American McGee's Scrapland reversing and hacking
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
 
 
 
 
Daniel S. 43c01e81d2 added purpose of CMSH block il y a 1 mois
.vscode Lots of changes (expand to read more) il y a 8 mois
ScrapHacks Lots of Updates (expand for more): il y a 1 mois
file_formats added purpose of CMSH block il y a 1 mois
frida Lots of Updates (expand for more): il y a 1 mois
tools Lots of Updates (expand for more): il y a 1 mois
.gitignore Lots of Updates (expand for more): il y a 1 mois
LICENSE Add LICENSE il y a 1 an
NOTES.md Lots of Updates (expand for more): il y a 1 mois
README.md Lots of Updates (expand for more): il y a 1 mois
config.yml Lots of Updates (expand for more): il y a 1 mois
helplib.txt Auto format everything il y a 1 an
r2_analyze.py Lots of Updates (expand for more): il y a 1 mois

README.md

Scrapland Reverse Engineering notes and tools

Note!

All memory addresses are only valid for an unprotected Scrap.exe v1.0 with a SHA1 checksum of d2dde960e8eca69d60c2e39a439088b75f0c89fa , other version will crash if the memory offsets don’t match and you try to inject ScrapHacks

Computer Bild Spiele Issue 2006/08 Contains a full version of the game which was used as the basis for this project

Scripts

  • tools/rbingrep.py: Search for pattern in all files and generate radare2 script to find all references (currently configured to search for chunked file section headers)
  • frida/: Scripts for use with Frida
  • parse_chunked.py: WIP Parser for the game’s chunked data format (Models, Animations, Maps)
  • save_to_json.py: Convert game save to JSON
  • scrapper.py: Extractor and Repacker for *.packed files, needs the construct and tqdm python modules and python 3.x
  • Run scrapper.py -h for help
  • r2_analyze.py: uses radare2 to parse and label a lot of interesting stuff in the Scrap.exe binary
  • lib/dbg.py: general Script for poking around inside the game’s scripting system
  • Run import dbg;dbg.init() inside the Game’s Console, this will load all builtin modules, ScrapHacks and enable godmode
  • The dbg module also enables writing to the ingame console using print <var> and defines two global functions s_write() and e_write() for writing to the Ingame Console’s Stdout and Stderr Stream
  • dbg.menu() Displays the Game’s built in Debug Menu (doesn’t work properly)
  • dbg.enable_all_conv() allows you to “overwrite” any character, even if they are protected/invulnerable
  • dbg.become(name) allows you to transform into any character
  • dbg.helplib() generates a file helplib.txt in the Game’s folder containing all available Documentation for all available classes and functions
  • dbg.settrace() Logs all Python function calls together with their arguments into a dbg.txt file inside the Game’s folder

ScrapHacks

WIP Memory hacking library

Notes

Tools used:

  • Binary parsing:
  • Static analysis:
  • Dynamic analysis:
    • x64dbg for dynamic analysis
    • Reclass.NET to analyze structures and classes in memory
    • Frida for tracing and instrumenting functions