08-19-2018, 03:14 AM
Excellent research, puggsoy!!
In the end we figured it out — there are four Big Endian longs at the end of each file and they act as the decryption information. Here's shade.png's, for example (commentated):
0x2017: 00 00 00 00 // always 00 00 00 00
0x201B: 00 00 00 43 // how many bytes to XOR
0x201F: 00 00 28 23 // the XOR value itself (must subtract $800 first)
That's basically it. In this case, XOR the first $43 bytes with the value $00002023.
The files aren't encrypted, only their headers (usually just the first sixty-something bytes).
There are no IEND terminators, so if you really wanted standard-compliant files, the last thing you'd do after decryption was delete the last $C bytes and replace them with 00 00 00 00 49 45 4E 44 AE 42 60 82.
puggsoy is working on a BMS script so until then
In the end we figured it out — there are four Big Endian longs at the end of each file and they act as the decryption information. Here's shade.png's, for example (commentated):
0x2017: 00 00 00 00 // always 00 00 00 00
0x201B: 00 00 00 43 // how many bytes to XOR
0x201F: 00 00 28 23 // the XOR value itself (must subtract $800 first)
That's basically it. In this case, XOR the first $43 bytes with the value $00002023.
The files aren't encrypted, only their headers (usually just the first sixty-something bytes).
There are no IEND terminators, so if you really wanted standard-compliant files, the last thing you'd do after decryption was delete the last $C bytes and replace them with 00 00 00 00 49 45 4E 44 AE 42 60 82.
puggsoy is working on a BMS script so until then