SSBB Snapshot files. We need to crack em!

[GTCoder]

Cleaning up code. I added a better memory allocation method, and set a larger initial buffer.

This is very close to matching what segher said. At the beginning of the file there are bytes "01 90 3C" (and then again, backwards), which he thought were the length of the uncompressed data. Now that this padding is doing its thing, the JPG just about IS that length. To save space, I'm going to make my program cut the file off after FFD9, though. No sense including 50k of 0's.

Also, if you're curious, there's something in the .out files at 0x0D in that tells (3 bytes) the length of the compressed data, or something close to it.

 

[GTCoder]

Thanks for all the effort you and fellow boarders put in !!
I can only help by posting screenshots
here they are:
(Hope I didn't get them mixed up)

Complete black (from 75m)
Sticker

Thanks. The black works perfectly. I'm sorry, what I meant was I wanted as white an image as possible, and someone said there was a white sticker base/background they used to get a white picture. Anyway, it'll probably work...I feel basically certain that Ondo nailed the last problem, and I'm finishing up a new version now.

 

[RupeeClock]

Well, It seems someone figured it out. (maybe?) :

"An amazing new tool has been created for use with Super Smash Brothers Brawl on Windows PCs, it allows you to decrypt files from your SD card.

It's called the SSBB Screenshot decrypter.
Thanks to recent exploits found in the wii, it's been found that the .bin files are actually encrypted jpeg files!
Using this tool, you can take your snapshots and make pictures, isn't that wonderful?

http://www.4colorrebellion.com/arch...t-mercy-me-i-do-believe-im-gettin-the-vapors/
http://rs217.rapidshare.com/files/95587164/bin2jpg.zip

The program is dead easy to use, put the .bin files in the same folder as the program files, and simply run the "bin2jpgall.bat"

I've taken a number of screenshots already! It's fantastic!

http://img141.imageshack.us/img141/8193/al08022900292binoutgb1.jpg
http://img141.imageshack.us/img141/6901/al0802290026binoutae3.jpg
http://img141.imageshack.us/img141/7016/al08022900351binoutph7.jpg
http://img141.imageshack.us/img141/1984/al0802290023binoutbj4.jpg
http://img141.imageshack.us/img141/9930/al08022900201binoutgu7.jpg
http://img505.imageshack.us/img505/6010/al08022301457binoutvi2.jpg
http://img505.imageshack.us/img505/2056/al08022301453binoutlm2.jpg
http://img505.imageshack.us/img505/3277/al08021615361binoutla2.jpg
http://img442.imageshack.us/img442/188/al0802161530binoutib0.jpg "


-Credit goes to mtpfreak from GameFAQS

Ah, you saw that?

I happen to be mtpfreak at GameFAQs, it's an OLLLLD username,

 

[Ondo]

You, sir, are BRILLIANT. I can't thank you enough!

Your very welcome. And thank you! I couldn't have done anything without your help.

So I'm now ready to start in on stages, which has been my goal all along. If anyone wants to help, any stages you could post would be appreciated, especially if you can accurately describe the whole thing (particularly stuff that's not easy to tell from the 160x120 thumbnail), and especially pairs of stages that only differ in one thing (name, comment, music, one piece flipped horizontally, one piece enlarged, one piece switched for another, etc.)

I've got holizz's five stages and one from Mic_128 I'll be looking at more closely tomorrow.

This is very close to matching what segher said. At the beginning of the file there are bytes "01 90 3C" (and then again, backwards), which he thought were the length of the uncompressed data. Now that this padding is doing its thing, the JPG just about IS that length. To save space, I'm going to make my program cut the file off after FFD9, though. No sense including 50k of 0's.

Yeah, I noticed those numbers looked like they were for uncompressed data. Right by the first set is, I believe, the length of the compressed data, not including the 16 byte header. I'm pretty sure you could use that to trim some padding off the back, though obviously only a tiny fraction of the amount that you can get by cutting after the FFD9.

 

[GTCoder]

I'll also work on stages next, though I'll be gone for part of Saturday and Sunday. (plus I want to finish up a better version of this program with a minimal GUI for Windows, probably)

You mentioned the thumbnail...did you get it to decompress successfully, then? Where did you start your LZSS decompression from?

 

[2L84U]

Thanks. The black works perfectly. I'm sorry, what I meant was I wanted as white an image as possible, and someone said there was a white sticker base/background they used to get a white picture. Anyway, it'll probably work...I feel basically certain that Ondo nailed the last problem, and I'm finishing up a new version now.

I originally got one that seemed to be white
(maybe gray, taken from the background of Warioware)

But it happened to work on you decoder. I didn't bother you waste your precious time converting something convertable would be pointless, right ?

good luck

 

[GTCoder]

OKAY. If the original poster could modify the thread parent, it might be helpful. Here's the program version that should work with all snapshots:

Download link

It includes the source code to the out2jpg program if anyone is interested.

Hopefully if I'm not dead from lack of sleep, I'll make a simple website with the link, and FAQ information, so people can just go to one place to find info instead of scrolling through a thread. Have fun!

Stuff I plan to do next:
* It automatically detects widescreen images. I need to either call another program or include code (can be open-source I suppose) to scale/shrink widescreen images, if the user wants that to happen.
* Very simple GUI, i.e. message box that pops up to select a file to convert.
* Maybe some sort of simple anti-aliasing/blurring/filtering/whatever to make it less jaggy, IF the user wants that filtering to happen.
* Look at stages. Ondo's already on this, and he mentioned some things that would be helpful. An empty stage, a very small stage, a very small stage with one block in it...stuff like that can be useful.

 

[GTCoder]

I originally got one that seemed to be white
(maybe gray, taken from the background of Warioware)

But it happened to work on you decoder. I didn't bother you waste your precious time converting something convertable would be pointless, right ?

good luck

I think they converted correctly. Thanks for the help!

 

[2L84U]

I think they converted correctly. Thanks for the help!

Wow finally DONE !!!!!

A perfect conversion.

PS: I've editted my post in the first page in case the OP is not updated.

 

[Wiwiweb]

Well, great GTCoder, I'm glad you finally made it. Now onto stages !

Like I did with images, I made several example stages. There are pairs of stages with only one difference between them (like the name, music, etc...). I should create a new topic about stage files and post them here.

 

[Heinermann]

Hmm, well it seems the stage previews are just straight-up JPG files.

Previoursly posted st.zip: http://www.mediafire.com/?urmhxgtdj53

 

[Indignant]

OKAY. If the original poster could modify the thread parent, it might be helpful. Here's the program version that should work with all snapshots:

Download link

It includes the source code to the out2jpg program if anyone is interested.

Hopefully if I'm not dead from lack of sleep, I'll make a simple website with the link, and FAQ information, so people can just go to one place to find info instead of scrolling through a thread. Have fun!

Stuff I plan to do next:
* It automatically detects widescreen images. I need to either call another program or include code (can be open-source I suppose) to scale/shrink widescreen images, if the user wants that to happen.
* Very simple GUI, i.e. message box that pops up to select a file to convert.
* Maybe some sort of simple anti-aliasing/blurring/filtering/whatever to make it less jaggy, IF the user wants that filtering to happen.
* Look at stages. Ondo's already on this, and he mentioned some things that would be helpful. An empty stage, a very small stage, a very small stage with one block in it...stuff like that can be useful.

Hey, you might want to make a new thread for this...That way, you have control of the first post. Thanks for all the work!

 

[RupeeClock]

OKAY. If the original poster could modify the thread parent, it might be helpful. Here's the program version that should work with all snapshots:

Download link

It includes the source code to the out2jpg program if anyone is interested.

Hopefully if I'm not dead from lack of sleep, I'll make a simple website with the link, and FAQ information, so people can just go to one place to find info instead of scrolling through a thread. Have fun!

Stuff I plan to do next:
* It automatically detects widescreen images. I need to either call another program or include code (can be open-source I suppose) to scale/shrink widescreen images, if the user wants that to happen.
* Very simple GUI, i.e. message box that pops up to select a file to convert.
* Maybe some sort of simple anti-aliasing/blurring/filtering/whatever to make it less jaggy, IF the user wants that filtering to happen.
* Look at stages. Ondo's already on this, and he mentioned some things that would be helpful. An empty stage, a very small stage, a very small stage with one block in it...stuff like that can be useful.

Superb, those broken images I posted earlier are all fixed now.

Nicely done!

 

[JOBU]

For widescreen shots, what resolution do I stretch them out to, to look right?

Thanks so much btw, this tool is amazing.

 

[2L84U]

For widescreen shots, what resolution do I stretch them out to, to look right?

Thanks so much btw, this tool is amazing.

either lower height to 640x360
or raise the width to 853x480

 

[holizz]

Stages? http://holizz.googlepages.com/stage_corpus.zip

One stage (with minimum number of blocks allowed - 4), and 13 copies that differ in one small way.

The only thing I didn't bother with was different types of blocks, in different orientations, or resized. It's all the basic square block. I'll do different blocks some other time perhaps.

 

[Heinermann]

Thanks. Well apparently the blocks are stored 4 bytes each. One byte contains the X and Y, while the other three contain the block type. Though I may be wrong(possible X/Y could be bit-wise stretching into byte 2). The final two bytes do however determine the block type, which I can't find any reference for in the SSBB executable or resource files. I'll look at the newly posted stages a bit later.

BTW does anyone have an idea how many different types of blocks there are?

Also, so far, I understand we can overlap tiles, possible place them exactly on top of each other(if Brawl doesn't have any post-stage verification).


Can a re-encryptor be written for testing purposes?

Comments don't appear to be stored in Stage files...?

 

[CuecaX]

maybe you could make a image conversor to a lossless format?? like png?

 

[Wiwiweb]

Here is my contribution to stages :
The download link

These stages are in grouped by 2 or 3. Every stage in a group only differ by a single thing, like the music, the name, the comment, the background. This way you'll be able to see which part of the file are these "meta-infos".

By the way, if we find how the music is stored for a stage, and we manage to change that music, do you think we'll be able to play the missing tracks (if these missing tracks are really music, and not garbage) ?

 

[yampeku]

Nice piece of work!!

 

[GTCoder]

Whoa, sounds like you're already nearly done. Ondo, you have any input on this?

Thanks. Well apparently the blocks are stored 4 bytes each. One byte contains the X and Y, while the other three contain the block type. Though I may be wrong(possible X/Y could be bit-wise stretching into byte 2). The final two bytes do however determine the block type, which I can't find any reference for in the SSBB executable or resource files. I'll look at the newly posted stages a bit later.

BTW does anyone have an idea how many different types of blocks there are?

Also, so far, I understand we can overlap tiles, possible place them exactly on top of each other(if Brawl doesn't have any post-stage verification).


Can a re-encryptor be written for testing purposes?

Comments don't appear to be stored in Stage files...?

 

[Kirby King]

Since there's no Mac/Linux binary (yet?), would anyone mind posting some decrypted stage files so we (those of us without Windows) can see what they look like?

 

[WVI]

# RGB 8-Bit
# ARGB 8-Bit
# RRRGGGBBB 8-Bit (Which means all red bytes together... et cetera)
# AAARRRGGGBBB 8-Bit (look above)

This makes me laugh. It looks like you're getting more frustrated the more you keep having to try.

"So then I tried it in YAAARRRRRGHBLE format."

 

[rove]

Ah man I thought you could put them on the photo channel and edit them Oh well

 

[Icarus Descent]

Ah man I thought you could put them on the photo channel and edit them Oh well

You CAN'T?

 

[holizz]

hese stages are in grouped by 2 or 3. Every stage in a group only differ by a single thing, like the music, the name, the comment, the background. This way you'll be able to see which part of the file are these "meta-infos".

By the way, I thought I'd mention that the "background" of the level defines some of the blocks. There seems to be one set of standard blocks common to all "backgrounds" and each has a different set of special items, like trees and spikes and such.

BTW does anyone have an idea how many different types of blocks there are?

I'd say roughly 20, maybe 30 tops? You start out with a certain number of blocks and can unlock more via Challenges. This probably won't impact on the deciphering, but it's worth knowing I expect.

 

[tirkaro]

Ah man I thought you could put them on the photo channel and edit them Oh well

technically, you can. Just convert the snapshot on your computer, put it on the SD as you would any other picture, and put it on the photo channel.

 

[Wiwiweb]

By the way, I thought I'd mention that the "background" of the level defines some of the blocks. There seems to be one set of standard blocks common to all "backgrounds" and each has a different set of special items, like trees and spikes and such.

There are three categories of blocs : Standard blocs, available for all backgrounds, special blocs different for each background (often decorative elements) and stage hazards like spikes and springs.
For my background examples, I only used standard type blocs.

Also, each bloc has three different sizes, I don't know if that counts as a different bloc or if there is a variable for the size. I should make stages with different sizes.

 

[Heinermann]

The blocks are stored in the order you place them.
Wiwiweb, how did you place the blocks in your "Full" stage? Left to right? top to bottom?

Also there are floats(appearing to be floats) in the header that I have no clue about.

 

[Ondo]

Comments don't appear to be stored in Stage files...?

Could someone try copying someone else's stage onto your SD card and seeing if you can get Brawl to recognize it? If you can, check if it's lost info like name and comments.

You mentioned the thumbnail...did you get it to decompress successfully, then? Where did you start your LZSS decompression from?

Same spot as with the images - skip 16 bytes, 17th should be 0x11, next three are length, then compressed data.

Here's the code I'm using - it's just a few modifications of your bin2jpg.c, though without the improvements you made last night.

// LZSS decompressor

#include <stdio.h>
#include <stdlib.h>
#include <sys\stat.h>

char *decode_lzss_stuff(FILE *fp_i, unsigned int *length_ptr) {
    unsigned char *outbuffer = NULL; // decoded data
    // should check for size overflow, but I'm going to be stupid and not do so
    unsigned int buffersize = 163840; // arbitrary initial size
    //unsigned char curbyte, controlbyte;
    unsigned char controlbyte;
    unsigned int bufferindex = 0;
    unsigned int i = 0; // used for looping
    unsigned char tempbuffer[10]; // actually only 2-3 bytes should be needed
    unsigned int num_bytes_to_copy = 0;
    unsigned int backwards_offset = 0;
    unsigned int iter_count = 0;
    int copy_start_index = 0;
    unsigned int copy_counter = 0;

    outbuffer = malloc(buffersize);
    if(outbuffer == NULL) {
        printf("Unable to allocate memory.\n");
        return NULL;
    }

    // copy the first 16 bytes
    for(i = 0; i < 16; i++) {
        outbuffer[bufferindex] = fgetc(fp_i);
        bufferindex++;
    }

    //check that the next byte is 0x11
    if (fgetc(fp_i) != 0x11) {
        printf("Input file does not appear to be LZSS compressed.\n");
        exit(-1);
    }
    //skip the next 3 bytes
    for(i = 0; i < 3; i++) {
        fgetc(fp_i);
    }

    while(!feof(fp_i)) {
        if(bufferindex > (buffersize-8000)) { // give a big safety margin for fun
            buffersize *= 2; // increase buffer size
            outbuffer = realloc(outbuffer, buffersize);
            if(outbuffer == NULL) {
                printf("Unable to allocate memory.\n");
                return NULL;
            }
        }
        controlbyte = fgetc(fp_i);
        if(feof(fp_i)) {
            continue;
        }
        //printf("Control byte:  0x%02x\n", controlbyte);
//if(bufferindex > 0xC70 && bufferindex < 0xCF0) {
/*if(bufferindex > 0xC70) {
    printf("Control byte:  0x%02x\n", controlbyte);
}*/
        for(i = 0; i < 8; i++) {
            if(controlbyte & (0x80 >> i)) {
                //printf("Encoded data...\n");
                // decode encoded data
                tempbuffer[0] = fgetc(fp_i);
                tempbuffer[1] = fgetc(fp_i);
                if((tempbuffer[0] & 0xF0) == 0x10) {
                    tempbuffer[2] = fgetc(fp_i);
                    tempbuffer[3] = fgetc(fp_i);
                    num_bytes_to_copy = (((unsigned int) (tempbuffer[0] & 0x0F)) * 0x1000) + (((unsigned int) tempbuffer[1]) * 0x10) + (tempbuffer[2] >> 4) + 0x111;
                    backwards_offset = (((unsigned int) (tempbuffer[2] & 0x0F)) * 0x100) + tempbuffer[3] + 1;
                }
                // if the first nibble is 0, get a third byte
                else if((tempbuffer[0] & 0xF0) == 0) {
                    tempbuffer[2] = fgetc(fp_i);
                    //printf("0x %02x %02x %02x\n", tempbuffer[0], tempbuffer[1], tempbuffer[2]);
//*length_ptr = bufferindex;
//return outbuffer;
                    //num_bytes_to_copy = (((unsigned int) tempbuffer[0] >> 4) * 0x100) + tempbuffer[2] + 0x2F;
                    //num_bytes_to_copy = (((unsigned int) tempbuffer[0] >> 4) * 0x100) + tempbuffer[2] + 0x13;
                    num_bytes_to_copy = (((unsigned int) tempbuffer[0]) * 0x10) + (tempbuffer[1] >> 4) + 0x11;
                    backwards_offset = (((unsigned int) (tempbuffer[1] & 0x0F)) * 0x100) + tempbuffer[2] + 1;
                    //backwards_offset = (((unsigned int) (tempbuffer[0] & 0x0F)) * 0x100) + tempbuffer[1];
                    //printf("0x %02x %02x %02x #B %x\n", tempbuffer[0], tempbuffer[1], tempbuffer[2], num_bytes_to_copy);
                }
                else {
                    tempbuffer[2] = 0x00;
                    //printf("0x %02x %02x\n", tempbuffer[0], tempbuffer[1]);
                    num_bytes_to_copy = (tempbuffer[0] >> 4) + 0x01;
                    //num_bytes_to_copy = (tempbuffer[0] >> 4) - 0x00;
                    backwards_offset = (((unsigned int) (tempbuffer[0] & 0x0F)) * 0x100) + tempbuffer[1] + 1;
                    //backwards_offset = (((unsigned int) (tempbuffer[0] & 0x0F)) * 0x100) + tempbuffer[1] - 2;
                }
                if(backwards_offset <= 0) {
                    printf("Error:  Backwards offset is <= 0, this probably is wrong.\n");
                }
                else {
                    //printf("0x%03x bytes to copy, from an backwards offset of 0x%03x.\n",
                    //        num_bytes_to_copy, backwards_offset);
                    copy_start_index = bufferindex - backwards_offset;
                    if(copy_start_index < 0) {
                        printf("Error:  Copy start index is < 0, this probably is wrong.\n");
                    }
                    for(copy_counter = 0; copy_counter < num_bytes_to_copy; copy_counter++) {
                        if(bufferindex > (buffersize - 16)) {
                            printf("Buffer overflow ahoy!  Trying to save things!  bufferindex = %d\n", bufferindex);
                            break;
                        }
                        else if((copy_start_index + copy_counter) >= bufferindex) {
                            printf("Copying uninitialized data?  I think not!\n");
                            //printf("copy_start_index = %d\n", copy_start_index);
                            //printf("copy_counter = %d\n", copy_counter);
                            //printf("Backwards offset coding bytes:  0x %02x %02x %02x\n",
                            //        tempbuffer[0], tempbuffer[1], tempbuffer[2]);
                            //printf("num_bytes_to_copy = %d\n", num_bytes_to_copy);
                            //printf("backwards_offset = %d\n", backwards_offset);
                            //printf("bufferindex = %d\n", bufferindex);
                            //printf("buffersize = %d\n", buffersize);
                            break;
                        }
                        else {
                            outbuffer[bufferindex] = outbuffer[copy_start_index + copy_counter];
                            bufferindex++;
                        }
                    } // end copy loop
//if(bufferindex > 0xC70 && bufferindex < 0xCF0) {
/*if(bufferindex > 0xC70) {
    printf("(end copy loop)\n");
}*/
                } // end valid backwards offset
            } // end encoded data
            else {
                outbuffer[bufferindex] = fgetc(fp_i);
//if(bufferindex > 0xC70 && bufferindex < 0xCF0) {
/*if(bufferindex > 0xC70) {
    printf("0x%02x (literal)\n", outbuffer[bufferindex]);
}*/
                bufferindex++;
            } // end literal data
        }
        /*if(iter_count > 40) {
            break;
        }*/
        iter_count++;
    }

    if(length_ptr != NULL) {
        *length_ptr = bufferindex;
    }
    else {
        printf("Hey, invalid length pointer supplied!\n");
    }
    return outbuffer;
}

int main(int argc, char *argv[]) {
    FILE *fp_i, *fp_o;
    unsigned char curbyte = 0;
    unsigned int i = 0;
    unsigned int decoded_length = 0;
    //int startfound = 0;
    char *outbuffer = NULL;

    if(argc != 3) {
        printf("Usage:  bin2jpg input_file output_file\n");
        exit(-1);
    }
    fp_i = fopen(argv[1], "rb");
    if(fp_i == NULL) {
        printf("Error opening input file %s.\n", argv[1]);
        exit(-1);
    }
    fp_o = fopen(argv[2], "wb");
    if(fp_o == NULL) {
        printf("Error opening output file %s.\n", argv[2]);
        fclose(fp_i);
        exit(-1);
    }

    outbuffer = decode_lzss_stuff(fp_i, &decoded_length);
    // write the output, dropping the first 3c bytes to get to the start of the JPG data
    fwrite(outbuffer, 1, decoded_length, fp_o);
        // TODO:  drop data past the end of JPG marker?

    if(outbuffer != NULL) {
        free(outbuffer);
    }
    fclose(fp_i);
    fclose(fp_o);
    chmod(argv[2], 0777); // for some reason umask didn't seem to work for this
    return 0;
}

 

[Wiwiweb]

The blocks are stored in the order you place them.
Wiwiweb, how did you place the blocks in your "Full" stage? Left to right? top to bottom?

The Empty stage is just four blocs (minimum) forming a platform in the middle of the stage.
The Full stage is entirely full. Every case has a bloc. Now, in which order I placed them, I'm not sure, but I think I did it left to right, then I went down a line, then right to left, etc...

If the order is important, I should try doing two exact stages but done at different orders.

That's already two things on my to-do list ^^

 

[perro]

Thanks for pointing the Cygwin issues out. Program license: Copy it if you want. Edit the source if you want. Don't sell it. Don't claim you made it.

Merry Christmas, have a non-GPL, non-Cygwin (and much smaller) version. Also, the source code for the out2jpg program was provided a few pages back.

http://rapidshare.com/files/95829441/bin2jpg.zip.html

sorry if I was rude, I should have congratulated you first for your great work.
I'm also glad that you are not linking to GPLd code anymore! keep up the great work

 

[Heinermann]

If the order is important, I should try doing two exact stages but done at different orders.

OK. Don't bother. I've figured out the placement scheme.

Here is a zip containing all the stages I have decrypted and the text file that I am listing the format in. The stages in the st folder have been split from their stage preview, the others have not.

http://www.mediafire.com/?tftjx29x2jh

Also, there is an extra stage in st that I found somewhere on the web, I don't remember where I got it though.

 

[holizz]

Could someone try copying someone else's stage onto your SD card and seeing if you can get Brawl to recognize it? If you can, check if it's lost info like name and comments.

The names certainly work, I downloaded some the other day.

 

[GTCoder]

OK. Don't bother. I've figured out the placement scheme.

Here is a zip containing all the stages I have decrypted and the text file that I am listing the format in. The stages in the st folder have been split from their stage preview, the others have not.

http://www.mediafire.com/?tftjx29x2jh

Also, there is an extra stage in st that I found somewhere on the web, I don't remember where I got it though.

Man you're fast. So is there anything left to do, stagewise? Are you planning to make a stage viewer/editor? You an Ondo were interested in that, and I think someone else, who sent me a message about it. I'm not planning on doing that though. Stage decoding/encryption maybe, but not editing/viewing in particular.

And (I haven't looked in the zip yet) what do you mean "split from their stage preview"?

 

[firebird34]

Check a couple threads down it can be decoded!!

 

[Heinermann]

And (I haven't looked in the zip yet) what do you mean "split from their stage preview"?

Well, leave making a stage editor to me.
What I mean is splitting the actual stage data from the jpg that comes directly after that data.

 

[GTCoder]

Check a couple threads down it can be decoded!!

We were just talking about the decoding process for images and stages in this thread. Do you guys think we should make a new one specific to further image decoding/processing developments + stage developments? And if anyone wants to post a replay .bin I'll look at it, even though we're basically certain that it's a series of commands.

 

[Ondo]

What I mean is splitting the actual stage data from the jpg that comes directly after that data.

I wrote a program to do that. Actually, it splits the first 16 bytes into one file, then the main data (0x4A4 bytes), then the JPEG (and padding).

Here's the code:

// Split stages into header (first 0x10 bytes), data (next 0x4A4 bytes), and JPEG (remainder)

#include <stdio.h>
#include <stdlib.h>
#include <sys\stat.h>

int main(int argc, char *argv[]) {
    FILE *fp_i, *fp_o1, *fp_o2, *fp_o3;
    unsigned int i = 0;

    if(argc != 5) {
        printf("Usage: SplitStage input_file output_header output_data output_jpeg\n");
        exit(-1);
    }
    fp_i = fopen(argv[1], "rb");
    if(fp_i == NULL) {
        printf("Error opening input file %s.\n", argv[1]);
        exit(-1);
    }
    fp_o1 = fopen(argv[2], "wb");
    if(fp_o1 == NULL) {
        printf("Error opening output file %s.\n", argv[2]);
        fclose(fp_i);
        exit(-1);
    }
    fp_o2 = fopen(argv[3], "wb");
    if(fp_o2 == NULL) {
        printf("Error opening output file %s.\n", argv[3]);
        fclose(fp_i);
        fclose(fp_o1);
        exit(-1);
    }
    fp_o3 = fopen(argv[4], "wb");
    if(fp_o3 == NULL) {
        printf("Error opening output file %s.\n", argv[4]);
        fclose(fp_i);
        fclose(fp_o1);
        fclose(fp_o2);
        exit(-1);
    }

    for (i = 0; i < 0x10; i++) {
        fputc(fgetc(fp_i), fp_o1);
    }
    for (i = 0; i < 0x4A4; i++) {
        fputc(fgetc(fp_i), fp_o2);
    }
    while(!feof(fp_i)) {
        fputc(fgetc(fp_i), fp_o3);
    }

    fclose(fp_i);
    fclose(fp_o1);
    fclose(fp_o2);
    fclose(fp_o3);
    //chmod(argv[2], 0777); // for some reason umask didn't seem to work for this
    return 0;
}

 

[Ondo]

OK. Don't bother. I've figured out the placement scheme.

Here is a zip containing all the stages I have decrypted and the text file that I am listing the format in. The stages in the st folder have been split from their stage preview, the others have not.

http://www.mediafire.com/?tftjx29x2jh

Also, there is an extra stage in st that I found somewhere on the web, I don't remember where I got it though.

Good work, but using out2jpg is chopping off the 16 byte header and the first 0x3C bytes of data. I think that's where the comment is, as well as some other data.