The Format
ODL version 1 = v17.3.6673.1011 - v17.3.6998.0830
ODL version 2 = v17.3.7010.0912 - v23.176.0822.0002
ODL version 3 = v23.180.0828.0001 +
With a bit of reverse engineering, the header format is worked out as follows:
struct {
char signature[8]; // EBFGONED
uint32 odl_version; // value seen = 1
uint32 unknown2;
uint64 unknown3; // value seen = 0
uint32 unknown4; // value seen = 1
char one_drive_version[0x44];
} Odl_header_v1;
struct {
char signature[8]; // EBFGONED
uint32 odl_version; // value seen = 2 or 3
uint32 unknown2;
uint64 unknown3; // value seen = 0
uint32 unknown4; // value seen = 1
char one_drive_version[0x40];
char os_version[0x40];
byte reserved[0x64];
} Odl_header_v2_v3;
The structures for the data blocks are as follows:
struct {
uint32 signature; // CCDDEEFF
uint16 context_data_len;
uint16 unknown_flag;
uint64 timestamp; // Unix Millisecond time
uint32 unk1;
uint32 unk2;
uint128 unk3_guid[16];
uint32 unk4;
uint32 unk5; // mostly 1
uint32 data_len;
uint32 unk6; // mostly 0
byte data[data_len];
} Data_block_v1_v2;
struct {
uint32 signature; // CCDDEEFF
uint16 context_data_len;
uint16 unknown_flag;
uint64 timestamp; // Unix Millisecond time
uint32 unk1;
uint32 unk2;
uint32 data_len;
uint32 unk3;
byte data[data_len];
union {
struct {
char context_data[context_data_len]; // Variable length
} context;
struct {
uint128 unk1_guid[16];
uint32 unk2;
uint32 unk3;
} guid;
} Data_block_extended;
} Data_block_v3;
The structure for the data are as follows:
struct {
uint32 code_file_name_len;
char code_file_name[code_file_name_len];
uint32 flags;
uint32 code_function_name_len;
char code_function_name[code_function_name_len];
byte parameters[];
} Data_v1_v2_v3;
No comments:
Post a Comment