simple xor enctyption and the key is 0xF7.
Most of the time, that company will use the same method and only changing the key (or even the same key).
Drag the game exe to KrkrzExtract.exe, and click "Begin Extraction", and starting the game.
You will see a krkrz_dump folder. When you run the game, whatever file the game read will show up here.
Click some menu or start playing until you can find some text file in krkrz_dump folder. For example .csv file or .tjs file.
Step 2
Delete or rename the "GameData\Formats.dat" file in "GARbro", this can make GARbro not try to decrypt the file.
Using GARbro to check all the xp3 file, until you find a file with the same name in krkrz_dump folder, and extract that file.
Step 3
Now you have a decrypted version of a file dump by KrkrzExtract, and a encrypted version by GARbro.
In this case, I have a file call "CA_XL.csv", let see the difference.
Open both file in hex editor HxD:
Decrypted:
Encrypted:
You will notice there are many comma in the csv file, and in the encrypted version that comma became a quote mark.
With xor encryption, that means the comma(Hex value 2C) with some kind of calculation, it transform to quote makr(Hex value 22).
That "some kind of calculation" is our key.
With the original data and the encrypted data, it is very simple to get the xor key.
In HxD, when you select the comma(2C), you can see the binary value of 2C is 00101100
And the binary value of quote mark(22) is 00100010.
Now open a notepad, and past both of the value inside.
2C__: 00100010
Key_:
22__: 00101100
By the XOR truth table, only different value is 1.
So for the first digit, both the source and target value is 0, means the key is 0.
For the first digit, the target value is 1, means it must be different to the source value 1, so the answer is 0.
By copying the base patch file from other game, you may have "patch.tjs" and "xp3filter.tjs".
Modify the "xp3filter.tjs" file, and change the key to what you get.
Prerequirement
Old game from the same company has patch, and look like this: xp3filter.tjs :
When you see only single line
buf.xor, it means the game is using a simple xor enctyption and the key is0xF7. Most of the time, that company will use the same method and only changing the key (or even the same key).Now, how can I know what the key was?
What you need
The ultimate extracter KrkrzExtract GARbro Free HEX editor HxD
Step 1
Drag the game exe to KrkrzExtract.exe, and click "Begin Extraction", and starting the game. You will see a krkrz_dump folder. When you run the game, whatever file the game read will show up here. Click some menu or start playing until you can find some text file in krkrz_dump folder. For example .csv file or .tjs file.
Step 2
Delete or rename the "GameData\Formats.dat" file in "GARbro", this can make GARbro not try to decrypt the file. Using GARbro to check all the xp3 file, until you find a file with the same name in krkrz_dump folder, and extract that file.
Step 3
Now you have a decrypted version of a file dump by KrkrzExtract, and a encrypted version by GARbro. In this case, I have a file call "CA_XL.csv", let see the difference. Open both file in hex editor HxD:
Decrypted:
Encrypted:
You will notice there are many comma in the csv file, and in the encrypted version that comma became a quote mark. With xor encryption, that means the comma(Hex value 2C) with some kind of calculation, it transform to quote makr(Hex value 22). That "some kind of calculation" is our key.
More detail about xor
Step 4: Calculate the key
With the original data and the encrypted data, it is very simple to get the xor key.
In HxD, when you select the comma(2C), you can see the binary value of 2C is 00101100
And the binary value of quote mark(22) is 00100010.
Now open a notepad, and past both of the value inside.
By the XOR truth table, only different value is 1. So for the first digit, both the source and target value is 0, means the key is 0. For the first digit, the target value is 1, means it must be different to the source value 1, so the answer is 0.
Repeat this process, you get all the key:
Using some binary to hex conversion tool to convert the key to hex format : https://www.rapidtables.com/convert/number/binary-to-hex.html
And now you get the key, 0xE
Step 5: Create a patch
By copying the base patch file from other game, you may have "patch.tjs" and "xp3filter.tjs". Modify the "xp3filter.tjs" file, and change the key to what you get.
Done. You should be able to run it on kirikiroid2