If you own Mega Man Legtacy Collection 2, you might want to extract the games' assets (music, gallery, levels, movies, etc) for some reason. These assets are mostly in a ZIP archive named "disc", which can be opened with any application that can open ZIP achives. Anyone can browse the files in the archive, unfortunately the files themselves are encrypted.
For the first Mega Man Legacy Collection, the password can be found by disassembling the EXE file, or by watching the process memory while the game is running, as described here:
Get MMLC1 password using CheatEngine
Get MMLC1 password using disassembly
These methods cannot as easily be used on MMLC2, at least I am not successful. Fortunatelly though, on MMLC2, the ZIP file is encrypted using the method "ZipCrypto Store", which is old and effectively broken. To crack it, all we need is:
- 12 bytes of known decrypted plain text. Most PNG files have a 12 byte header, and this ZIP contains at least one PNG file! :)
So what we need to do is:
1. Create a 12 byte file containing the PNG header as known plaintext
2. Use bkcrack to crack the internal key of the ZIP archive
3. Use bkcrack to use the internal key to create an unlocked copy of the ZIP archive with a password of our choice
4. Use any ZIP software to extract the unlocked copy using our custom password
More detailed instructions can be found at Examples on how to crack using PNG header and on the readme on the bkcrack tool (same as above).
Limitations
- We don't get the actual password, only the internal key. This is enough to extract files from the archive, but I'm not sure if it allows us to change files in the archive. Maybe replacing the entire archive with an identical one without encryption would work? Have not done any experiments on this, depends completely on what checks the EXE does on the ZIP.
- Many of the internal files are compressed files with "LZS" extensions. (The ZIP archive is for encryption only, not compression). Decrypting these should not be a challenge, but I haven't tested it.
- Some of the games larger resources are in the "resources" folder. They may be encrypted movie files?
- The ZIP archive does not seem to contain any ROMs or other executables, only content, such as level data, fonts, music, graphics, videos, galleries etc. If ROMs or binaries are bundled in any way they are probably inside the EXE, like they were on MMLC1.
As far as I know, this cannot be used for piracy or anything else of that kind. Regardless, I am strongly opposed to piracy. Please support your game developers, mkay? :)
Inga kommentarer:
Skicka en kommentar