Reach map files have a hash in them which is computed based on the data in the file header. This is kinda irrelevant since Zedd's XEX patches disable the header signature checks, but I figure I'd document this anyway because he asked me about it today. Here's some quick info on how to update the hash that's computed on the map header.
First, you need to prepare the header by removing certain bits of data. Make a copy of the first 0xA000 bytes (header) of the map file. Then, zero out the following areas of the header:
- 4 bytes at 0x320
- 8 bytes at 0x328
- 0x3C bytes at 0x330
- 0x100 bytes at 0x36C
- 0x100 bytes at 0x1C
- 4 bytes at 0x144
- 4 bytes at 0x148
- 4 bytes at 0x16C
- 4 bytes at 0x170
- 0x18 bytes at 0x174
- 4 bytes at 0x49C
- 4 bytes at 0x4A0
- 4 bytes at 0x4A4
- 4 bytes at 0x4A8
Next, you need to salt the hash. Put the following data at the beginning of the header you prepared:
ED D4 30 09 66 6D 5C 4A 5C 36 57 FA B4 0E 02 2F 53 5A C6 C9 EE 47 1F 01 F1 A4 47 56 B7 71 4F 1C 36 EC
Finally, compute a SHA-1 checksum over your modified header (this should be 0xA022 bytes after adding the salt). The new hash goes at offset 0x330.
So yeah. While not too useful, I suppose this could be used to help map out unknown parts of the header based on the offsets that get zeroed. I'm also pretty sure that more hashes would have to be updated and not just that one, because cache files have at least three hashes in the header.
Anyway, there you go. Have fun.