LST: Difference between revisions
No edit summary |
|||
Line 39: | Line 39: | ||
|4bytes || File size || | |4bytes || File size || | ||
|- | |- | ||
| | | 64Bytes || Filename || Some may be padding. | ||
|- | |||
| 4Bytes || Unknown || | |||
|} | |} | ||
Revision as of 07:47, 16 July 2014
Used in the following game(s):
- Conquering the Queen
- Cosplay Alien
- Edelweiss
- Guilty ~The SiN~
- Harem Party
- Harukoi Otome
- Koihime Musou
- Magical Teacher
- Sandwiched by my Wife and her Sister
- Sex Slave is a Classmate, My
- Shera, My Witch
- Slave Witch April
- Suck my dick or die!
Common File names:
- lcsebody
- lcsebody.lst
- SoundPackSE
- SoundPackSE.lst
Structure
Header | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Size | Content | Description | ||||||||||||
4Bytes | Number of Files | |||||||||||||
Index | ||||||||||||||
Size | Content | Description | ||||||||||||
4Bytes | Offset | |||||||||||||
4bytes | File size | |||||||||||||
64Bytes | Filename | Some may be padding. | ||||||||||||
4Bytes | Unknown |
Research
Most likely is index data for the extension-less file that accompanies this file with the same name. Index data, at the very least, looks obstructed....is that the right word? O.o I've been using that a lot but I feel like I have the wrong word.... Something like that word but with an F in it that means it hides, or masks the code? Obfuscation? :O
Using the game 'Conquering the Queen' for research.
File names found.
lcsebody -> NECEMEM.SNI (game engine complained about that when I couldn't find the *.LST file)
Engine details.
LC-ScriptEngine ver1.0
From watching file access to 'lcsebody.lst', it first reads from offset 0 with a length of 4. Then it reads the rest of the file in 76 byte chunks. This could suggest the first 4 bytes are file count and then the rest is file entries which would mean there is 598 files inside this games lcsebody. I do remember seeing 256 in one of the registers during the read loop so...Yup. Comparing a 4 byte int of 598 to the first 4 bytes in the file shows each byte has a 0x01 byte difference. Just something random... XD
Okay. Number of files.
- Moves the 4 bytes that were just read into EAX register.
- xor it by 01010101
- Puts it back in same memory location it first pulled it from
Index
- Still working on this... a lot of things to keep track of and interpreting the assembly instructions. But it seems it treats the numbers and characters different as in it loads a 4 byte number into a register then xor it with something, then puts it back. For the characters, it loads it one at a time a xor an 8-bit value then returns it. What it xor the value by may be different each time and chained together so it takes the last value to generate the next. Is this encryption? o.O Well, whatever it loads, it may just XOR by it 01010101 so either 1 byte for char, 4 bytes for a number. Need to check how it can tell if it is last char in string. Might just be 0x00.
Data
- Haven't checked yet. Could be protected as well by with a different method. Just noticed lots of 0x02's in it so that's a possibility unless that's just how the data is for that specific file. Sound archive though looks unprotected due to obvious OGG header seen so maybe I'm overthinking it and it's just the index that is protected...though it would make sense to have data archive protected and not sound archive... Hmm.
Other notes... I dread the day I have to start dealing with filenames inside an archive that are encoded in shift-jis. XD Programmer of that engine must be batshit crazy to take that over ANSI for filenames. lol... ; ;