Fully Disassembling Silent Hill for the PSX

Discussion in 'Modding and Hacking - Consoles and Electronics' started by veganx, Feb 7, 2012.

  1. veganx

    veganx Dauntless Member

    Joined:
    Jan 8, 2011
    Messages:
    743
    Likes Received:
    2
    This is not a project, this is made out of pure curiosity and there's no purpose except my own fun.

    Said that, I would like to ask if anybody ever disassembled a PSX games.

    Me and my GF are great fans of Silent Hill, specially the first, and I said that this might be possible. Some way to look every corner of the game, every text, every memo, hear every sound. She liked the idea so this might be fun to do.

    A simple way to start would be a game shark code for invincibility and another one for free camera. The camera hack would be possible?
    Would be possible a game shark code to walk trough walls?

    This would be the in game checks, but it would be possible also to check the files? Check the code in which the game is build?

    If anyone has any advice of software or any way to do it, I would be glad to hear.
    Is there any software that can rebuild a room based on sprites of a game? Rebuild a 3D model out of playstation files?
     
  2. H360

    H360 Familiar Face

    Joined:
    Mar 5, 2011
    Messages:
    1,474
    Likes Received:
    1
    I know there are disassemblers for the PS exe's.

    The only thing I can do, is rip sprites, audio, music and videos from the disc (script kiddie crap). You get sometimes some cool things out of it. Some things are also weird that you find.

    However, turning the compiled code back into what the developers wrote is just enormously hard.


    I think they did something similar with Tekken 3 for Kaillera. They removed all the audio, and images. Then again, you do not need to reverse engineer the exe. You only need to replace sprites (tim files). Something anyone can do with a decent amount of time and effort.


    Oh, the Xplorer can do this too. You hex edit the memory space during live gameplay.
    I believe it freezes the state of the RAM (PlayStation locks up), and allows you to 'tap' into it if you like to edit it.
    You can do all sorts of weird things. Infinite ammo, spinning the camera upside down and even making him walk upside down.
     
    Last edited: Feb 7, 2012
  3. veganx

    veganx Dauntless Member

    Joined:
    Jan 8, 2011
    Messages:
    743
    Likes Received:
    2
    so, music/videos/sounds are easier to get than text? Is text that hard to obtain?
     
  4. H360

    H360 Familiar Face

    Joined:
    Mar 5, 2011
    Messages:
    1,474
    Likes Received:
    1
    Yes. Music, videos, sounds, etc are easy to obtain.

    Text is usually inside of the exe or reference files - depending how the programmer intended to make it.


    Oh, I forgot to mention (as stated above). If you can rip the music, videos, etc then you can actually edit them, and re-inject them back into the CD.
    As an example, in Tekken 3, there are logos on some levels. You can essentially make your own and put them into the game overwriting the originals. It becomes more complicated, but it is possible.
     
    Last edited: Feb 8, 2012
  5. sam hex

    sam hex Spirited Member

    Joined:
    Feb 28, 2011
    Messages:
    123
    Likes Received:
    1
    If you want to rip the art assets and stuff apart thats far from really disassembeling it.

    About Code

    If you really want to disassemble it, you will need to plug the exe in some dissassembler ( I think IDA Pro can do PSX) and start of analysing.

    A good point to start is to find out what sort of engine was used and if you are able to obtain the source code for this or at least parts of frameworks used in development. This eases analysing a binary a lot.

    Since all this is on assembler level (assembler is the name of the bytecode directly understood by a cpu and displayed in menomics for human readability), you have to know a lot of tech stuff to do that.

    In no case you will ever get the code developers written, what was mentioned before. Decomplilation is impossible. There is some sort of decompilation fox x86 cpus but it will never get you something close to the real source code due to compiler optimization, missing coments and translation issues, stripped symbols etc.

    Btw. by reverse engineering to exe, you can find these offset used by things like xplorer and the mathcing patchs. Xplorer is something like a primitive debugger/mempatcher. But still without an idea on the correct assembler language you are pretty much lost doing that.

    About Art

    It is most likely possible to reconstruct 3D models from the game. But it isn't that easy. You will need to find out how they are stored. Old games tend to inline things like models in headers in the code which are just stored as big chuncks of var structs in the resulting binary which need to be constructed by methods mentioned in the code part.

    If you are lucky, the models are stored in external files and you can jsut analyse this to find out how these files are made. Now is the big question what tools were used in the workflow back than, there are serval options.

    There is a big chance the studio used custom tools, years ago it wasn't unusale to use tools written by the company themself to get the files in a engine readable format. If they used their own engine to make the game, it's most likely such a tool you will have to obtain a copy of to anaylse it, or you reverse engineer the file format either from the use in the binary or if its simple from the plain file.

    If standard tools were used, maybe even supplied by Sony, you can get these tools and check them if they have options to reconvert a file of your choice to something useful.

    All this will require you to get very old old old old software most of the time. Even if you are lucky to convert the file back to let's say 3DSMax, you most likely will need to obtain a ancient copy of it to use the result.

    Other Art Assets

    Other Art Assets like Videos will be most likely easier to obtain. Textures might be stored in some custom format, but these are most of the time very bitmap like and easy to understand. Maybe its even some format what was made by Sony and there is already a general converter for it.

    Texts

    Texts can be stored anywhere. These days you store texts in files most of the time to ease the translation and multi lang support, back than it's possible they had header files with text vars for every language and just compiled them with the binary so everything has to be found in the binary. You might want to try "strings" tool on *nix like OSs to see if you can find the strings in there. Note: this only works on unencryted binaries.
     
  6. veganx

    veganx Dauntless Member

    Joined:
    Jan 8, 2011
    Messages:
    743
    Likes Received:
    2
    Thanks for the massive reply.

    I'll focus on the texts used in the game. I remember some teenagers translating the Silet Hill game to portuguese so I'm assuming this might not be a real IDA Pro stuff.

    If the binaries are unencrypted a hex software couldn't do the job? Just to read the text sequences in the game?
     
  7. H360

    H360 Familiar Face

    Joined:
    Mar 5, 2011
    Messages:
    1,474
    Likes Received:
    1
    It depends how the file was made I guess.

    You may just see it is a text file renamed to something else.


    Every PS1 game is coded different. Every game is extremely unique because every programmer does not program the same.
     
    Last edited: Feb 8, 2012
  8. sam hex

    sam hex Spirited Member

    Joined:
    Feb 28, 2011
    Messages:
    123
    Likes Received:
    1
    For your peace of soul, I got myself a copy of Silent Hill 1 and looked at it. The disc contains 4 files.

    SLES_015.14 - Binary
    SYSTEM.CNF - Loader Config
    SILENT - All the gamestuff
    HILL - can't copy that for some reason nor open it

    If you look into the binary, it's just CD and GPU code, screen init etc.

    Peek Preview:
    [​IMG]

    If you look at the SILENT file you quickl< notice it is some sort of uncompressed archive or something with multiple sections at least.

    The texts are inside of it, this is the spanish one I found in just 2 secs, seen lot of german too.

    NO_STAGE! {E}
    aperta.{E}
    E' bloccata.{E}
    La serratura
    incastrata.
    Questa porta non pu
    essere
    aperta.{E}
    {C2}Proiettili per la carabina{C7}.
    Li prendo?{S4}
    Dei {C2}Proiettili per fucile{C7}.
    Li prendo?{S4}
    {C2}Pallottole da pistola{C7}.
    La prendo?{S4}
    una {C2}fiala{C7}.
    La prendo?{S4}
    Una {C2}Bevanda energetica{C7}.
    La prendo?{S4}
    Una {C2}Cassetta del pronto soccorso{C7}.
    La prendo?{S4}
    {D}E' troppo buio per vedere
    la cartina qui.{E}
    {D}Non ho la cartina di
    questa zona.{E}
    Sperando che i miei appunti
    risulteranno utili.{E}
    Un giorno, qualcuno potr
    sperimentare questi
    incredibili eventi.

    I sadly can't tell you how this files is stacked together. It would need a lot of time to study the structure and do a in depth file analysis on it.
     
    Last edited: Feb 9, 2012
  9. veganx

    veganx Dauntless Member

    Joined:
    Jan 8, 2011
    Messages:
    743
    Likes Received:
    2
    WOW THANK YOU :)))

    I see you're using IDA. I tried that once to verify some files inside the .pup of the ps3.
    But you needed a whole script and some other stuff for it to work and I never managed that.

    Since you are on Mac, can you suggest a IDA version for windows?
    And you just loaded the file inside IDA and that's the screen you got? Or you had to do a lot of stuff before you can see this peek preview?
     
  10. CodeAsm

    CodeAsm ohci_write: Bad offset 30

    Joined:
    Dec 22, 2010
    Messages:
    1,500
    Likes Received:
    176
    IDA for pc is easy, just select the right CPU core and it tries to find the start location, makes a nice graph, learned a lott just by playing with the options.

    :thumbsup: Get IDA, its (free) cheap... awesome, buy it if you realy like it.
    Im thinking of buying the newest version just for skool and my dad's research (he's trying to reverse engineer a DOS app where source is lost thanks to Magnetic Tape's)
     
  11. veganx

    veganx Dauntless Member

    Joined:
    Jan 8, 2011
    Messages:
    743
    Likes Received:
    2
    I remember that screen to select the right cpu.

    Which would be in the case of the psx?
     
  12. alphagamer

    alphagamer What is this? *BRRZZ*.. Ouch!

    Joined:
    Jun 25, 2008
    Messages:
    3,255
    Likes Received:
    10
    MIPS R3000A
     
  13. veganx

    veganx Dauntless Member

    Joined:
    Jan 8, 2011
    Messages:
    743
    Likes Received:
    2
    That is not present in the evaluation version :(
    Downloading a "free" alternative, I'll post pics if I succed.
     
  14. sam hex

    sam hex Spirited Member

    Joined:
    Feb 28, 2011
    Messages:
    123
    Likes Received:
    1
    Since I am a licensee, 6.2 detects the file correctly BUT the SLES file (binary) is NOT interesting to you! Please read above, you need to open the SILENT file on the disc which is NOT A BINARY and IDA can't make sense of it. It's a stacked file archive, you can rip the text files out of it with a hex editor or something. The assets are just all glued together somehow in a big file with a unknown structure.
     
  15. Bad_Ad84

    Bad_Ad84 The Tick

    Joined:
    May 26, 2011
    Messages:
    8,566
    Likes Received:
    1,309
  16. veganx

    veganx Dauntless Member

    Joined:
    Jan 8, 2011
    Messages:
    743
    Likes Received:
    2
    Downloaded the IDA PRO 6.1 cracked but it seems this is not interesting to rip off texts?
    I was thinking that the "wait" in your screenshot was a text from inside the game (the first line).

    What about those Strings? I just need to point that for the silent file?

    I opened the silent file from my original disc with XVI32 (the hex editor I use) and the result seems encrypted, nothing makes sense in there.

    Sorry for the noob questions but this is all kind of new to me.
     
  17. Mystical

    Mystical Resolute Member

    Joined:
    May 3, 2011
    Messages:
    935
    Likes Received:
    35
    I looked at something similar to this years ago, you could try and map out the large file by looking for file structures that match PSX file types (look for .str type movies, .tim images etc.) by examining the file structure and looking for the headers of known file types, you can then extract each of these from the file (reducing the file down), this will not give you everything straight away as you will have to keep digging down until you identify as many file types as possible

    this is a very trial and error way of doing it but I had some success a few years ago when looking at other archive file types (uncompressed ones though, if they are compressed you will have a whole new load of problems)

    PS. When you look at the files in a hex editor they are not encrypted as such but they wont make much sense at first, however once you have used it a while you will start to notice repeating patterns, bits that stand out from the rest etc. as well as blank characters (hex is displayed from 00-FF within the hex editor) and alot of the Ascii values shown will be made up of characters you most likely wont have seen very often

    I hope that helps mate

    The above is for extracting sound, video and images (as if similar to some other games alot of the games information (books etc.) are images rather than text
     
    Last edited: Feb 9, 2012
  18. sam hex

    sam hex Spirited Member

    Joined:
    Feb 28, 2011
    Messages:
    123
    Likes Received:
    1
    Do you have the byte order marks of different file types or a list of them? If you tell me the header bytes of known filetypes i can write a script in perl or phyton to split the container accordingly.
     
  19. Weinflames

    Weinflames Spirited Member

    Joined:
    May 31, 2010
    Messages:
    119
    Likes Received:
    5
    Well, I'd be unable to do such a thing for myself, but as a Silent Hill fan I'm encouraging you to keep on working on in and let us know about the interesting finds I'm sure there'll be :)
     
  20. Mystical

    Mystical Resolute Member

    Joined:
    May 3, 2011
    Messages:
    935
    Likes Received:
    35
    no mate i dont have anything from the original work i did, i stopped working on it when i left uni and lost alot of stuff when i moved away

    here is some information on the PSX .tim format though:
    http://wiki.qhimm.com/PSX/TIM_file
     
sonicdude10
Draft saved Draft deleted
Insert every image as a...
  1.  0%

Share This Page