0x00 Prologue

As we all know, the first cxdec V3-based game is 花鐘カナデ*グラム Chapter1 小桜結 that released on Dec. 2021

0x01 The history of cxdec V3 researches

The former reverse enginering group ADVRE (now dissolved) paid attention to this game in March. @crskycode and @YeLike were the first to give attempts to crack the new cxdec, and @crskycode quickly got the sha-256 like filename hashing algorithm (That’s all we know from their chatting history).

The nextgal Team began the research quite late, and in the July & August, serveral members took part in the research and then, around early Augest, the algorithm itself was totally recovered.

During the dozen day before 16 Aug, some nextgal members made new adaptions to Krkrdump(by @crskycode) to make it specific for cxdec V3. We added some features for KrkrDump (just similar to what crskycode recently did) and wrote a GUI for it. Due to the severe situation before ADVRE dissolved, we maintained the git repo internally.

0x02 The internals of cxdec V3

  • cxdec V3 used another extra table for hash mapping. Everything in XP3 archive is XOR encrypted, and the XOR key is real-time calculated by encryption plugin, which went through a serials of unknown algorithms. (as the cxdec V2 / V1 did but improved)
  • There is no original filenames or pathnames in XP3 archive but their hashes. Of course, they are dynamically calculated in real time.
  • A big difference is that its internal work needs to call some external functions to calculate hashes in real time, which made players' game experience EXTREMELY AWFUL as the algorithm is not optimized at all, and there is NO hash temp or map storaged for faster looking up.

0x03 What does The nextgal Team do?

  • Use some tools to get the key information of the archive KrkrDump-CX GUI (WIP) KrkrDump-CX Console for debugging
  • Use nextgal tools to match the hashes HashStats CLI
  • Use KrkrDump-CX to extract files

0x04 About release the details to public

Sadly, we currently have NO plans for releasing technical details / tools to the public.

And we urge using all the unpacking tools for legal purposes.

What’s more, we have observed many scums in Chinese eroge forum who would use the tool for personal profit-making purpose. Since blocking their actions is currently far beyond our abilitiy, we will not give useless attempts to do so, and the result is that we are not willing to publish the tool for now. Maybe in some days the situation is clear, then the tool could be brought to light.

(Appends: We observed that some unpacking tools are releasing to the public, although the bar for the tools is extremely high that few people get the tool, we still sticks on the decision that we made)

0x05 Our thoughts & Judgement to cxdec V3

Totally A PIECE OF SH*T. It worsened all players' game experience and take up billions of CPU cycles for useless hash calculating and running their XOR decrypting. It seemed designed for game companies to protect their data, but in all, it did nothing but to waste the limited energy on earth and made low-performance computers unavailable to run the eroge fluently. It can be marked as a so-called milestone, or GRAVESTONE in eroge industry.

0xFF Acknowledgements & more

  • The nextgal Team stuff
  • @crskycode
  • All the people working on cxdec V3 unpack
  • Some Open Source projects:
    • KrkrDump
    • And some projects that we cannot disclose currently.

What does not kill me, makes me stronger.