Glitch Hunting/Game disassembly
New Zealand

Yo. Pretty new here, but thought I'd just make a post for this.

I'm fairly decent at reverse engineering games and finding either just interesting things or possible exploits. If you're interested, hit me up :) I don't have a lot of time, due to school, but I'll do the best I can.

Crockey and
Deleted
like this
Bavaria, Germany

i challenge you to get a copy of soul reaver 1 and tell me ¤¤anything¤¤ accurate about it at all regarding its inner workings.

Michigan, USA

Me and a few people are starting to pick Baldurs Gate: Dark Alliance back up and run it. We need all the people we can to bust it open :D

New Zealand

Ok, @TheDuriel. I did a bit of digging, and found some useful stuff regarding the engine that Soul Reaver uses. It uses an updated and modified version of Gex 3's engine, and has some possible exploits due to it's loading system. See this article http://www.thelostworlds.net/TechDocs/Soul_Reavers_Gex_Engine.html for more useful info. As well as that, I found it was compiled using Microsoft Visual C++ v6, and was designed primarily for Windows XP. The file locals.pc seems to contain dialogue from the playstation version, and is primarily related to memory cards and saving, as well as controls. It uses Bink Video for it's prerendered cutscenes, and the rest seem to be done in the games engine. From memory address 0x004FB30C to 0x004FB407, some of the games level names appear to be stored. Most of the actual function names from the game are mangled by the C++ compiler, and as I don't have header files or debugging symbols, it's a bit difficult to pick it apart from that point without some extensive frame-by-frame type debugging and watching values carefully

Kimmie and Dendris like this
England

Is there much you can find out about Lego Batman (Console, not Handheld) and the potential for wall clipping?

New Zealand

I'll take a look. I can't actually play the game, as my laptop is too shitty to emulate a PS2, but I can disassemble it and take a look into it

Valhalla

Are you able to find any exploits with FEAR 3? Game is hard to break

New Zealand

@Ozotuh I managed to decompile the game, but it doesn't look like there's going to be much luck there. I'm currently working on compiling the PS2 SDK so I can load it's debugging symbols, but I can't guarantee it'll work

Antarctica

What tools do you use to disassemble and search though PS2 games?

Im working on a project that involves doing that and Im curious if there are better tools out there than what Im using.

New Zealand

@Timmiluvs I primarily use a mixture of the unix command cat and IDA disassembler. IDA supports both PS2 and PS1 binary files, as well as NES and GB/GBC binaries, as well as others I can't remember. It is paid, but I believe that the version 4.1.2 was the last free one. I also used google, and am in the midst of attempting to compile the PS2SDK project, so I can make some of the disassembled names a bit more readable. Hope this helps

Antarctica

It does, thanks a bunch. I'm well versed in Unix and I'll take a look at the IDA disassembler and give that a shot. I was using PS2DIS but it's pretty garbage to be honest for disassembling the ELF files. I'll also take a look at the PS2SDK project - did you just find that with a quick Google search?

Edited by the author 7 years ago
Bavaria, Germany

@MicroTransactions im surprised you actually did something :D but thats just basic googlefu. weve known that stuff for years ;P

"it's a bit difficult to pick it apart from that point" is a MASSIVE understatement

New Zealand

@TheDuriel Yeah. I'll take a deeper look into it when I have time. If I use the playstation version I should be able to de-obfuscate a decent amount of bits of code. Also, just wanted to make sure you read the other parts. Next thing I'm going to try is attaching a debugger to the game as it runs, and seeing what changes depending on certain actions. As well as that, the game seems to be pretty fun, although the controls on PC are a bit wonky

@Timmiluvs Yeah. It's an open-source effort to put the original PS2 SDK back together. It's not the original, but as far as I can tell it's damn close

Timmiluvs likes this
Minnesota, USA

Do you think you can try to find something for Space Chimps (Xbox 360).

New Zealand

@TheDuriel Well, after attaching a debugger, it looks like it'll be easy to locate load-planes. The program prints "cached unit levelName" when a loadplane is triggered. If this is helpful, I can probably spend a bit of time playing with it. As well as that, I got a load of messages about prims in OTags, which only appeared on accessing the pause menu. It seems to be primarily related to saving, if my suspicions are correct. Given that the program prints debugging info, I should be able to find and properly dissect the subroutines associated with aforementioned logging, and I should be able to make a start on properly reverse-engineering the game engine

New Zealand

Hey, @TheDuriel, I'm uploading some testing footage to YouTube. It has the debugger console in the bottom left, so that should be interesting. Might prove to be nothing new to you, but there seem to be odd collisions in corners where Kain thinks he's pushing a box or something, and sort of derps out. Also, there's a platform near the beginning of the training segment that has extremely broken collision. I played with it a bit in the game, as well as some buggy water systems i found.

New Zealand

Edited by the author 7 years ago
Washington, USA
EmeraldAly
She/Her, They/Them
7 years ago

I take it this is just for retro consoles or emulators?

New Zealand

Well, if I can emulate it, I can find things more easily, but the one I'm working on currently is a PC game from 1999, and I've also dug into PS2 games as well. I'm willing to take a crack at most things, but I can only do so much. I also have to manage school as well