Hacking Modifying Launcher.dat

[fierce waffle]

Has anyone attempted at modifying GW's Launcher.dat? I compared it in a hex editor to the R4i 3.0 version and there seems to be quite a few changes(more than what would be reasonable for just string changes. I'd be interested in seeing if anyone can figure out what type of encryption it implements.

 

[Saturosias]

Decrypted versions of Gateway's v1.0 and v1.1a surfaced, but they're still basically encrypted-by-obfuscation since most people don't know what the functions do.

 

[Kakkoii]

Has anyone attempted at modifying GW's Launcher.dat? I compared it in a hex editor to the R4i 3.0 version and there seems to be quite a few changes(more than what would be reasonable for just string changes. I'd be interested in seeing if anyone can figure out what type of encryption it implements.

Comparing the encrypted forms in a hex editor can't give you much indication about what changed. A few string changes can result in major changes to the encryption chain.

 

[fierce waffle]

Comparing the encrypted forms in a hex editor can't give you much indication about what changed. A few string changes can result in major changes to the encryption chain.

Im aware of that. I had assumed that only portions were encrypted since in the GW launcher it says something like "gateway launcher v2.0b blablabla

 

[Kakkoii]

Im aware of that. I had assumed that only portions were encrypted since in the GW launcher it says something like "gateway launcher v2.0b blablabla

Nah, headers usually aren't encrypted, and contain details about the encrypted portion, often CRC information, file type, sub-file count (if archive), etc,,, relevant info that's good for an app to know without having to decrypt the whole file (or often required to decrypt it)

 

[fierce waffle]

Nah, headers usually aren't encrypted, and contain details about the encrypted portion, often CRC information, file type, sub-file count (if archive), etc,,, relevant info that's good for an app to know without having to decrypt the whole file (or often required to decrypt it)

Except(if I remember correctly) it wasn't a header. It was located about 1/3 in.

 

[Roxas75]

They probably just jump over that string since it is decrypted fro the beginning, and once decrypted it doesn't mean anything.

 

[Kakkoii]

Except(if I remember correctly) it wasn't a header. It was located about 1/3 in.

Took a look at the file, it's just a watermark. It's placed in-between two different chunks of code, with a massive amount of empty data afterwards.

 

[hypertek]

i would love to see some emunand edits, different color background etc =)

 

[profi200]

If someone want's to fight with the obfuscation, then do it. I never would recommend any Launcher.dat above 1.0. They are bfuscated as hell.

And btw. first 0x9000 bytes are encrypted using AES-128-CBC. The encrypted ROP then decrypts itself completely during runtime. I don't post details here (and even not in a private message).

 

[Subtle Demise]

Why? What's wrong with pirating the pirates? Personally I'd wait until they release the fat32 ROM loading

 

[profi200]

I would not say pirating pirates is bad, but the result is bad --> even more piracy (in terms of game pirating).