RSS Feed

Category Archives: game

My memory editor: Med

Posted on

Introduction

There was a wonderful memory editor in Windows, that was Game Master. But it was not a freeware. And there is a freeware memory editor, it is ArtMoney. But it is also for Windows only. In Linux, there is only one memory editor, scanmem with GameConqueror as the GUI. However, there are some limitations from scanmem and GameConqueror. Thus, that is why I decided to create another one which can fit my needs. Therefore, I recently spent some time to develop this memory editor, namely Med.

This project was actually started because of Android hacking. I wanted to hack the Android game memory. I firstly wrote a program called “hed” (hex editor), which is purely in C language, to edit any binary file from ADB shell. The command-line works well. Then, I was thinking about to create “med” (memory editor) using C++, to edit any process from ADB shell. But it fails to work. However, during the development, it works well on the desktop computer, that is, x86 and x86-64 Linux.

Previously I was using GameConqueror. But I recently found that there are some limitations such as save/open file failed to work with the recent compiled version from the Git repository. Besides that, the memory editing does not work either. And, I also forked the project in the GitHub in order to add in a function, that is to “shift” all memory addresses. But at the end, it is not very useful either.

Med

Med is a result from my years of programming experience. It involves

  • C language as it deals with memory directly
  • C++ as I am using the C++ STL container, strings, and exceptional handling
    • I use strings heavily based on what I learnt from UNIX philosophy (as text is important), Tcl philosophy (“Everything is a string”), and OpenGL (as a state machine)
  • GTK+ (version 3) for the GUI
  • Multi-threading using GLib
  • Linux, as this memory editor only works on Linux and relies on procfs
  • JSON, save and open file as JSON file format. JSONPP library is used to work with C++

Though GTK+ is written in C, it is object-oriented. I do not choose Qt because of my fervent towards C language. And I admit that writing a program using C++ is faster and easier than C. The GUI design is actually using Glade.

Status

Med is still under development. If you want to use, just download and compile it. It is available here.

Memory editor editing memory in PCSX2

Memory editor editing memory in PCSX2

Gaming on Linux

Posted on

Recently, I admit that Chromium is faster and smoother than Firefox. And now, for me, Firefox is my primary bookmark manager, reference manger with Zotero, and best ever download manager; yet Chromium is my primary web browser.

This is just like Windows is no more an Operating System for me, but a game console. I have no choice to admit this because playing games on Linux, is still far behind from Windows. The main reason is the developers usually target on Windows instead of Linux. However, it is truly worth for me to optimise the functionality of a computer by running Linux and sacrificing the gaming potentiality of Windows.

Native, Emulators, and Steam

There are several methods to play games on Linux. Steam is one of the methods, but it is not my favourite. Other than that, there are native games in Linux, one of my favourite is Cave Story. Another solution is using emulators, such as DOXBox, VBA-M, MAME, etc. However, not all emulators work perfectly, especially PS2 emulators.

WINE

WINE (WINE Is Not Emulator) is my another favourite. It allows to run Windows applications including some games. Yet, it does not work perfectly, not all games work. I have successfully used it to play KOEI Sangokushi (Romance of the Three Kingdoms) 12 and The Sims 4. WINE works fine with these games. However, some 3D games such as Assassin’s Creed II and Dead or Alive 5 Last Round do not work for me. Moreover, latest version of WINE does not guarantee better compatibility of all games. Some games work better with a certain version of WINE; some games requires certain patched version of WINE.

Virtualisation

So, the native Windows is still an attractive solution for playing games. Therefore, virtualisation is the possible solution. (LXC and Docker do not work, because they are containers.)

VirtualBox

VirtualBox is my favourite hypervisor because it is very easy to use. VirtualBox allows Direct3D yet it is under experimental. It has to be installed through the Guest Addition ISO image. However, I found that the Direct3D driver installed is wined3d.dll. As a result, the 3D rendering produces the same problem as in using WINE for certain games. As a conclusion, using VirtualBox to play 3D games does not work as expected.

QEMU/KVM

Since VirtualBox does not work with 3D games, I recently tried QEMU with KVM. Because I read some articles (this and this) regarding QEMU/KVM, it can virtualise the 3D graphics card. However, this requires 2 graphics cards: one for the host machine, another for guest machine. And this method uses VFIO, which is very troublesome.

Furthermore, there is a Virgil 3D project which targets to produce virtual 3D GPU. I studied a little, yet I didn’t try to compile it, because it seems like very troublesome. As a conclusion, QEMU/KVM does not work either.

VMware Player

So, the final solution I tried recently was VMware Player, which is free for non-commercial use. Installation of the VMware Player version 7 requires GCC 5.1.0 in Arch Linux. In this case, I have to install GCC 5.1.0 and compile the modules, then downgrade to GCC 4.9.2 again.

VMware Player is very similar to VirtualBox, but the VM management less useful than VirtualBox. Besides that, some VM configurations have to be done manually using text editor.

After some configurations and testing, I found that it works as the best among the virtualisation software. It is better than VirtualBox.

VMware Player 3D configuration

To enable VMware 3D graphics for Direct3D, firstly we have to make sure our host machine (Linux) allows “direct rendering” by entering the following command,

glxinfo | grep direct

Then, to make sure it works,

glxgears

Next, install WMware Player, then download and install VMware Tools for the guest OS. This can be done when running the Windows in the VM, by clicking “Virtual Machine” > “Install VMware Tools…”. Alternatively, we can download all VMware Tools for all the supported OSes from Player Preferences menu item. After finish downloading, we can run the setup in the Windows just like VirtualBox. The installation of VMware Tools allows seamless integration of the host and the guest like VirtualBox: such as resizing the window will resize the Windows resolution directly, and also the seamless mouse integration.

After installation, make sure 3D acceleration is enabled. This can be done from VMX file or from the Virtual Machine Settings,

mks.enable3d = "TRUE"
svga.graphicsMemoryKB = "1000000"

If 3D acceleration still does not work, then in the ~/.vmware/preferences, add

mks.gl.allowBlacklistedDrivers = "TRUE"

Next, in the ~/.vmware/preferences, add followings

pref.motionUngrab = "FALSE"
pref.motionGrab = "FALSE"

This disable auto grabbing or ungrabbing our mouse pointer when it moves into the VM window.

However, in my case, my 3D game is very sensitive to the mouse movement. Thus, I have to disable the drivers installed by the VMware Tools. This can be done through Device Manager in Windows. After disabling the drivers, my mouse cannot click anything in VM. I have to use keyboard to restart the Windows.

 

Finally, I think I can enjoy more games in Linux now, though playing the games virtually in Windows.

Traditional Chinese (BIG5) in the LANG=zh_CN.UTF8 locale


Recently, I tried to play Tecmo Koei Sangokushi 12 PK Traditional Chinese version (三國志12威力加強版繁體中文) on WINE using PlayOnLinux. It works fine, but there is a problem that is the game can only be run in LANG=zh_CN.UTF-8 locale instead of zh_TW.UTF-8 locale (there are some reasons behind). As a result, if I enter some Chinese characters using fcitx, the output will be converted. Such as 一 becomes 珨. This is because when using fcitx in the zh_CN.UTF-8 locale, the character will be encoded as zh_CN.UTF-8. However, because the game itself is Traditional Chinese, the output will be encoded as possibly BIG5. This can be proved by using iconv with the following command,

echo "一" |iconv -f utf8 -t gb18030|iconv -f big5 -t utf8 #results 珨

Therefore, I need to convert this faulty character back to the character I intended. Thus, the iconv can be used to reverse the result by following command,

echo "珨" |iconv -f utf8 -t big5|iconv -f gb18030 -t utf8 #results 一

Because the game does not allow copy-paste, I can only solve this problem programmatically by creating a(n) fcitx module with the iconv. The module is available here.

The fcitx module I created works partially satisfying. It still has a problem which I cannot solve. I am not sure what is the root problem, either iconv, fcitx, WINE, the game itself, or other reason. That is, some of the Chinese characters such as 自 and 何 are not able to be entered and result question marks (?). (This is solved, read UPDATE below.)

Note: In order to use the module, that is to convert the GB18030 to BIG5 (yet still UTF8), because BIG5 is Traditional Chinese, that means we need to enable the “Simplified Chinese To Traditional Chinese” module in fcitx. Then only input the Traditional Chinese characters will work. Such as entering 會 instead of 会. Because BIG5 does not have the character for 会, but 會.

Sangokushi 12 PK Traditional Chinese in WINE problem with zh_CN.UTF-8 locale

Sangokushi 12 PK Traditional Chinese in WINE problem with zh_CN.UTF-8 locale

Because of the question mark problem as mentioned above, I can only give up playing the game with WINE. There is no choice but only to play the game with Windows in the VirtualBox which works fine in the Chinese (Taiwan) locale.

Update (2014-06-18): With the latest version of Wine 1.7.20 and fcitx 4.2.8, after using the module, all the words can be encoded as BIG5.

All about WINE (emulator)


I always thought that Wine (or WINE, WINE Is Not an Emulator) is good enough for me to play Windows games and running Windows applications without using the virtualisation such as VirtualBox. However, this is not completed.

Recently, due to a giveaway from CodeWeavers, I downloaded and tried the CrossOver. Then I found the comparison of Wine and CrossOver, CrossOver contains some proprietary components, which makes Windows applications run smoother than Wine. I tried, yes, there are some differences. But I am still using Wine because of my own favour.

WINEPREFIX (or bottle?)

When using Wine, we can always define different WINEPREFIX to install or run the applications separately. WINEPREFIX can be defined as the path of virtual Windows drive. We can create many virtual Windows drives with different WINEPREFIX. For example, I have two applications, namely A and B. Because Wine sometimes does not work perfectly with one setting for all the applications. Thus, I need to use different WINEPREFIX for application A, and another WINEPREFIX with different setting for application B. In CrossOver, the WINEPREFIX is called “bottle”, thus it make sense that we put different “wine” into different “bottles”.

Winetricks

To make some tricks or tweaks to our WINEPREFIX (or virtual Windows drive), winetricks is a powerful tool. We can use it to install all the fonts we need, make the changes in the registry, install some applications, install some Windows components such as DirectX, video codecs, etc. The downloaded installation files are cached in ~/.cache/winetricks, they can be re-used. This is normally what I did, using default WINEPREFIX which is ~/.wine, and installing all the important components using winetricks.

WineGame

However, this is not the whole story. Recently, because I installed Evernote, then I want to re-install, so I uninstalled it. However, when I tried to re-install, it failed. The solution from the internet suggested that to remove the WINEPREFIX, and create new one. Because most of my applications are installed in the same WINEPREFIX, removing it means that I need to re-install all the other applications. Hence, I tried WineGame, which was installed in my computer.

I know how to use command-line to run the WINEPREFIX. But using different WINEPREFIX, meaning that I need to run the application with command-line every time. Thus, I chose WineGame as it is described as the front-end for Wine. Meaning that, we can create the shortcut to run the applications without using command-line.

WineGame has some predefined settings for the games such as StarCraft, WarCraft, Civilization, etc. However, because I tried WineGame recently, I found that its package repository is dead. As a result, WineGame is good for nothing. Since I installed WineGame long time ago, that is why I obtained the packages information for me to run WineGame properly. Actually, we can create our package information manually, using some files such as “control”, “.name”, “.note”, etc.

If you don’t get it, nevermind, there is alternative solution for the front-end of Wine.

Q4Wine

Because WineGame doesn’t work well, and the project has no update since 2010, so, I assumed that the project is inactive. There is an alternative, called Q4Wine. Actually both Q4Wine and WineGame are using winetricks. As a result, the downloaded installation files can be re-used. Unlike WineGame, Q4Wine does not provide any package repository. However, it works super well for managing the WINEPREFIX.

Still, WineGame has a strength which Q4Wine does not have. WineGame allows the user to use different versions of Wine to run the applications. This is something very interesting. Besides the “bottle”, the “wine” is also different. Why? This is because, Wine is a very strange project. The newer version of Wine, might not work better than older version of Wine in some of the applications. For example, this game in the WineHQ AppDB. Read the test results, the rating changed from Gold to Garbage, finally to Bronze. So, this is the advantage of WineGame to let you install different versions of Wine. However, the project is inactive, thus you cannot get the later versions of Wine.

Nevermind, there is a better solution.

PlayOnLinux

Here it comes, PlayOnLinux. I installed it before, but I never use it. Because I didn’t know the reason for such project exists. Because I thought Wine is sufficient for everything. Even I want to manage my WINEPREFIX, I can use any front-end application.

PlayOnLinux offers more things. Not only front-end, but also allows you to download different versions of Wine. The different versions includes the patched version, such as vertex blending version. And if you have compiled your own version of Wine, you can just  symbolic link or copy to ~/.PlayOnLinux/wine/linux-x86. PlayOnLinux allows to use your own custom Wine.

Though PlayOnLinux is wonderful, not all the versions of Wine are available, for example, I cannot get the Wine version 1.2 patched with vertex blending. As a result, I need to build the patched version by my own and put it into PlayOnLinux to use it.

PlayOnLinux has another different feature from Q4Wine or WineGame. The installation of the application done by PlayOnLinux will not create desktop entries into the X11 menu. This is because it disables the WINEDLLOVERRIDES. As a result, to run the applications, we must run from PlayOnLinux. But PlayOnLinux allows you to create shortcut to the desktop.

 

So, this is actually how Wine works. Choose your best bottle with your best wine to run your applications without flaw.

Installing games with CD iso images and change disc in WINE

Posted on

Previously I mentioned about playing games in WINE and enabling Ibus input and CJK fonts. Recently, I solved another problem, that is installing the game with ISO images.

We know that, in Linux, we can mount the ISO image easily. However, some old games will need to install with several discs, that means we need to change discs during the installation. When my disc 1 was completed, I tried to unmount, it failed. Even I tried with symlink, the disc 2 with the symlink is not detected by the installer, failed also.

The solution is actually simple.

  1. Firstly, run the winecfg.
  2. Go to Drives tab.
  3. Click Show Advanced button.
  4. Click Add…, for example, add a D: drive.
  5. Now, we can Browse… the path of our mounted ISO images.
  6. The important part is the Type:, we need to change to CD-ROM.
  7. Apply.

Now, in the WINE, there is a new CD-ROM drive. We can change the CD-ROM to any Linux file system path. So, mount the disc 1, run the installer.exe in the D:, complete disc 1, the installer will ask for disc 2. In the winecfg, change the D: path to mounted disc 2, apply. Go back to the installer, the disc 2 should be detected.

Enjoy the games.

(This is tested with SimCity 4 Deluxe.)

Android game hacking


[Added 2012-10-16] Read this first: Quite a lot of readers asked me how to hack this game or hack that game. Sorry to say, I am not that expert in hacking those games, and I don’t have much time to play and hack the games. And what I shared here is only how to hack the games in general way, without permanent root the Android. So, if you are asking about a specific game, please find it on other channel. Thank you.

Frustrated with some Android games? Want to hack? Want to kill the monsters with one slice?

Okay, this is the main purpose I learn about Android rooting. After we gain the “#” from “adb shell” (refers to my previous post), now we can see all the files in /data folder. This folder contains the game save data and also some libraries.

Simple problem and solution

My hacking method is not memory editing, but save file editing. So, to edit the save file, we must have the knowledge and experience on hexadecimal editing. Now, since we can access those data files in /data/data folder, meaning that we can pull them, edit them, push them back.

So, pull the save file you want, the name such as Save0.dat or similar name. Use a hex editor, such as bless, ghex, hexedit, etc. Edit the value, then push the file back.

I personally wrote a small command-line tool, so that I can do hex editing in adb shell. (It is available here). I push it to /data/local/tmp folder, so that I can use it without pulling and pushing the file.

For some games, the save file is plain binary file. We can understand the file with the hex editing, such as the value of the coins, the level of the weapons, the status of the hero such as strength, vital, hp, and so on. These can be easily edited. (Please always make a backup before editing).

Advanced problem and solution

For other games, the save file is really a pain. They are encrypted/encoded save file. We cannot understand anything about the file. Modifying the file does not help. So, my only solution is to edit the library file, i.e. shared object (.so).

For example, if there is a library called libdhunter.so, we need to use objdump (ARM target, not x86 or x86-64 target) to disassemble the shared object. The objdump can be obtained from Android NDK package.

/path-to/objdump -dC libdhunter.so > asm.txt #pull the library file first, not doing this in adb shell

This will create “asm.txt” which contains the disassembled data. Now, what we can do is just study the functions. We might find some functions such as “encode”, “encrypt”, “decode”, “decrypt”, “save”, “load”. And also, need to look for open file, read or write file, and close file. This is because normally, they will call encrypt or encode before write the file (save). Study what the functions they are calling.

For example, in the “save” function, it might contain a call of “encode” function, then only “write” the buffer. In this case, it will be quite easy to solve the problem. Use a hex editor to open the shared object. Edit the hexadecimal value of the opcode that calls the “encode” function within “save” to “00 00 00 00”, this will produce NOP operation. That means, we disable calling “encode” function in “save” function.

Then, we can objdump again to check whether we have disabled the function call.

Push the edited library to the device. Make sure backup the original library and also the save file.

Run the game, load the save file, save the game, then exit.

Now, do not restart the game yet. Now, check the newly saved file with hex editor. If it is a plain binary file, then we success! If not, try until you want to give up.

Do not restart the game yet, because the game will load the encoded save file, not the plain binary save file. So, to make the game load the plain binary save file, we need to disable calling “decode” function in the “load” function as the method discussed above.

Push the newly edited library, then start the game.

Now, we can hex edit the save file freely as we like.

Other problem and solution (added 2012-03-19)

There are even easier problems, such as the game Aqua Pet. There is no shared object (lib*.so). And the save file is also a plain text file. Meaning, we need no hex editor to edit it. However, editing the file might not change anything. In this type of case, we must “force stop” the app first, then edit the file.

Now, enjoy the games.

Cave Story (Doukutsu Monogatari) cheat in Linux


I tried to find some good games in Linux, since there is not much game development in Linux. Recently, I played Cave Story. The drawing is looking old, but the storyline is good, just like an expected Japanese game. And there are 3 different endings.

The game is not easy to play. So, I finally, try to game hack it using GameConqueror. Then, these are the memory address:

81c8614    HP 
81cce84    Polar Star / Spur Lv 
81cce98    Missle Lv 
81ccea4    Missle bullet
81cceac    Fireball Lv 
81ccec0    Bubbler Lv 
81ccecc    Bubbler bullet
81cced4    Blade / Nemesis lv

Unfortunately, GameConqueror cannot save and open the address list.

Still need to follow a game guide so that you will not miss any secret from the game.