global-metadata.dat encryption changed? #1
Description
So I tried to follow the blog post you linked and think I have been successful at locating the LoadMetadataFile function using the "ERROR: Could not open %s" string.
Based on the Python script that doesn't work at all anymore, I have to assume the decryption changed again. Because I wasn't able to find that unique decryption key your script used. I found a lot of XOR operations inside the function calls after the LoadMetadataFile function call (MetadataFile = (_DWORD *)LoadMetadataFile((_BYTE *)(v5 + 16));).
Wouldn't it be smarter to find a spot in the decryption process where we can assume the decryption has finished doing its job, placing a breakpoint there, and then dumping the buffer from memory to disk to hopefully get a fully restored global-metadata.dat file? I sure think so. Could you help me achieve that? Your website is down and I can't join the Discord Server for the potential updates because of this.