Page 2 of 2

Re: Wargasm

Posted: 2022-Nov-24, 20:41
by mikew
Yes, and I suck at hacking.
I've only managed to ascertain that the OEP (whatever that is) is 0xf9af30 so far. :(

Re: Wargasm

Posted: 2022-Nov-27, 19:06
by mikew
Actually, decompressing the exe isn't really a problem as IDA will do that.
Looking at some of the decompressed code, this may be the part that calculates the filename hash.

Code: Select all

unsigned int __cdecl sub_507BF0(int a1)
{
  unsigned int result; // eax@1
  int v2; // ecx@1
  int v3; // ebp@1
  unsigned int v4; // kr00_4@1
  int v5; // edx@3
  int v6; // ebx@5
  int v7; // edi@5
  int v8; // ebx@5
  int v9; // eax@6
  int i; // [sp+8h] [bp-4h]@3

  v3 = a1;
  result = 0;
  v4 = strlen((const char *)a1);
  v2 = v4 - 1;
  if ( v4 != 1 )
  {
    v5 = 0;
    a1 = 0;
    for ( i = 0; v5 < (signed int)(v4 - 2); i = v5 )
    {
      if ( v5 < v2 )
      {
        v8 = *(_BYTE *)(v5 + v3);
        v7 = v5 + v8;
        v6 = v8 + 7;
        do
        {
          v9 = v7 * v6 * (*(_BYTE *)(v5 + v3) + 19) * (v5 + *(_BYTE *)(v5 + v3));
          ++v5;
          a1 += v9;
        }
        while ( v5 < v2 );
        v5 = i;
      }
      ++v5;
    }
    result = a1 % 0xEE6B2800u;
  }
  return result;
}
Only circumstantial evidence to support that hypothesis so far, but the largest hash in the data archive is 0xee6afc35.

The hashes are derived somewhat differently to the earlier games, and the paths and extensions don't seem to have their own token bytes.
Here's some examples:

Code: Select all

0x7ba648d4 BMF\_11_T02.BMF 
0x7cb81b22 BMF\_11_T03.BMF 
0x7dcec302 BMF\_11_T04.BMF 
0x7eea465c BMF\_11_T05.BMF
0x800aab30 BMF\_11_T06.BMF 
0x812ff796 BMF\_11_T07.BMF
0x825a31be BMF\_11_T08.BMF 
0x83895ff0 BMF\_11_T09.BMF 

0x69e21bd8 box\d1_b1.box 
0x6ae82fea box\d1_b2.box
0x6bf3086e box\d1_b3.box
0x6d02ab1c box\d1_b4.box 
0x6e171dc4 box\d1_b5.box 
0x6f30664e box\d1_b6.box 
0x704e8aba box\d1_b7.box 
0x71719120 box\d1_b8.box 
0x72997fb0 box\d1_b9.box 

0xee6019c5 BMF\TI21.BMF 
0xee6190f7 BMF\TI12.BMF 
0xee62466f WORLDS\DESERT\DESERT7\ENV\DE7.ARE 
0xee679e7a AUDIO\3D\WAV\CHOPENGI.WAV 
0xee6aca2e BMF\RIPPLE6.BMF 
0xee6afc35 MATS\NETTYDED 
0x0001ef96 BMF\DONNA.BMF 
0x00027dbc MATS\BPFENCE 
0x00029b3f CAMPAIGN\CAMP8\AFRICA.BMP 
0x000635c2 BMF\DTHULL3.BMF 
0x00099b9b WORLDS\MOUNT\MOUNT15\TACMAP.BMP 
0x000a5dbd MATS\DMKGUN5 
0x000b08b9 MATS\LITEGREY 
0x000ba054 MATS\RAD1D2 
0x000cbacf MATS\TMPSK4B 
0x000ce826 LANGUAGE\ITALIAN\AUDIO\SPEECH\WAV\KWNA0001.WAV 
0x000d7dde BMF\PELVIS4.BMF 
0x0010c80a dmf\virt_e2.dmf 
0x0011166a MATS\DOOR2 
0x0014469a TEXTURES\API_DM.BMP 
The reason this is interesting is that 'Typhoon' uses a similar system where we extracted its files, and got some file names, but we haven't been able to tie them together.