Joined: February 19th, 2015, 8:04 pm Posts: 13 Location: Korea, Republic of
Title: Author to Cirnix
Before Start...
Firstable, my english so poor... Maybe there have some grammar error!
This guide will not use re-package. You must know how to use hex editor.
About Protection...
Spoiler:
SProtect
Download SProtect (Support drag and drop only) SProtect, made by T1. Public released, so you can use to free. Target of SProtect map is 'Masin2rpgTest0.4.w3x' i uploaded on google drive. if you try any map, try it.
SSProtect
Made by SSHacker. Private released, this was need to don't click me protection tool. so you can't get this tool on public. (even if it's me) Target of SSProtect map is 'S R N_RPG 0.6B.w3x' also uploaded on google drive.
Tool Required
Hex Editor (Important. Recommanded HxD) MPQ Helper (Important) Hex Edit Macro (I made it) (Important. If you don't want work manually) WINMPQ (Important. It will use to compact(or optimize) MPQ) Ladik's MPQ Editor (Optional. Only need to check completely deprotected) listfile (Optional. If you want recovery listfile) Windows Calculator
DragDrop Hash/Block table on 'MPQHelper.exe'. We must decryption Hash/Block Table. type 'dec', and input MPQ_HASH_FILE_KEY. (Must use correct key) then, program will create decrypted file.
Spoiler:
========== Step 4 ==========
Open decrypted hash table to Hex Edit Macro. You must modify 2steps.
DragDrop modified Hash/Block table on 'MPQHelper.exe'. We must re-encryption Hash/Block Table. type 'enc', and input MPQ_HASH_FILE_KEY. (Must use correct key) then, program will create re-encrypted file.
Spoiler:
========== Step 7 ==========
Open re-encrypted Hash/Block Table to Hex Editor. Copy to all hex in re-encrypted hash table. Go to End of map file, and Remember or record somewhere to offset. (1A7EB92) (I will it call this offset named 'Alter Hash Pos')
Spoiler:
Paste it. (Ctrl+V)
Copy to all hex in re-encrypted block table. Go to End of map file you modified, and remember again to offset. (1A82B92) (I will it call this offset named 'Alter Block Pos') Paste it.
========== Step 8 ==========
Return to map header. (Find a '4D 50 51 1A') Remark the header like this.
Spoiler:
After finished, save and close the Hex Editor. we are no longer use hex editor.
========== Step 9 ==========
Open map to WINMPQ. (Use to 'All files(*.*)') Execute compact(Ctrl+P), you should it.
After compact, you can see 'ladik's mpq editor' no longer display [Read-only].
Many things is same, i will skip same things. (i will write same things in spoiler.) Ps. Images are same by SProtect. i apoloze for about that.
========== Step 1 ==========
Same by SProtect. i will skip this part. Ps. Position of '4D 50 51 1A' is different to map by map(case by case).
Spoiler:
Open map to Hex Editor, Find(Ctrl+F) '4D 50 51 1A' by Hex-values. i added tooltip about MPQ Header.
========== Step 2 ==========
Open dialog 'Select block(Ctrl+E)'. Select Hash/Block Table. Ps. SSProtect recorded hash table size + 0x10000000 (like, XX XX XX 10) please ignore that value. (if, value is 00 08 00 10, then read it to 00 08 00 00)
Calculating Steps is here.
Spoiler:
Open Windows Calculator to Programmer mode. Change to Hex, DWORD. Start-offset = Header Pos + Hash/Block Pos Length = Hash/Block Size * 10
Pos and Size must read little-endian ex. 14 B4 E3 FF -> FF E3 B4 14 -> 0xFFE3B414
Copy to Hash Table, and save it. and copy to Block Table, save it too.
DragDrop Hash table on 'MPQHelper.exe'. We must decryption Hash Table. type 'dec', and input MPQ_HASH_FILE_KEY. (Must use correct key) then, program will create decrypted file. Ps. SSProtect didn't modified Block Table. So, we don't touch Block Table.
Spoiler:
========== Step 4 ==========
Open decrypted hash table to Hex Edit Macro. You must modify 2steps.
After modify and save, open decrypted hash table to Hex Editor. Open the Replace(Ctrl+R), and follow the this 2steps. (must replace all!)
Code:
Datatype: Hex-values Search direction: All -- Step 1 -- Search for: EE EE EE EE EE EE EE EE 00 00 00 00 FE FF FF 00 Replace with: FF FF FF FF FF FF FF FF FF FF FF FF FE FF FF FF
-- Step 2 -- Search for: EE EE EE EE EE EE EE EE 00 00 00 00 EE EE EE 00 Replace with: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
DragDrop modified Hash Table on 'MPQHelper.exe'. We must re-encryption Hash Table. type 'enc', and input MPQ_HASH_FILE_KEY. (Must use correct key) then, program will create re-encrypted file.
Spoiler:
========== Step 6 ==========
Return to map header. (Find a '4D 50 51 1A') Select 0x00000200 ~ Behind Map Header
Spoiler:
Delete it. You should it.
========== Step 7 ==========
Open re-encrypted Hash Table and Block Table to Hex Editor. Copy to all hex in re-encrypted hash table. Go to End of map file, and Remember or record somewhere to offset. (1FC420F) (I will it call this offset named 'Alter Hash Pos')
Spoiler:
Paste it. (Ctrl+V)
Copy to all hex in block table. Go to End of map file you modified, and remember again to offset. (1FCC20F) (I will it call this offset named 'Alter Block Pos') Paste it.
========== Step 8 ==========
Return to map header. (Find a '4D 50 51 1A') Remark the header like this.
Spoiler:
After finished, save and close the Hex Editor. we are no longer use hex editor.
========== Step 9 ==========
Open map to WINMPQ. (Use to 'All files(*.*)') Execute compact(Ctrl+P), you should it.
After compact, you can see 'ladik's mpq editor' no longer display [Read-only].
Spoiler:
If have any question, then reply me.
Last edited by BlacklightsC on June 26th, 2017, 8:40 pm, edited 5 times in total.
Joined: February 7th, 2013, 5:04 am Posts: 207
Title: Skid
Thanks you for sharing, especially for sharing your own tool. Hope it will make our "work" easier in the future, even though we don't like to mess with HEX.
Very good post the best I've seen until the moment I see that the lost files were solved no longer Thank you very much !!! My question is and I know I can be nice to do it but does this method work with any map?
If a question that I forgot to say when you say that your English is bad is that by the miracle of God DX speak Spanish? XD? Another thing when they say it completely unprotected, I hope that the triger of the abilities and everything else of it is not lost and is preserved
Hi I am trying to fallow this guide could anyone please provide a little bit more of a example for step 2 with screen shots or something for the calculating steps I am having issues understanding what I am supposed to be doing in this step, I am trying to deprotect the sprotect. thanks
Joined: February 7th, 2013, 5:04 am Posts: 207
Title: Skid
If you can't find Head Pos, Hash/block Pos, etc. There's screenshot of example in Step 1. Start-offset = Header Pos + Hash/Block Pos = Header Pos + Hash Pos, then do the same for Block Pos(Header Pos + Block Pos) And google little-endian, if you don't know what it is, even though there's already example of that.
Users browsing this forum: No registered users and 6 guests
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum