What's the strategy for decrypting save files?
What I've tried:
- Looking at the hex editor histogram (it's random, so it's encrypted)
- Extracting AES keys from the .exe
- Trying to decrypt with the AES keys with ECB
- Trying with CBC and the first 16 bytes as iv
I happen to have the decrypted version, which is given to me by someone with access to the key given by the game devs.
It's just a large JSON.
I was able to open the .pak file with the AES key I extracted, but so far no luck with the saved game file.
Encrypted UE5 save file
Re: Encrypted UE5 save file
if the save file is, like you say really encrypted and not just a memorydump the easiest way is to reverse engineer the application that saves and loads the savefile. While you can do that with CE i'd recommend using a proper reversering tool such as IDA, x64dbg or binary ninja, since having multitab support and being able to crossreference adresses on the makes reverse engineering bigger code segements alot easier.
Inside the application you would have to find the functions that encrypts on saving and decrypts on loading and either call those within the application or replicate their content in your own application. While this is all possible inside of CE i definately wouldn't do it wiht CE
Inside the application you would have to find the functions that encrypts on saving and decrypts on loading and either call those within the application or replicate their content in your own application. While this is all possible inside of CE i definately wouldn't do it wiht CE
Who is online
Users browsing this forum: No registered users