ScrapHacks/README.md
Daniel Seiller 8d92f25b8c Lots of Updates (expand for more):
- Started implementing new parser for chunked data
- Started documenting data formats
- Started dissector for network protocol
- Added AI-Graph renderer (converts .pth files to python data you can import into Blender)
- Added Script to convert savefile to JSON
- Added (old) parser for chunked data format
- Added basic parser for LFVF data section (Vertex Data)
- Added script to analyze and filter read trace generated with frida script
- Added various Frida scripts
2020-08-04 18:05:34 +02:00

2.8 KiB

Scrapland Reverse Engineering notes and tools

Note!

All memory addresses are only valid for an unprotected Scrap.exe v1.0 with a SHA1 checksum of d2dde960e8eca69d60c2e39a439088b75f0c89fa , other version will crash if the memory offsets don't match and you try to inject ScrapHacks

Computer Bild Spiele Issue 2006/08 Contains a full version of the game which was used as the basis for this project

Scripts

  • tools/rbingrep.py: Search for pattern in all files and generate radare2 script to find all references (currently configured to search for chunked file section headers)
  • frida/: Scripts for use with Frida
  • parse_chunked.py: WIP Parser for the game's chunked data format (Models, Animations, Maps)
  • save_to_json.py: Convert game save to JSON
  • scrapper.py: Extractor and Repacker for *.packed files, needs the construct and tqdm python modules and python 3.x
  • Run scrapper.py -h for help
  • r2_analyze.py: uses radare2 to parse and label a lot of interesting stuff in the Scrap.exe binary
  • lib/dbg.py: general Script for poking around inside the game's scripting system
  • Run import dbg;dbg.init() inside the Game's Console, this will load all builtin modules, ScrapHacks and enable godmode
  • The dbg module also enables writing to the ingame console using print <var> and defines two global functions s_write() and e_write() for writing to the Ingame Console's Stdout and Stderr Stream
  • dbg.menu() Displays the Game's built in Debug Menu (doesn't work properly)
  • dbg.enable_all_conv() allows you to "overwrite" any character, even if they are protected/invulnerable
  • dbg.become(name) allows you to transform into any character
  • dbg.helplib() generates a file helplib.txt in the Game's folder containing all available Documentation for all available classes and functions
  • dbg.settrace() Logs all Python function calls together with their arguments into a dbg.txt file inside the Game's folder

ScrapHacks

WIP Memory hacking library

Notes

Tools used:

  • Binary parsing:
  • Static analysis:
  • Dynamic analysis:
    • x64dbg for dynamic analysis
    • Reclass.NET to analyze structures and classes in memory
    • Frida for tracing and instrumenting functions