Projects contain at least these three files:
- A
Publicdirectory, which contains image/sound assets - A
foo.lsprojfile, which is a JSON document containing basic project information - A
project.datafile, which is in an unknown binary format.
Projects with an icon assigned will also have an .ico file of their icon.
Good question!
There are no meaningful strings in the file, so it's probably compressed or encrypted in some manner.
Current bets for the file's structure are:
- Something entirely proprietary
- A compressed/encrypted document perhaps containing one of:
- Protobuf (Lens Studio has a Protobuf DLL)
- BSON (Ghidra picks up a C++ namespace for it)
- JSON/XML (simply because they're common)
The file tool on my Ubuntu installation doesn't know what it is, and binwalk found nothing useful.
If viewed in a hex editor, project.data files contain some strings which look almost like "key" and "default"
with a character or two difference. However, there are no other strings which appear to pertain to that particular
Lens Studio project.
Lens Studio is a C++ app which uses Qt. Ghidra seems to be pretty good at figuring out what's what for this binary.
Lens Studio.exe doesn't seem to be obfuscated in any way, and class names are sensible enough. For my purposes,
AbstractProjectWriter and AbstractProjectReader seem promising. One method of AbstractProjectReader invokes
a method on the BinaryDeserializer in the LookseryCore.dll library, which looks more important than
Lens Studio.exe at this point.
LookseryCore.dll has a plethora of interesting-sounding namespaces and appears to provide a lot of core
functionality to Lens Studio. (Looksery is an AR and image processing company owned by Snap Inc.) The
LS::Scenarium::Serialization namespace in particular sounds like what we're looking for, and houses
Binary(De)serializer classes. This library is relatively large (about 65MB); UPDATE WHEN GHIDRA DONE!