Post AZCSlWDUvwq1eahoP2 by foone@digipres.club
(DIR) More posts by foone@digipres.club
(DIR) Post #AZ65zUxqvHebvhKDuC by foone@digipres.club
2023-08-24T16:41:29Z
0 likes, 0 repeats
hmm. I need to either start building documentation about which of my 13 current Ghidra installs have which extensions installed, or I need to set up a ghidra build environment and commit to maintaining a One True Ghidra environment with all the extensions
(DIR) Post #AZ65zVsDXijykVhElE by foone@digipres.club
2023-08-24T16:41:51Z
0 likes, 0 repeats
I keep having the problem of "now which one of these has that PSX loader installed in it?"
(DIR) Post #AZ65zXTpZMQDjSIn1k by foone@digipres.club
2023-08-24T16:42:16Z
0 likes, 0 repeats
(the answer was ghidra 10.2.3 if you even care)
(DIR) Post #AZ65zYDYpL0A1HhJJ2 by foone@digipres.club
2023-08-24T16:43:32Z
0 likes, 0 repeats
ugh. I'm gonna have to find the font for this game, not for the usual reasons (death generators), but because I'm trying to find the code powering a specific screen (The character viewer) but the text from it doesn't show up in a strings search.
(DIR) Post #AZ65zYxI5Ja6J75paK by foone@digipres.club
2023-08-24T16:43:38Z
0 likes, 0 repeats
because it's not ASCII. ;_;
(DIR) Post #AZ65zZcPcQTUMeKfgG by foone@digipres.club
2023-08-24T16:45:11Z
0 likes, 0 repeats
it might be full-width latin characters. possibly encoded in shift-jis. sadly ghidra doesn't know how to find that
(DIR) Post #AZ65zaUeMlrN4rhzDk by foone@digipres.club
2023-08-24T16:45:38Z
0 likes, 0 repeats
maybe I can write a program to search for full-width characters in common encodings
(DIR) Post #AZ65zbBtlySFEzwWdE by foone@digipres.club
2023-08-25T18:04:21Z
0 likes, 0 repeats
Turns out the text IS in ascii, it's just in a datafile and not the executable.so that doesn't help me
(DIR) Post #AZ65zc6GOPXc3oJXUG by foone@digipres.club
2023-08-25T18:06:00Z
0 likes, 0 repeats
it was a good idea of them to put all the strings in a datafile instead of the executable! really handy for localization.oh, this game was only ever released in japan? huh
(DIR) Post #AZ65zcspTqOCUR2KBc by foone@digipres.club
2023-08-25T18:13:11Z
0 likes, 0 repeats
oh I think this game is doing tricksy shit.I think it's dynamically loading code out of datafiles and launching them. So the main executable is just the loader and archive-parser
(DIR) Post #AZ65zdWX6E9GTZc24W by foone@digipres.club
2023-08-25T18:17:36Z
0 likes, 0 repeats
why the heck does the PS1 have a "NoFunction" syscall?I know about NOPs, by why a NOP syscall?
(DIR) Post #AZ65zeHKIFZwohVP0a by ellenor2000@mastodon.top
2023-08-25T18:18:53Z
0 likes, 0 repeats
@foone make patching easier?
(DIR) Post #AZ65zex9mj2UuR4oD2 by mmu_man@m.g3l.org
2023-08-25T18:21:17Z
0 likes, 0 repeats
@ellenor2000 @foone in BeOS the is_computer_on() and is_computer_on_fire() were actually used to benchmark the syscall interface…
(DIR) Post #AZ663TcnqSZyvwNOt6 by ellenor2000@mastodon.top
2023-08-25T18:22:18Z
0 likes, 0 repeats
@mmu_man @foone Here i was treating them as at least ½ serious.
(DIR) Post #AZAQ4v87qHZkFDph44 by foone@digipres.club
2023-08-25T18:57:27Z
0 likes, 0 repeats
it has been zero days since I crashed an emulator
(DIR) Post #AZAQ4vq5CqjmRYOna4 by foone@digipres.club
2023-08-25T19:06:55Z
0 likes, 0 repeats
ahh, fucking MIPS.How do you get a full 32bit address into a register?MOV EAX,800771DC ? NO GET THAT X86 BULLSHIT OUT OF HERE.lui v0,0x8007addiu v0,v0,0x6e50addiu v0,v0,0x404that's an address encoding that'll put some hair on your chest!
(DIR) Post #AZAQ4wY2ZPtodsxu64 by foone@digipres.club
2023-08-25T19:17:55Z
0 likes, 0 repeats
you may notice the math here doesn't make sense. I agree that it doesn't make sense. but it seems to work. Something is very wrong
(DIR) Post #AZAQ4xC6ATwSe7htXE by foone@digipres.club
2023-08-25T19:19:32Z
0 likes, 0 repeats
ahh no it's just a confusing loop. that address doesn't equal 800771DC, it's 80077254
(DIR) Post #AZAQ4y8af0jJZX4bho by foone@digipres.club
2023-08-27T20:24:46Z
3 likes, 3 repeats
You gotta love when it turns out a game is just spewing debugging info on the normally invisible serial terminal, so you just need to connect to see it
(DIR) Post #AZATbGNQgMGXGm6YpE by foone@digipres.club
2023-08-27T20:55:40Z
0 likes, 0 repeats
remember when writing code that parses data formats, always make sure it's a complex mess of dynamic callbacks indexed on magic bytes that you do arithmetic on. never just have a big switch table or a bunch of if-thens.
(DIR) Post #AZATbH524F8zS0VNmy by foone@digipres.club
2023-08-27T20:56:18Z
0 likes, 0 repeats
this won't make your program any better but it will absolutely give headaches to the poor reverse engineers trying to figure out your file formats 21 years later
(DIR) Post #AZATbHlvUlSHb2ZdeC by foone@digipres.club
2023-08-27T20:59:15Z
0 likes, 0 repeats
so I'm trying to figure out the PAC format used inside the APFrs files used by Azumanga Donjyara Daioh and One Piece: Grand Battle! 1/2.
(DIR) Post #AZATbJ1Yq7YVTotdei by foone@digipres.club
2023-08-27T20:59:53Z
0 likes, 0 repeats
it has at least 11 types of sub-chunks, of which I know SDFC, VH, VB, and SEP are 4 of them.The other 7? unknown.
(DIR) Post #AZATbKBsVFP166jONM by foone@digipres.club
2023-08-27T21:00:29Z
0 likes, 0 repeats
however, those are only the ones known at compile time: there's a lookup table for the chunk types, and I know that at least at one point, it registers and unregisters two more.
(DIR) Post #AZCSkgl2G0le3XzrSS by foone@digipres.club
2023-08-27T21:00:49Z
0 likes, 0 repeats
I can't be sure yet if those two more are overriding existing chunk types, or if they're entirely new ones
(DIR) Post #AZCSkhNJxfONyHuR8K by foone@digipres.club
2023-08-27T21:01:45Z
0 likes, 0 repeats
partially because the chunk numbers aren't used as-is. They seem to be adjusted at runtime. So like, some chunks are 0-31, but chunks 32 and up get 32 subtracted from them? It's confusing
(DIR) Post #AZCSki879gp4JPno4O by foone@digipres.club
2023-08-27T21:08:23Z
0 likes, 0 repeats
or... every callback is registered in pairs, and the second callback is at the same number as the first, +16, and in all cases, it's set to NULL? WHAT EVEN IS THIS
(DIR) Post #AZCSkiqQUwGgWqXC8e by foone@digipres.club
2023-08-27T21:17:45Z
0 likes, 0 repeats
okay so the chunk IDs seem to be related to different types of chunk handlerschunk IDs 0-31 use a 3-parameter callback, and 32-47 use a 4-parameter callback
(DIR) Post #AZCSkjgBOVfV7MkWoK by foone@digipres.club
2023-08-27T21:18:32Z
0 likes, 0 repeats
you could have just made them all take 4 parameters and just have some of them ignore the 4th parameter but NO we gotta make everything complicated so that foone's little brain can't handle it
(DIR) Post #AZCSkkNQniGNHUz4Do by foone@digipres.club
2023-08-27T21:19:10Z
0 likes, 0 repeats
you'd think the programmers of an Azumanga Daioh, of all games, would realize that the eventual reverse engineer hacking their game might be an Osaka, and would not over-complicated it
(DIR) Post #AZCSkl52Bb8pSjNtBY by foone@digipres.club
2023-08-27T21:23:09Z
0 likes, 0 repeats
oh hello. Someone left the output of a tool on the disc! Data Pack2 by OOTUKA, Technosoft Co LTD, eh?
(DIR) Post #AZCSklqBMIr5oxRXfs by foone@digipres.club
2023-08-27T21:24:39Z
0 likes, 0 repeats
that's very interesting. Technosoft had nothing to do with this game... they didn't even exist anymore when it came out.
(DIR) Post #AZCSkmfwFsFuPTesLY by foone@digipres.club
2023-08-27T21:30:02Z
0 likes, 0 repeats
but given the 1996-1998 dates, I'm guessing they made this tool for one of their PS1 games they released in that period, and it later got used by Ganbarion for Azumanga Donjara Daioh and the One Piece games
(DIR) Post #AZCSknHA1U1uGv4bMe by foone@digipres.club
2023-08-27T21:35:34Z
0 likes, 0 repeats
Shuji Yoshida is credited as "Library Program" on all three games I know that use PAC files.It's possible he's OOTUKA.
(DIR) Post #AZCSknxhTK3cOqyZfc by foone@digipres.club
2023-08-27T21:36:46Z
0 likes, 0 repeats
or it might mean he made the APF files
(DIR) Post #AZCSkokcXRBmqZrdvE by foone@digipres.club
2023-08-27T21:52:25Z
0 likes, 0 repeats
okay so the output of that tool is kinda handy.because while it's not 100% correct (they changed shit after this file was made), it's still partially correct: azending.pac DOES include endto.pac, in it's entirety
(DIR) Post #AZCSkpSvsgdP40b1zU by foone@digipres.club
2023-08-27T21:53:59Z
0 likes, 0 repeats
and it looks like there's a 32 or 36 byte header before the file. So maybe the PAC files are concatenated subfiles with headers right before them
(DIR) Post #AZCSkqAXGZVrFEzqxE by foone@digipres.club
2023-08-27T22:00:40Z
0 likes, 0 repeats
okay it's a 54-byte header.so PAC is a lazy TAR clone
(DIR) Post #AZCSkqsUd8ftRZYxTE by foone@digipres.club
2023-08-27T22:49:43Z
0 likes, 0 repeats
I just need to write a script to decode it. but my brain isn't working now
(DIR) Post #AZCSkrT0RNsjGoe7No by foone@digipres.club
2023-08-28T16:08:34Z
0 likes, 0 repeats
the weird thing is that the text file suggests the PAC files contain filenames, but I don't see them. Now, there IS a stretch of bytes that could be a filename, but I can't seem to decode it as anything sensible:B3 A5 A3 B2 A5 B4 6E B0 A1 A3
(DIR) Post #AZCSksBJmdKLUFNVS4 by foone@digipres.club
2023-08-28T16:10:31Z
0 likes, 0 repeats
it does decode as shift-jis (which the text file was encoded as) but turns into:ウ・」イ・エー。」which I don't think makes any sense
(DIR) Post #AZCSkssZBpvDeNc2rY by foone@digipres.club
2023-08-28T16:15:13Z
0 likes, 0 repeats
and if you decode it as utf-16, the most reasonable encoding for windows computers at the time, you end up with ꖳ늣뒥끮ꎡ, which makes even less sense.I'm pretty sure they didn't name the files in their Azumanga Daioh game in a mix of Mande, Korean, and Sino-Tibetan scripts
(DIR) Post #AZCSktZ6dfwvmJW1AW by foone@digipres.club
2023-08-28T16:20:37Z
0 likes, 0 repeats
but by matching up the filenames with the text file (azmem.txt) and what subfiles are definitely inside azending.pac, that pile of gibberish is supposed to mean "secret.pac"
(DIR) Post #AZCSkuIpteWs48uXRo by foone@digipres.club
2023-08-28T16:20:50Z
0 likes, 0 repeats
wait
(DIR) Post #AZCSkuyJPRhq8mJf60 by foone@digipres.club
2023-08-28T16:22:43Z
0 likes, 0 repeats
maybe this means something.the "C" in "SECRET" is encoded the same as the "C" in "PAC"And note that the A in PAC is encoded as A1, which is only 2 less than the A3 which C is encoded as.
(DIR) Post #AZCSkvgGm0rsL6slc0 by foone@digipres.club
2023-08-28T16:23:20Z
0 likes, 0 repeats
what encoding puts ABCDEF at A1 and up, though?
(DIR) Post #AZCSkwLOJ7lGOe7bhw by peter@social.linss.com
2023-08-28T20:04:57Z
0 likes, 0 repeats
@foone my first thought was PETSCII or ATASCII, but those put A at C1, not A1.
(DIR) Post #AZCSkx8JNEtQqN0fxY by foone@digipres.club
2023-08-28T16:25:25Z
0 likes, 0 repeats
answer: nothing python 3.11 can encode to.Maybe this isn't an encoding. Maybe this is encryption.
(DIR) Post #AZCSkyXW90eLCpoJt2 by foone@digipres.club
2023-08-28T16:28:26Z
0 likes, 0 repeats
it's just the ascii value + 64
(DIR) Post #AZCSkzveyjYVW0779k by foone@digipres.club
2023-08-28T16:29:43Z
0 likes, 0 repeats
B3 A5 A3 B2 A5 B4 6E B0 A1 A3subtract 64 from each letter>>> ''.join(chr(x-64) for x in [0xB3,0xA5,0xA3,0xB2,0xA5,0xB4,0x6E,0xB0,0xA1,0xA3])'secret.pac'
(DIR) Post #AZCSl1KrkVJPsSul5E by foone@digipres.club
2023-08-28T16:48:20Z
0 likes, 0 repeats
also the 54-byte header thing was wrong. it's variable length, because of course it is!
(DIR) Post #AZCSl2e2sgFRwEtacK by foone@digipres.club
2023-08-28T16:54:42Z
0 likes, 0 repeats
okay so, PAC:the header for the file itself is 16 bytes.Then each chunk starts with a null-terminated string, encoded with that silly +64 ASCII mode.Then there's another NUL byte, then 32 bytes of per-chunk header, then the raw chunk data.
(DIR) Post #AZCSl4GiqMmQyTzzXc by foone@digipres.club
2023-08-28T16:56:00Z
0 likes, 0 repeats
ugh.the +64 ascii string thing doesn't work for all files. some of them end up negative
(DIR) Post #AZCSl8HDwRYfPCGRsW by foone@digipres.club
2023-08-28T16:56:37Z
0 likes, 0 repeats
34 B6?THAT DOESN'T MAKE ANY SENSE
(DIR) Post #AZCSl9U1SLOF9BGBSy by foone@digipres.club
2023-08-28T16:57:13Z
0 likes, 0 repeats
way too short to be a filename and it's also -12, 118 after decoding
(DIR) Post #AZCSlAvi4t8DdLDoGG by foone@digipres.club
2023-08-28T16:57:20Z
0 likes, 0 repeats
HOW DO YOU HAVE NEGATIVE ASCII INDEXES
(DIR) Post #AZCSlClrEURHLMcyBM by foone@digipres.club
2023-08-28T17:00:32Z
0 likes, 0 repeats
if we assume it loops around and thus this should be F4 76, it's not valid shift-jis, but in utf-16 it'd be 直, which... makes little sense.
(DIR) Post #AZCSlEAM2td1fd630K by foone@digipres.club
2023-08-28T18:29:50Z
0 likes, 0 repeats
I changed my code to ignore that sometimes the filenames make no sense, but then it errors after that: apparently the filenames not decoding ALSO breaks the variable-length headers. Interesting.
(DIR) Post #AZCSlFhiKLuIRNiCdk by foone@digipres.club
2023-08-28T18:33:42Z
0 likes, 0 repeats
interesting: logo.pac goes "40 3F 00 00 A7 AC AF A7 AF 9F 70 71 6E B4 A9 AD 60 D4"so my code was stopping after 40 3F.but A7 AC AF A7 ... looks more like a filename
(DIR) Post #AZCSlHi8rjRCfHvZaK by foone@digipres.club
2023-08-28T18:35:14Z
0 likes, 0 repeats
and it encodes as "glogo_01.tim \x94"
(DIR) Post #AZCSlJf1cI8IiCU70K by foone@digipres.club
2023-08-28T18:35:34Z
0 likes, 0 repeats
so I must be missing something, like some out-of-band file length indicator
(DIR) Post #AZCSlL8U8FIBHrH9Yu by foone@digipres.club
2023-08-28T18:40:36Z
0 likes, 0 repeats
got it. the first 2-4? bytes of the PAC are a list of how many 4-byte words come before the filename.the 40 3f 00 00 before the filename in LOGO.PAC isn't part of the filename, it's part of the header.
(DIR) Post #AZCSlNtLsxyBpnDbtI by foone@digipres.club
2023-08-28T18:45:52Z
0 likes, 0 repeats
I can't figure out how it's determining when filenames end, though.Maybe it's assuming they all have extensions and all extensions are 3 letters long?
(DIR) Post #AZCSlP6VNY5LasNd20 by foone@digipres.club
2023-08-28T18:52:08Z
0 likes, 0 repeats
that makes some of the files make sense and some of the others not make sense!
(DIR) Post #AZCSlQdVgK52LWpV7A by foone@digipres.club
2023-08-28T18:53:35Z
0 likes, 0 repeats
oh god there is compression
(DIR) Post #AZCSlS0wYgQ2cUnjHM by foone@digipres.club
2023-08-28T18:55:35Z
0 likes, 0 repeats
not all files are compressed. but some are
(DIR) Post #AZCSlTVT0gQfFS5cUi by foone@digipres.club
2023-08-28T19:04:26Z
0 likes, 0 repeats
found the code where it parses the PAC headers.It's terrible as expected.The pre-pac header stuff gives you a pointer into each header, but then the fun part is that the pointer is not to the beginning, it's to the middle. So it looks things up by indexing forward AND backward
(DIR) Post #AZCSlUr7zdLlQvEQtc by foone@digipres.club
2023-08-28T19:06:23Z
0 likes, 0 repeats
so the filename starts at the offset of, uh, negative 28
(DIR) Post #AZCSlWDUvwq1eahoP2 by foone@digipres.club
2023-08-28T19:07:07Z
0 likes, 0 repeats
and here's how it determines the ending: it's until it hits a 0, OR the filename ends up being 12 characters long. FUCK
(DIR) Post #AZCSlXhfPGZ4GRpQ48 by foone@digipres.club
2023-08-28T19:08:47Z
0 likes, 0 repeats
someday I'm gonna reverse engineer a game and not want to timetravel back to its creation and ask them WHAT THE FUCK at gunpointsometimes I won't even ask, I'll just start shooting
(DIR) Post #AZCSlZMTF2nXPHvWIy by foone@digipres.club
2023-08-28T19:11:07Z
0 likes, 0 repeats
so I'm just gonna take all my current PAC parsing code and throw it out and replace it with the nonsense of the actual code.that was my fatal mistake: I was writing parsing code assuming this shit made any fucking sense
(DIR) Post #AZCSlbFSE6NFG6ewe8 by foone@digipres.club
2023-08-28T19:27:17Z
0 likes, 0 repeats
also I think there's a mistake in this code OR ghidra is decoding it incorrectly. it seems to be trying to ensure all filenames are uppercase, but because it's wrong, it is corrupting all non-lowercase characters.
(DIR) Post #AZCSlcmSWsMw0l6ojI by foone@digipres.club
2023-08-28T19:28:58Z
0 likes, 0 repeats
they might not have noticed if they apply the same "uppercase" transformer when trying to load filenames, because both would be corrupted in the same way
(DIR) Post #AZCSlehZO1e7yApwO0 by foone@digipres.club
2023-08-28T19:33:52Z
0 likes, 0 repeats
okay so now I've got working filenames, offsets, lengths, and compressed lengths. So I can find out what files are where and if they're compressed. I can't uncompress them yet.
(DIR) Post #AZCSlgTom7pnU6PzEG by foone@digipres.club
2023-08-28T19:44:49Z
0 likes, 0 repeats
I have located the decompression routine. now to try to figure out what the fuck it does
(DIR) Post #AZCSlisLrseCulubkO by foone@digipres.club
2023-08-28T19:47:37Z
0 likes, 0 repeats
this decompression routine is big-endian.on a little-endian system.
(DIR) Post #AZCSlodgRKTmn15yiW by foone@digipres.club
2023-08-28T19:47:48Z
0 likes, 0 repeats
WHERE DID THEY GET THIS
(DIR) Post #AZCSlrXPf6FJmRBVrM by foone@digipres.club
2023-08-28T19:49:39Z
0 likes, 0 repeats
it seems it's loading 16bit lengths, then using the top 15 bits? with the lowest bit as a flag? I don't recognize this. I don't think it's DEFLATE