I was about to question why I even posted, looking for the delete button, and then the king himself replies.Īfter I finished writing an own PE dumper which gives a good base for IDA, I wanted to approach the RPF unpacking part. Is the NG encryption an official one or is it GTA specific? Is my assumption right that the sole reason for SHA1 hashes is to not publish the real keys? Have you tried the same and can give a hint on how to find the proper routines and key locations? I traced the dumped executable file for some unpacking routines which should have some reference to the location of the keys. I don't know why they search for these constants, but my guess is they can't publish the keys so they have to go this route.įor learning purposes, I obviously do not want to rely on magic constants. Now these code bases seem to have SHA1 hash constants which the executable file is searched for.
There are multiple code bases like which are based on.
I searched a bit for the RPF file format, read about it and eventually concluded it is encrypted with AES and something called NG. I would like to extract files from the RPF files with a self made tool because I want to learn what is involved in the process.
0 kommentar(er)
