Alice Averlong🏳️⚧️fun fact:
This game I'm trying to reverse engineer defines one thousand, one hundred, and fifteen v-tables!
second fun fact:
I'M ABOUT TO PULL OUT ALL MY HAIR
on the positive side, I think I've discovered built-in modding capability that's gone unnoticed for 13 years
I've moved on to ADVANCED reverse engineering techniques.
I emailed the company that made the game asking them for the specs/SDK for their engine.
oh sweet lord this code uses TEMPLATES.
like C++ reverse engineering isn't bad enough, now I have to deal with TEMPLATES?
like C++ reverse engineering isn't bad enough, now I have to deal with TEMPLATES?
vtables, templates, and a compiler that aggressively inlines.
this is SO MUCH FUN
this is SO MUCH FUN
OH GOODY they have a sentinel value in their vector implementation.
is it NULL?
nope. it's '#EOF'. as a pointer.
(void*)0x23454f46
This is safer than it sounds: The Wii's virtual addresses are in the 0x80000000 - 0xD3FFFFFF range, with 32 kb of registers up in 0xCD000000.
Nothing is ever mapped at 0x23000000.
I want to ask the developers so many things.
like why they're calling getBinaryData on a GuiAssetProvider (and providing a GuiResourceLock) to load a TEXT FILE.
like why they're calling getBinaryData on a GuiAssetProvider (and providing a GuiResourceLock) to load a TEXT FILE.
I wonder if there's a way to get a zlib chunk to compress into a specific size. like a harmless way to pad it out? because otherwise I'm gonna have to figure out some more info about the format of these bundles, as any changes I make will make the file-regions change size.
turns out to be a non-issue. I modified the data to have more redundancy (overwrote one filename with another) and now it got bigger
what
it's mocking me. I swapped "classic" for "hawaii" and it got 2 bytes bigger.
so I tried "ny" instead. much shorter!
now the file is 6 bytes bigger.
so I tried "ny" instead. much shorter!
now the file is 6 bytes bigger.
boo. patching doesn't seem to work.
I'll have to understand the BundleManager system a lot better to figure out why that is, or if I am simply wrong. Anyways, I can always patch the files on the disc.
hot take: if "(int*)(this + 0x56990)" ever appears in the decompiled code, YOUR CLASS IS WAY TOO FUCKING BIG
ugh. I think I found an ad-hoc CRC function and a bloom filter. aka NOTHING THAT'S GONNA BE FUN TO REVERSE
and the CRC function matches the one from this CTF challenge.
what the heck. did someone put reverse engineering in my reverse engineering?
I changed one register during boot to enable debugging, and it crashed the game and then my emulator.
10 out of 10, would recommend again
10 out of 10, would recommend again
hacking on big-endian code/data after so long on little-endian is weird.
why are the numbers in the right order? that's wrong. they're supposed to be all backwards!
why are the numbers in the right order? that's wrong. they're supposed to be all backwards!
wait does this really store chunk sizes as 24-bit integers in actual-size-minus-1 form?
I've got the decoded puzzles open in my text editor and IT ASKS TOO MANY QUESTIONS
found a clever thing they're doing. They have a virtualized filesystem, where multiple bundle files are mounted, and files are located in a reverse-added order. But they subclassed the bundle method so that instead of a filename, you can set up a bundle backed by a pointer+length.
why are they doing this?
because one of the bundles is statically compiled into the executable itself. They just do BundleManager::mountBundle(INTERNAL_BUNDLE_STRING,INTERNAL_BUNDLE_LENGTH);
because one of the bundles is statically compiled into the executable itself. They just do BundleManager::mountBundle(INTERNAL_BUNDLE_STRING,INTERNAL_BUNDLE_LENGTH);
wait why is there a method on the App class to parse commandline tokens.
this is a Wii game.
what command line?
Chris [list of emoji]What're the odds on this turning out to be written in some weird in-house Lisp that compiles to C++?
pie@foone All of these are *excellent* euphemisms for masturbation.
Doug Sheppard@foone Ah, that classic improv game.
🇺🇦 haxadecimal 🚫👑@foone PLAYING THE PIANO?? And I suppose YOU'D rather be PRACTICING!
- Seargent Major to cadets, Monty Python's _The Meaning of Life_
https://www.youtube.com/watch?v=ucgU2DJlBiw
- Seargent Major to cadets, Monty Python's _The Meaning of Life_
https://www.youtube.com/watch?v=ucgU2DJlBiw
The Meaning of Life (6/11) Movie CLIP - Would Rather Be Elsewhere (1983) HD
Siph@foone I think we should start making middle-endianness a thing to accommodate everyone
@Siph I agree. I'm tired of the big/little binary.
Bob Eager@foone You should try writing a compiler targeted at a big endian architecture, on a little endian architecture.
@foone It's only one bit I changed! It couldn't matter *that* much! Why doesn't it worrrrrk?
Andy Cooper@foone They had heard that you liked it afterall.
The Doctor
Mirah Image 
🍉@foone simple separation of concerns. This class' concern is the entire program
mirabilos@foone hey it still fits into conventional memory if your
CONFIG.SYS doesn’t load too many drivers… 😹
Ryu Raccoon@foone that's insane. The worst I had was a class hitting a 64k limit when adding a bunch of logging support. This ran in the 80286 protected mode. The os, OS/2 was odd that many drivers were still 16-bit while the OS was 32-bit.
𒀭𒂗𒆠 ENKI ][e@foone
Does... does it have a journal?
Does... does it have a journal?
@foone try "Montana," that'll tell you whether it's growing based on population or land area.
Jamey Sharp@foone Even if you don't need it, I got curious. So if you do end up needing to pad the compressed data, and if it's a gzip file rather than raw deflate, I've noticed that the spec allows you to put as many bytes as you want in either the "filename" or "comment" fields. They're just zero-terminated, and they're at the beginning of the file so you don't have to deal with the actual compressed encoding.
Geoffrey Irving@foone Presumably you could add gunk into the Huffman tree to get extra length?
Ryan Castellucci (they/them) 
@foone Abusing Z_SYNC_FLUSH and/or Z_FULL_FLUSH should work. Doing cursed things with data compression is one of my hobbies.
Michał "rysiek" Woźniak · 🇺🇦@foone "it seemed like a good idea back then"
Alexander The 1st@foone Is there context to the text file contents? Like, is it localization, subtitles, or something Unicode specific?
@AT1ST it's puzzles to be used in the game. not localized in this version.
Very Human Robot@foone that's how the junior guy saw a file being loaded in another place, so that's what got copy pasted?
William D. Jones@[email protected] 0x23? Why not 0x24, 0x25, or a bunch of other numbers? :o
Athena L.M.
Sora5084@foone Nope... nope... nope... 
Well... it's stuff I would have commited 15-20 years ago while being 'smart'... But after meeting the purgatory that undefined behaviour is and modern compiler's "there is no UB" optimizations... *hides under the desk holding a ruler for dear life* 
Hexorg@foone that cute though
The cat who walks thru walls@foone The compiler:
"All I need is a large template,
Three tables, and the truth.
All I need is a large template,
The rest is up to you."
"All I need is a large template,
Three tables, and the truth.
All I need is a large template,
The rest is up to you."
endrift 🏳️⚧️@foone that explains why there were so many vtables
@endrift the scary thing is that it doesn't.
I haven't found any vtables for templated classes yet
I haven't found any vtables for templated classes yet
Graham Sutherland / Polynomial@foone this is what pops into my head every time I see C++ templates
https://getyarn.io/yarn-clip/fe8a32c9-a763-40e1-aa8f-007f2a7b8fb9
♪ Templates ♪
Lexi of the Night@foone C++ templates are at least somewhat reasonable to follow … have you seen Guice injection in Java…?
SpeakerToManagers@foone
Hope your debugger can handle 512 character mangled symbol names.
Hope your debugger can handle 512 character mangled symbol names.
Mike Mol@foone called it!