Decrunching protected RNC ProPack

[chip]

Hi guys

This is not essential actually, but just want to know if there's a solution

I found (for the first time) two RNC ProPack crunched data that NEED a key to be decrunched

I guess this is a sort of protection system

Is it possible to decrunch those anyway ?

Thanks in advance, chip

[jotd]

yes. Walker (psygnosis game) used that system. Where did you find this file?

You need an extra arg: the key. I think this can be bruteforced as it is 16 bit or 32 bit

Code:

; *** Decrunches a RNC type 1 file (Rob Northen Cruncher, header: RNC\01)
; *** and decrypts it
; *** Ripped from Walker game

; in: A0: crunched buffer start
; in: A1: destination (may be the same !!)
; in: D0: 16-32 bit key

RN contains a CRC that's why it can probably be bruteforced

[Agilent]

1. Grab the key from the game
2. Or; If I remember correctly, Gel Decruncher can decrunch it for you

[chip]

For jotd

The file comes from this disk

"Simpsons, The - Bart vs. The Space Mutants (1991)(Ocean)(Disk 1 of 2)(Intro)[cr Flashtro][t +24 Flashtro][!].adf"

It should contain a cracktro

I'm not able to "bruteforce" it

How i can do that ?

For Agilent

I'm not able to grab the key

Where i can find Gel decruncher ?

[Agilent]

Quote:

Originally Posted by chip

For jotd

The file comes from this disk

"Simpsons, The - Bart vs. The Space Mutants (1991)(Ocean)(Disk 1 of 2)(Intro)[cr Flashtro][t +24 Flashtro][!].adf"

It should contain a cracktro

I'm not able to "bruteforce" it

How i can do that ?

For Agilent

I'm not able to grab the key

Where i can find Gel decruncher ?

Its in The Zone for you now. Just copy "gel" to your HD and contents of the "libs" folder to your own "libs" on your HD.


Hope it can help you. And I remember correctly

[chip]

I will try it and let you know .... thanks !

[chip]

No, it crashes when trying to decrunch that file

I need to to a bruteforce decription, it seems

Problem is that i have no idea how to do that

[jotd]

since it's a cracktro the key is in the program somewhere. Sure it's RNC?

[chip]

xfdlist report "ProPack (RNC) Data"


About the key, i'm not an Assembly programmer


Not able to rip the key, and no intention to ask to others to do it


I just want to know if there's a "simple" way to brute force the data


In this moment i'm trying a little utility, but without success

[ross]

But in practice are you only interested in the two intro that are in the indicated ADF (extracted and as normal executables)?

Ok, into the Zone!

[chip]

Thanks ross


Yes, in practice i only need the cracktro, but for future cases i don't want always ask help


This is because i'm trying to find a solution

[ross]

Quote:

Originally Posted by chip

Thanks ross


Yes, in practice i only need the cracktro, but for future cases i don't want always ask help


This is because i'm trying to find a solution

Unfortunately this requires some knowledge.
Nothing too complicated but at least how to inspect the boot block (so to grasp a sector loader) and how to manage a decruncher at absolute addresses (ahh, and base 68k code comprehension!).
In fact I have no idea if you know how to do it but since you asked for help I guess not

The 'block of data' you found in the ADF is not a normal Amiga (HUNK) executable but one compressed (yes, ProPack) and unpacked/executed at fixed address.

Be careful: I have absolutely not checked whether the two intros tamper with the system or write in memory where they should not.
Being made for a game where there is not system return for sure the coders did not bother to preserve or allocate the memory (the fact that they are at absolute addresses makes you understand).
Anyway the first intro seems to be more system compliant.

Ciao

[chip]

Thanks ross for all these useful infos


Ciao

[AMIGASYSTEM]

@ross

A question ross: why the two files "intro.exe" once unpacked are no longer executable?

Una domanda ross: perchè i due file "intro.exe" una volta scompattati non sono più degli eseguibili?

[ross]

Quote:

Originally Posted by AMIGASYSTEM

@ross

A question ross: why the two files "intro.exe" once unpacked are no longer executable?

Una domanda ross: perchè i due file "intro.exe" una volta scompattati non sono più degli eseguibili?

Data extracted from ADF is actually code that need to be executed at fixed memory location (it's not a standard relocatable Amiga exe).

I've used a cruncher that unpack this data at these exact locations.
If you unpack it you have the initial raw data.

Ciao

[AMIGASYSTEM]

Thank you even though I understand very little
---------------
Grazie anche se ho capito ben poco

[jarre]

not even for this type of chruncer, but i'm looking for a decruncher under kick 1.3, had one called DEC, but can't find it anymore, who knows where to get it..??

[StingRay]

Quote:

Originally Posted by jarre

not even for this type of chruncer, but i'm looking for a decruncher under kick 1.3, had one called DEC, but can't find it anymore, who knows where to get it..??

That was probably "The Black Decruncher", I've attached it.

[jarre]

Quote:

Originally Posted by StingRay

That was probably "The Black Decruncher", I've attached it.

this is another one, but still a good one, when i started the one i wanna have, you need to type "read" enter and then the filename for the crunched file, if it is a known file, it will decrunch and give you information about where it decrunch and where it is jumping to, then you can choose if you wanna save that info into a txt file...???? any light............shit i can't remember the name of it..

[meynaf]

With xfd package is given HackProPack command that can brute force crack the 16-bit key of protected RNC data.