This fragment is about to be reported (you'll remain on this page):
You can enter a comment to clarify the mistake if you would like to:
General overview of the game protection and some helpful files.
One of the readers of my visual novel hacking tutorial has asked me to check on the protection of «Kimi ga Aruji de Shitsuji ga Ore de» (君が主で執事が俺で). Here goes a brief technical overview and some handy files to help in the translation of this game for those who're interested.
Update: thanks to someone's comment it's now clear that Kimi uses an industrial cryptography which is the same both on its .nsa archives and nscript.dat. Here is located the tool for decrypting them – run it as
shdecrkansa.exe arc.nsa decoded.nsa and use any standard NSA extractor like NSAOut from Insani.
nscripter.dat can be decoded in a similar manner except that you'll need to use a hex editor to apply bitwise XOR by key 0x84 on each of the decoded file byte.
Kimi ga Aruji (Kimi for shortness from now on) is an NScripter-powered visual novel (English page on Insani.org) – this means all of its script data is contained in nscript.dat and resources like images and music – in different .nsa archives.
Unlike original NScripter Kimi uses symmetrical XOR encryption on its nscript.dat which is ridiculously complicated.
Below follows a list of code blocks of interest in the disassembled listing based on my game copy with the MD5 hash of きみある.exe being 3F76E89BB6FB8F4ADD5F532BE063875F (663552 bytes in size).
asmESI). I say partly because immediately after this the script initialization routine applies simple «wind XOR» on it with constant key 0x84 (loop at 0x00444530). Maybe it's default NScripter protection, who knows.
asmESI contains the script in plain text form. Note that there's a global Pointer variable at 0x5DC5D8 that must point to the decoded buffer – the script initialization subroutine sets it after allocating the buffer and it has the same value as
asmESI by the time it gains control back.
So how can this roublesome XOR-ring be worked around? I've decided to simply remove the protection code and replace it with simple reading of the raw nscript.dat provided it's unencrypted (it's easy to obtain by setting a break point after the last XOR loop – e.g. at 0x00444539 and then using a memory dumper like LordPE to save the buffer contents.
Nice feature of symmetric encryption is that you can encrypt the script back using the same approach – put raw nscript.dat, set a break point after the loop, dump the memory and you'll get the protected nscript.dat's contents which can be used with the original (unpatched) EXE file.
No more necessary – see the update on top of the article.
Hopefully now you feed ready to contribute to the community and translate the game. You need a decoded nscript.dat (download) and the unprotected きみある.exe (download). Drop both into the game install directory. Note that original きみある.exe won't run with the replaced nscript.dat and unprotected.exe won't run with the original nscript.dat.
The .dat file is a simple text file in Shift JIS encoding. Standard Windows Notepad is able to open and edit it successfully if your system works in Japanese locale – the only problem is line endings which are in Unix style (LF) instead of Windows (CR LF). For this reason if the script looks like a single long line when you open it in your text editor you need to convert line endings; there are two ways: