American McGee's Scrapland reversing and modding
Go to file
Daniel S. 63962c95cc add Rust ScrapHacks prototype and network sniffer/parser 2023-05-07 21:36:20 +02:00
.vscode Lots of changes (expand to read more) 2020-01-03 03:22:09 +01:00
Py_Docs Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
ScrapHacks Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
Scrapper_rs Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
file_formats added purpose of CMSH block 2020-08-04 18:08:34 +02:00
frida Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
notes Added link to `Callbacks.md` to `SUMMARY.md` 2023-02-04 11:12:11 +00:00
scrapper_web Add web-based .packed explorer, updated parser and ghidra untility script 2023-05-07 21:29:21 +02:00
tools add Rust ScrapHacks prototype and network sniffer/parser 2023-05-07 21:36:20 +02:00
.gitignore Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
EngineVarRemastered Added list of engine vars in the remastered version 2021-12-14 18:44:51 +00:00
LICENSE Add LICENSE 2018-12-22 17:21:50 +00:00
NOTES.md Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
README.md Lots of Updates (expand for more): 2020-08-04 18:05:34 +02:00
Scrap.rzdb Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
config.yml Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
helplib.md Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
parse_save.py Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
r2_analyze.py Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
rz_analyze.py Lots of changes, expand to read 2021-01-20 23:53:14 +01:00
scrapper.py Lots of changes, expand to read 2021-01-20 23:53:14 +01:00

README.md

Scrapland Reverse Engineering notes and tools

Note!

All memory addresses are only valid for an unprotected Scrap.exe v1.0 with a SHA1 checksum of d2dde960e8eca69d60c2e39a439088b75f0c89fa , other version will crash if the memory offsets don't match and you try to inject ScrapHacks

Computer Bild Spiele Issue 2006/08 Contains a full version of the game which was used as the basis for this project

Scripts

  • tools/rbingrep.py: Search for pattern in all files and generate radare2 script to find all references (currently configured to search for chunked file section headers)
  • frida/: Scripts for use with Frida
  • parse_chunked.py: WIP Parser for the game's chunked data format (Models, Animations, Maps)
  • save_to_json.py: Convert game save to JSON
  • scrapper.py: Extractor and Repacker for *.packed files, needs the construct and tqdm python modules and python 3.x
  • Run scrapper.py -h for help
  • r2_analyze.py: uses radare2 to parse and label a lot of interesting stuff in the Scrap.exe binary
  • lib/dbg.py: general Script for poking around inside the game's scripting system
  • Run import dbg;dbg.init() inside the Game's Console, this will load all builtin modules, ScrapHacks and enable godmode
  • The dbg module also enables writing to the ingame console using print <var> and defines two global functions s_write() and e_write() for writing to the Ingame Console's Stdout and Stderr Stream
  • dbg.menu() Displays the Game's built in Debug Menu (doesn't work properly)
  • dbg.enable_all_conv() allows you to "overwrite" any character, even if they are protected/invulnerable
  • dbg.become(name) allows you to transform into any character
  • dbg.helplib() generates a file helplib.txt in the Game's folder containing all available Documentation for all available classes and functions
  • dbg.settrace() Logs all Python function calls together with their arguments into a dbg.txt file inside the Game's folder

ScrapHacks

WIP Memory hacking library

Notes

Tools used:

  • Binary parsing:
  • Static analysis:
  • Dynamic analysis:
    • x64dbg for dynamic analysis
    • Reclass.NET to analyze structures and classes in memory
    • Frida for tracing and instrumenting functions