Nanashi3

<3 Thanks for the hard work, you rock.

Does the following help? https://basicvntls.wordpress.com/koichoco-tools-and-file-info/

Each .ypf archive has characteristics linked to a specific YU-RIS engine version. Refer to thread below, which mentions dsp2003's animed tool to extract those archives.

Still OllyDBG 1, PPSSPP, IDA. Noteworthy: https://www.reddit.com/r/ReverseEngineering/comments/29rafa/breaking_spotify_drm_with_panda/ -- Uses a QEMU plugin called PANDA to record executed instructions and replay them. Apparently, the http://www.rrshare.org/ has shared captures including Win7 ones. IDA also has an x86 Bochs emulator, that may be useful for running small snippets, but I have no idea how to use it.

Hey there @krofna, Dunno if you're reading this. It seems ios::binary is missing in WriteUnpack(). It doesn't really matter for Unices, but the cross-compiled exe you provided writes extra \x0d bytes. Out, Nanashi3~

Yes indeed, the script merely dumps text and has no way to reconstruct. It is left as an exercise to the reader Unfortunately, I'm afraid my MIPS proficiency has rusted. delay slot etc. */me forgot it all* If you need a few pointers for PSP C+C, I gathered a few annotations when I browsed the eboot. Hopefully PPSSPP improved its debugging capabilities. Data symbols ptr_curSN 091D1700 g_nScripts 09A25CE0 ptrOpcode_ 09A41A70 << Instruction Pointer, should be useful for locating jumpsFunction symbols Lzss_decompress 08850F34 opcode_sub2b 088567D8 opcode_sub4b 08856854 OP00_0b 088568B0 OP01_var 088568E4 OP10 08857040 And the function table for opcodes seems to be .data:0888F164 Sorry I can't be of much help XO

Hey there Scorp, if you only need the script for extraction, I released a set of python 3 scripts for dumping sn.bin archives (tested on a handful of psp/ps3/x360 titles). https://github.com/mchubby/yetireg_tools I won't be around to help much, so if you need proper tools, you'd rather recruit someone to hack this. Greets and out, Nanashi3

Hi @ShinjiGR, LTNS.. Thanks to the hint of corpse party, the files in OBJSY.cpk have been identified as the "P2T" graphic file format. It is common for several 5pb-related games. Here are steps to view these images: 1/ Get the "Corpse_Party_BoS_translation_tools_RikuKH3.rar" by RikuKH3 @ http://gbx.ru/lofiversion/index.php/t101552.html (links @ bottom) 2/ Rename OBJSY.cpk child items: 00.P2T etc. up to 12.P2T 3/ Extract "Corpse_Party_BoS_translation_tools_RikuKH3\GRAPHICS\cpbos_image_batch_scripts\p2t\*" The extract batch may be modified as follows: @echo off for %%f in (*.P2T); do ( echo %%f & "!p2tpro.exe" d %%f ) 4/ Browse into the "03" subfolder. Extracted items should be 0.tm2 to 108.tm2 which are standard TIM 2 images. There are several ways to unpack them, I've packaged a convenient toolset for you: http://www44.zippyshare.com/v/Ma8lEkqJ/file.html NB: the russian tool is also able to repack, which you may find quite useful. Nanashi3, out~

I'm having a look but haven't advanced very much (sorry ^^; ) The PS2 architecture is a bit weird with its EE & IOP processors. Just for the heads up, the following commit in PCSX2 should be good news: 5905 gigaherz 2014-02-21 14:29:13 No build Initial debugger work by Kingcom. Features: - Advanced disassembly view for R5900 and R3000 - Register list with change highlight - Editable memory view - Conditional execute breakpoints (r5900 only) - Step over - Scan for functions (incomplete), show macros - Enable C++11 for debug tools. - Expression parser - Disasm updates for thread safety Squashed from: https://github.com/PCSX2/pcsx2/pull/1 Thanks to Kingcom for coding it all and mziab for Linux patches Indeed Kingcom has previously worked on debugger support on PPSSPP. Thanks a bunch, bro'! Keep going!!

Hi @Blue I don't know if it helps, but the UTF decryption is: public byte[] DecryptUTF(byte[] input) { byte[] result = new byte[input.Length]; int m, t; byte d; m = 0x0000655f; t = 0x00004115; for (int i = 0; i < input.Length; i++) { d = input[i]; d = (byte)(d ^ (byte)(m & 0xff)); result[i] = d; m *= t; } return result; } (borrowed from the CRIToolpack C# project I linked earlier). Normally, when you XOR a byte, applying the same operation twice reverts it to the original value. Therefore you would apply a "decryptutf" on the "cleartext" @UTF packet to obtain an encrypted one. Not sure if it works though, you may also try this one https://github.com/shinohane/cpktools.

Hello @Maddy Here are a couple of scripts to pull data out of DATA.BIN. I have no idea how DATA0.BIN is referenced. 1. Download and extract this archive on your PC: princess_nightmare_quickbms_scripts-2013-12-07.zip http://www.embedupload.com/?d=6UYFCBQODC 2. Download QuickBMS.zip from http://aluigi.altervista.org/quickbms.htm and extract it to the same folder. 3. Open a Command Prompt and cd to the extract dir 4. Enter the following command (replace H: with the letter of your DVD-ROM drive): quickbms.exe _princess_nightmare_extract_tag.bms H:\DATA\DATA.TAG Result: Script files are *.AS which is plain text *.PRS are compressed data, typically expanding into either *.TM2 (TIM2 playstation image) or *.TEX (collection of TIM2 images). You may extract a .PRS file using the second bundled bms script e.g. quickbms.exe _princess_nightmare_prs_unpacking.bms CHR041.PRS I haven't tried to differentiate output here (out of laziness), you will obtain "CHR041.PRS.unpacked" which should actually be renamed as "CHR041.TM2" Use the _convert_tm2.cmd batchfile to convert .TM2 files into pngs. It relies on the official GimConv tool for this and you may repack the other way with this same tool and an adequate set of commandline switches. Have fun!

Thanks for the file @MeruP, though it's a pity it is in py2exe form. At the moment, I'm trying to grab a working PCSX2 emulator for debugging. The decompression routine seems to be a fairly run-of-the-mill LZSS implementation (@.text:001062F8 in SLPM_660.83), 12+4 with big endian caveat (I posted a decompression script for Strapani earlier) however any output I got so far is garbage. Here's the archive if someone wants to have a look: http://www42.zippyshare.com/v/68633650/file.html Edit2: My bad!! I forgot to skip a value! Here is the script MF archive: Edit3: fixed bad dump http://www36.zippyshare.com/v/26734086/file.html

Iirc mirror moon did work on ps2 fate stay night realta nua to import voice files in their patch installer for pc fsn. Maybe they have tools that handle the format.

The header seems relatively trivial, DVD offset being aligned on 2048 (0x800) boundaries. struct TOCENTRY { u32le size; u32le offset; u32le compressed?; u32le usize?; // if compressed? is 0, same as .size } Files 0 and 1 (0x800 and 0x1000): those look like .MSH and .MSB files -- sound archive Files 2,3,4 (0x3800 0x6000 0x7000): lots of references to 0xAC44 (44100 Hz?) -- sound archives Files 5,6,7,8,9 (0x68000 0x874800 0xe39000 0x1af1800 0x3022000): MPEG1 videos (*.PSS?) File 10 (0xC736800): The largest entry (1,063,655,424 bytes) mono 44100Hz playstation 4-bit ADPCM -- voice archive File 11 (0x4BD98000): "MF" container (matryoshka effect) File 12 (0x4C536000): "UFFA" -- compressed script, but unknown algorithm. Closest guesses are quickbms' 12 289 291 307 (COMP_LZSS variants, COMP_SCUMMVM10) File 13 (0x4C6DC000): "MF" container -- system bitmaps?, given the size (61,155,744) File 14 (0x5012F000): "MF" container -- some more text files? File 15 (0x50BE4800): relatively large (517,210,112 bytes), mono 44100Hz playstation 4-bit ADPCM -- sound/BGM archive File 16 (0x6F924800): mono 44100Hz playstation 4-bit ADPCM -- sound/SFX archive File 17 (0x704D9000): "MF" container, quite large (638,108,226 bytes) -- game CGs probably

Can you post a screenshot of the first few bytes from that file in a hexadecimal editor?