American McGee's Scrapland reversing and modding

Find a file

Strongleong 685e0b9e53 Moved `tools/callbacks_to_md.py` to `tools/ghidra_scripts/callbacks_to_md.py`		2023-02-04 11:22:01 +00:00
.vscode	Lots of changes (expand to read more)	2020-01-03 03:22:09 +01:00
file_formats	added purpose of CMSH block	2020-08-04 18:08:34 +02:00
frida	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
notes	Added link to `Callbacks.md` to `SUMMARY.md`	2023-02-04 11:12:11 +00:00
Py_Docs	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
ScrapHacks	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
Scrapper_rs	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
tools	Moved `tools/callbacks_to_md.py` to `tools/ghidra_scripts/callbacks_to_md.py`	2023-02-04 11:22:01 +00:00
.gitignore	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
config.yml	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
EngineVarRemastered	Added list of engine vars in the remastered version	2021-12-14 18:44:51 +00:00
helplib.md	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
LICENSE	Add LICENSE	2018-12-22 17:21:50 +00:00
NOTES.md	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
parse_save.py	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
r2_analyze.py	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
README.md	Lots of Updates (expand for more):	2020-08-04 18:05:34 +02:00
rz_analyze.py	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
Scrap.rzdb	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00
scrapper.py	Lots of changes, expand to read	2021-01-20 23:53:14 +01:00

README.md

Scrapland Reverse Engineering notes and tools

Note!

All memory addresses are only valid for an unprotected Scrap.exe v1.0 with a SHA1 checksum of d2dde960e8eca69d60c2e39a439088b75f0c89fa , other version will crash if the memory offsets don't match and you try to inject ScrapHacks

Computer Bild Spiele Issue 2006/08 Contains a full version of the game which was used as the basis for this project

Scripts

tools/rbingrep.py: Search for pattern in all files and generate radare2 script to find all references (currently configured to search for chunked file section headers)
frida/: Scripts for use with Frida
parse_chunked.py: WIP Parser for the game's chunked data format (Models, Animations, Maps)
save_to_json.py: Convert game save to JSON
scrapper.py: Extractor and Repacker for *.packed files, needs the construct and tqdm python modules and python 3.x

Run scrapper.py -h for help

r2_analyze.py: uses radare2 to parse and label a lot of interesting stuff in the Scrap.exe binary
lib/dbg.py: general Script for poking around inside the game's scripting system

Run import dbg;dbg.init() inside the Game's Console, this will load all builtin modules, ScrapHacks and enable godmode
The dbg module also enables writing to the ingame console using print <var> and defines two global functions s_write() and e_write() for writing to the Ingame Console's Stdout and Stderr Stream
dbg.menu() Displays the Game's built in Debug Menu (doesn't work properly)
dbg.enable_all_conv() allows you to "overwrite" any character, even if they are protected/invulnerable
dbg.become(name) allows you to transform into any character
dbg.helplib() generates a file helplib.txt in the Game's folder containing all available Documentation for all available classes and functions
dbg.settrace() Logs all Python function calls together with their arguments into a dbg.txt file inside the Game's folder

ScrapHacks

WIP Memory hacking library

Notes

Tools used:

Binary parsing:
- HxD for initial file analysis
- Python 3 + Construct for binary parsing
- Kaitai Struct for binary parsing
Static analysis:
- IDA initialy used, later replaced by radare2 and Cutter
- radare2
- Cutter
Dynamic analysis:
- x64dbg for dynamic analysis
- Reclass.NET to analyze structures and classes in memory
- Frida for tracing and instrumenting functions