Skip to content

hdk5/MoeXCOM

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
BytesDecryptor
BytesDecryptor
 
 
.gitattributes
.gitattributes
 
 
README.md
README.md
 
 
il2cpp.cs
il2cpp.cs
 
 
il2cpp.h
il2cpp.h
 
 
il2cpp.json
il2cpp.json
 
 
il2cpp.py
il2cpp.py
 
 
libil2cpp.so
libil2cpp.so
 
 

Repository files navigation

Moe XCOM

Just my poorly organized thoughts and code snippets on reverse engineering Blue Archive

Any help is appreciated

Viewing/extracing Unity assets

i.e. com.nexon.bluearchive\files\PUB\Resource\Preload\Android\*.bundle

Use AssetStudio

Decompiling source code

It looks like no major scripting is used there, unlike with, for example, Azur Lane

All code is actually written in C# in Unity, and then compiled with IL2CPP into libil2cpp.so, so no way to extract IL or C# sources

Use Il2CppInspector to extract C# types and generate script to use with Ghidra SRE

Read this and this

Unpacking password-protected table bundles

See function TableService_LoadBytes

this_00 = (ZipInputStream *)thunk_FUN_0195f408(ZipInputStream__TypeInfo);
ZipInputStream__ctor(this_00,(Stream *)baseInputStream,(MethodInfo *)0x0);
local_4c = XXHashService_CalculateHash(pSVar2,(MethodInfo *)0x0);
pSVar2 = (String *)FUN_03dfd014(&local_4c,0);
if (this_00 != (ZipInputStream *)0x0) {
  this_00->password = pSVar2;

Take xxHash of zip-file name, use its decimal representation as a password

Reading unpacked above .bytes files

No solution here yet

See function TableEncryptionService_XOR

seed = XXHashService_CalculateHash(name,(MethodInfo *)0x0);
this = (MersenneTwister *)thunk_FUN_0195f408(MersenneTwister__TypeInfo);
MersenneTwister__ctor_1(this,seed,(MethodInfo *)0x0);
if ((bytes != (Byte__Array *)0x0) && (this != (MersenneTwister *)0x0)) {
  pBVar1 = MersenneTwister_NextBytes(this,*(int32_t *)&bytes->max_length,(MethodInfo *)0x0);
  if (0 < (int)bytes->max_length) {
    uVar4 = bytes->max_length & 0xffffffff;
    uVar3 = 0;
    do {
      if (uVar4 <= uVar3) {
LAB_02ae28d4:
        uVar2 = thunk_FUN_019574bc();
                  /* WARNING: Subroutine does not return */
        FUN_019a247c(uVar2,0);
      }
      if (pBVar1 == (Byte__Array *)0x0) goto LAB_02ae28e0;
      if (*(uint *)&pBVar1->max_length <= uVar3) goto LAB_02ae28d4;
      bytes->vector[uVar3] = pBVar1->vector[uVar3] ^ bytes->vector[uVar3];
      uVar3 = uVar3 + 1;
    } while ((long)uVar3 < (long)(int)uVar4);
  }
  return bytes;
}

Files are also encrypted with an OTP-XOR cipher.

The key is generated with a Mersenne Twister PRNG with a password as an initial seed.

The password for each file is case sensitive name of matching C# class

For example, for file academyfavorscheduleexceltable.bytes the password is AcademyFavorScheduleExcelTable

Need to find out what to do next with decrypted file

Find the code responsible for Korea/Elsewhere asset choices

i.e. Aris censorship

No solution here yet

Look into functions ScenarioData_TryGetBgNameExcel, ScenarioData_GetBGName_GlobalExcel

About

Reverse engineering Blue Archive

Topics

reverse-engineering blue-archive fuck-nexon

Resources

Readme
Activity

Stars

53 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages