Category Archives: Game Hacking

Baby Got RV40

Kostya is overjoyed to announce that he has completed enough of his Summer of Code project for inclusion into the FFmpeg codebase — Summer of Code 2007, that is. Kostya has activated his RealVideo 4 (RV40) decoder. Pictured is a sample of “Baby Got Back”, Sir Mix-A-Lot’s timeless paean to the female backside, encoded in RV40 and available in the samples repository:


Sir Mix-A-Lot's 'Baby Got Back', presented by RealVideo 4

Ah, still a classic. Many congratulations to Kostya for persisting in this herculean task well beyond the project due date.

Also, do you dare ask why this is useful in the grand scheme of multimedia hacking? Seriously? Have you not learned by now? While it may be true that absolutely no one likes Real or their formats, there is still a huge legacy of media in the wild encoded in their formats, media that will need to be manipulated for many years to come.

I would be remiss if I did not mention another game-related format that Suxen drol committed a few weeks ago– the Electronic Arts TGQ video codec. This is a motion JPEG variation that was notably used in Crusader: No Remorse.


Crusader: No Remorse

FATE tests have been added:

Baldur In Bulk

I got those Baldur’s Gate videos converted to something more modern. The problem turned out to be in the Interplay MVE demuxer code I wrote long ago for FFmpeg. Once upon a time, timestamps in FFmpeg were supposed to be in reference to a 90 kHz clock. Thanks to Pengvado for pointing out that my demuxer still made that assumption. Fixing the demuxer seems like a lot of work right now. So at this point in the exercise, I opted to simply hard code 15 fps for the framerate.

So I got that transcoding process underway, finally. And I made an interesting discovery along the way. I have a colleague who has this quote on his office whiteboard:


Baldur's Gate Nietzsche quote

I can only conclude that said colleague is a huge Baldur’s Gate fan.

Prerequisites for the transcoding operation (basic Kubuntu 8.04 virtual machine):

  • install the libfaac-dev package
  • download and manually compile YASM (required by x264 and the latest YASM packaged by Ubuntu is not bleeding edge enough)
  • download and compile the latest x264 snapshot; configure with –enable-shared
  • get the latest SVN of FFmpeg
  • configure and build FFmpeg with: configure –enable-gpl –enable-postproc –enable-avfilter –enable-avfilter-lavf –enable-swscale –enable-libx264 –enable-libfaac; I don’t really know if all the filter options are strictly necessary for this exercise but I’m used to them by now

So my process for transcoding in bulk after installing this software is:

  • use my Python script (parse-bif-graf.py, listed at the end of this post) to split the BIF resource into its constituent MVE files: 
    $ parse-bif-graf.py MovieCD1.bif
extracting file #0 at offset 132, 29654204 bytes, to 'MovieCD1.bif-0.mve'
extracting file #1 at offset 29654336, 6530954 bytes, to 'MovieCD1.bif-1.mve'
[...]
  • bulk transcode: 
    for mve in `ls *.mve`
do 
  ffmpeg -y -i $mve \
  -acodec libfaac -ab 128k \
  -vcodec libx264 -vpre hq -b 500k -bt 500k \
  `basename $mve .mve`.mp4
done
[...]

The resulting files are highly competitive, size-wise, against the original MVE files. At first, I was monkeying with the bitrate because there were some annoying artifacts in the high motion areas. But then I watched the original videos using ffplay and realized that those artifacts are artifacts in the source material.

Continue reading

Psychotron Story Arc

I’m still on this game hacking kick. Today’s target is The Psychotron, perhaps the most painful interactive movie game I have ever seen. Thing is, I have to admit that I have never actually played this game; I am judging the game purely on the plain Cinepak/PCM AVI files that comprise the key feature of the game. I don’t even own the full game, only a demo. Granted, I have tried to play the Psychotron demo but could never make it work. These 1994 multimedia-heavy games…


Psychotron gangsters

Whereas the conversations in Flash Traffic: City of Angels were packed in a quasi-compressed binary format, the conversation tree in Psychotron is stored in a series of .SEG files that look like the file S5H1PD1.SEG here:

\scene5\s5h1Pd1.avi*from 23 to 283*3*Fold.*10*S5h1r1.seg*Bet a large amount.*1000*s5h1r2.seg*Bet a small amount.*500*s5h1r3.seg*

Pretty straightforward to figure out. It also helps me understand a technical matter about the game that irritated me so much when I viewed the FMV files standalone– when you view the game’s files in a standalone player, you will see that they invariably start paused with tracking lines (apparently digitized from a VCR). I am guessing that the game uses the field “from 23 to 283” to describe which frames of the file are meant for human consumption.

Anyway, I wrote a Python script to print out a Graphviz-compatible spec to map out the game demo’s dialog tree. Warning! There might be spoilers in the tree!


Pyschotron demo flowchart
Click for full image
Click for Graphviz source

Ah, who am I kidding? No one cares about spoilers in this alleged story. It is interesting to note that 2 of those trees don’t correlate to any of the scenes on the disc.

The Python source code for generating the graph is below. I finally ordered the full game from an eBay seller the other day so I am wondering if the graphing utility will be applicable to the full game.

Continue reading

Metal Gear VP3

Reimar and I were poking at Metal Gear Solid: The Twin Snakes again. You may recall my post about MGS using Ogg Vorbis for audio. In addition to the vox.dat file, there is another resource file called movie.dat. I don’t know why I wasn’t too interested in this file before; maybe because I didn’t remember any pre-rendered FMV in MGS (it is primarily real-time rendered). But when I really think about it, I remember there was a small number of ponderous cut scenes that used some regular film-type material.

Reimar’s Extractor-GTK tool makes short work of both the vox.dat and movie.dat resource archives. Guess what Reimar noticed in certain files living inside movie.dat? The signature ’13PV’, or VP31 backwards. So you know the drill: Wiki page and samples.

The data at the start of the file definitely looks like VP31 (e.g., the bytes starting with hex 32 00 08 in mgs1-40.bin). The files are probably pure video (audio and subtitles are stored elsewhere). It is currently unknown how frames are split up in the file.