Monster Hunter Rise: Sunbreak save encryption

Nimer

New Member
OP
Newbie
Joined
Aug 17, 2007
Messages
4
Trophies
1
XP
37
Country
Poland
Hey guys!

I'm considering building Switch <=> PC save game transfer tool. Due to the fact that going through ASM code of really anything is a tedious work, I would love to ask you, my dear gbatemp hackers, if you're aware of anyone already in possession of a tool for Switch Monster Hunter Rise: Sunbreak decryption who would like to share?

Thanks in advance!
 
  • Like
Reactions: Architerra

HalfScoper

Well-Known Member
Member
Joined
Apr 16, 2021
Messages
548
Trophies
0
Age
84
XP
1,454
Country
Germany
Hey guys!

I'm considering building Switch <=> PC save game transfer tool. Due to the fact that going through ASM code of really anything is a tedious work, I would love to ask you, my dear gbatemp hackers, if you're aware of anyone already in possession of a tool for Switch Monster Hunter Rise: Sunbreak decryption who would like to share?

Thanks in advance!
I think you should get in touch with the people of the Cheats Hunter Discord if you are really invested.
 
  • Like
Reactions: Nimer

Nimer

New Member
OP
Newbie
Joined
Aug 17, 2007
Messages
4
Trophies
1
XP
37
Country
Poland
I think you should get in touch with the people of the Cheats Hunter Discord if you are really invested.
Thanks, I did reach out there.

In the past I got help here when I’ve been working on MH Portable 3rd translation tools and hoped for another stoke of luck 😅
 

unknowndatax

Well-Known Member
Newcomer
Joined
Jan 23, 2016
Messages
68
Trophies
0
Age
35
XP
1,256
Country
United States
Not sure how far you've gotten, but I just started looking into the PC version. From what I noticed, it reuses encryption from monster hunter world. Once the save is encrypted, it uses a murmur hash as verification.
 
Last edited by unknowndatax,

Setzer_

New Member
Newbie
Joined
Sep 26, 2022
Messages
3
Trophies
0
Location
pls no
XP
27
Country
United States
Not sure how far you've gotten, but I just started looking into the PC version. From what I noticed, it reuses encryption from monster hunter world. Once the save is encrypted, it uses a murmur hash as verification.

Could you expand on this? I've been looking at the encryption for the past couple days. I'm still a noob at reversing, so I've so far been able to dump the unencrypted save file memory buffer and identify the instruction where the encryption is happening.

Have you been able to find or do you know what encryption method is being used?
 

unknowndatax

Well-Known Member
Newcomer
Joined
Jan 23, 2016
Messages
68
Trophies
0
Age
35
XP
1,256
Country
United States
When I looked into it more a few weeks ago, it seems to be using a 128-bit block cipher. The developers call it XS if you look at their strings. At offset 0x08 in the save file, that will tell the game what type of encryption, if any, to use. If I remember correctly, 0 is for not encrypted, 2 is for blowfish, 4 is for XS, 8 is something for the switch. I currently don't have much time to work on the encryption, but I did manage to get the hashing. I put a link below to c# code.

Monster Hunter Rise Hash
 

Setzer_

New Member
Newbie
Joined
Sep 26, 2022
Messages
3
Trophies
0
Location
pls no
XP
27
Country
United States
Thank you! This is all great info. I'll check it out tomorrow. How were you able to recognize the user of blowfish vs XS? And I'll try to look at the strings as well. Do you know how you found that info about it being XS?

Thank you again! Sorry if that's too many questions.

I believe I was able to find the hashing function with the constants in the code you linked, so thanks once more. I haven't found this section of the code yet, so I'll have to see how it's used in game.
 
Last edited by Setzer_,

unknowndatax

Well-Known Member
Newcomer
Joined
Jan 23, 2016
Messages
68
Trophies
0
Age
35
XP
1,256
Country
United States
The Re engine is just a modified version of the Unity engine. If the metadata isn't protected, it makes reverse engineering a lot easier. All I did was look for method names to determine what they were using since the strings weren't protected. To verify blowfish and murmur hash, I just searched for constants and found them in the decryption method.
 
  • Like
Reactions: Setzer_

Setzer_

New Member
Newbie
Joined
Sep 26, 2022
Messages
3
Trophies
0
Location
pls no
XP
27
Country
United States
Thank you again. I'll try to look into the strings. I think I neglected those because Ghidra doesn't have a way to easily search for UTF-16 strings.

When you say you search for constants, how are you doing that/what are you looking for? Currently I've been using Cheat Engine + Ghidra. Is there another more effective tool I can be using?

Again, sorry for the questions. Like I said, I'm pretty new at this and still trying to find my footing (what to use, where to look for answers, etc.)

Edit: Already finding some possibly useful stuff with string searching! :) I found out how to do a proper string search in Ghidra and I'm finding mentions of blowfish and XS like you mentioned. Still not sure about how to effectively look for constants, but maybe I'll get there 😅
 
Last edited by Setzer_,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • Veho @ Veho:
    The fuuuuu---
  • Veho @ Veho:
    I thought it was an actual xBox at that price.
  • Sicklyboy @ Sicklyboy:
    I wanna grab a 360 Slim and a 360 E one of these days. Missed the boat of getting them at their lowest though, once they were discontinued. Could've got them for cheap back when I was a broke 20 something working at Target, but then again, I was a broke 20 something working at Target
  • Veho @ Veho:
    Being broke is no fun.
  • K3Nv2 @ K3Nv2:
    @Sicklyboy, $150 isn't that bad for a jtag slim on ebay
  • Veho @ Veho:
    I only wish it was actually playable.
  • Veho @ Veho:
    There's a guy on the Tube of You that makes playable mechanical arcade games out of Lego. This could work on the same principle.
  • Veho @ Veho:
    Just a couple of guys taking their manatee out for some fresh air, why you have to molest them?
  • Veho @ Veho:
    Stupid Chinese shop switched their shipping company and this one is slooooooow.
  • LeoTCK @ LeoTCK:
    STOP BUYING CHINESE CRAP THEN
  • LeoTCK @ LeoTCK:
    SUPPORT LOCAL PRODUCTS, MAKE REVOLUTION
  • LeoTCK @ LeoTCK:
    THEY KEEP REMOVING LOCAL SHIt AND REPLACING WItH INFERIOR CHINESE CRAP
  • LeoTCK @ LeoTCK:
    THATS WHY MY PARTNER CANT GET A GOOTWEAR HIS SIZE ANYMORE
  • LeoTCK @ LeoTCK:
    HE HAS BIG FOOT AND BIG DUCK
  • LeoTCK @ LeoTCK:
    d*ck i mean*
  • LeoTCK @ LeoTCK:
    lol
  • Veho @ Veho:
    Mkay.
  • Veho @ Veho:
    I just ordered another package from China just to spite you.
  • SylverReZ @ SylverReZ:
    Leo could not withstand communism.
  • SylverReZ @ SylverReZ:
    Its OUR products to begin with lol.
  • The Real Jdbye @ The Real Jdbye:
    @LeoTCK actually good quality products are dying out because they can't compete with dropshipped chinese crap
    The Real Jdbye @ The Real Jdbye: @LeoTCK actually good quality products are dying out because they can't compete with dropshipped...