Alice Averlong🏳️⚧️and the CRC function matches the one from this CTF challenge.
what the heck. did someone put reverse engineering in my reverse engineering?
I changed one register during boot to enable debugging, and it crashed the game and then my emulator.
10 out of 10, would recommend again
10 out of 10, would recommend again
hacking on big-endian code/data after so long on little-endian is weird.
why are the numbers in the right order? that's wrong. they're supposed to be all backwards!
why are the numbers in the right order? that's wrong. they're supposed to be all backwards!
wait does this really store chunk sizes as 24-bit integers in actual-size-minus-1 form?
I've got the decoded puzzles open in my text editor and IT ASKS TOO MANY QUESTIONS
found a clever thing they're doing. They have a virtualized filesystem, where multiple bundle files are mounted, and files are located in a reverse-added order. But they subclassed the bundle method so that instead of a filename, you can set up a bundle backed by a pointer+length.
why are they doing this?
because one of the bundles is statically compiled into the executable itself. They just do BundleManager::mountBundle(INTERNAL_BUNDLE_STRING,INTERNAL_BUNDLE_LENGTH);
because one of the bundles is statically compiled into the executable itself. They just do BundleManager::mountBundle(INTERNAL_BUNDLE_STRING,INTERNAL_BUNDLE_LENGTH);
wait why is there a method on the App class to parse commandline tokens.
this is a Wii game.
what command line?
OH LOOK another case of magical sentinel pointers.
they just checked to see if a pointer was 0xBADBEEF.
LEARN TO USE NULLS
and I'm not even going to touch the virtual machine. it appears to be stack based, and it's very complicated.
also I did some more spelunking, and the getBinaryData method is literally only ever used to load text files.
I found where the engine lists all the file types, and they're specified with SUSPICIOUSLY win32 filter strings.
I wonder if they copy-pasted this out of some tool they used to build their files?
I kinda wonder if they generated this code out of some non-C++ language with a poor optimizer.
Everything has a vtable. Even classes where there's no subclasses, and there's only ever one object, because it's a big magical global singleton.
YOU DON'T NEED VIRTUAL FUNCTIONS WHEN THERE'S ONLY ONE OBJECT THAT NEVER CHANGES
also while I'm at it, when you call a function called "resolveName" that returns a pointer, you shouldn't have to check the result against both NULL and -1. Something went wrong if you think -1 is a valid pointer.
20 ::mbinary_search functions and no ::nonbinary_search. sad.
(hard mode: there's no templates here. they seriously wrote 20 variants on their binary-search algorithm)
okay yeah they DEFINITELY built this game on top of a cross-platform engine (their own, I believe).
I just found a function for getting the state of the mouse-wheel.
On a wii.
NOW LOOK, TECHNICALL YOU CAN PLUG A MOUSE INTO A WII, YES.
BUT WHY WOULD A GAME BOTHER TO SUPPORT IT?
The same developer did make a game for the PC the year before, but it's GONE.
Like, the only hits are wikipedia and the linked-in page for the project manager.
Like, the only hits are wikipedia and the linked-in page for the project manager.
But the internet archive helps! Apparently this wasn't even exactly a game, it was some kind of training tool? interesting.
yeah I think wikipedia has the wrong title for this game. It's GeoStorm, not Geo-Storm.
Not that it helps.
I'm guessing this game didn't come out. All the info is from that one page and resumes of people who worked on it.
Not that it helps.
I'm guessing this game didn't come out. All the info is from that one page and resumes of people who worked on it.
mind you if it was an internal training tool, why would it need to come out?
anyway I just did some checking. So the wii version has bundles that start with
"Pipeworks bundle v1.20 (big endian)".
Guess what the xbox 360 version says?
"Pipeworks bundle v1.30 (big endian)"!
"Pipeworks bundle v1.20 (big endian)".
Guess what the xbox 360 version says?
"Pipeworks bundle v1.30 (big endian)"!
And it's using the same script/VM system.
The Wii version is v3.01, xbox360 is v3.81.
The Wii version is v3.01, xbox360 is v3.81.
oh hey, it turns out one of their next windows games (from 6 years after the wii game, and 4 after the xbox 360 game) is free to play on steam. Time to download 5gb of game I have no interest in playing just to look at some data files!
Nope. It's unreal engine.
Also, I accidentally launched it, and it has a broken EULA. You can't decline it, it just tells you to accept before you can continue. I'm not trying to continue, I'm trying to QUIT
grabbed another 2009 game for the wii: "Pipeworks bundle v1.03 (big endian)".
JUST HOW DEEP DOES THIS RABBITHOLE GO? AM I GOING TO HAVE TO BECOME THE OFFICIAL EXPERT ON THE PIPEWORKS ENGINE?
Another 2008 game: Pipeworks bundle v1.03 (big endian).
let's see. They released a gamecube game back in 2002. is that Pipeworks v0.01?
at least there's no references to it in the 2001 Palm OS game demo that was on tucows
"Pipeworks Bundle File version 1.18"
WHAT?
Why is the 2002 GameCube game showing versions that are newer than the 2009 games?
looks like their distinctive engine isn't in use for their DS game Godzilla Unleashed - Double Smash (2007)
but it is used for the wii games Charm Girls Club: Pajama Party (2009) and Merv Griffin's Crosswords (2008)
ugh. I'm gonna have to set up a wiki page for this.
in addition to the one on Wikipedia, which needs fixing
in addition to the one on Wikipedia, which needs fixing
Monopoly (2010) for the PSP:
"Pipeworks bundle v1.13 (little endian)"
Yep.
checking Wii U games is harder.
Their Wii U port of Wheel of Fortune is "Pipeworks bundle v1.30 (big endian)".
Their Wii U port of Wheel of Fortune is "Pipeworks bundle v1.30 (big endian)".
they made a free-to-play match-three game with a Godzilla license in 2014. Let's check...
Nope, unity.
Boogie for the PS2 (2007): "Pipeworks Bundle File version 1.4"
Night at the Museum: Battle of the Smithsonian, 2009, Wii:
"Pipeworks bundle v1.03 (big endian)"
Godzilla: Unleashed, 2007, wii:
"Pipeworks Bundle File version 1.4"
I suspect this game doesn't use the whole engine, and may just use the bundle files. It has a non-standard layout.
One similar to Destroy All Monsters Melee, in fact, which makes me think they reused some code.
NHRA Drag Racing - Countdown to the Championship, 2007, PSP:
"Pipeworks Bundle File version 1.4"
"Pipeworks Bundle File version 1.4"
I'm definitely going to need to do more research to figure out which ones of these are really using "Pipeworks engine" vs which ones are just reusing their bundle format.
oh hey it's not just games.
uDraw Studio: Instant Artist, 2009, Wii:
"Pipeworks bundle v1.30 (big endian)"
uDraw Studio: Instant Artist, 2009, Wii:
"Pipeworks bundle v1.30 (big endian)"
interestingly, PRINCE OF PERSIA RIVAL SWORDS (2007), wii, seems to be no. Completely different internal structure.
oh, probably because they just handled porting it. Ubisoft made the PSP version.
I grabbed the wrong Zumba game for Wii (there's FIVE), but if anyone wants to try hacking Zumba Fitness Core by 2012, it shouldn't be hard: the game is scripted in unencrypted Lua files.
Wreck-It Ralph (2012, Wii) seems to be a new engine. Not Pipeworks
Godzilla: Save the Earth (2004), for PS2, uses "Pipeworks Bundle File version 1.3".
1.3! This is the earliest game I've seen using Pipeworks, and it's got a surprisingly late version number. Weird!
okay now I've got the right Zumba game. Zumba Fitness, 2010, Wii:
"Pipeworks bundle v1.20 (big endian)"
"Pipeworks bundle v1.20 (big endian)"
I found a reference on their 2003 homepage that their Destroy All Monsters game uses the "Spigot Engine".
I don't think that's the same engine as what I've been calling "Pipeworks".
I don't think that's the same engine as what I've been calling "Pipeworks".
I'm going through assorted linkedins. Looking for someone saying "I used to work at Pipeworks on the Foobar engine".
The closest I've seen is Terry Fernham, who says they were "[r]esponsible for tools and technology included in the core custom game engine on multiple platforms."
The closest I've seen is Terry Fernham, who says they were "[r]esponsible for tools and technology included in the core custom game engine on multiple platforms."
I guess I'm gonna call it Pipeworks Core for now.
oh huh! According to the 2011 version of their website, they helped develop part of the Xbox and Xbox 360 boot roms. Neato.
yeah. Nothing. Just "internal" and "custom" and "core".
Spigot. I think it's still called Spigot.
Ian Sabine's linked-in said he "Maintained and updated Spigot engine".
He's credited on Charm Girls Club: Pajama Party, Jeopardy, and Wheel of Fortune, all of which use the same engine.
Ian Sabine's linked-in said he "Maintained and updated Spigot engine".
He's credited on Charm Girls Club: Pajama Party, Jeopardy, and Wheel of Fortune, all of which use the same engine.
for what it's worth, there's no references to Spigot in the executable that I can find, and this thing is positively lousy with debugging metadata and strings.
there is a reference to something called the RockNRoll engine, but I'm pretty sure that's just the collision engine.
interesting find: the "Colossal Kaiju Combat" games licensed the Spigot engine from Pipeworks. So if they are showing some of the same files, then it's gotta be Spigot.
Time to find out. 5$ to find out
"Pipeworks bundle v1.30 (little endian)"
It's got the .pvd/.pvm files and everything.
This is 100% the same engine.
THIS IS FUCKING SPIGOT
Esi@foone DICK.B*ttS*xF*ck
dmi 💽 @foone consider: 1.20 is actually... 20, not 2. this would check out!
Daniele Pantaleo 🦥
@foone Just Dance Wii has 14 entries.
Just sayin'
@foone oh! sounds fun! also absolutely not