If you standing in front of typewriter machine and change Encryption or Platform to 0:None, then it will save your savefile without encrypting it.
I just tried saving with None encryption. See if you can load it.
I've already tried that before, but I gave your file a chance anyway.
Unfortunately, it didn't work, the same as the other ones.
So far, I've been only able to transfer whole folders, with "data00-1.bin" in them.
And it required me to set the Encryption to 0:None and patch the SteamID validation function to always return true, all that at game startup.
That's why I've started to investigate Lime logic.
I've analyzed the lime file structure and found or assume the following:
0x0 FILE HEADER
0x0=Filetype=>(DSSS)
0x4=Unknown
0x8=EncryptionType
0xC=Unknown
The segment below repeats until the whole data is packed into segments of 0x1220 length.
0x10 PUBLIC_KEY_BANK??? (4 blocks)
8 uint64 blocks to store a header (only 4 of them are occupied)
8 uint64 blocks to store a hash (a public key???) (only 5 of them are occupied)
0x210=ENCRYPTED SEGMENT OF DATA (0x1000 length)
0x1210=4 uint64 blocks of checksum
At the end of the file, there are 3 uint32 values which most likely are (or only some of them) a file checksum.
As of (1.0.0.5) Lime Decryption lives here "re4.exe+717CB60".
SteamID can be seen here: "re4.exe+717CAE2" in r11 where it gets moved to the memory to get obfuscated with NOT operation.
BTW I'm not a pro (but I'm not a noob either.), so tips and corrections from more advanced hackers are welcome.
I've analyzed the lime file structure and found or assume the following:
0x0 FILE HEADER
0x0=Filetype=>(DSSS)
0x4=Unknown
0x8=EncryptionType
0xC=Unknown
The segment below repeats until the whole data is packed into segments of 0x1220 length.
0x10 PUBLIC_KEY_BANK??? (4 blocks)
8 uint64 blocks to store a header (only 4 of them are occupied)
8 uint64 blocks to store a hash (a public key???) (only 5 of them are occupied)
0x210=ENCRYPTED SEGMENT OF DATA (0x1000 length)
0x1210=4 uint64 blocks of checksum
At the end of the file, there are 3 uint32 values which most likely are (or only some of them) a file checksum.
As of (1.0.0.5) Lime Decryption lives here "re4.exe+717CB60".
SteamID can be seen here: "re4.exe+717CAE2" in r11 where it gets moved to the memory to get obfuscated with NOT operation.
BTW I'm not a pro (but I'm not a noob either.), so tips and corrections from more advanced hackers are welcome.
I'm looking at the SteamID section with IDA, and I noticed there's a JB instruction above the MOV instruction you posted. What happens if you force that to JMP, would it load a static SteamID?
I'm looking at the SteamID section with IDA, and I noticed there's a JB instruction above the MOV instruction you posted. What happens if you force that to JMP, would it load a static SteamID?
I have a feeling this is virtualized code. None of it makes sense. NOT is even a fucking real instruction nor does opcode 0x41 even exist in the list of instructional opcodes. This might be Denuvo code...
I have a feeling this is virtualized code. None of it makes sense. NOT is even a fucking real instruction nor does opcode 0x41 even exist in the list of instructional opcodes. This might be Denuvo code...
I have the same feeling, but only about the code above the JB instruction. However, the decryption takes place below so screw it.
You can try to overwrite the SteamID shortly after you see the RE Engine logo, at the offset I've provided, with the one that was used during the encryption of the other's saved data, but it would be messy to resign all the saves this way (if at all possible).
Private keys (or something else, but they're being used in the encryption process) are stored here:
re4.exe+D390370
re4.exe+D390370+110
re4.exe+D390370+120
You can try to overwrite the SteamID shortly after you see the RE Engine logo, at the offset I've provided, with the one that was used during the encryption of the other's saved data, but it would be messy to resign all the saves this way (if at all possible).
I think a better solution would be to somehow disable the signing process entirely. Create some kind of universal save loader that works on everyone's machine, then create saves either from scratch, or somehow hot loading encrypted saves and then saving them as decrypted saves.
Any tables updated for the new update? The main table from here isn't working for me, or if it does it's only infinite ammo. Edit: Retried Gir's table to no avail from the beginning of the thread.
Any tables updated for the new update? The main table from here isn't working for me, or if it does it's only infinite ammo. Edit: Retried Gir's table to no avail from the beginning of the thread.
Any tables updated for the new update? The main table from here isn't working for me, or if it does it's only infinite ammo. Edit: Retried Gir's table to no avail from the beginning of the thread.
You're gonna have to be more specific.
Never mind, looks like I just have to start all the cheats from the main menu instead. Thanks for working on and keeping up this table Gir and everyone else.
Never mind, looks like I just have to start all the cheats from the main menu instead. Thanks for working on and keeping up this table Gir and everyone else.
That makes no sense. The code is the same at the menu and at runtime.
My first time making a Teleport Enemies or Vacuum cheat. best I can do with my limit knowledge of these type of cheat.
edit:
It pull enemies instead rather than teleport them. So if they are inside a house it will suck them into a wall. I have only test this around the Village section of the game.
