Difference between revisions of "ERF"
(Added version 2.2 description) |
(→Blowfish) |
||
(55 intermediate revisions by 4 users not shown) | |||
Line 3: | Line 3: | ||
'''ERF''' ("Encapsulated Resource File") files are container files for game resources. | '''ERF''' ("Encapsulated Resource File") files are container files for game resources. | ||
− | + | = List of common ERF Files = | |
ERF Files for Dragon Age Game Resources are stored in the (Dragon Age Install Dir)\packages\core\ Folder and Subdirectories. ERF's for Addons or Mods are usually in their respective Addon or Mod Folder. | ERF Files for Dragon Age Game Resources are stored in the (Dragon Age Install Dir)\packages\core\ Folder and Subdirectories. ERF's for Addons or Mods are usually in their respective Addon or Mod Folder. | ||
Line 49: | Line 49: | ||
**packages\core\data_tools\... ---Contains Resources for the Toolset | **packages\core\data_tools\... ---Contains Resources for the Toolset | ||
− | + | = Extracting Resources = | |
<!-- As long as no technical explanation is present or needed, I may prefer seeing explanations of usage like this: --> | <!-- As long as no technical explanation is present or needed, I may prefer seeing explanations of usage like this: --> | ||
Line 58: | Line 58: | ||
One may create a Folder on the HD named for example "gameresources". Then added with subfolders that suit the Purpose, for example "Materials" in which one extracts only Materials. Preferably the Folderscheme is similar to that of the ERF's, to make browsing simple and easy to remember. | One may create a Folder on the HD named for example "gameresources". Then added with subfolders that suit the Purpose, for example "Materials" in which one extracts only Materials. Preferably the Folderscheme is similar to that of the ERF's, to make browsing simple and easy to remember. | ||
− | + | = Packing Resources = | |
The [[builder to player]] process packages up resources into ERF files for you, storing the generated ERFs inside [[DAZIP]]s. | The [[builder to player]] process packages up resources into ERF files for you, storing the generated ERFs inside [[DAZIP]]s. | ||
Line 64: | Line 64: | ||
Additionally, you can edit any ERF by opening it directly in the Toolset, and add or remove files by drag& dropping them into the Toolset with the ERF open manually. In cases the above process fails or whenever. | Additionally, you can edit any ERF by opening it directly in the Toolset, and add or remove files by drag& dropping them into the Toolset with the ERF open manually. In cases the above process fails or whenever. | ||
− | + | = Overriding Resources = | |
ERF's are named by their general purpose. But not all material files need to necessarily be put into Materials.ERF as an example. Patches do add every Patched Resource into one single ERF for example. The Original Game Resource ERF Files however are best left alone, as it has a high risk of breaking the game. | ERF's are named by their general purpose. But not all material files need to necessarily be put into Materials.ERF as an example. Patches do add every Patched Resource into one single ERF for example. The Original Game Resource ERF Files however are best left alone, as it has a high risk of breaking the game. | ||
Line 70: | Line 70: | ||
Files do not need to be present in ERF Files at all. When Overriding Gameresources as when modding, this is a pretty easy method. Overriding Files are of equal name to their original Gameresource counterpart, and are to be placed into packages\core\override\. The Game will then choose this File over the original. | Files do not need to be present in ERF Files at all. When Overriding Gameresources as when modding, this is a pretty easy method. Overriding Files are of equal name to their original Gameresource counterpart, and are to be placed into packages\core\override\. The Game will then choose this File over the original. | ||
− | + | = File Format = | |
− | + | ||
− | + | == Version 2.0 == | |
− | + | ||
− | + | All values are [http://en.wikipedia.org/wiki/Endianness#Little-endian little-endian]. | |
− | + | ||
− | + | ||
=== Header === | === Header === | ||
− | + | ||
− | + | {| border="1" cellspacing="2" cellpadding="2" width="100%" | |
− | + | ||
− | + | ! width="20%" | Name | |
− | + | ! width="20%" | Type / Size | |
− | + | ! width="60%" | Info | |
+ | |||
+ | |- | ||
+ | | magic | ||
+ | | utf16[8] | ||
+ | | "ERF V2.0", a total of 16 bytes. | ||
+ | |||
+ | |- | ||
+ | | fileCount | ||
+ | | uint32 | ||
+ | | Number of files encapsulated in this ERF. | ||
+ | |||
+ | |- | ||
+ | | year | ||
+ | | uint32 | ||
+ | | Year since 1900. | ||
+ | |||
+ | |- | ||
+ | | day | ||
+ | | uint32 | ||
+ | | Day since January 1st. | ||
+ | |||
+ | |- | ||
+ | | unknown | ||
+ | | uint32 | ||
+ | | Always 0xFFFFFFFF? | ||
+ | |||
+ | |} | ||
+ | |||
=== Table of Contents === | === Table of Contents === | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | {| border="1" cellspacing="2" cellpadding="2" width="100%" | |
+ | |||
+ | ! width="20%" | Name | ||
+ | ! width="20%" | Type / Size | ||
+ | ! width="60%" | Info | ||
+ | |||
+ | |- | ||
+ | | toc | ||
+ | | [[#Entry|entry]][fileCount] | ||
+ | | | ||
+ | |||
+ | |} | ||
+ | |||
+ | ==== Entry ==== | ||
+ | |||
+ | {| border="1" cellspacing="2" cellpadding="2" width="100%" | ||
+ | |||
+ | ! width="20%" | Name | ||
+ | ! width="20%" | Type / Size | ||
+ | ! width="60%" | Info | ||
+ | |||
+ | |- | ||
+ | | name | ||
+ | | utf16[32] | ||
+ | | | ||
+ | |||
+ | |- | ||
+ | | offset | ||
+ | | uint32 | ||
+ | | Offset to entry file data, from start of ERF file. | ||
+ | |||
+ | |- | ||
+ | | size | ||
+ | | uint32 | ||
+ | | Length of file data. | ||
+ | |||
+ | |} | ||
− | == | + | == Version 2.2 == |
− | + | ||
− | + | This version introduces support for encrypted and compressed file data. | |
− | + | ||
− | + | All values are [http://en.wikipedia.org/wiki/Endianness#Little-endian little-endian]. | |
− | + | ||
− | + | ||
=== Header === | === Header === | ||
− | + | ||
− | + | {| border="1" cellspacing="2" cellpadding="2" width="100%" | |
− | + | ||
− | + | ! width="20%" | Name | |
− | + | ! width="20%" | Type / Size | |
− | + | ! width="60%" | Info | |
− | + | ||
− | + | |- | |
− | + | | magic | |
− | + | | utf16[8] | |
− | + | | "ERF V2.2", a total of 16 bytes. | |
− | + | ||
+ | |- | ||
+ | | fileCount | ||
+ | | uint32 | ||
+ | | Number of files encapsulated in this ERF. | ||
+ | |||
+ | |- | ||
+ | | year | ||
+ | | uint32 | ||
+ | | Year since 1900. | ||
+ | |||
+ | |- | ||
+ | | day | ||
+ | | uint32 | ||
+ | | Day since January 1st. | ||
+ | |||
+ | |- | ||
+ | | unknown | ||
+ | | uint32 | ||
+ | | Always 0xFFFFFFFF? | ||
+ | |||
+ | |- | ||
+ | | flags | ||
+ | | uint32 [http://en.wikipedia.org/wiki/Bit_field Bit flags] | ||
+ | | | ||
+ | |||
+ | Flags: | ||
+ | * 0x00000001 (bit 0) : Unknown | ||
+ | * 0x000000F0 (bits 4 - 7) : [[#Encryption|Encryption]] scheme | ||
+ | * 0xE0000000 (bits 29 - 31) : [[#Compression|Compression]] scheme | ||
+ | |||
+ | [[#Encryption|Encryption]] scheme: | ||
+ | ''(flags >> 4) & 0xF'' | ||
+ | * 0 : None | ||
+ | * 1 : XOR | ||
+ | * 2 : Blowfish | ||
+ | * 3 : Blowfish ''(Dragon Age 2 only)'' | ||
+ | * Any other value is invalid. | ||
+ | |||
+ | [[#Compression|Compression]] scheme: | ||
+ | ''(flags >> 29) & 0x7'' | ||
+ | * 0 : None | ||
+ | * 1 : Bioware Zlib ''(Dragon Age 2 only)'' | ||
+ | * 2 : Unknown ''(Dragon Age 2 only)'' | ||
+ | * 3 : Unknown ''(Dragon Age 2 only)'' | ||
+ | * 7 : Headerless Zlib ''(Dragon Age 2 only)'' | ||
+ | * Any other value is invalid. | ||
+ | |||
+ | |- | ||
+ | | moduleId | ||
+ | | uint32 | ||
+ | | This id is used to look up the password for the ERF when encryption is present, for example, DLC. | ||
+ | |||
+ | |- | ||
+ | | passwordDigest | ||
+ | | byte[16] | ||
+ | | [http://en.wikipedia.org/wiki/MD5 MD5] sum of password (as a string). | ||
+ | |||
+ | |} | ||
+ | |||
=== Table of Contents === | === Table of Contents === | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | ''' | + | {| border="1" cellspacing="2" cellpadding="2" width="100%" |
− | * Generate random number (as string | + | |
− | * Generate | + | ! width="20%" | Name |
− | * Convert those digits to 64-bit integer (0x0000000000BC614E) | + | ! width="20%" | Type / Size |
− | * Store it in byte array in little-endian encoding ( | + | ! width="60%" | Info |
− | * Use that array as key to initialize Blowfish | + | |
− | * Pad your content to multiple of 8 | + | |- |
− | * Encrypt the data | + | | toc |
+ | | [[#Entry_2|entry]][fileCount] | ||
+ | | | ||
+ | |||
+ | |} | ||
+ | |||
+ | ==== Entry ==== | ||
+ | |||
+ | {| border="1" cellspacing="2" cellpadding="2" width="100%" | ||
+ | |||
+ | ! width="20%" | Name | ||
+ | ! width="20%" | Type / Size | ||
+ | ! width="60%" | Info | ||
+ | |||
+ | |- | ||
+ | | name | ||
+ | | utf16[32] | ||
+ | | | ||
+ | |||
+ | |- | ||
+ | | offset | ||
+ | | uint32 | ||
+ | | Offset to entry file data, from start of ERF file. | ||
+ | |||
+ | |- | ||
+ | | packedSize | ||
+ | | uint32 | ||
+ | | Packed length of file data. | ||
+ | |||
+ | |- | ||
+ | | unpackedSize | ||
+ | | uint32 | ||
+ | | Unpacked length of file data. | ||
+ | |||
+ | |} | ||
+ | |||
+ | == Version 3.0 == | ||
+ | |||
+ | Found in Dragon Age 2. | ||
+ | |||
+ | This version introduces hashed file names (and extensions) for faster file lookup. | ||
+ | |||
+ | All values are [http://en.wikipedia.org/wiki/Endianness#Little-endian little-endian]. | ||
+ | |||
+ | === Header === | ||
+ | |||
+ | {| border="1" cellspacing="2" cellpadding="2" width="100%" | ||
+ | |||
+ | ! width="20%" | Name | ||
+ | ! width="20%" | Type / Size | ||
+ | ! width="60%" | Info | ||
+ | |||
+ | |- | ||
+ | | magic | ||
+ | | utf16[8] | ||
+ | | "ERF V3.0", a total of 16 bytes. | ||
+ | |||
+ | |- | ||
+ | | stringTableSize | ||
+ | | uint32 | ||
+ | | Size of the file name string table. | ||
+ | |||
+ | |- | ||
+ | | fileCount | ||
+ | | uint32 | ||
+ | | Number of files encapsulated in this ERF. | ||
+ | |||
+ | |- | ||
+ | | flags | ||
+ | | uint32 [http://en.wikipedia.org/wiki/Bit_field Bit flags] | ||
+ | | | ||
+ | |||
+ | Flags: | ||
+ | * 0x00000001 (bit 0) : Unknown | ||
+ | * 0x000000F0 (bits 4 - 7) : [[#Encryption|Encryption]] scheme | ||
+ | * 0xE0000000 (bits 29 - 31) : [[#Compression|Compression]] scheme | ||
+ | |||
+ | [[#Encryption|Encryption]] scheme: | ||
+ | ''(flags >> 4) & 0xF'' | ||
+ | * 0 : None | ||
+ | * 1 : XOR | ||
+ | * 2 : Blowfish | ||
+ | * 3 : Blowfish ''(Dragon Age 2 only)'' | ||
+ | * Any other value is invalid. | ||
+ | |||
+ | [[#Compression|Compression]] scheme: | ||
+ | ''(flags >> 29) & 0x7'' | ||
+ | * 0 : None | ||
+ | * 1 : Bioware Zlib ''(Dragon Age 2 only)'' | ||
+ | * 2 : Unknown ''(Dragon Age 2 only)'' | ||
+ | * 3 : Unknown ''(Dragon Age 2 only)'' | ||
+ | * 7 : Headerless Zlib ''(Dragon Age 2 only)'' | ||
+ | * Any other value is invalid. | ||
+ | |||
+ | |- | ||
+ | | moduleId | ||
+ | | uint32 | ||
+ | | This id is used to look up the password for the ERF when encryption is present, for example, DLC. | ||
+ | |||
+ | |- | ||
+ | | passwordDigest | ||
+ | | byte[16] | ||
+ | | [http://en.wikipedia.org/wiki/MD5 MD5] sum of password (as a string). | ||
+ | |||
+ | |- | ||
+ | | stringTable | ||
+ | | char[stringTableSize] | ||
+ | | Zero-padded strings referenced by nameOffset in [[#Entry_3|TOC entries]]. Strings are stored as ASCII. Note that not all TOC entries have to reference an entry in the string table. | ||
+ | |||
+ | |} | ||
+ | |||
+ | === Table of Contents === | ||
+ | |||
+ | {| border="1" cellspacing="2" cellpadding="2" width="100%" | ||
+ | |||
+ | ! width="20%" | Name | ||
+ | ! width="20%" | Type / Size | ||
+ | ! width="60%" | Info | ||
+ | |||
+ | |- | ||
+ | | toc | ||
+ | | [[#Entry_3|entry]][fileCount] | ||
+ | | | ||
+ | |||
+ | |} | ||
+ | |||
+ | ==== Entry ==== | ||
+ | |||
+ | {| border="1" cellspacing="2" cellpadding="2" width="100%" | ||
+ | |||
+ | ! width="20%" | Name | ||
+ | ! width="20%" | Type / Size | ||
+ | ! width="60%" | Info | ||
+ | |||
+ | |- | ||
+ | | nameOffset | ||
+ | | int32 | ||
+ | | Offset in stringTable of the file name for this entry. -1 if none. | ||
+ | |||
+ | |- | ||
+ | | nameHash | ||
+ | | uint64 | ||
+ | | [http://en.wikipedia.org/wiki/Fowler–Noll–Vo_hash_function FNV64 hash] of lowercased file name, including path and extension. | ||
+ | |||
+ | |- | ||
+ | | typeHash | ||
+ | | uint32 | ||
+ | | [http://en.wikipedia.org/wiki/Fowler–Noll–Vo_hash_function FNV32 hash] of lowercased file extension. | ||
+ | |||
+ | |- | ||
+ | | offset | ||
+ | | uint32 | ||
+ | | Offset to entry file data, from start of ERF file. | ||
+ | |||
+ | |- | ||
+ | | packedSize | ||
+ | | uint32 | ||
+ | | Packed length of file data. | ||
+ | |||
+ | |- | ||
+ | | unpackedSize | ||
+ | | uint32 | ||
+ | | Unpacked length of file data. | ||
+ | |||
+ | |} | ||
+ | |||
+ | == File Data == | ||
+ | |||
+ | === Encryption === | ||
+ | |||
+ | When the appropriate flags are set in the header, a digest of the password will be present. File data will be encrypted depending on what scheme is specified. | ||
+ | |||
+ | You may not extract such third party ERF files unless you have permission to do so. This is provided only for purposes when you want to encrypt your own ERF files. | ||
+ | |||
+ | ==== Blowfish ==== | ||
+ | |||
+ | File data will be encrypted using [http://en.wikipedia.org/wiki/Blowfish_(cipher) Blowfish] in ECB. | ||
+ | |||
+ | These instructions only apply to encryption scheme #2. | ||
+ | |||
+ | '''To encrypt:''' | ||
+ | * Generate random number (represented as string, base 10), such as "12345678". | ||
+ | * Generate digest of the string (without null-terminating character) using MD5 and store it in the header. | ||
+ | * Convert those digits to 64-bit integer (0x0000000000BC614E). | ||
+ | * Store it in byte array in little-endian encoding (0x4E, 0x61, 0xBC, 0x00, 0x00, 0x00, 0x00, 0x00). | ||
+ | * Use that array as key to initialize Blowfish. | ||
+ | * Pad your content to multiple of 8 with zeroes. | ||
+ | * Encrypt the data. | ||
'''To decrypt:''' | '''To decrypt:''' | ||
− | * You already know your password ("12345678") | + | * You already know your password ("12345678"). |
− | * Generate its MD5 digest and compare it with | + | * Generate its MD5 digest and compare it with the digest in the header. |
* If they don't match file is either damaged or you forgot your password. If you forgot, brute-force attack should take no more than 1 minute. You '''may not''' perform brute-force attack on ERF files that are not yours unless you have permission from its owner to do so. | * If they don't match file is either damaged or you forgot your password. If you forgot, brute-force attack should take no more than 1 minute. You '''may not''' perform brute-force attack on ERF files that are not yours unless you have permission from its owner to do so. | ||
− | * Convert those digits to 64-bit integer (0x0000000000BC614E) | + | * Convert those digits to 64-bit integer (0x0000000000BC614E). |
− | * Store it in byte array in little-endian encoding ( | + | * Store it in byte array in little-endian encoding (0x4E, 0x61, 0xBC, 0x00, 0x00, 0x00, 0x00, 0x00). |
− | * Use that array as key to initialize Blowfish | + | * Use that array as key to initialize Blowfish. |
− | * Decrypt your | + | * Decrypt the data. |
+ | |||
+ | ==== XOR ==== | ||
+ | |||
+ | Much of the process for protecting data with [http://en.wikipedia.org/wiki/Exclusive_or XOR] is the same as for Blowfish. | ||
+ | |||
+ | '''To encrypt:''' | ||
+ | * Generate random number (represented as string, base 10), such as "12345678". | ||
+ | * Generate digest of the string (without null-terminating character) using MD5 and store it in the header. | ||
+ | * Convert those digits to 72-bit integer (0x000000000000BC614E). | ||
+ | * Store it in byte array in little-endian encoding (0x4E, 0x61, 0xBC, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00). | ||
+ | * XOR each block of 9 bytes with the array. | ||
+ | * If the final block is not 9 bytes, XOR the block with the first N bytes of the array, where N is the length of the block. | ||
+ | |||
+ | '''To decrypt:''' | ||
+ | * You already know your password ("12345678"). | ||
+ | * Generate its MD5 digest and compare it with the digest in the header. | ||
+ | * If they don't match file is either damaged or you forgot your password. If you forgot, brute-force attack should take no more than 1 minute. You '''may not''' perform brute-force attack on ERF files that are not yours unless you have permission from its owner to do so. | ||
+ | * Convert those digits to 72-bit integer (0x000000000000BC614E). | ||
+ | * Store it in byte array in little-endian encoding (0x4E, 0x61, 0xBC, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00). | ||
+ | * XOR each block of 9 bytes with the array. | ||
+ | * If the final block is not 9 bytes, XOR the block with the first N bytes of the array, where N is the length of the block. | ||
+ | |||
+ | === Compression === | ||
+ | |||
+ | '''''Compression is not supported by Dragon Age: Origins.''''' | ||
+ | |||
+ | Compression is supported by Dragon Age 2. | ||
+ | |||
+ | Note that if encryption is enabled: | ||
+ | * When decompressing, file data must first be decrypted. | ||
+ | * When compressing, file data must be encrypted after compression. | ||
+ | |||
+ | ==== Bioware Zlib ==== | ||
+ | |||
+ | File data is compressed with [http://en.wikipedia.org/wiki/Zlib zlib], with a custom 1-byte (commonly observed as 0xF9) header (vs the normal 2-byte zlib header). | ||
+ | |||
+ | The upper 4 bits of the header byte represent the window bits. The lower 4 bits are currently unknown. | ||
+ | |||
+ | ==== Headerless Zlib ==== | ||
+ | |||
+ | File data is compressed with [http://en.wikipedia.org/wiki/Zlib zlib], the normal 2-byte zlib header is omitted. | ||
[[Category:File types]] | [[Category:File types]] |
Latest revision as of 22:43, 12 March 2011
ERF ("Encapsulated Resource File") files are container files for game resources.
Contents
List of common ERF Files
ERF Files for Dragon Age Game Resources are stored in the (Dragon Age Install Dir)\packages\core\ Folder and Subdirectories. ERF's for Addons or Mods are usually in their respective Addon or Mod Folder.
Common ERF's of certain interests are,
- Game Resources
- packages\core\data\2da.erf
- packages\core\data\anims.erf
- packages\core\data\consolescripts.erf
- packages\core\data\designerareas.erf
- packages\core\data\designercreatures.erf
- packages\core\data\designercutscenes.erf
- packages\core\data\designerdialogs.erf
- packages\core\data\designeritems.erf
- packages\core\data\designerplaceables.erf
- packages\core\data\designerplots.erf
- packages\core\data\designertriggers.erf
- packages\core\data\face.erf
- packages\core\data\gui.erf
- packages\core\data\guiexport.erf
- packages\core\data\iterationtests.erf
- packages\core\data\lightprobedata.erf
- packages\core\data\materialobjects.erf
- packages\core\data\materials.erf
- packages\core\data\misc.erf
- packages\core\data\modelhierarchies.erf
- packages\core\data\modelmeshdata.erf
- packages\core\data\pathfindingpatches.erf
- packages\core\data\postprocesseffects.erf
- packages\core\data\resmetrics.erf
- packages\core\data\scripts.erf
- packages\core\data\shaders.erf
- packages\core\data\states.erf
- packages\core\data\subqueuefiles.erf
- packages\core\data\textures.erf
- packages\core\data\tints.erf
- packages\core\textures\high\texturepack.erf
- packages\core\textures\medium\texturepack.erf
- Patch Resources
- packages\core\patch\... --- Contains Resources added by Game Patches
- Toolset specific Resources
- packages\core\data_tools\... ---Contains Resources for the Toolset
Extracting Resources
The Toolset is capable of extracting ERF Files Contents.
If you are modding Resources, the first step would be extracting Resources. You may start of by extracting all Resources of certain interest to you, or just a single File. To Maintain a simple and clean resource place, it is best to use a similar Folder Names to extract in.
One may create a Folder on the HD named for example "gameresources". Then added with subfolders that suit the Purpose, for example "Materials" in which one extracts only Materials. Preferably the Folderscheme is similar to that of the ERF's, to make browsing simple and easy to remember.
Packing Resources
The builder to player process packages up resources into ERF files for you, storing the generated ERFs inside DAZIPs.
Additionally, you can edit any ERF by opening it directly in the Toolset, and add or remove files by drag& dropping them into the Toolset with the ERF open manually. In cases the above process fails or whenever.
Overriding Resources
ERF's are named by their general purpose. But not all material files need to necessarily be put into Materials.ERF as an example. Patches do add every Patched Resource into one single ERF for example. The Original Game Resource ERF Files however are best left alone, as it has a high risk of breaking the game.
Files do not need to be present in ERF Files at all. When Overriding Gameresources as when modding, this is a pretty easy method. Overriding Files are of equal name to their original Gameresource counterpart, and are to be placed into packages\core\override\. The Game will then choose this File over the original.
File Format
Version 2.0
All values are little-endian.
Header
Name | Type / Size | Info |
---|---|---|
magic | utf16[8] | "ERF V2.0", a total of 16 bytes. |
fileCount | uint32 | Number of files encapsulated in this ERF. |
year | uint32 | Year since 1900. |
day | uint32 | Day since January 1st. |
unknown | uint32 | Always 0xFFFFFFFF? |
Table of Contents
Name | Type / Size | Info |
---|---|---|
toc | entry[fileCount] |
Entry
Name | Type / Size | Info |
---|---|---|
name | utf16[32] | |
offset | uint32 | Offset to entry file data, from start of ERF file. |
size | uint32 | Length of file data. |
Version 2.2
This version introduces support for encrypted and compressed file data.
All values are little-endian.
Header
Name | Type / Size | Info |
---|---|---|
magic | utf16[8] | "ERF V2.2", a total of 16 bytes. |
fileCount | uint32 | Number of files encapsulated in this ERF. |
year | uint32 | Year since 1900. |
day | uint32 | Day since January 1st. |
unknown | uint32 | Always 0xFFFFFFFF? |
flags | uint32 Bit flags |
Flags:
Encryption scheme: (flags >> 4) & 0xF
Compression scheme: (flags >> 29) & 0x7
|
moduleId | uint32 | This id is used to look up the password for the ERF when encryption is present, for example, DLC. |
passwordDigest | byte[16] | MD5 sum of password (as a string). |
Table of Contents
Name | Type / Size | Info |
---|---|---|
toc | entry[fileCount] |
Entry
Name | Type / Size | Info |
---|---|---|
name | utf16[32] | |
offset | uint32 | Offset to entry file data, from start of ERF file. |
packedSize | uint32 | Packed length of file data. |
unpackedSize | uint32 | Unpacked length of file data. |
Version 3.0
Found in Dragon Age 2.
This version introduces hashed file names (and extensions) for faster file lookup.
All values are little-endian.
Header
Name | Type / Size | Info |
---|---|---|
magic | utf16[8] | "ERF V3.0", a total of 16 bytes. |
stringTableSize | uint32 | Size of the file name string table. |
fileCount | uint32 | Number of files encapsulated in this ERF. |
flags | uint32 Bit flags |
Flags:
Encryption scheme: (flags >> 4) & 0xF
Compression scheme: (flags >> 29) & 0x7
|
moduleId | uint32 | This id is used to look up the password for the ERF when encryption is present, for example, DLC. |
passwordDigest | byte[16] | MD5 sum of password (as a string). |
stringTable | char[stringTableSize] | Zero-padded strings referenced by nameOffset in TOC entries. Strings are stored as ASCII. Note that not all TOC entries have to reference an entry in the string table. |
Table of Contents
Name | Type / Size | Info |
---|---|---|
toc | entry[fileCount] |
Entry
Name | Type / Size | Info |
---|---|---|
nameOffset | int32 | Offset in stringTable of the file name for this entry. -1 if none. |
nameHash | uint64 | FNV64 hash of lowercased file name, including path and extension. |
typeHash | uint32 | FNV32 hash of lowercased file extension. |
offset | uint32 | Offset to entry file data, from start of ERF file. |
packedSize | uint32 | Packed length of file data. |
unpackedSize | uint32 | Unpacked length of file data. |
File Data
Encryption
When the appropriate flags are set in the header, a digest of the password will be present. File data will be encrypted depending on what scheme is specified.
You may not extract such third party ERF files unless you have permission to do so. This is provided only for purposes when you want to encrypt your own ERF files.
Blowfish
File data will be encrypted using Blowfish in ECB.
These instructions only apply to encryption scheme #2.
To encrypt:
- Generate random number (represented as string, base 10), such as "12345678".
- Generate digest of the string (without null-terminating character) using MD5 and store it in the header.
- Convert those digits to 64-bit integer (0x0000000000BC614E).
- Store it in byte array in little-endian encoding (0x4E, 0x61, 0xBC, 0x00, 0x00, 0x00, 0x00, 0x00).
- Use that array as key to initialize Blowfish.
- Pad your content to multiple of 8 with zeroes.
- Encrypt the data.
To decrypt:
- You already know your password ("12345678").
- Generate its MD5 digest and compare it with the digest in the header.
- If they don't match file is either damaged or you forgot your password. If you forgot, brute-force attack should take no more than 1 minute. You may not perform brute-force attack on ERF files that are not yours unless you have permission from its owner to do so.
- Convert those digits to 64-bit integer (0x0000000000BC614E).
- Store it in byte array in little-endian encoding (0x4E, 0x61, 0xBC, 0x00, 0x00, 0x00, 0x00, 0x00).
- Use that array as key to initialize Blowfish.
- Decrypt the data.
XOR
Much of the process for protecting data with XOR is the same as for Blowfish.
To encrypt:
- Generate random number (represented as string, base 10), such as "12345678".
- Generate digest of the string (without null-terminating character) using MD5 and store it in the header.
- Convert those digits to 72-bit integer (0x000000000000BC614E).
- Store it in byte array in little-endian encoding (0x4E, 0x61, 0xBC, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00).
- XOR each block of 9 bytes with the array.
- If the final block is not 9 bytes, XOR the block with the first N bytes of the array, where N is the length of the block.
To decrypt:
- You already know your password ("12345678").
- Generate its MD5 digest and compare it with the digest in the header.
- If they don't match file is either damaged or you forgot your password. If you forgot, brute-force attack should take no more than 1 minute. You may not perform brute-force attack on ERF files that are not yours unless you have permission from its owner to do so.
- Convert those digits to 72-bit integer (0x000000000000BC614E).
- Store it in byte array in little-endian encoding (0x4E, 0x61, 0xBC, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00).
- XOR each block of 9 bytes with the array.
- If the final block is not 9 bytes, XOR the block with the first N bytes of the array, where N is the length of the block.
Compression
Compression is not supported by Dragon Age: Origins.
Compression is supported by Dragon Age 2.
Note that if encryption is enabled:
- When decompressing, file data must first be decrypted.
- When compressing, file data must be encrypted after compression.
Bioware Zlib
File data is compressed with zlib, with a custom 1-byte (commonly observed as 0xF9) header (vs the normal 2-byte zlib header).
The upper 4 bits of the header byte represent the window bits. The lower 4 bits are currently unknown.
Headerless Zlib
File data is compressed with zlib, the normal 2-byte zlib header is omitted.