ScrapHacks/README.md

# Scrapland Reverse Engineering notes and tools


## Note!

All memory addresses are only valid for an unprotected `Scrap.exe` v1.0 with a SHA1 checksum of `d2dde960e8eca69d60c2e39a439088b75f0c89fa` , other version will crash if the memory offsets don't match and you try to inject ScrapHacks

[Computer Bild Spiele Issue 2006/08](https://archive.org/download/cbs-2006-08-coverdisc/) Contains a full version of the game which was used as the basis for this project

## Scripts

* `tools/rbingrep.py`: Search for pattern in all files and generate radare2 script to find all references (currently configured to search for chunked file section headers)
* `frida/`: Scripts for use with Frida
* `parse_chunked.py`: WIP Parser for the game's chunked data format (Models, Animations, Maps)
* `save_to_json.py`: Convert game save to JSON
* `scrapper.py`: Extractor and Repacker for *.packed files, needs the `construct` and `tqdm` python modules and python 3.x
 - Run `scrapper.py -h` for help
* `r2_analyze.py`: uses radare2 to parse and label a lot of interesting stuff in the `Scrap.exe` binary
* `lib/dbg.py`: general Script for poking around inside the game's scripting system
 - Run `import dbg;dbg.init()` inside the Game's Console,
  this will load all builtin modules, ScrapHacks and enable godmode
 - The dbg module also enables writing to the ingame console using `print <var>`
  and defines two global functions s_write() and e_write() for writing to the Ingame Console's Stdout and Stderr Stream
 - `dbg.menu()` Displays the Game's built in Debug Menu (doesn't work properly)
 - `dbg.enable_all_conv()` allows you to "overwrite" any character, even if they are protected/invulnerable
 - `dbg.become(name)` allows you to transform into any character
 - `dbg.helplib()` generates a file `helplib.txt` in the Game's folder containing all available Documentation for all available classes and functions
 - `dbg.settrace()` Logs all Python function calls together with their arguments into a  `dbg.txt` file inside the Game's folder

## [ScrapHacks](ScrapHacks/README.md)

WIP Memory hacking library

## [Notes](NOTES.md)

# Tools used:

- Binary parsing:
  - [HxD](https://mh-nexus.de/en/hxd/) for initial file analysis
  - [Python 3](https://python.org/) + [Construct](https://construct.readthedocs.io/en/latest/) for binary parsing
  - [Kaitai Struct](http://kaitai.io/) for binary parsing
- Static analysis:
  - [IDA](https://www.hex-rays.com/products/ida/index.shtml) initialy used, later replaced by radare2 and Cutter
  - [radare2](https://www.radare.org/)
  - [Cutter](https://cutter.re/)
- Dynamic analysis:
  - [x64dbg](https://x64dbg.com/) for dynamic analysis
  - [Reclass.NET](https://github.com/ReClassNET/ReClass.NET) to analyze structures and classes in memory
  - [Frida](https://frida.re/) for tracing and instrumenting functions
Update 'README.md' Fix typo 2020-03-03 17:14:13 +00:00			`# Scrapland Reverse Engineering notes and tools`
Added README.md 2017-10-07 23:26:21 +00:00
Lots of Updates (expand for more): - Started implementing new parser for chunked data - Started documenting data formats - Started dissector for network protocol - Added AI-Graph renderer (converts .pth files to python data you can import into Blender) - Added Script to convert savefile to JSON - Added (old) parser for chunked data format - Added basic parser for LFVF data section (Vertex Data) - Added script to analyze and filter read trace generated with frida script - Added various Frida scripts 2020-08-04 16:05:34 +00:00
			`## Note!`

			All memory addresses are only valid for an unprotected `Scrap.exe` v1.0 with a SHA1 checksum of `d2dde960e8eca69d60c2e39a439088b75f0c89fa` , other version will crash if the memory offsets don't match and you try to inject ScrapHacks

			`[Computer Bild Spiele Issue 2006/08](https://archive.org/download/cbs-2006-08-coverdisc/) Contains a full version of the game which was used as the basis for this project`

			`## Scripts`

			* `tools/rbingrep.py`: Search for pattern in all files and generate radare2 script to find all references (currently configured to search for chunked file section headers)
			* `frida/`: Scripts for use with Frida
			* `parse_chunked.py`: WIP Parser for the game's chunked data format (Models, Animations, Maps)
			* `save_to_json.py`: Convert game save to JSON
Update README.md 2017-10-08 00:05:00 +00:00			* `scrapper.py`: Extractor and Repacker for *.packed files, needs the `construct` and `tqdm` python modules and python 3.x
Added README.md 2017-10-07 23:26:21 +00:00			- Run `scrapper.py -h` for help
Add r2_analyze script to parse and label interesting stuff 2019-11-22 22:11:34 +00:00			* `r2_analyze.py`: uses radare2 to parse and label a lot of interesting stuff in the `Scrap.exe` binary
Code cleanup 2019-02-28 16:50:52 +00:00			* `lib/dbg.py`: general Script for poking around inside the game's scripting system
Lots of Updates (expand for more): - Started implementing new parser for chunked data - Started documenting data formats - Started dissector for network protocol - Added AI-Graph renderer (converts .pth files to python data you can import into Blender) - Added Script to convert savefile to JSON - Added (old) parser for chunked data format - Added basic parser for LFVF data section (Vertex Data) - Added script to analyze and filter read trace generated with frida script - Added various Frida scripts 2020-08-04 16:05:34 +00:00			- Run `import dbg;dbg.init()` inside the Game's Console,
			`this will load all builtin modules, ScrapHacks and enable godmode`
Added README.md 2017-10-07 23:26:21 +00:00			- The dbg module also enables writing to the ingame console using `print <var>`
			`and defines two global functions s_write() and e_write() for writing to the Ingame Console's Stdout and Stderr Stream`
Code cleanup 2019-02-28 16:50:52 +00:00			- `dbg.menu()` Displays the Game's built in Debug Menu (doesn't work properly)
Added README.md 2017-10-07 23:26:21 +00:00			- `dbg.enable_all_conv()` allows you to "overwrite" any character, even if they are protected/invulnerable
			- `dbg.become(name)` allows you to transform into any character
			- `dbg.helplib()` generates a file `helplib.txt` in the Game's folder containing all available Documentation for all available classes and functions
Code cleanup 2019-02-28 16:50:52 +00:00			- `dbg.settrace()` Logs all Python function calls together with their arguments into a `dbg.txt` file inside the Game's folder
Update README.md 2019-02-23 21:44:33 +00:00
			`## [ScrapHacks](ScrapHacks/README.md)`

			`WIP Memory hacking library`
Update README.md 2017-10-08 01:13:32 +00:00
Code cleanup 2019-02-28 16:50:52 +00:00			`## [Notes](NOTES.md)`

			`# Tools used:`

Lots of Updates (expand for more): - Started implementing new parser for chunked data - Started documenting data formats - Started dissector for network protocol - Added AI-Graph renderer (converts .pth files to python data you can import into Blender) - Added Script to convert savefile to JSON - Added (old) parser for chunked data format - Added basic parser for LFVF data section (Vertex Data) - Added script to analyze and filter read trace generated with frida script - Added various Frida scripts 2020-08-04 16:05:34 +00:00			`- Binary parsing:`
			`- [HxD](https://mh-nexus.de/en/hxd/) for initial file analysis`
			`- [Python 3](https://python.org/) + [Construct](https://construct.readthedocs.io/en/latest/) for binary parsing`
			`- [Kaitai Struct](http://kaitai.io/) for binary parsing`
			`- Static analysis:`
			`- [IDA](https://www.hex-rays.com/products/ida/index.shtml) initialy used, later replaced by radare2 and Cutter`
			`- [radare2](https://www.radare.org/)`
			`- [Cutter](https://cutter.re/)`
			`- Dynamic analysis:`
			`- [x64dbg](https://x64dbg.com/) for dynamic analysis`
			`- [Reclass.NET](https://github.com/ReClassNET/ReClass.NET) to analyze structures and classes in memory`
			`- [Frida](https://frida.re/) for tracing and instrumenting functions`