Introduction TalesRunner , the chaotic and beloved arcade-style runner game developed by Rhaon Entertainment and published by Nowcom (and later Papaya Play), has maintained a dedicated modding community for nearly two decades. At the heart of any attempt to customize, translate, or reverse engineer the game lies a single technical hurdle: the TalesRunner PKG file .
# TalesRunner PKG unpack script for QuickBMS # Supports XOR obfuscation and LZSS decompression get NAME basename string NAME + "_unpacked/" set MEMORY_FILE string "" comtype lzss talesrunner pkg unpack
open FDDE PKG 0 get FILES long for i = 0 < FILES get OFFSET long get ZSIZE long get SIZE long get NAMELEN byte getdstring FNAM NAMELEN # XOR decryption key 0x79 encryption xor "0x79" clog NAME+FNAM OFFSET ZSIZE SIZE next i Only when you encounter modern, encrypted PKGs should
import struct import os from Crypto.Cipher import AES def unpack_talesrunner_pkg(pkg_path, output_dir): with open(pkg_path, 'rb') as f: header = f.read(4) if header != b'PKG\x00': raise ValueError("Invalid PKG signature") The world of assets and code hidden inside is waiting
Start with QuickBMS and a known-good script. Only when you encounter modern, encrypted PKGs should you dive into Python or C++ custom extractors. And always remember: the skills you gain from this process—binary parsing, cryptographic reversals, compression algorithms—apply far beyond a single game.
Locate your TalesRunner installation, backup the data001.pkg file, and run QuickBMS with a community script. The world of assets and code hidden inside is waiting. This article is for educational purposes only. The author does not condone cheating or piracy. Always respect the game’s terms of service and copyright laws.
# Read file table file_count = struct.unpack('<I', f.read(4))[0] entries = [] for _ in range(file_count): offset = struct.unpack('<I', f.read(4))[0] zsize = struct.unpack('<I', f.read(4))[0] size = struct.unpack('<I', f.read(4))[0] name_len = struct.unpack('B', f.read(1))[0] name = f.read(name_len).decode('utf-8') entries.append((name, offset, zsize, size)) # AES decryption (example key - replace with actual) cipher = AES.new(b'your_aes_key_16b', AES.MODE_ECB) for name, offset, zsize, size in entries: f.seek(offset) enc_data = f.read(zsize) dec_data = cipher.decrypt(enc_data) # Decompress if needed (LZSS, zlib) out_path = os.path.join(output_dir, name) os.makedirs(os.path.dirname(out_path), exist_ok=True) with open(out_path, 'wb') as out: out.write(dec_data[:size]) if == ' main ': unpack_talesrunner_pkg('data001.pkg', './extracted')