Yo. Pretty new here, but thought I'd just make a post for this.
I'm fairly decent at reverse engineering games and finding either just interesting things or possible exploits. If you're interested, hit me up :) I don't have a lot of time, due to school, but I'll do the best I can.
i challenge you to get a copy of soul reaver 1 and tell me ¤¤anything¤¤ accurate about it at all regarding its inner workings.
Me and a few people are starting to pick Baldurs Gate: Dark Alliance back up and run it. We need all the people we can to bust it open :D
Ok, @TheDuriel. I did a bit of digging, and found some useful stuff regarding the engine that Soul Reaver uses. It uses an updated and modified version of Gex 3's engine, and has some possible exploits due to it's loading system. See this article http://www.thelostworlds.net/TechDocs/Soul_Reavers_Gex_Engine.html for more useful info. As well as that, I found it was compiled using Microsoft Visual C++ v6, and was designed primarily for Windows XP. The file locals.pc seems to contain dialogue from the playstation version, and is primarily related to memory cards and saving, as well as controls. It uses Bink Video for it's prerendered cutscenes, and the rest seem to be done in the games engine. From memory address 0x004FB30C to 0x004FB407, some of the games level names appear to be stored. Most of the actual function names from the game are mangled by the C++ compiler, and as I don't have header files or debugging symbols, it's a bit difficult to pick it apart from that point without some extensive frame-by-frame type debugging and watching values carefully
Is there much you can find out about Lego Batman (Console, not Handheld) and the potential for wall clipping?
I'll take a look. I can't actually play the game, as my laptop is too shitty to emulate a PS2, but I can disassemble it and take a look into it
@Ozotuh I managed to decompile the game, but it doesn't look like there's going to be much luck there. I'm currently working on compiling the PS2 SDK so I can load it's debugging symbols, but I can't guarantee it'll work
What tools do you use to disassemble and search though PS2 games?
Im working on a project that involves doing that and Im curious if there are better tools out there than what Im using.
@Timmiluvs I primarily use a mixture of the unix command cat
and IDA disassembler. IDA supports both PS2 and PS1 binary files, as well as NES and GB/GBC binaries, as well as others I can't remember. It is paid, but I believe that the version 4.1.2 was the last free one. I also used google, and am in the midst of attempting to compile the PS2SDK project, so I can make some of the disassembled names a bit more readable. Hope this helps
It does, thanks a bunch. I'm well versed in Unix and I'll take a look at the IDA disassembler and give that a shot. I was using PS2DIS but it's pretty garbage to be honest for disassembling the ELF files. I'll also take a look at the PS2SDK project - did you just find that with a quick Google search?
@MicroTransactions im surprised you actually did something :D but thats just basic googlefu. weve known that stuff for years ;P
"it's a bit difficult to pick it apart from that point" is a MASSIVE understatement
@TheDuriel Yeah. I'll take a deeper look into it when I have time. If I use the playstation version I should be able to de-obfuscate a decent amount of bits of code. Also, just wanted to make sure you read the other parts. Next thing I'm going to try is attaching a debugger to the game as it runs, and seeing what changes depending on certain actions. As well as that, the game seems to be pretty fun, although the controls on PC are a bit wonky
@Timmiluvs Yeah. It's an open-source effort to put the original PS2 SDK back together. It's not the original, but as far as I can tell it's damn close
@TheDuriel Well, after attaching a debugger, it looks like it'll be easy to locate load-planes. The program prints "cached unit levelName" when a loadplane is triggered. If this is helpful, I can probably spend a bit of time playing with it. As well as that, I got a load of messages about prims in OTags, which only appeared on accessing the pause menu. It seems to be primarily related to saving, if my suspicions are correct. Given that the program prints debugging info, I should be able to find and properly dissect the subroutines associated with aforementioned logging, and I should be able to make a start on properly reverse-engineering the game engine
Hey, @TheDuriel, I'm uploading some testing footage to YouTube. It has the debugger console in the bottom left, so that should be interesting. Might prove to be nothing new to you, but there seem to be odd collisions in corners where Kain thinks he's pushing a box or something, and sort of derps out. Also, there's a platform near the beginning of the training segment that has extremely broken collision. I played with it a bit in the game, as well as some buggy water systems i found.
Well, if I can emulate it, I can find things more easily, but the one I'm working on currently is a PC game from 1999, and I've also dug into PS2 games as well. I'm willing to take a crack at most things, but I can only do so much. I also have to manage school as well