Introduction

Oftentimes, when exploring Unreal Engine games using FModel, you’ll encounter a few different roadblocks stopping you from opening game files properly.

This post is going to be a short introduction on what role Mappings & AES Keys play within Unreal Engine, how you can retrieve them, and feed them to FModel to parse and datamine game assets.

Mappings

Mapping Files are a community-created format, designed to solve a specific problem when datamining or modding Unreal Engine games.

When a developer ships an Unreal Engine game, they can choose to use something called Unversioned Property Serialization - An optimisation technique that effectively strips the property names, type tags, and other data from game assets. This is great for debloating and optimising the size of your game, but when using tools like FModel or UAsset, this becomes a problem as they have no way of parsing the game files since all game data is suddenly unlabelled.

The fix is, as you might’ve guessed, mapping files.

A .usmap file solves all of this by providing an external schema of the game’s class and struct definitions, property names, and other missing data. FModel can load this schema ahead of parsing the game’s assets, allowing it to correctly label and read whatever data you might be looking at.

AES Keys

AES Keys are effectively used for encryption. Some Unreal games will have hard-coded AES Keys inside of their binary file which allows them to decrypt the game assets during runtime. If you’re on the outside, however, missing this key renders the game files effectively useless. You can’t read or decrypt them correctly, meaning no game files for you.

The good part about AES Keys being hard-coded is that they never change, and they’re usually located around an easily identifiable region of the game’s executable.

Extracting AES Keys

The process here is pretty straightforward. Head over to the AESDumpster GitHub and grab the latest release.

Once you’ve got it, the only thing left to do is find the right executable for your game. You’re looking for the largest .exe file - this is the main game binary where the key will be hard-coded. It’ll typically live somewhere along the lines of:

GameName/Developer/Binaries/Win64/Game.exe

With that found, simply drag and drop the executable directly onto AESDumpster.exe. It’ll run through the binary and automatically extract any AES key candidates it finds.

You’ll usually end up with one or more candidates - if there are multiple, you can test them inside FModel directly. Load up your game’s files in FModel, and under Directory, paste the key into the AES Field. If the pak files load and you can see assets, you’ve got the right one.

Extracting Mappings

This one requires a little more setup, but it’s not too bad once you’ve done it once.

Compiling Dumper-7

Start by cloning or downloading Dumper-7 from GitHub. You’ll need to build it yourself to get the DLL. (I won’t go over that in this post, sorryyy)

Once compiled, you should have a .DLL file ready to go.

Injecting into the Game

With the DLL ready, boot up the game you’re targeting. We’ll use System Informer in this write-up to inject the DLL into the game’s process.

In System Informer:

  1. Find the game’s process in the list
  2. Double-click it -> Modules -> Options -> Load Module
  3. Find and select your compiled Dumper-7.dll

Once injected, Dumper-7 will pop open a terminal where it’ll start generating an SDK for the game. The mapping file we need will also be generated alongside it.

By default, the output will usually land in C:/Dumper-7/ - From there, inside of the Mappings folder of Dumper-7’s output, you’ll find your .usmap file which you can load up in FModel under the Settings tab, and by enabling Local Mapping File.

Tools Used