PDA

View Full Version : Help to script dump


Shana
2007-04-25, 17:38
I need some help figuring out how to script dump. I want to translate a PC game (hooray for decent translating applications and a Japanese speaking husband :) ), but I can not for the life of me figure out how to go about getting a script dump.

I've read tons of documents about script dumping (mostly having to do with rom's, but I've been searching for/reading about PC games too), but can't wrap my brain around how to get this to work.

The files I'm working with are: .b, .bm, .bbn, .mm, .pdb, and .bdg. The .b and .bm files start with 'BM' and the file ends with 'TRUEVISION-XFILE', while the .pdb and .bdg files start with 'Microsoft C/C++' as their title, and most of these have process commands (like, they open .dll files to run with the program or they have commands like GetStringA(), etc.).

Some of the files have lower case and upper case alphabets, along with a katakana listing, and because of this I can say that it appears to have one byte = one letter. For example, A = 40.

I've tried making a table, but I'm not sure if I was successful, or what I would do with it after that. Most of the 'helpful' programs don't seem to work on my system. ):

Any help that can be offered would be greatly appreciated. Thank you in advance for your time.

Misu
2007-04-25, 17:45
Typically telling us the name of the game your working on, and uploading a couple files helps the hackers here figure things out.

Also, if you haven't read it already, insani's Beginners Guide to Hacking (http://sekai.insani.org/archives/category/production-process/so-you-want-to-be-a-hacker/) is a very good resource on trying to figure out script dumping.

rednaxela
2007-04-25, 19:39
Same as what Misu said, it's easier to get specific help if you give the name and some sample files.

Anyway, the *.pdb files are definitely not the ones that you should be looking for. Given that they start with "Microsoft C/C++" as signature, they're "Program Debug Database" files, a kind of intermediate file the comes with a Visual Studio C/C++ project compilation. It's strange for a release version of a game to have this file along, though.

The files that start with "BM" as signature reminds me of Windows Bitmap files, but of course they don't end with "TRUEVISION-XFILE".

Shana
2007-04-26, 09:17
Same as what Misu said, it's easier to get specific help if you give the name and some sample files.

Anyway, the *.pdb files are definitely not the ones that you should be looking for. Given that they start with "Microsoft C/C++" as signature, they're "Program Debug Database" files, a kind of intermediate file the comes with a Visual Studio C/C++ project compilation. It's strange for a release version of a game to have this file along, though.

The files that start with "BM" as signature reminds me of Windows Bitmap files, but of course they don't end with "TRUEVISION-XFILE".

Yes, I looked all the filetypes up online (that was the first thing I did before loading the hex editor), and found that .bm is usually associated with Bitmaps, .pdb and .dbg are usually "symbols" for debugging the software. I tried opening the .bm files in Firefox, in Adobe Photoshop, in the Gimp, and I even downloaded a couple programs that claimed to be able to open .bm files, but couldn't.

I also found that .bm files are often icon type files, or so the internet claims.

I tried using WinDbg to attach to the process, but in regular mode it would just break out (saying that the default symbol is not recognized), and I would have to stop the debugging. If I debugged using non-invasive mode, it would follow through the loading process, and then break, but my game executable would freeze and make my mouse go slower than molasses, and I'd have to close the game before I could do anything else.

Typically telling us the name of the game your working on, and uploading a couple files helps the hackers here figure things out.

Also, if you haven't read it already, insani's Beginners Guide to Hacking is a very good resource on trying to figure out script dumping.

Sorry about that. I was very sleepy and ended up having to retype the post, and forgot to add things in that I had in the original post.

The game I want to translate is Princess Maker 5 (and the others, if this works out).

I have read those tutorials, and am reading over them again, just to be sure. I pretty much understand what it's saying, except.. when it comes to encryption.. And then, I don't know where to start looking for things like script.

There isn't a clearly definitive "This is where the script data is!" type of file. There are some interesting looking ones, though, and they do have the ending files and cg files in the correct folders, so I think I can safely say what those are.

I've loaded a few up onto my webspace, rather than attach it. I hope that's alright.

Originally found in a folder named 'moe':
m1.b (http://www.faeriegothica.com/m1.b)
m3.b (http://www.faeriegothica.com/m3.b)

I assume this *must* be an image file, since I found it in a folder called 'gal', which I assume is 'gallery', under the 'ev', which I assume is 'event', folder.
ee000m.bm (http://www.faeriegothica.com/ee000m.bm)

Here's a savefile:
PMV01.SAV (http://www.faeriegothica.com/PMV01.SAV)
I named the princess 'Angel Rose' and the father 'Angel くん,' and you can see those are the first thing to show up in the save file, and then the save file ends with the alphabet and numbers set. ** If you don't like spoilers, don't read further down than the area that says Teacher, because it lists the names of her friends and the names of the princes she can meet and fall in love with. D'oh. **

Here's something a little more simple, comes out of the base folder for the game:
title.bm (http://www.faeriegothica.com/title.bm)

Here's an example of a .mm file; it came from a folder called 'face' with a subfolder called 'mm':
fs100no.mm (http://www.faeriegothica.com/fs100no.mm)

Lastly, here's a screencap of all the files/folders in the base folder for the game.
screencap.jpg (http://www.faeriegothica.com/screencap.jpg)

Okay, the files I chose most likely don't have the script in it, but I wanted to give an example of each file type.

I'm certain I've forgotten something, but if there's anything else you want to look at, let me know.

Thank you again for your help. :)

Rasqual Twilight
2007-04-27, 06:54
Can't really help; however, regarding the .bm files, by searching google, I found the following blog entry comment which mentions it:

http://plaza.rakuten.co.jp/asmodean/diary/200611110001/#200704050744530075

Looks like a simple RLE where the first byte of each chunk is a count of pixels and the high bit is a flag specifying repetition vs literals.

Good luck...

Shana
2007-04-27, 10:03
Can't really help; however, regarding the .bm files, by searching google, I found the following blog entry comment which mentions it:

http://plaza.rakuten.co.jp/asmodean/diary/200611110001/#200704050744530075



Good luck...

I was just coming in here to mention this. That I had found it to be a series of RLE.

And beyond that, well.. honestly, I'm not sure what to do with this information. I read all the tutorials and took notes, but there isn't a tutorial V or anything that I've found that says what to do once you know that the pattern has RLE in it. (*edit* I'm assuming that I need to figure out a way to take the .bm file and convert it into a .bmp file. I guess by taking the color data bytes and header information and transferring it to be a Bitmap format file?)

Although the link you gave is really helpful! Thank you so much! (I just need to figure out how to implement the information.)

-----

I still cannot figure out what might contain the script files. There are some .b files and they only seem to contain text, but it's garbled or incoherent.

Rasqual Twilight
2007-04-27, 16:15
osoraku, the *.BBN files in the Mev subfolder (hinted by the patch contents).

Rasqual Twilight
2007-04-28, 12:21
Well, I dug a bit and found a few clues.
Main exe is protected by safedisc 4.xx :
http://princessmaker.moinmoin.andcycle.idv.tw/5/中文化 (http://princessmaker.moinmoin.andcycle.idv.tw/5/%E4%B8%AD%E6%96%87%E5%8C%96)
Some Chinese people are working on it apparently. Found through (http://www.hangmanttcc.com/gamepatch/toolscn/)

I lack the skills to unpack the executable, though :/

Serke
2007-04-28, 16:04
I lack the skills to unpack the executable, though :/
Maybe it’s not necessary to have a working executable to figure out the encryption/decryption scheme. Maybe (just maybe) dumping the executable from memory and analyzing the dump with a help of some good disassembler (such as IDA Pro) would do the trick...

Shana
2007-06-19, 15:17
Well, I still haven't figured out how to get the script, or even the button information, from this game. But, maybe I'm a step closer?

I found a disassembler, and managed to get it to do it's thing on the .exe file, and here's what I came up with:

Princess Maker 5.exe disassemble (http://www.faeriegothica.com/pm.txt)

Hey, it looks like there's button information in there, or maybe I'm crazy. ^^; If so, the button information is stored in the .exe, and how would I get it out (then translate) and reinsert?

Also, there's a second game that I'm wanting to translate, called Wanko to Kurasou. It's really cute. ^^ I have the disassembly information from that as well.

Wanko to Kurasou disassembly (http://www.faeriegothica.com/wanko.txt)

It uses .MBL files, and I'm pretty sure the script is located in the mg_data.mbl (http://www.faeriegothica.com/mg_data.mbl) file, or at least it might be. ^^;; I admit, I'm not at all good at this yet, but I'm learning and I want to learn more if possible. :D

Serke
2007-08-25, 10:28
I have to confess I'm guilty of two crimes: downloading fixed exe of PM5 and disassembling it, not to mention having nothing better to do :p. I believe I managed to decrypt these ".b" files (m1.b and m3.b), but since I lack the knowledge of Japanese and I don't have the game to verify it, I can't be sure. Could someone with knowledge of Japanese check them out and tell me if I'm on the right track? Looks like script files to me but again I'm not sure.

zalas
2007-08-25, 12:28
Yeah, they look fine to me... "listening to J-POP" huh...
Well, at least they don't look like gibberish Japanese.

Serke
2007-08-25, 15:51
Thank you, zalas.

That's funny. I figured out that these mysterious .bm files are not BMP files at all. In actuality these files are partially encrypted (14 bytes starting at offset +2, right after the 'BM' mark) TGA files. Here's a C code that demonstrates how to decrypt it:

BYTE i;

pointer_to_file_image[0]=0; // Here was 'B'
pointer_to_file_image[1]=0; // And here was 'M' >_<
for (i=2; i<16; i++)
pointer_to_file_image[i]^=((i<<2)+0x13);

EDIT: Oh, sorry. 14 bytes are encrypted, not 15. Fixed.

Serke
2007-10-08, 05:48
Recently I've been playing around with SafeDisc 4 protected PM5's executable (the only executable without the protection I was able to find was for Chinese version). Well, I unpacked it so if anybody needs the fixed exe to start PM5 translation project... >_<

EDIT: I'm still not sure if I've recovered all the goddamn nanomites so I'm going to double check for it. SafeDisc is really evil. =)

Shana
2007-11-11, 15:01
Recently I've been playing around with SafeDisc 4 protected PM5's executable (the only executable without the protection I was able to find was for Chinese version). Well, I unpacked it so if anybody needs the fixed exe to start PM5 translation project... >_<

EDIT: I'm still not sure if I've recovered all the goddamn nanomites so I'm going to double check for it. SafeDisc is really evil. =)

Oh my, oh my, oh my, oh my, oh my..

My computer explodes, and I come back a few months later, and you have figured out PM5's encryption. ;_;

Well, I already PM'ed you with how I feel about you. I'm just waiting for the fixed exe so I can try to get started on translating. XD

Would you (or someone) be willing to help me figure out how to get the decrypting code to work for the other files, too? ;_; I know programming, I just need to be walked through a little to regain my C/C++ legs. >.>;

And the first decrypted .b file is from when she's in her room on Sundays, you put your mouse over her and it has a little pop up telling you what she's doing. ^_^ Thus the 'Listening to J-POP CD's'.

I've got this file translated now. ^^;; Yus, I am very excited to try.

Unregistered User
2007-11-12, 02:15
I'm excited for you to try too!

Serke
2007-11-13, 15:26
Oh my... You've came back and radiating enthusiasm and boundless energy as usual. >_<

Here's the fixed exe for PM5:
http://rapidshare.com/files/69535700/PM5_fixed.ZIP.html

And here's a function you can use to decrypt and encrypt these .b files:
void EncryptDecryptBFile( BYTE data[], int data_len )
{
int i;
for (i = 0; i < data_len; i++)
if( data[i] >= 0x20 )
data[i] = ( ((data[i] >> 1) & 0x20) | ((data[I] & 0x20) << 1) | (data[i] & 0x9F) ) ^ 0x10;
}

As for .bm files, like I said in one of my previous posts, these files are partially encrypted TGA graphics files.

Unregistered
2008-03-31, 13:13
Still working on the project? :P

Unregistered
2008-08-05, 07:08
I'd like to see pm5 traslated (or at least the interface) soon!

S_M
2009-06-21, 23:25
Hey! How is the project going?

Just peeked in to offer some help. I know next to nothing about programming, but can help with translation (i bet there's enormous amount of text)


RGDS
S_M

Unregistered
2010-03-16, 00:37
Also, if you haven't read it already, insani's Beginners Guide to Hacking (http://sekai.insani.org/archives/category/production-process/so-you-want-to-be-a-hacker/) is a very good resource on trying to figure out script dumping.


Does anyone has a copy? URL doesn't work

Unregistered
2010-05-31, 17:39
I found this site in my own quest to translate PM5, and it got me a good start, so I thought I'd give back, and also enlist some help since people still seem to be interested. I wrote a tool to help translate everything, so all anyone who wants to help has to do is download it and run it. All the dialogue files are included too, so it's completely self-contained.

http://rapidshare.com/files/393840619/PM5_translation.rar

It requires Python and Tkinter, so if you don't have those and don't want to download them here's an exe of the editor instead.

http://rapidshare.com/files/393843479/editor_dist.rar

The main editor will only work with .bbn files, but that's 95% of the text in the game. I also included programs to decode .b and .bm files (thanks to Serke for that) for anyone who has the game and wants to try those too.

Andrey
2010-06-04, 03:44
I wrote a set of tools that actually let you change text however you please, without character limit or ass-ugly tk UI.

http://no-info.no-ip.info:6224/princess-maker-5-tools-1.0.rar