Created
May 24, 2017 10:49
-
-
Save Qowyn/05a563a018a32fbcea5e4a0f05f9c1a1 to your computer and use it in GitHub Desktop.
Extracting the ARK version from the windows client
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package qowyn.ark.ave; | |
| import java.io.IOException; | |
| import java.nio.ByteBuffer; | |
| import java.nio.ByteOrder; | |
| import java.nio.channels.FileChannel; | |
| import java.nio.file.Path; | |
| import java.nio.file.Paths; | |
| /** | |
| * The thing we are searching for: | |
| * c705xxxxxxxx(high xxxx0000) | |
| * c705xxxxxxxx(low xxxx0000) | |
| * a801 | |
| * 751a | |
| * xxxxxx | |
| * xxxxxxxxxxxx | |
| * xxxxxxxxxx | |
| * xxxxxxxxxxxxxx | |
| * xxxxxxxxxx | |
| * xxxxxxxxxxxxxx | |
| * xxxxxxxxxxxxxx | |
| * 41b9(low xxxx0000) | |
| * 41b8(high xxxx0000) | |
| */ | |
| public class App | |
| { | |
| private static final int MIN_LENGTH = 10 + 10 + 2 + 2 + 3 + 6 + 5 + 7 + 5 + 7 + 7 + 6 + 6; | |
| public static void main( String[] args ) | |
| { | |
| if (args.length != 1) { | |
| System.exit(3); | |
| return; | |
| } | |
| Path pathToExe = Paths.get(args[0]); | |
| try (FileChannel channel = FileChannel.open(pathToExe)) { | |
| ByteBuffer buffer = ByteBuffer.allocate(0x1000000); | |
| channel.read(buffer); | |
| buffer.order(ByteOrder.LITTLE_ENDIAN).clear(); | |
| while (buffer.position() < buffer.capacity() - MIN_LENGTH) { | |
| short value = buffer.getShort(); | |
| if (value == (short)0x05c7) { | |
| // Found a potential match | |
| buffer.mark(); | |
| if (search(buffer)) { | |
| System.exit(0); | |
| return; | |
| } else { | |
| buffer.reset(); | |
| } | |
| } else if ((value & 0xFF00) == 0xc700) { | |
| // Don't skip potential matches | |
| buffer.position(buffer.position() - 1); | |
| } | |
| } | |
| System.exit(1); | |
| } catch (IOException e) { | |
| e.printStackTrace(); | |
| System.exit(2); | |
| } | |
| } | |
| private static boolean search(ByteBuffer buffer) { | |
| buffer.position(buffer.position() + 4); | |
| int high = buffer.getInt(); | |
| // this will fail with ARK version above 65535 | |
| if ((high & 0xFFFF0000) != 0) { | |
| return false; | |
| } | |
| if (buffer.getShort() != (short)0x05c7) { | |
| return false; | |
| } | |
| buffer.position(buffer.position() + 4); | |
| int low = buffer.getInt(); | |
| if (buffer.getInt() != 0x1a7501a8) { | |
| return false; | |
| } | |
| buffer.position(buffer.position() + 3 + 6 + 5 + 7 + 5 + 7 + 7); | |
| if (buffer.getShort() != (short)0xb941) { | |
| return false; | |
| } | |
| if (buffer.getInt() != low) { | |
| return false; | |
| } | |
| if (buffer.getShort() != (short)0xb841) { | |
| return false; | |
| } | |
| if (buffer.getInt() != high) { | |
| return false; | |
| } | |
| System.out.println(Integer.toString(high) + "." + Integer.toString(low)); | |
| return true; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment