Blood Draw Labs in Phoenix
Files extractor and reimporter, archives and file formats parser, advanced tool for reverse engineers and power users, and much more.
- QuickBMS generic files extractor and reimporter 0.11 (quickbms)
universal script based files extractor and reimporter.
QuickBMS supports tons of games and file formats, archives, encryptions, compressions, obfuscations and other algorithms.QuickBMS uses a minimalistic GUI if the executable is double-clicked (launched normally) or from command-line if launched from the console, by using this second mode or a link to the executable it's possible to activate many useful and advanced options.
History:
the idea was born from the need of a simple and fast solution for handling the archives used by the majority of games without wasting time writing a stand-alone tool with tons of C code just for a basic file format.
so this tool has been created mainly for myself for creating my extractors quickly on the fly, and secondly for any other user who wants do the same without learning a real programming language.
the BMS language is basic, easy to use and exists from over 10 years, what I did was simply enhancing it for my personal requirements and making the life easier when handling complex archives and file formats.Features:
- open source and multiplatform, tested on Windows (even Win98) and GNU/Linux (x86 and PPC)
- works from both command-line and GUI (Windows only, just double-click on quickbms.exe)
- reimport and reimport2 modes for reinjecting the modified files back to the archives
- support for tons of encryption algorithms, even some proprietary ones
- support for tons of compression algorithms (over 700), even some proprietary ones
- support for tons of hashing algorithms
- support for other types of algorithms (like base64) and/or obfuscations (xor, rot and so on)
- support for calling DLLs and raw dumped functions with almost any known calling convention
- support for bits operation and switchable little/big endian
- simple and dynamic language that allows to make many operations reducing the percentage of archives and formats that can't be supported easily
- verbose option (-V) that displays all the needed details during reversing and testing of file formats
- HTML output (-H) that automatically applies colors and names to the fields parsed during the usage of the scripts: example for zip.bms on q3infoboom.zip
- possibility to use the tool as a blind scanner of compression, encryption and crc/checksum algorithms
- support for network sockets, SSL and http/https
- support for other alternative input/output interfaces like processes (included debugging and automatic breakpoint restoring), audio, video and Windows messages
- support for the visualization and creation of various types of data like x86 assembly, IP addresses, time_t, FILETIME, ClassID and more
- support for C-like structures and basic syntax for easy handling of file formats
- support for any command-line decompressor/decrypter/anything_else via the EXECUTE method (Comtype and Encryption commands)
- read and write operations
- quickbms_4gb_files.exe is a native 32bit program with all the variables set as 64bit useful in some situations
- planned future development that will cover more advanced features for reverse engineers and power users
- customizable CRC engine
- tons of scripts supporting hundreds of file formats and thousands of games
- experimental games localization (strings editing)
- creation of ISO images and ZIP archives as alternative outputs
- embedded C compiler to use C functions at runtime
- support for embedded Python and Lua scripts
- experimental IPC interfaces: named pipes, mailslot, web and dll
- support for the WCX packer plugins of Total Commander
Source Code / Linux:
- quickbms-src-VERSION.zip
the full source code of the tool, it's separated from the executables to reduce the size of the download and avoiding confusion to the users.
on Linux it's enough to go in the src folder and launch make.
- older versions use the quickbms-src-VERSION.zip name prototype and are available on aluigi.zenhax.com, example http://aluigi.zenhax.com/papers/quickbms-src-0.11.0.zip.
Documentation:
- quickbms.txt
the first 3 sections are intended for any user while the rest is ONLY for developers and advanced users who want to understand and write scripts for QuickBMS.
- quickbms_crc_engine.txt
How to use the CRC calculation engine embedded in QuickBMS for calculating custom checksums.
- userDefineLang.xml
BMS syntax highlighting for Notepad++ (update: 17 Jun 2021)
- a changelog.txt is available inside the package
Support, help, feedback and suggestions:
- ZenHAX forum
the official support forum for QuickBMS
Search magics and signs:
- BMS Search
search keywords inside my BMS scripts.
if you don't know the correct script, open your archive/file with a hex editor and check if there is a string (usually 4 bytes) at the beginning and insert it in the search form.
Feeds with the latest scripts:
- RSS
new and updated scripts
Special scripts for reverse engineering:
(do NOT use them if you don't know what you are doing!):
- QuickBMS comtype scanner 2: scanner of compression algorithms on a raw unknown compressed data file:
comtype_scan2.bms + comtype_scan2.bat (0.1.2)
How to use:- for a graphical step-by-step check this page
- dump the compressed data in a new file, maybe using a hex editor (you can call this file dump.dat)
- create a new folder (for example c:\output_folder)
- put comtype_scan2.bat, comtype_scan2.bms and quickbms.exe in the same folder
- from the command-line type:
- comtype_scan2.bat comtype_scan2.bms dump.dat c:\output_folder
if you already know the decompressed size (for example 0x112233), use:
- comtype_scan2.bat comtype_scan2.bms dump.dat c:\output_folder 0x112233
- comtype_scan2.bat comtype_scan2.bms dump.dat c:\output_folder
- during this process you must press CTRL-C when you see quickbms stalled/freezed for some seconds and answer N when Windows will ask you "Terminate batch job (Y/N)?"
- the whole process will take less than one minute
- go in the output folder and verify all the created file with a hex editor
- there are some tricks to make this work easier:
- search for an expected string with grep, for example if you expect a wav file use grep -rs RIFF c:\output_folder
- start the verification process from the biggest files
- remove the files that have a size smaller than the original file
- when you have identified the output file, search its number in the source file src\defs.h
- QuickBMS encryption scanner 0.2: scanner of the various encryption algorithms available using a key and an optional ivec on a raw data file:
encryption_scan.bms + encryption_scan.bat (0.2)
How to use:- The usage is the same as before, except for the optional size of the output file because there is no such parameter
- CRC scanner: scanner of various crc/checksum algorithms:
crc_scan.bms (0.1.2a)
How to use:- dump the data on which you want to calculate the checksum in a new file, maybe using a hex editor (you can call this file dump.dat)
- from the command-line type:
- quickbms crc_scan.bms dump.dat > crc.txt
- open the file crc.txt and search the checksum you were expecting and the relative settings to generate it, the result includes both the checksum and the same checksum with reversed endianess for easy search
- ZIP password scanner - zipcrypto:
zip_pwd_scan.bms (0.1.2)
How to use, if you want to take the zip password of a game:- unpack the game executable if it's packed/protected, you can also dump the process (for example using dumproc)
- run the strings tool over the executable redirecting the output to passwords_list.txt:
- strings game.exe > passwords_list.txt
- you can also use my Exestringz tool for scanning the executable and you can try two methods in case the first doesn't work:
- exestringz -q 1 game.exe passwords_list.txt
- exestringz -b -q 1 game.exe passwords_list.txt
- from the command-line type:
- quickbms zip_pwd_scan.bms gamefile.zip
- if it finds the password you will see a "password found" message
Compiled versions of QuickBMS:
- current / latest (Win32), it's the same link of the main download link
- current static executables for Linux (Ubuntu 32bit)
- current executables for MacOSX (El Capitan)
- 0.10.1 (old)
- 0.9.2 (old)
- 0.7.7 (very old)
- beta (next version)
Usage and examples:
- example of archive extraction in 5 steps
- example of blind compression algorithms guesser (comtype_scan)
Whole collection of scripts available on this page:
- quickbms_scripts.zip
A daily made ZIP archive containing ALL the scripts on this page. One link to rule them all!
QuickBMS is ever open to crazy ideas and suggestions so feel free to contact me with any feedback.
My scripts:
- 49Games (like RTL Skispringen, Ski Alpin series)
RTL Skispringen, Ski Alpin series - AR segs archives - Arc System Works (*.ar*/pac/pfd)
Sonic Unleashed, Battle Fantasia, BlazBlue, Arcana Heart 3, Persona 4 Arena (Ultimax) - Armageddon Riders Clutch, Insane 2 and possibly other Targem games (*.pak)
- Asura engine (*.asr/pc/en*)
Sniper Elite 1/2/3, Rogue Trooper, Guard Shield, NeverDead, other Rebellion's games - Black Rock Studios (*.ark)
Pure, Split Second / Velocity - Blitz Games (*.gcp)
FairlyOdd Parents: Breakin' Da Rules, Taz Wanted - Bundle Engine (*.bundle)
Tom Clancy's Ghost Recon Advanced Warfighter (PC version only, engine v6), Tom Clancy's Ghost Recon Advanced Warfighter 2 (PC version only, engine v7), Bionic Commando Rearmed, Bionic Commando, Wanted: Weapons of Fate, Terminator Salvation - C4 engine (*.pak)
World of Subways, City Bus Simulator, Lego Wolf3D, Quest of Persia: Lotfali Khan Zand, Vortex of Hostility - Condemned 2 for Xbox360 (*.Arch*)
use fear.bms for the PS3 version of the game - Biart 7 games (*.pack)
Deep Black, Depth Hunter - Electronic Arts BIG4/BIGF archives (*.big)
Fifa 12, Harry Potter, NBA Live and so on - Factor 5 games (*.dat)
Star Wars Rogue Leader II, Star Wars Rogue Squadron III - FAT2 and FAT3 archives (*.fat/dat)
Far Cry 3, Far Cry 4, Watch Dogs, The Crew - FEAR / FEAR2 / ARCH00 archives (*.arch*)
works also with Condemned 2 for PS3, Shadow of Mordor and other games. if you have an xbox360 game and this script doesn't work try using condemned2.bms - Frostbite engine archives TOC/SB
Battlefield 3, Need for Speed: The Run / Rivals, Dragon Age - FunLabs games (*.fun)
some Cabela's games, Revolution, Secret Service - In harm's Way, Shadow Force: Razor Unit, US Most Wanted: Nowhere To Hide, Delta OPS - Futuremark (*.dat)
3DMark series, Shattered Horizon, Death Rally - GameStudio (*.wrs)
A4/A5/A6/A7/A8 engine, Supercan, CSIS, Neck & Heart, Adventures of Ambages, Razor, Razor 2, Whistler & Aspen, C4 Robot, Kabus22, Neon, Bus/Bagger/Driving Simulator, Bad Rats - old Eurocom games (*.bin/000)
Spyro, Sphinx, G-Force, Ice Age: Dawn of the Dinosaurs, Pirates and so on - GIANTS Software GAR archives (*.gar) (script 0.3.3)
Farming Simulator 2009/2011/2013/2015, Demolition Company, Ski Region Simulator - GRAVITECH2 (*.flatdata)
Achtung Panzer - luac.mtasa.com Multi Theft Auto netc.dll DeobfuscateScript
- HOGG archives (*.hogg)
Neverwinter Online, Star Trek Online - ISI Gmotor engine MAS files (*.mas)
ACTC, rFactor, ARCA, BMW M3, Sports Cart GT, NASCAR SimRacing/Thunder, F1 Challenge, SimRaceway, Petrobras de Marcas - Slightly Mad Studios BFF archives (*.bff)
Need for Speed: Shift 1 and 2, Project Cars, Project Cars 2, Test Drive: Ferrari Racing Legends - Orchid games (*.pak)
Royal Trouble, Hearwild Solitaier series - PARC archives (*.par)
Yakuza 3, Binary Domain - PBO/XBO files (Packed Bohemia Object)
ArmA: Armed Assault / ArmA: Combat Operations, ArmA: Queen's Gambit, ARMA 2, VBS2 (Virtual Battlespace 2) - Petroglyph Games (*.meg)
End of Nations, Rise of Immortals - Rainbow Studios RES/PAK/XBR/PSR
MX Unleashed, Cars: Race-O-Rama XBR - rFactor 2 (*.MAS/RFCMP)
- RKV archives (*.rkv)
Blade Kitten, Game Room, Star Wars: The Clone Wars - Repulic Heroes - Sahmon Games (*.grp)
The Island Game, World Voyage, IncaBall, AstroAvenger, AstroAvenger 2 - Sandlot Games 0xacdc archives (*.data/zdata)
SuperGranny Winter Wonderland, MagicBall 4, WestWard, TradeWinds and so on - Sandlot Games BOO archives (*.boo)
SuperGranny 4, Kuros - Sandlot Games encrypted dat archives (*.dat)
CakeMania, CakeMania 2, CakeMania BacktoBackery - SCream engine (Simple Creation Engine for Adventure Makers) (*.res)
- SCS Software games (*.scs)
Euro Truck Simulator 2, Scania - 1C SFS archives (*.sfs)
IL-2 Sturmovik: Forgotten Battles / Pacific Fighters / 1946, Theatre of War, Theatre of War 2: Africa 1943 / Kursk 1943 - Simraceway SRW decrypter
use it with any file that has the SRW0000 signature, usually those available in Vehicles\SRW (dds, mas and so on).
Update 29 Jan 2013: you need to edit MYKEY for working on the current files.
Update 17 Mar 2013: take a look at these information - Specialbit Studio games (*.pak)
Haunted Hotel series, Island: The Lost Medallion - STALKER games (*.*db*)
S.T.A.L.K.E.R.: Shadow of Chernobyl, Clear Sky, Call of Pripyat - Team17 games (MOIK) (*.xom/bdl)
Worms series, Flockers - TBV archives (3D Ultra Publisher) (*.tbv)
3D Ultra Pool, 3D Ultra Pinball, The Return of The Incredible Machine Contraptions - Terminal Reality games (POD2 format)
4x4 Evolution, 4x4 Evolution 2, Nocturne - ThriXXX 3dsexgames (*.bxx/bxp/txx)
3d SexVilla, 3d SexVilla 2, Hentai 2 3d, 3d GoGo, Virtually Jenna, Virtually Jenna 2 - Traveller's Tales games DAT files extractor (*.dat/hdr) (ttgames.bms)
LEGO: The Movie, LEGO Batman 1 and 2, LEGO Star Wars I / III, LEGO Indiana Jones, LEGO Harry Potter, Transformers, LEGO Pirates of the Caribbean, LEGO Lord of the Rings and many other games - Video Strip Poker Supreme VSP->AVI (*.vsp,vs4,vid,others)
- Visionaire Player/Studio (*.vis)
Eko, Brick Wars, Deponia, Goodbye Deponia, Belladonna, Dark Eye and many others http://www.visionaire-studio.net - Vogat Interactive games (*.bin)
Gravely Silent: House of Deadlock, Columbus: Ghost of the Mystery Stone, Reincarnations: Uncover The Past, Elixir of Immortality, Reincarnations: Awakening, Shades of Death: Royal Blood - Yeti Engine YBIG (*.big)
Ghost Recon Online, Ghost Recon Phatoms - War Inc. Battle Zone r3dFS (*.bin)
WarZ/Infestation, DeadZ, StargateZ, SurvivalMMO, ApocalypseEnd, DevilZ, FightZ, InfestationMMO, WillYouSurvive, ForsakenZ, InfectionZ, InfectZ, StrongZ, Infestation Thailand and any other fan-made server and content - ZIP files (zip.bms)
complete and very useful even with special zip archives like those of Xbox 360 (Forza Motorsport) or those protected with strange passwords that can't be copy&pasted - ZIP files (alternative way)
get end of directory and parses central directory. currently this method is automatically implemented in the previous script - Xenesis File System (*.xfs)
Wolf Team and maybe other AeriaGames titles
search a keyword inside the BMS scripts available on this website (case insensitive).
useful if you know the magic or the signature of an archive or an encryption and compression type and so on:
external scripts:
- The old complete_scripts.txt of MultiEx available below, please note that they are NOT written by me and may be incomplete or wrong:
- ZenHAX forum
- scripts of AlphaTwentyThree
- scripts of AnonBaiter
- scripts of ps23dformat
- Total Commander packer plugins (*.WCX)
how to search a script:
- search the name of the game in the search field in the left menu
- search on google: "name of the game" site:zenhax.com
generic examples:
- GZIP files
- PKWare DCL (aka explode)
- LZMA files
- AES (ecb)
- Blowfish (ecb)
- DES (ecb)
- 3DES (ecb)
- RC4 / ARC4
- XTEA (ecb)
- CRC32
- CRC16
- network IP CRC16
- script used to create the winamp_3a.mid proof-of-concept
other example scripts relative to other stand-alone extractors already made by me in the Research page:
- 7?7M archives (another example of script)
- Big Scale Racing FS3/MP3 decoder
- QuakeLive PK3 decoder
- QuakeLive PK3 extractor (it's the conjunction between the above script and the ZIP one)
- raw to RIFF wav example
Source: https://aluigi.altervista.org/quickbms.htm
0 Response to "Blood Draw Labs in Phoenix"
Post a Comment