Jump to content


Replying to January 22nd 2019


Post Options

    • Can't make it out? Click here to generate a new image

Attach Files

   Max. single file size: 16MB

  or Cancel


Topic Summary

GavinCMD

Posted 22 January 2019 - 06:10 PM

~~1/22/19~~

Ayo! I know its been a couple of days, I came down with a little something and I ended up being sick for a few days! Nevertheless I have some new info for you guys!

 

[when I refer to "we" I'm talking about me and a very helpful fellow called Tomsons26]

 

When looking at the .ast file in a hex editor, I was able to find a few interesting things

For one, things have changed a lot from the old .ast. (from what people told me zlib would not do the trick)

We were able to come up with 3 flags (Flags specify some format information, there's a flag for having filenames)

Then we had the InfoOffset (The offset where the file chuck is located)

InfoSize which is pretty self explanatory, (the size of that chunk)

But after that we couldn't determine what follows.

So at that point we just assumed that it had some sort of checksum on it (this being a EA checksum, so most likely having some sort of algorithm on it)

 

Using this info; we were able to confirm there being a second file in the .ast file stream. So now we have to figure out where the file starts. The header tells you how many files are in the container, then the info chunk offset and size tells you how far to skip from the header till you reach actual data.

 

Looking at the location of this chunk, you can see that it is toward the end of the file info. I'll assume that this means that there isn't that much data in the file. Which is when everything starts to come full circle, unfortunately. So this may mean that the info we found IS the only info contained in the .ast. So we may have to keep looking. BUT this also doesn't mean that EA doesn't have some sort of encryption on the file. So maaaayyybee just maaaayyybeee....

 

But hey! This just means that the .apt offset may just be a bit more prevalent.

 

Again, big thanks to Tomsons26 for helping me out with this info! I would probably still be trying to get another file to come out of the .ast, but at least we know that there are for sure ONLY 2 files. 

 


Review the complete topic (launches new window)