Trying to mod a game for personal use (Turn on mouse control, remove menu/dialogue restrictions)
To mod the files I need to decrypt a JSON file.
It’s contents should be generic game info but instead shows these Japanese characters when accessed.
マママママアコイウコカマママママ
Notepads guesses this is Shift JIS encoding, I pursued that line of thought and came up empty handed.
VSCode and Visual Studio can’t make heads or tails of the JSON, and** keep adding filler bytes** with rhombused question marks in UTF-8.
VSCode Preview
With Shift Jis encoding enabled, the original string appears and more Japanese(?) characters show up, still with question marks.
VSCode Preview
Selecting all of the text, thousands of characters, and copy-pasting it into Notepads, shows the original 16 character string again: マママママアコイウコカマママママ
Rummaging in the game folder I found a "Decryption.js" that looks like this:
// Encrypted source for asset decryption functions.
let decryptionAESKey = "02f3ffa287f78ba68c60f24f79c6fb18ce32b4ebaadac11af5ace8c67a50ae9f";
let decryptionSource = "40b6b8e3d1f7b7128ecc16eae4702ff707e619c027744b8c55717e265516356dcbc3029ee1748978c8b13100f5c57352bb1e641a9104f037df0d65765d97e1997200d0fc41437c054bd6551b0b65ee0d53ac344f02ed6eaea3c4d24b0b667270c4c11593e4877c4dfd78ded0b8f35d6ceafec6d80ddec24f1653bf74d0b441f98e07529100845f4bff00bf96efa5307913a3fe5c87636ff1039a153a2ecb7ddf34500210292421715e4e063bf185afc22b21693260b638a4a395c1a87c3cc047e9acc5f59a1ca3144064cb6617f07bb6b357c4fe7c6ccbf9afee97efabf19397f7251702a6258a7aa42b704b238d27260930ec02f9451601360341018d4e2c34eb52cade8cb9b46738c369a6324f2e9603961bf81fb14a34f1db1e6f0b550024fd82eb0cfe556578f7b4e8d110b4bb2071f221d9bb024016afb1e7b09751ace8332a739570ef159b865da5a4a599052c7a31bcdbe7c728fc78fdec634baa68fec24bc26cd306bb32b42d9e78b69eed8ff011e86730436027ec3a60fca7bdc363192a10c46353ba45dc1bd476c2d004746a506e4539fac1b456a4aa36063ada89f682e3cb20076130d4c7041e2fa8bf1867f4c257f453332a39efc2a4463b8da5a1509e9016623d047226e2e6fb90b53b11c28e24938a41e0c88441b687e372de74939f10f16b4c892ab99f390b827efa70bed165619e8be33c29211c1f0bc8122e0addde18bff2afa2b54409c33f36bb480552bb5d9d293eb1cc10b8cd1029fc08464b31c7ffe85a3bd0334782b2561e21d8df4208ea0390ab5d3ea5913bbdd822ca1d9e3d291e8953c3e7742d414616e3e49058a6fb984059f14346de6d13a138b710ad03c9a85f353142e1b9f731ea8f0b7df601d949339a7b917362177e03f89610f757c1564b6a8a4450ccbc8f0e7a1f1b33e6c5817724e2a8e0187e00a8b28cc0ad9a789ae38bba0104919806813cfbbdba5afe880fc074e7f57e9518c9a5293dee4dc69c402a652a660eb40f2c19ea5cdfc947a78205fc792423c40e20565c98f8b0e86a5c4928c018ffa269d99398a92d8259d4a29f98841caa1f7f38afd7973c98572411b7136b4b46c0071814e951c712acebff3dc65dd3d51be7714c6e2b687cf1d5d3bd6af32e53b90ebd7c5d189fd7e08790b20f1c9483ea296b4997c90396736c8d3f4f49f39e948bc083b1a17977a6996d53f0b2ea5b8afa591b13487903762d8ea90f334d0e3c6ae6c9fe6be1a0e820ff9185fc10d469c7945d2f67f24e87fe0efa81e3eab7e35df5a17f4fd29a1a0803d77f0d381f8ef169c75a59133ab9b527bff464d999c5cf2ee3e26588c19577ff8b118e507886c575d7bf34a8d55f79772a2aa64987ebc43dfa3b6790d20fa54a4c2344c9647d987f9da268573a1f7ecad3df5013eff514d3142a63b6636cfeb0f3731a2770c053f77fa839bff6cdc4a8d1da5ccc6457f23c6d1db958086b029170c54c4f2d8658589dad998860f8bcaa06a59345f754943fb78384253c077e91959ef6c7f0e1862ea4e67dad3fd5de4ccf99c215837619c9173ee9645c59100fc718ee8b95782af73d1f952898cedb653c9090f5941f5f440968a0dcf26fa3a5b73715f7f379b7d793a22559bb00107b5f346175f4aaf27e2eac1a6a35b21ab246fb68b1d48eb949aa71932cab58eaaffcd29965d9dd6e068f13d23cbde334ccb0aa0a0724a7dba6162b4487066605ae3148575cdc13523f06713aa2642e121ccea6c28c750428bc170e7486b6c255f50064dac1080d591b26289138705837188abb240a2c34e1a4293dd8f294c31d763d83ec0833cea4633e23a863cd3a700af99e1dd7781d8cb2088857ab9620af005aa267e75422e65a55a377b9af96008adab10ae73c7c1020e2d2d4406e54eb2f4270013537138c19c3b6795f8785eb66ef3b0dcdce56ed17a1022d0362a6c9e9be6c3b23667a51ae1fa8b8988602f56860cb90b00f38b82f3c1e1d101449c430ff77d9e38f30ed2704e8620419b28ced8d7933f0447c0e4e86a0678072c7dc3bf43adabd18bc5226bd7e1ec55bf1b779f227e54517252d919eee1ec6494fe3088235f8ac46b77888b6ebbf633da74371f0b9e014df6d4d993da3df5cf278205a43e468f48dca0faf1cc864ef8024aece48f36ded739b56deefd3380e2c851020f2ad80b6cef180fb2a24bbdf070e4d170c1a7a0eb4fdab1309cb2a4d3952ec58efc0c23696aa173de2ae878cd9fc1d6907f5542acea57786207c43859aecf1ca5715d78b3d92198434d83694960c1c4d7d8a23ca01af35fd6a5c98c38c0367b40cbb17559cc753d636ba94fe8ba6fc2635d27767dcef5f9b667cd94f843ec022e8195e9234e0c43801480d6f1be263572a5444cef4ac4c9f80a41e76c0012727e195776fa4b56834f447a11ff05f4092beb6ad234054b7164299b2e1e670407a280812794f2d1fbf7ad6342225f5be2537e13f5902b54d5bdaf19fa4ff535d44e03a9be57d91135119de28966320f449e97cc6fb807a6ed5d9f4bcc22d546af71d253b3cf00d4dd56393d68b25aff86c0893502c200257f3418a7e1247629a3a9464b415ffd1d7d6862b4f00fcb2669e943b9e157862bf71f2d5156a40bc91e26dbe6482090a03a324220c79c1f9c3b7c7f932c6d6407cb8fce7b5a67221a2c93aedf78d7eb69ba88862e31e92b2d5c7e8eee17bffd108bc46b94997590d94248d5440648baefebc37564facaa01047ebeeab15f90eff18111e8fc890231d3ba3d1214b0b797f9cf688f06a2b9e006de65846a01fd4bbaa290091d0b41b11179f31063a947a1778ed0f80931d66281e42a43f8a57ce31983c71d11e1c8cffd9a55c6987b3ca1c2cafafa0d3e0d21668477de5d4bac263c2d3828c5c55888033efedceb68885cc3e87a2a437875e8852d1445b660abe43555465713b57f694fe412183a0a809ad57e1805a11cc68a7f07b77c2e58581de2eb97741a3e34682437584f129894abd914effcb01d694e71046e3efa453386f08a283743adcfdcbf07ebb96e5a43c3c930f20ae977e0493ed28016085f99d9c6e9164dc4ba1cba17a7cdf121c885fa8cea686a7c4160df73185fb9067079fcd865a40c39c43c690e1b2c39a51aa18fc4ef4b269edc01fc1654b96e065de53fccf9ca933aa3134bb627511068e1caf24454a47ed92dd56122ce25786e8a38f31a42d766c6bd241410e36172b4722c84065c1bf3261aa587d1d5374f4bf6a96791cddc74ab97f32533ea487710dabcd17ce6160380eef91918e70dac3268301461013a255e8aa593d005db3b893db20c5cca8feb5af813f07ec603dd02f3414ed2a4";
Supposedly this decrypts all of the game files, PNGs, OGGs, and JSONs. I’m only interested in the System JSON since that’s where my settings are.
I pursued AES Decryption but this file does not mention an IV which I understand is needed.
I wrote this code in Python using the cryprography library, but without understanding what "decryptionSource" is, it doesn’t do anything.
decryprionSource is 4703 characters, isn’t it too big to be an IV?
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
import json
def decrypt_aes_cbc(file_path, key):
with open(file_path, 'rb') as file:
encrypted_data = file.read()
# There is no IV
iv = encrypted_data[:16]
ciphertext = encrypted_data[16:]
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend())
decryptor = cipher.decryptor()
decrypted_data = decryptor.update(ciphertext) + decryptor.finalize()
try:
decrypted_json = json.loads(decrypted_data.decode('utf-8'))
return decrypted_json
except json.JSONDecodeError as e:
print(f"Error decoding JSON: {e}")
return None
def main():
key = bytes.fromhex("02f3ffa287f78ba68c60f24f79c6fb18ce32b4ebaadac11af5ace8c67a50ae9f")
file_path = input("Enter the path to the AES encrypted JSON file: ")
decrypted_data = decrypt_aes_cbc(file_path, key)
if decrypted_data is not None:
print("nDecrypted JSON data:")
print(json.dumps(decrypted_data, indent=2))
if __name__ == "__main__":
main()
it prints :
ValueError: The length of the provided data is not a multiple of the block length.
All files are provided in this link if you want to review them:
https://drive.google.com/file/d/1BUzACflcfEtQk5Nf6V14h8S5gZRsof9N/view
What am I missing?
I tried converting from Shift JIS encoding to UTF-8 but it did not produce relevant data.
I tried to pursue AES decryption as hinted by the js file, but I do not know what to do with decryptionSource which is a key piece of information.
I’m new to all of this and just learned about AES encryption.
The key is a 64 hex so it must be 256-bit, I don’t know which AES mode to use so I’ll try all 6.
Edit:
I tried decrypting in python:
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
import binascii
def aes_decrypt(encrypted_data, aes_key):
# Decode hexadecimal encoded data
decoded_data = binascii.unhexlify(encrypted_data)
# Take the first 16 bytes as IV
iv = decoded_data[:16]
# Decode hexadecimal encoded AES key
key = binascii.unhexlify(aes_key)
# Create an AES cipher object mode cbc
cipher = AES.new(key, AES.MODE_CBC, iv)
# Decrypt the data and unpad
decrypted_data = unpad(cipher.decrypt(decoded_data[16:]), AES.block_size)
return decrypted_data.decode('utf_8')
#return decrypted_data
# Example data (replace with your actual data)
encrypted_data = "40b6b8e3d1f7b7128ecc16eae4702ff707e619c027744b8c55717e265516356dcbc3029ee1748978c8b13100f5c57352bb1e641a9104f037df0d65765d97e1997200d0fc41437c054bd6551b0b65ee0d53ac344f02ed6eaea3c4d24b0b667270c4c11593e4877c4dfd78ded0b8f35d6ceafec6d80ddec24f1653bf74d0b441f98e07529100845f4bff00bf96efa5307913a3fe5c87636ff1039a153a2ecb7ddf34500210292421715e4e063bf185afc22b21693260b638a4a395c1a87c3cc047e9acc5f59a1ca3144064cb6617f07bb6b357c4fe7c6ccbf9afee97efabf19397f7251702a6258a7aa42b704b238d27260930ec02f9451601360341018d4e2c34eb52cade8cb9b46738c369a6324f2e9603961bf81fb14a34f1db1e6f0b550024fd82eb0cfe556578f7b4e8d110b4bb2071f221d9bb024016afb1e7b09751ace8332a739570ef159b865da5a4a599052c7a31bcdbe7c728fc78fdec634baa68fec24bc26cd306bb32b42d9e78b69eed8ff011e86730436027ec3a60fca7bdc363192a10c46353ba45dc1bd476c2d004746a506e4539fac1b456a4aa36063ada89f682e3cb20076130d4c7041e2fa8bf1867f4c257f453332a39efc2a4463b8da5a1509e9016623d047226e2e6fb90b53b11c28e24938a41e0c88441b687e372de74939f10f16b4c892ab99f390b827efa70bed165619e8be33c29211c1f0bc8122e0addde18bff2afa2b54409c33f36bb480552bb5d9d293eb1cc10b8cd1029fc08464b31c7ffe85a3bd0334782b2561e21d8df4208ea0390ab5d3ea5913bbdd822ca1d9e3d291e8953c3e7742d414616e3e49058a6fb984059f14346de6d13a138b710ad03c9a85f353142e1b9f731ea8f0b7df601d949339a7b917362177e03f89610f757c1564b6a8a4450ccbc8f0e7a1f1b33e6c5817724e2a8e0187e00a8b28cc0ad9a789ae38bba0104919806813cfbbdba5afe880fc074e7f57e9518c9a5293dee4dc69c402a652a660eb40f2c19ea5cdfc947a78205fc792423c40e20565c98f8b0e86a5c4928c018ffa269d99398a92d8259d4a29f98841caa1f7f38afd7973c98572411b7136b4b46c0071814e951c712acebff3dc65dd3d51be7714c6e2b687cf1d5d3bd6af32e53b90ebd7c5d189fd7e08790b20f1c9483ea296b4997c90396736c8d3f4f49f39e948bc083b1a17977a6996d53f0b2ea5b8afa591b13487903762d8ea90f334d0e3c6ae6c9fe6be1a0e820ff9185fc10d469c7945d2f67f24e87fe0efa81e3eab7e35df5a17f4fd29a1a0803d77f0d381f8ef169c75a59133ab9b527bff464d999c5cf2ee3e26588c19577ff8b118e507886c575d7bf34a8d55f79772a2aa64987ebc43dfa3b6790d20fa54a4c2344c9647d987f9da268573a1f7ecad3df5013eff514d3142a63b6636cfeb0f3731a2770c053f77fa839bff6cdc4a8d1da5ccc6457f23c6d1db958086b029170c54c4f2d8658589dad998860f8bcaa06a59345f754943fb78384253c077e91959ef6c7f0e1862ea4e67dad3fd5de4ccf99c215837619c9173ee9645c59100fc718ee8b95782af73d1f952898cedb653c9090f5941f5f440968a0dcf26fa3a5b73715f7f379b7d793a22559bb00107b5f346175f4aaf27e2eac1a6a35b21ab246fb68b1d48eb949aa71932cab58eaaffcd29965d9dd6e068f13d23cbde334ccb0aa0a0724a7dba6162b4487066605ae3148575cdc13523f06713aa2642e121ccea6c28c750428bc170e7486b6c255f50064dac1080d591b26289138705837188abb240a2c34e1a4293dd8f294c31d763d83ec0833cea4633e23a863cd3a700af99e1dd7781d8cb2088857ab9620af005aa267e75422e65a55a377b9af96008adab10ae73c7c1020e2d2d4406e54eb2f4270013537138c19c3b6795f8785eb66ef3b0dcdce56ed17a1022d0362a6c9e9be6c3b23667a51ae1fa8b8988602f56860cb90b00f38b82f3c1e1d101449c430ff77d9e38f30ed2704e8620419b28ced8d7933f0447c0e4e86a0678072c7dc3bf43adabd18bc5226bd7e1ec55bf1b779f227e54517252d919eee1ec6494fe3088235f8ac46b77888b6ebbf633da74371f0b9e014df6d4d993da3df5cf278205a43e468f48dca0faf1cc864ef8024aece48f36ded739b56deefd3380e2c851020f2ad80b6cef180fb2a24bbdf070e4d170c1a7a0eb4fdab1309cb2a4d3952ec58efc0c23696aa173de2ae878cd9fc1d6907f5542acea57786207c43859aecf1ca5715d78b3d92198434d83694960c1c4d7d8a23ca01af35fd6a5c98c38c0367b40cbb17559cc753d636ba94fe8ba6fc2635d27767dcef5f9b667cd94f843ec022e8195e9234e0c43801480d6f1be263572a5444cef4ac4c9f80a41e76c0012727e195776fa4b56834f447a11ff05f4092beb6ad234054b7164299b2e1e670407a280812794f2d1fbf7ad6342225f5be2537e13f5902b54d5bdaf19fa4ff535d44e03a9be57d91135119de28966320f449e97cc6fb807a6ed5d9f4bcc22d546af71d253b3cf00d4dd56393d68b25aff86c0893502c200257f3418a7e1247629a3a9464b415ffd1d7d6862b4f00fcb2669e943b9e157862bf71f2d5156a40bc91e26dbe6482090a03a324220c79c1f9c3b7c7f932c6d6407cb8fce7b5a67221a2c93aedf78d7eb69ba88862e31e92b2d5c7e8eee17bffd108bc46b94997590d94248d5440648baefebc37564facaa01047ebeeab15f90eff18111e8fc890231d3ba3d1214b0b797f9cf688f06a2b9e006de65846a01fd4bbaa290091d0b41b11179f31063a947a1778ed0f80931d66281e42a43f8a57ce31983c71d11e1c8cffd9a55c6987b3ca1c2cafafa0d3e0d21668477de5d4bac263c2d3828c5c55888033efedceb68885cc3e87a2a437875e8852d1445b660abe43555465713b57f694fe412183a0a809ad57e1805a11cc68a7f07b77c2e58581de2eb97741a3e34682437584f129894abd914effcb01d694e71046e3efa453386f08a283743adcfdcbf07ebb96e5a43c3c930f20ae977e0493ed28016085f99d9c6e9164dc4ba1cba17a7cdf121c885fa8cea686a7c4160df73185fb9067079fcd865a40c39c43c690e1b2c39a51aa18fc4ef4b269edc01fc1654b96e065de53fccf9ca933aa3134bb627511068e1caf24454a47ed92dd56122ce25786e8a38f31a42d766c6bd241410e36172b4722c84065c1bf3261aa587d1d5374f4bf6a96791cddc74ab97f32533ea487710dabcd17ce6160380eef91918e70dac3268301461013a255e8aa593d005db3b893db20c5cca8feb5af813f07ec603dd02f3414ed2a4"
aes_key = "02f3ffa287f78ba68c60f24f79c6fb18ce32b4ebaadac11af5ace8c67a50ae9f"
# Decrypt and print the result
decrypted_result = aes_decrypt(encrypted_data, aes_key)
print("Decrypted Data:", decrypted_result)
it prints errors that vary based on the encoding used,
UnicodeDecodeError: 'utf-32-le' codec can't decode bytes in position 0-3: code point not in range(0x110000)
UnicodeDecodeError: 'utf-16-le' codec can't decode bytes in position 10-11: illegal UTF-16 surrogate
UnicodeDecodeError: 'shift_jis' codec can't decode byte 0xfb in position 6: illegal multibyte sequence
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xda in position 0: invalid continuation byte
@Topaco theorizes this is due to a corrupted block of data.
All files are provided in this link if you want to review them:
https://drive.google.com/file/d/1BUzACflcfEtQk5Nf6V14h8S5gZRsof9N/view
What am I missing?
My assumptions:
-Picked Hex over Base64, discussed with @MaartenBodewes
-Using CBC mode of operation
-That the data is PKCS7 padded and needs "unpad(”)"
I’m new to all of this and just learned about AES encryption.
Keeping the other question for posterity.
2
Answers
Decryption of ciphertext from Decryption.js
Since the IV is required for decryption and is not a secret, it is common practice to concatenate IV and ciphertext in the order
IV|ciphertext
. Lacking more detailed information on the algorithm, it is reasonable to first assume the same in this case.The Python code posted in the Edit section does exactly this. Key and ciphertext appear to be hex encoded and are hex decoded accordingly in the Python code.
The result of the decryption confirms the assumptions made: Apart from the first block, the plaintext is a byte sequence that is UTF-8 decodable. In this way, around 1-(16 bytes/2344 bytes) = 99 % of the ciphertext can be successfully decrypted. The UTF-8 decoded plaintext (from the second block onwards) is:
Regarding the other encodings you tested, UTF-16LE, UTF-32LE and Shift JIS, the decrypted data is not compatible with any of them, which is in accordance with the error messages you observed.
As already mentioned, the first block is not UTF-8 compliant (see section Corruption of first block for this). Therefore, in the Python code, the first block must not be UTF-8 decoded, otherwise the UnicodeDecodeError: ‘utf-8’ codec can’t decode… error message would be thrown, in accordance with your observation.
To exclude the first block from the UTF-8 decoding, the following change in the Python code is necessary:
return decrypted_data[16:].decode('utf_8')
.Verification of decryption
The encryption used (AES/CBC without MAC) does not allow any authentication of the data, so that only indirect conclusions can be drawn as to whether the decryption was successful and the assumptions made (AES, CBC, PKCS#7 padding, hex encoding of key and data) were correct.
Nevertheless, it can be assumed with a probability bordering on certainty that the decryption is correct (except for the first block). In the event of incorrect decryption, the result would resemble a random byte sequence. However, this is not the case here, as the data represents valid UTF-8 byte sequences.
The padding bytes also support this. These consist of 8 times 0x08 bytes, which corresponds to a valid PKCS#7 padding (a random generation of such a byte sequence has a probability bordering on zero).
It is striking that the plaintext contains many meaningless alphanumeric sequences. These are not an indication of a faulty decryption, as the latter would not lead to alternating meaningful and meaningless sequences, but would result in a single random byte sequence (which cannot be decoded with a charset encoding like UTF-8). We can only speculate about the meaningless byte sequences of the decrypted data; they may have their origin in an obfuscation of the plaintext that took place before the encryption.
Corruption of first block
The first block is hex encoded 0xda7cae2dbb12fb4faa867ed8ab8ee554, which can e.g. be determined with the following change in the Python code:
return decrypted_data[:16].hex()
.This byte sequence is not UTF-8 compatible, which indicates a corrupted block with regard to the rest of the data. Corruption of the first block in CBC mode is an indication that the IV is not correct. Another possibility is that the first block of the actual ciphertext is corrupted.
A wrong IV means that the IV itself is corrupted or simply that the assumption of the concatenation (
IV|ciphertext
) is wrong.The concatenation is ultimately only a convention. It would also be conceivable to have a constant IV (although insecure) of unknown value or that the first block is only used to derive the actual IV in some manner. The latter would be unusual, but cannot be ruled out (unusual, because the easiest way with reasonable security is to generate a random IV and pass it directly with the ciphertext instead of a cumbersome and unnecessary derivation).
Unfortunately, without knowing the plaintext of the first block, there is no way to determine the correct IV on the basis of the known data (at least not without reasonable effort). Therefore, it must ultimately be stated that the information posted in the question is not sufficient to determine the correct IV or the algorithm to derive it.
Overall objective
The overall goal of this question is to decrypt the encrypted System.json file, which is hex encoded:
When this file is loaded with a hex editor, it becomes apparent that the data as a whole does not resemble a random byte sequence, more precisely there are regions in between in which the same patterns, e.g. 0x92D0185290D8125098D21058 or 0x1D41AB87EF5991D51743A38DED519BD71F49A185E75393DD, are repeated many times. This is not compatible with a ciphertext generated with AES/CBC.
However, it is still possible that the ciphertext (or even several ciphertexts) is embedded somewhere in this data. In order to be able to say more here, it is necessary to obtain information about the structure of such a file, which unfortunately is not available.
So, it can be practically ruled out that the file as a whole represents a ciphertext and that a decryption of this supposed ciphertext would be successful with AES/CBC.
It should also be kept in mind that even if a ciphertext could be extracted from the file, it is unclear which key to use or which algorithm. There is no compelling reason that the data can be decrypted with the key from the Decryption.js file (0x02f3…) or the AES/CBC algorithm (at least there is no compelling reason from the information posted).
What information is needed to fully answer the question without guessing?
With regard to the first part, it would be important to know which IV is used or how it can be derived. Instead of the IV, the plaintext of the first block would also be sufficient, because the IV can be calculated from key, plaintext and ciphertext.
With regard to the second part, it would be important to know the structure of the System.json file, which encryption algorithm is used and which key is required for decryption.
The most ideal way to answer both parts is the corresponding documentation or alternatively the source code that creates the ciphertext contained in the Decryption.json file and that generates the System.json file, respectively.
I know the game you’re trying to decrypt.
Is there some way I can contact you? You’re going nowhere with that file.