while pos < len(decrypted_data): # Read filename length name_len = struct.unpack_from('<I', decrypted_data, pos)[0] pos += 4 if name_len == 0: break # end of archive # Read filename filename = decrypted_data[pos:pos+name_len].decode('utf-8', errors='replace') pos += name_len # Read file size file_size = struct.unpack_from('<I', decrypted_data, pos)[0] pos += 4 # Read file data file_data = decrypted_data[pos:pos+file_size] pos += file_size # Write to disk out_path = os.path.join(output_dir, filename) os.makedirs(os.path.dirname(out_path), exist_ok=True) with open(out_path, 'wb') as out_f: out_f.write(file_data) print(f"Extracted: filename (file_size bytes)") file_count += 1
print(f"\nDone. Extracted file_count files to 'output_dir'") def main(): if len(sys.argv) < 3: print("Usage: python rgss2a_decrypter.py <input.rgss2a> <output_folder>") sys.exit(1)
RGSS2A is the encrypted archive format used by RPG Maker VX (and later VX Ace with slight variations). This guide explains the format, the XOR‑based obfuscation, and provides a working Python implementation. 1. Overview RGSS2A files (e.g., Game.rgss2a ) are archives created by RPG Maker VX to protect game assets (scripts, graphics, audio). The “encryption” is not strong cryptography – it is a simple XOR with a fixed 8‑byte key. This write‑up documents the reverse engineering process and provides a full decrypter. Legal note: Decrypting RGSS2A files for games you own (e.g., to translate or mod) is generally permitted under fair use, but redistributing assets is not. Use responsibly. 2. Format Specification 2.1 File structure [HEADER] (12 bytes) [CONTENTS] (rest of file) | Offset | Size | Description | |--------|------|-------------| | 0x00 | 4 | Magic number ( RGSS2 or RGSS3 ) | | 0x04 | 4 | File size of the decrypted archive (little‑endian) | | 0x08 | 4 | XOR key start index (usually 0) – reserved |
After the header, the rest of the file is XOR‑obfuscated data. Each byte of the data section is XORed with a byte from a repeating key. The key is derived from a fixed 8‑byte pattern: rgss2a decrypter
def decrypt_data(data, key): """XOR decrypt data with repeating key.""" result = bytearray() for i, byte in enumerate(data): result.append(byte ^ key[i % len(key)]) return result
| Field | Type | Description | |-------|------|-------------| | filename length | 4 bytes (uint32) | Length of filename | | filename | variable | UTF‑8 string (no null terminator) | | file size | 4 bytes (uint32) | Size of file data | | file data | file size bytes | Raw file content |
Key bytes (hex): 0xDE, 0xAD, 0xBE, 0xEF, 0xCA, 0xFE, 0xBA, 0xBE ASCII interpretation: Þ ¾ ï Ê þ º ¾ In some RGSS3 (VX Ace) variants the key is slightly different – but RGSS2A uses the above. Decryption is identical to encryption: applying XOR again with the same key restores the original data. Once decrypted, the data is a concatenation of files stored in a custom container: while pos < len(decrypted_data): # Read filename length
[FILE ENTRY 1] [FILE ENTRY 2] ... [END MARKER] Each file entry:
def extract_rgss2a(archive_path, output_dir): """Extract all files from a .rgss2a archive.""" with open(archive_path, 'rb') as f: # Read header magic = f.read(4) if magic not in (b'RGSS2', b'RGSS3'): raise ValueError("Not a valid RGSS2/3 archive")
# Parse decrypted archive structure pos = 0 os.makedirs(output_dir, exist_ok=True) file_count = 0 This decrypter enables legitimate modding
decrypted_size = struct.unpack('<I', f.read(4))[0] key_start = struct.unpack('<I', f.read(4))[0] # usually 0, ignored # Read and decrypt the rest encrypted_data = f.read() decrypted_data = decrypt_data(encrypted_data, RGSS2_KEY) # Verify size (optional) if len(decrypted_data) != decrypted_size: print(f"Warning: decrypted size len(decrypted_data) != header size decrypted_size")
# Example: recover key from PNG header (first 8 bytes of a PNG file) known_plain = b'\x89PNG\r\n\x1a\n' # PNG signature ciphertext = get_ciphertext_slice(offset, 8) recovered_key = bytes([c ^ p for c, p in zip(ciphertext, known_plain)]) Then use that key instead of the default one. The RGSS2A “encryption” is trivial obfuscation. With the key and format understood, extracting all game assets takes less than 100 lines of Python. This decrypter enables legitimate modding, translation, and study of RPG Maker games.