• Login
  • Register
  • Dolphin Forums
  • Home
  • FAQ
  • Download
  • Wiki
  • Code

Dolphin, the GameCube and Wii emulator - Forums › Dolphin Emulator Discussion and Support › Development Discussion v
« Previous 1 ... 13 14 15 16 17 ... 117 Next »

Learning how to reverse-engineer a game
View New Posts | View Today's Posts

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Learning how to reverse-engineer a game
04-12-2019, 01:47 PM (This post was last modified: 04-12-2019, 01:47 PM by shockdude.)
#1
shockdude Offline
Junior Member
**
Posts: 30
Threads: 2
Joined: Oct 2014
A long time ago, people looked at DJ Hero to see if they could add custom songs & charts to the game. Unfortunately, each chart has a unique hash, and if the hash doesn't match the chart the game won't load the chart.

It is theoretically possible to reverse-engineer the hash format. Dolphin's debugger is quite nice. However, this is my first time doing any "real" reverse-engineering, and the lack of symbol table makes things annoying.


So far I've done the following:
Found the Assembler Tutorial at WiiBrew
Load the signature database for basic SDK symbols
Locate the chart's hash in memory, set a breakpoint at that address, and step through a couple instructions.

Am I on the right track? Does anyone have tips on how to proceed further?
Find
Reply
04-13-2019, 11:34 AM
#2
shockdude Offline
Junior Member
**
Posts: 30
Threads: 2
Joined: Oct 2014
Welp, why reverse-engineer the hash format when you can just disable the hash check entirely.

I got lucky. Using the memory breakpoint at the address of the chart's hash, I quickly found the code that compares the hash against the computed hash. I then replaced the instructions that execute when the integrity test fails with nops. DJ Hero can now load custom charts.
Props to the dev team for the nice debugger, and to WiiBrew for the PPC assembler reference.

Gecko Code to disable the chart integrity test and allow loading custom charts.
For DJ Hero NTSC (SWAE52). Tested in Dolphin, haven't tested on a Real Wii yet.

Code:
$Enable Custom Charts [shockdude]
042acaf4 60000000
042acaf8 60000000
*Enable loading custom charts by disabling the game's chart integrity check.
Find
Reply
04-14-2019, 09:52 AM
#3
dreamsyntax Offline
Junior Member
**
Posts: 8
Threads: 1
Joined: Oct 2018
Nice job with that clever solution!
How did you eventually reach the function to determine it was checking the hashes?
Find
Reply
04-24-2019, 02:37 PM
#4
shockdude Offline
Junior Member
**
Posts: 30
Threads: 2
Joined: Oct 2014
Sorry for the late reply.
When I put the memory breakpoint where the hash was, I reached an instruction that compared the hash against another value in a CPU register, which turned out to be the computed hash. When I edited the values so that the comparison passed, the chart was able to load correctly.

As an update, by observing which bytes in the chart were affecting the hash, and with an absurd amount of luck, I figured out what the hash function is. It's just CRC32 from the 8th byte to the last line in the chart.
Find
Reply
« Next Oldest | Next Newest »


  • View a Printable Version
  • Subscribe to this thread
Forum Jump:


Users browsing this thread: 2 Guest(s)


Powered By MyBB | Theme by Fragma

Linear Mode
Threaded Mode