News:

Herr Otto Partz says you're all nothing but pipsqueaks!

Main Menu
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - w4kfu

#1
Stunts Reverse Engineering / Re: PES File Format
March 25, 2013, 11:10:34 PM
You are right, and it is now fix :)
#2
Stunts Reverse Engineering / PES File Format
March 25, 2013, 08:35:41 PM
So I started reverse the real "game.exe", and found that restunts don't know how to handle this type of files (*.PES)
This file format use a common scheme used in image file compression, first pass is huffman decompression, then RLE decompression.
After they do an "unflip" on pixels for some images, and expand image data to 8bits. After all this, we can extract easily image like follow :

Image gallery for the file SCRED.PES : http://w4kfu.com/misc/stunts/SDCRED_gallery/

Image gallery for the file SDTEDIT.PES : http://w4kfu.com/misc/stunts/SDTEDIT_gallery/

dstien will add my work to stressed and restunts as soon as possible.
#3
Stunts Reverse Engineering / Re: bypassing load.exe
March 22, 2013, 10:08:13 AM
Now that I understand how stunts.com, load.exe manage to load the real "game.exe", I'm now able to start reverse engineering the real game, I would like to know what's your need  ?
Is there any file format that are not documented / known ? Is there any bug for some file format ?, I will be glad to start helping you :)
#4
Stunts Reverse Engineering / Re: bypassing load.exe
March 21, 2013, 06:15:10 PM
Quote from: dstien on March 21, 2013, 09:02:06 AM
but it's very interesting that you've analyzed the compression and made an encoder
My program can print graph (.dot) for explaining how my huffman decoding binary tree works. As exemple for the files "MISC.PRE" : http://blog.w4kfu.com/public/stunts/graph_test.png (Image very big, I don't insert it on the forum)
For example as you can see on the graph the byte 0x1B (green nodes) is encoded as follow : "1111001100"

Btw I found my bug, I don't know why but when it try to retrieve information related to the copy protection (X word at Y line ... etc), it try to find a ressource from the file "MISC.PRE" after uncompressing it, prefixed with the letter "e", for example it try to open "eqc0" but ... the file inside "MISC.PRE" is prefixed with : "g" ... "gqc0".
Don't really understand if my toolz fail, or there is another protection that I didn't see at the moment.
Btw this can be patched easily, by iniliazing the variable I called it "protection_disable" to 1 instead of 0 in the main function.
For my version of the game :

dseg:A6AA byte_45E1A      db ? 

seg000:02A8                 mov     byte_45E1A, 0


Btw I'm actually working with 4D Sports - Driving Version 1.1 (Dec 13 1990)

Another fix, If I take the file "MISC.PRE" from your svn, it seems to have the good prefixes, maybe the version of stunts I'm working on has been fucked ...
#5
Stunts Reverse Engineering / Re: bypassing load.exe
March 21, 2013, 05:23:56 AM
I continued my development, and writting a new toolz for uncompressing the real game.
This toolz can make executable for CGA, EGA, MCGA, TDY, for example :

./bin/makegame -h test/4DSD/MCGA.HDR -m test/4DSD/EGA.CMN -d test/4DSD/MCGA.DIF -c test/4DSD/MCGA.COD

and it outputs a "game.exe", and this file can be unpacked with my unpacker UNEXEPACK on my github.

But ... I run it, click on "let's drive" and got this error :



I will try to fix it as soon as possible.
#6
Stunts Reverse Engineering / Re: bypassing load.exe
March 20, 2013, 08:50:32 PM
Quote from: dstien on March 20, 2013, 08:24:53 PM
intriguing work!

What do you mean by intriguing ?

Thanks for pointing me to this svn, there is a lot of cool stuff in here, and yeah I didn't see the seperate command line tool :(
#7
Stunts Reverse Engineering / Re: bypassing load.exe
March 20, 2013, 01:22:40 PM
Quote from: Duplode on March 20, 2013, 03:09:34 AM
We already had a decompressor for packed resource files, namely dstien's stunpack, though no one had written a compressor yet :) stunpack is at the core of stressed, which is the tool we use for creating custom graphics. You can find it at: http://code.google.com/p/stuntstools/

I'm actullay still studying how load.exe works (especially for .COD, .DIF, .HDR, .CMN), and stuntstools handle badly these files, because it checks if the uncompressed file size is present at the first byte of the uncompressed data, see : http://code.google.com/p/stuntstools/source/browse/src/app/resource.cpp#126
But for these files, this information is not present, that's why I rewrote my own implementation (using Huffman tree implementation, despite huffman tree-less in stuntstools), and beeing able to understand well how load.exe deal with these files.
#8
Stunts Reverse Engineering / Re: bypassing load.exe
March 19, 2013, 10:32:51 PM
Tonigh, I found some times to work on my compressor, I'm now able to edit for example "MISC.PRE" after uncompressing it, change some strings, recompress it, and the game prints the strings I edited.
If you are interested to see the code you can find it on my github : https://github.com/w4kfu/Stunts/
#9
Stunts Reverse Engineering / Re: bypassing load.exe
March 19, 2013, 10:50:10 AM
Hello,
I started reverse enginerring also this game for fun and profit.
I have already coded an unpacker for EXEPACK, and a decompressor for their file format using huffman binary tree, I'm going to code a compressor too.
I'm on irc "irc.efnet.org" #stunts, is it the official channel ?