gemot encubed  

Go Back   gemot encubed > Gemot > Technical Issues

Technical Issues For bug reports, problem solving, and help running Japanese software.

Reply
 
Thread Tools Display Modes
  #1  
Old 2007-07-26, 22:51
UnregisteredLB
Guest
 
Posts: n/a
Default Can anyone help out on Little Busters!'s script?

Well, a lot of folks might suggest RLdev, but in this case it doesn't work.
In the trial version of Little Busters!, there was already a file in Seen.txt that cannot be disassembled by RLdev. It was okay because other than that RLdev works fine with the trial version. But the full version is somehow different.
Is it possible that Little Busters! used the same encryption as Bonbee!'s Scramble Heart? And if so, is there any solution for me to get all the script from Seen.txt disassembled, or at least, extracted? Thanks in advance
Reply With Quote
  #2  
Old 2007-07-28, 02:04
UnregisteredLB
Guest
 
Posts: n/a
Default

I tried to run Little Busters! (1.4.8.8) with Scramble Heart's RealLive.exe (1.4.6.2), and failed. SH's .exe didn't recongnize LB's Seen.txt correctly, even though the list of SEENs seem to be right, the execution failed.
Quote:
Seen9010(00027)
セーブポイント
*Qケ[Q・カヤ$マモム{.ョ[EQ・・&レ
マ2#

Seen9010(00027)
■ERR:代入演算

Seen9010(00027)
選択から(Seen0513 #Z00)
※フラグ情報やコール情報が不確定なので、正常に動作しません。

Seen9010(00027)
システム開放

CALLスタック 初期化

GRPスタック 初期化

システム初期化
↑ part of the debug message

And that LB's own .exe won't enter its debug mode (I'm not using the AlphaRom modified LB,RealLive.exe) when #MEMORY=1 is added to Gameexe.ini. That's bad because a lot of tricks can't be used anymore. I really need help on this, if there's anyone here who's also interedted in working something out of LB, please help :-)
Reply With Quote
  #3  
Old 2007-07-28, 09:43
Sieg Sieg is offline
Regular
 
Join Date: Jul 2007
Posts: 45
Send a message via AIM to Sieg Send a message via Yahoo to Sieg
Default

So you're just trying to extract the script? How do CGs fare? Also unable to be removed?
Reply With Quote
  #4  
Old 2007-07-28, 12:36
Misha@KeyFC.net
Guest
 
Posts: n/a
Default

As far as my 2 minute research can tell, the script pack in LB just have their "signature" changed, nothing more.

When I removed the signature check (@ offset 4) from my program, I am able to extract the individual script. I think if you do the same thing in RLDev, it should be able to get something for you to start with.

If for some reason it aborts, you can always try "just decompress" (without disassembling), and then try do "blind extract" (extract by JIS character encoding range).
Reply With Quote
  #5  
Old 2007-07-28, 19:17
UnregisteredLB
Guest
 
Posts: n/a
Default

To Sieg:
CG's are okay, vaconv can handle it with no problem.

To Misha:
Thanks, man, that's great news. I'll check it out later and see if I can get it right to extract the scripts. But there are still 2 problems that's annoying:
1. They've had new functions built into RealLive that the current version of RLdev cannot recognize. The bad thing is I can't debug LB's executable, and that's giving me a hard time doing any reverse engineering at all.
2. If it's only the signature that changed, why would the previous versions of RealLive interpreter misinterpret the script, as you can see from the log above?

I'm working on LB to try to update RLdev so that it gets up-to-date (at least to some degree). As I would like to see any progress here would in turn do good for the RLVM project that I'm interested in. :-)
Reply With Quote
  #6  
Old 2007-07-28, 20:19
Sieg Sieg is offline
Regular
 
Join Date: Jul 2007
Posts: 45
Send a message via AIM to Sieg Send a message via Yahoo to Sieg
Default

I'm wondering how you can even extract all of this stuff like CGs with RLDev...and nice to know you've got it under control now, or so I'd hope.
Reply With Quote
  #7  
Old 2007-07-28, 21:11
Misha(Prz) from KeyFC.net
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by UnregisteredLB View Post
To Misha:
Thanks, man, that's great news. I'll check it out later and see if I can get it right to extract the scripts. But there are still 2 problems that's annoying:
1. They've had new functions built into RealLive that the current version of RLdev cannot recognize. The bad thing is I can't debug LB's executable, and that's giving me a hard time doing any reverse engineering at all.
2. If it's only the signature that changed, why would the previous versions of RealLive interpreter misinterpret the script, as you can see from the log above?
Sorry, by "nothing more", I mean the script packing algorithm, not the instructions inside the script.

Thanks to your hint that eariler version of Reallive can actually execute the new script, I knew that unpacking the script must be an easy fix - since old engine can actually unpack and execute into the script, the encoding/encryption algorithm must haven't changed.

So, just remove the 0x2712 check at offset 4, the old unpacking algorithm should work.
Reply With Quote
  #8  
Old 2007-07-28, 21:17
Misha(Prz) from KeyFC.net
Guest
 
Posts: n/a
Default

BTW, if RLDev can provide more information whenever it encounters error, such as, the offset of the problem, the bytecode that caused the problem, or even just print out the next 100 bytes in ASCII, and adding new instructions support should also be very easy.

Becuase AVG2K script is very structural and verbose, one can actually "eyebal" a lot of information just by using a hex editor and a notepad. :P
Reply With Quote
  #9  
Old 2007-07-29, 09:49
UnregisteredLB
Guest
 
Posts: n/a
Default

To Sieg:
All CGs are located in the g00 folder in LB's game folder. They're in g00 format, and if you're using RLdev, use the "vaconv" part of it to convert these *.g00 files to *.png files.
The usage goes as simple as:
vaconv filenameToConvert

To Misha:
Older version of the interpreter doesn't execute LB's script correctly, but yes, they do get the TOC (table of contents) right, which is worth digging into. Now my concern turns to how to debug LB's RealLive.exe. OllyDbg keeps on complaining that it's not a valid Win32 application. Any clue on that?
Reply With Quote
  #10  
Old 2007-07-29, 14:41
Misha(Prz) from KeyFC.net
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by UnregisteredLB View Post
To Misha:
Older version of the interpreter doesn't execute LB's script correctly, but yes, they do get the TOC (table of contents) right, which is worth digging into. Now my concern turns to how to debug LB's RealLive.exe. OllyDbg keeps on complaining that it's not a valid Win32 application. Any clue on that?
To my knowledge, there are actually three versions of Reallive.exe floating around.

Version 1 (the original) has a built in icon, and when it runs, it generates Reallive.000 in the current folder.

Version 2 is the so called no cd version (not so nocd comparing to the following), it is about 500KB smaller than the original, and is about the same size as the Reallive.000.

Version 3 is actually Version 1 patched by a 20K program that completely removes media checking.

My intuitive guess is, the originalled (version 1) reallive.exe is "packed" or "shelled" by a protection program which of course should try its best to stop you from debugging. Version 2, however is the "unpacked" or "de-shelled", barebone reallive program. (V3, of course, is still packed and protected)

So, to debug the program, your best hope is to use the "Version 2" reallive program.

--------------
BTW, I still think the easiest way is to let RLdev point out the place it has trouble handling, and then you go ahead and "eyeball" out the structure of the new instruction. Given existing argument formats, it shouldn't be very hard.
Reply With Quote
  #11  
Old 2007-07-29, 19:05
UnregisteredLB
Guest
 
Posts: n/a
Default

To Misha:
That's interesting. I haven't seen that second version of RealLive.exe you mentioned above. I'm using the original one (probably, 2,994,176 bytes), and I have seen the third version (2,457,600 bytes). Does the second version have anything to do with "LB,RealLive.exe", one that is patched by some AlphaRom avoiding program?
Reply With Quote
  #12  
Old 2007-07-29, 19:11
Misha(Prz) from KeyFC.net
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by UnregisteredLB View Post
To Misha:
That's interesting. I haven't seen that second version of RealLive.exe you mentioned above. I'm using the original one (probably, 2,994,176 bytes), and I have seen the third version (2,457,600 bytes). Does the second version have anything to do with "LB,RealLive.exe", one that is patched by some AlphaRom avoiding program?
I think the 2.4MB one that does not have built-in icon, and requires you to copy some dummy files to avoid media checking is the "unpacked" reallive.

However, since I have no experience in ICE like debugging, I could be wrong - the anti-debugging code could also exist in the unpacked file.
Reply With Quote
  #13  
Old 2007-07-30, 19:49
jyuichi's Avatar
jyuichi jyuichi is offline
Obsessive
 
Join Date: May 2007
Location: San Diego
Posts: 294
Default

umm... can someone explain in plain English how to extract the script? I have rldev and it doesn't work obviously but how do you "remove the 0x2712 check at offset 4" ?

I suppose it would be a bit much to ask someone to post an patched seen.txt or the extracted files? (I do have a legal copy if thats a concern, if you want me prove it I can tell you the number of pages in the user manual or box dimensions or something...)

Sorry this hacking stuff confuses me. I've read through the rldev manual as much as I could understand but I'm no programmer, ^^; gomen.
__________________
Twitter: @jyuichi

Last edited by jyuichi; 2007-07-30 at 19:50. Reason: typo
Reply With Quote
  #14  
Old 2007-08-06, 14:20
Haeleth's Avatar
Haeleth Haeleth is offline
Ex-boss
 
Join Date: Mar 2003
Location: England
Posts: 2,106
Default

You adjust the is_bytecode function in src/common/bytecode.ml so that it allows 110002 as well as 10002 for the TPC32 version. Or just change the value in the extracted bytecode file by hand. :)

Prz's 2-minute investigation didn't go deep enough, because there is also a change to the bytecode: there's an additional layer of trivial encryption underneath the compression that wasn't there in earlier games. To be specific, a 257-byte block starting 256 bytes into the uncompressed bytecode is XORed against the key a828fd66a0237769f945f82c7c00adf4. Quite why they bothered adding such a weak feature is unclear...

Last edited by Haeleth; 2007-08-06 at 14:24.
Reply With Quote
  #15  
Old 2007-08-08, 11:42
Unregistered
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by Haeleth View Post
You adjust the is_bytecode function in src/common/bytecode.ml so that it allows 110002 as well as 10002 for the TPC32 version. Or just change the value in the extracted bytecode file by hand. :)

Prz's 2-minute investigation didn't go deep enough, because there is also a change to the bytecode: there's an additional layer of trivial encryption underneath the compression that wasn't there in earlier games. To be specific, a 257-byte block starting 256 bytes into the uncompressed bytecode is XORed against the key a828fd66a0237769f945f82c7c00adf4. Quite why they bothered adding such a weak feature is unclear...
That might just be because they don't want everyone to fool around their game with your rldev ;-p
Good job, boss!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with Little Busters! Tools Niokun General Discussion 1 2014-09-08 00:20
Help extracting Little Busters! Ecstasy's script jyuichi Production & Help 1 2010-08-05 21:23
Little Busters Glitch ST Technical Issues 0 2009-06-07 08:48
Little Busters! EX SEEN EusthEnoptEron Production & Help 4 2008-08-11 11:00
Uncyclopedia: Little Busters Unregistered General Discussion 0 2007-12-19 09:55


All times are GMT -8. The time now is 13:17.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.