SunBeam wrote: ↑
Tue Oct 31, 2017 1:06 pm
1b0d6fe5 wrote: ↑
Tue Oct 31, 2017 7:24 am
been digging a bit more..
Are you able to decompile script files to actual pseudo-C (or is it decompiled as C already)? Am asking cuz it would be mighty nice to get a working developer menu (managed to make it show up, but not functional). If you can find some code-like implementation of some menu option usage, that'd help understand how or where to get a freakin' context pointer. I have the function, yet I can't find any xrefs to it (might be the actual menu input code was stripped).
These scripts that I've found are actually lua - with some modifications I'm not very sure about - for example, a call to `hmake` before returning an function that calls `setmetatable` and other obvious lua funcs - never seen hmake before in lua, so I'm guessing they have luajit/lua compiled in with some modifications.
I actually spent like 2 hours last night doing just that - trying to figure out where the goddamn menu input is in the game binary, haha. I know how to enable it (thanks to your post in SYS, btw!), spent a bunch of time xrefing all over the place in IDA but couldn't figure out where those functions are in memory after the game has loaded - subs that clearly call the debug menu functionality are not at the locations I'd expect, but the byte for "debug enabled" is (I think, the instructions are mostly garbage at that region).
I did spend some time searching for references to the debug menu in scripts, but the way the game packs stuff (ARCH06) isn't convenient, and I haven't gotten everything unpacked. For example, an archive might contain "folder\folder\00.embb" which is just another archive. So right now I've unpacked most of the roots, but need to dig in to the rest of the files to see if anything relevant comes up.
Seems like they have some pre-processing step pointed at the scripts, anyhow, because they have comments that contain yet another identifer that seems to be another path. Might be part of the "SCR" format (header for the .scripts files themselves). Might not have all files in locations that would make sense.
Will PM you on discord when I have time to get back into it and have the files in front of me (at work) if I can find anything useful.
As far as the responses to invasions: when the client tells the server "hey, I completed this fort", the response is unlike any of the other responses. Content-type is still supposedly x-ag-binary, but I believe it's encrypted or encoded such that I haven't been able to make sense of it. seikur0 and I weren't able to find out when it's interpreted, so until then I won't be able to figure out what the game is supposed to receive.
I know I haven't shared much in the way of details, so I'll leave it with this: x-ag-binary known fields:
Code: Select all
type_string = 0x30
type_date_uint32 = 0x40
type_date_uint64 = 0x17
type_map = 0x60
type_array = 0x50
type_unknown_int = 0x11 // single byte
type_unknown_int32 = 0x14 // probably uint32
type_unknown_int32_2 = 0x15 // probably uint32
type_unknown_2byte = 0x13
type_unknown_8byte = 0x21 // probably an in-game hash, can't remember where it's used
type_null = 0x01
type_bool_true = 0x02
type_bool_false = 0x03
`type_null`, `type_bool_*` are all single bytes, so the token themselves are the value rather than following with n bytes. `type_unknown_int` _seems_ to be an int but has a single byte following - probably varint.
An example decoded response from getting user profile on WB's side (first 50 lines, it's long, some stuff replaced just in case):
Code: Select all
$ ./decode -file /drv/sow/responses/2937_profile.txt|head -n50
00000000 3f e9 99 99 99 99 99 9a |?.......|
00000000 60 |`|
00000000 00 |.|
00000000 01 |.|
00000000 32 |2|
00000000 00 |.|
"gid": "366xxxxxxxxxxxxxxxxxxxxxxxxxxxxx (not normally xxx, hidden just in case it's identifiable)",
More to come eventually.
EDIT: Was suggested I start a new topic in General, so here it is: viewtopic.php?f=15&t=5310
I will update that thread rather than derailing seikur0's