fun fact:
This game I'm trying to reverse engineer defines one thousand, one hundred, and fifteen v-tables!
second fun fact:
I'M ABOUT TO PULL OUT ALL MY HAIR
Conversation
Notices
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:50 JST 
Foone🏳️⚧️
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:41 JST
Foone🏳️⚧️
hot take: if "(int*)(this + 0x56990)" ever appears in the decompiled code, YOUR CLASS IS WAY TOO FUCKING BIG
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:42 JST
Foone🏳️⚧️
boo. patching doesn't seem to work.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:42 JST
Foone🏳️⚧️
I'll have to understand the BundleManager system a lot better to figure out why that is, or if I am simply wrong. Anyways, I can always patch the files on the disc.
Adrian Cochrane repeated this. -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:43 JST
Foone🏳️⚧️
it's mocking me. I swapped "classic" for "hawaii" and it got 2 bytes bigger.
so I tried "ny" instead. much shorter!
now the file is 6 bytes bigger. -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:44 JST
Foone🏳️⚧️
I wonder if there's a way to get a zlib chunk to compress into a specific size. like a harmless way to pad it out? because otherwise I'm gonna have to figure out some more info about the format of these bundles, as any changes I make will make the file-regions change size.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:44 JST
Foone🏳️⚧️
turns out to be a non-issue. I modified the data to have more redundancy (overwrote one filename with another) and now it got bigger
what
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:45 JST
Foone🏳️⚧️
I want to ask the developers so many things.
like why they're calling getBinaryData on a GuiAssetProvider (and providing a GuiResourceLock) to load a TEXT FILE. -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:46 JST
Foone🏳️⚧️
This is safer than it sounds: The Wii's virtual addresses are in the 0x80000000 - 0xD3FFFFFF range, with 32 kb of registers up in 0xCD000000.
Nothing is ever mapped at 0x23000000.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:47 JST
Foone🏳️⚧️
vtables, templates, and a compiler that aggressively inlines.
this is SO MUCH FUN -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:47 JST
Foone🏳️⚧️
OH GOODY they have a sentinel value in their vector implementation.
is it NULL?nope. it's '#EOF'. as a pointer.
(void*)0x23454f46 -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:48 JST
Foone🏳️⚧️
oh sweet lord this code uses TEMPLATES.
like C++ reverse engineering isn't bad enough, now I have to deal with TEMPLATES?Adrian Cochrane repeated this. -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:49 JST
Foone🏳️⚧️
on the positive side, I think I've discovered built-in modding capability that's gone unnoticed for 13 years
Adrian Cochrane repeated this. -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 10:57:49 JST
Foone🏳️⚧️
I've moved on to ADVANCED reverse engineering techniques.
I emailed the company that made the game asking them for the specs/SDK for their engine.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 12:53:18 JST
Foone🏳️⚧️
AppWii::tickleDVD?
DO NOT TICKLE THE DVD
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 12:53:19 JST
Foone🏳️⚧️
why are they doing this?
because one of the bundles is statically compiled into the executable itself. They just do BundleManager::mountBundle(INTERNAL_BUNDLE_STRING,INTERNAL_BUNDLE_LENGTH); -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 12:53:19 JST
Foone🏳️⚧️
wait why is there a method on the App class to parse commandline tokens.
this is a Wii game.
what command line?Adrian Cochrane repeated this. -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 12:53:20 JST
Foone🏳️⚧️
found a clever thing they're doing. They have a virtualized filesystem, where multiple bundle files are mounted, and files are located in a reverse-added order. But they subclassed the bundle method so that instead of a filename, you can set up a bundle backed by a pointer+length.
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 12:53:21 JST
Foone🏳️⚧️
wait does this really store chunk sizes as 24-bit integers in actual-size-minus-1 form?
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 12:53:21 JST
Foone🏳️⚧️
I've got the decoded puzzles open in my text editor and IT ASKS TOO MANY QUESTIONS
-
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 12:53:22 JST
Foone🏳️⚧️
hacking on big-endian code/data after so long on little-endian is weird.
why are the numbers in the right order? that's wrong. they're supposed to be all backwards! -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 12:53:23 JST
Foone🏳️⚧️
and the CRC function matches the one from this CTF challenge.
what the heck. did someone put reverse engineering in my reverse engineering? -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 12:53:23 JST
Foone🏳️⚧️
I changed one register during boot to enable debugging, and it crashed the game and then my emulator.
10 out of 10, would recommend again -
Foone🏳️⚧️ (foone@digipres.club)'s status on Wednesday, 15-Mar-2023 12:53:24 JST
Foone🏳️⚧️
ugh. I think I found an ad-hoc CRC function and a bloom filter. aka NOTHING THAT'S GONNA BE FUN TO REVERSE
-
All 076萌SNS content and data are available under the