American McGee's Scrapland reversing and modding
Daniel Seiller
7afdfb5869
- Add notes folder with MDBook documentation (the NOTES.md file was getting kind of large) - Add rz_analyze.py, does the same a r2_analyze.py just with Rizin instead of radare2 so the project can be loaded in Cutter (*and* it's faster) - Add Scrap.rzdb, Rizin database for the Scrap.exe executable - Add Scrapper_rs, Rust version of .packed extractor and repacker - replace helplib.txt with helplib.md - add Py_Docs folder which contains generated documentation for the binary python modules built into Scrap.exe |
||
---|---|---|
.vscode | ||
file_formats | ||
frida | ||
notes | ||
Py_Docs | ||
ScrapHacks | ||
Scrapper_rs | ||
tools | ||
.gitignore | ||
config.yml | ||
helplib.md | ||
LICENSE | ||
NOTES.md | ||
parse_save.py | ||
r2_analyze.py | ||
README.md | ||
rz_analyze.py | ||
Scrap.rzdb | ||
scrapper.py |
Scrapland Reverse Engineering notes and tools
Note!
All memory addresses are only valid for an unprotected Scrap.exe
v1.0 with a SHA1 checksum of d2dde960e8eca69d60c2e39a439088b75f0c89fa
, other version will crash if the memory offsets don't match and you try to inject ScrapHacks
Computer Bild Spiele Issue 2006/08 Contains a full version of the game which was used as the basis for this project
Scripts
tools/rbingrep.py
: Search for pattern in all files and generate radare2 script to find all references (currently configured to search for chunked file section headers)frida/
: Scripts for use with Fridaparse_chunked.py
: WIP Parser for the game's chunked data format (Models, Animations, Maps)save_to_json.py
: Convert game save to JSONscrapper.py
: Extractor and Repacker for *.packed files, needs theconstruct
andtqdm
python modules and python 3.x
- Run
scrapper.py -h
for help
r2_analyze.py
: uses radare2 to parse and label a lot of interesting stuff in theScrap.exe
binarylib/dbg.py
: general Script for poking around inside the game's scripting system
- Run
import dbg;dbg.init()
inside the Game's Console, this will load all builtin modules, ScrapHacks and enable godmode - The dbg module also enables writing to the ingame console using
print <var>
and defines two global functions s_write() and e_write() for writing to the Ingame Console's Stdout and Stderr Stream dbg.menu()
Displays the Game's built in Debug Menu (doesn't work properly)dbg.enable_all_conv()
allows you to "overwrite" any character, even if they are protected/invulnerabledbg.become(name)
allows you to transform into any characterdbg.helplib()
generates a filehelplib.txt
in the Game's folder containing all available Documentation for all available classes and functionsdbg.settrace()
Logs all Python function calls together with their arguments into adbg.txt
file inside the Game's folder
ScrapHacks
WIP Memory hacking library
Notes
Tools used:
- Binary parsing:
- HxD for initial file analysis
- Python 3 + Construct for binary parsing
- Kaitai Struct for binary parsing
- Static analysis:
- Dynamic analysis:
- x64dbg for dynamic analysis
- Reclass.NET to analyze structures and classes in memory
- Frida for tracing and instrumenting functions