HenryEx

MH4U Save Decoding QuickBMS

Sep 10th, 2015
1,216
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Monster Hunter 4 Ultimate
  2. # Script to decrypt save file data
  3. #
  4. # Based on information from mhef by Seth VanHeulen
  5. # https://github.com/svanheulen/mhef
  6. #
  7. # Written by HenryEx
  8. #
  9. # script for QuickBMS http://quickbms.aluigi.org
  10.  
  11. ################################################
  12. # Preparations
  13.  
  14. print "Setup..."
  15.  
  16. # set up virtual memory file for save data
  17. math TMP = 0x13E00
  18. log MEMORY_FILE 0 0
  19. putvarchr MEMORY_FILE TMP 0 # improves the speed with pre-allocation
  20. log MEMORY_FILE 0 0 # reset the position and size of the file
  21.  
  22.  
  23. # Set up default values and keys
  24. get FILENAME filename 0
  25. get FILESIZE asize 0
  26. set FILESTART long 0
  27. set SAV_MH4U string "blowfish key iorajegqmrna4itjeangmb agmwgtobjteowhv9mope"
  28. set DLC_MH4U_EU string "AgK2DYheaCjyHGPB"
  29. set DLC_MH4U_JP string "AgK2DYheaCjyHGP8"
  30. set DLC_MH4U_KR string "AgK2DYheaOjyHGP8"
  31. set DLC_MH4U_TW string "Capcom123 "
  32. set KEY_MUL short 0xB0
  33. set KEY_MOD short 0xFF53
  34. set SUM long 0
  35.  
  36.  
  37. # get savedata in memory for decryption
  38. log MEMORY_FILE FILESTART FILESIZE 0 # MEMORY_FILE is encrypted save data
  39.  
  40.  
  41. ################################################
  42. # Decrypt save
  43.  
  44. print "Decrypting save"
  45.  
  46. print "-> Blowfish Decryption..."
  47. # decrypt via blowfish
  48. Encryption blowfish SAV_MH4U
  49. log MEMORY_FILE FILESTART FILESIZE MEMORY_FILE
  50. Encryption "" ""
  51.  
  52. print "-> XORing with save key..."
  53. # check if file looks properly decrypted & get save key
  54. get SIXTEEN short MEMORY_FILE
  55. get KEY short MEMORY_FILE
  56. math FILESTART + 4
  57. math FILESIZE - 4
  58.  
  59. if SIXTEEN != 16
  60. print "[!] Save key doesn't seem to be decrypted! Blowfish decryption may have failed! Exiting..."
  61. CleanExit
  62. endif
  63.  
  64. # advance key and XOR 16b block of the file with it
  65. xmath XORNUM "FILESIZE / 2"
  66. for i = 0 < XORNUM
  67. xmath POS "(i * 2) + FILESTART" # get current file position
  68. if KEY == 0
  69. math KEY = 1
  70. endif
  71. math KEY * KEY_MUL
  72. math KEY % KEY_MOD
  73.  
  74. getvarchr DATA MEMORY_FILE POS short
  75. math DATA u^ KEY
  76. putvarchr MEMORY_FILE POS DATA short
  77. next i
  78.  
  79. print "-> Comparing save checksum..."
  80. get CSUM long MEMORY_FILE
  81. math FILESTART + 4
  82. math FILESIZE - 4
  83.  
  84. for i = 0 < FILESIZE
  85. get SBYTE byte MEMORY_FILE
  86. math SUM + SBYTE
  87. next i
  88. math SUM u& 0xFFFFFFFF
  89.  
  90. if CSUM != SUM
  91. print "[!] Checksum mismatch! Save chksum: %CSUM% - Calculated chksum: %SUM%! Exiting..."
  92. CleanExit
  93. endif
  94.  
  95.  
  96. ################################################
  97. # Save files to disk
  98.  
  99. print "Exporting decrypted save to %FILENAME%"
  100. log FILENAME FILESTART FILESIZE MEMORY_FILE
  101.  
  102. CleanExit
RAW Paste Data