How RNG (for the most part) works, and why it can't be manipulated
5 years ago
New Jersey, USA

So I've been doing some more reverse engineering to the game and I think I made some discoveries about the RNG for the game.

The RNG seed is a 4-byte global variable (I'm excluding its location in memory to prevent people from hacking it to cheat). This number, assuming that it's an unsigned integer, has a range of 0 to 4,294,967,295 inclusive. How the seed is determined is still uncertain, but one aspect of the function is known.

It's already known that the RNG is determined by the Windows kernal, but what in the kernal was unknown until now. After poking around the assembled code in RAM I found a several pointers to a function in a Windows .dll file with a name close to "get_tick_count" (I forgot to note the actual name of the function and the .dll file for this explanation). As the name suggests, the function returns how many "ticks" (it's either the amount of frames or cpu cycles since Windows has been booted, I couldn't find out which one it was but I assume it's the frame count). I know this is used in determining RNG because there's several instructions after this function is called that ultimately puts the new seed into the RNG seed address. Trying to find out what these instructions do is going to be a nightmare as there are over 100 instructions (I'm not too familiar with x86, my background is in ARM) and several instructions jump to other parts of RAM so keeping track of what does what is going to be difficult.

However, I can say this with 100% certainty. Manipulating RNG will NEVER be possible without the use of hacks. Even if you do the exact same inputs, like a TAS, on 2 different playthroughs, they will desync as the RNG will start on and change to different values. The only way one can manipulate RNG is if they start the game on an exact frame since they booted Windows and make no mistakes in their run. Good luck with that.

If I or anyone else discovers more information, I will make more posts in this thread.

tl;dr RNG cannot be manipulated because it's determined by how long your PC has been on for.