Category Archives: Outlandish Brainstorms

Entertaining bizarre ideas largely related to multimedia hacking and reverse engineering

Dynamic Uninteresting Movie-Based Adventure System Simulator

I’ve been suffering through a wave of interactive movie schlock for my Gaming Pathology project. This has led me to hypothesize about what I can do to help share these wretched I-movie experiences with a broader audience and even preserve this misery for future generations to revile. To that end, I have brainstormed about the Dynamic Uninteresting Movie-Based Adventure System Simulator (thanks to Cyril Z. for helping me with the expository project name).

Loosely, an I-movie is a “game” that relies heavily on pre-rendered full motion video (FMV) sequences. The sequences can be used to show transitions from one location to another or — more often than not — exhibit a marginal actor disgracing his chosen craft in order to advance the sheer confusion that passes for a storyline. Many of these so-called games also feature one or more puzzles so as not to rely entirely on one type of gameplay.

After playing through a number of these I-movie titles, I can’t help but notice certain programmatic similarities. For example, games like D and Of Light And Darkness feign immersive 3D environments with a combination of FMV files. Start at point A. Define a series of hotspots for the current scene that map to other FMV files. When the player clicks in one of those hotspots, play the next FMV file. There; that’s 90% of the game engine right there.

Internally, the games probably have a little of what might be termed a virtual machine in order to track the game’s state. At least, I postulate that it could be forced into some kind of virtual machine structure. This is used for tracking how far the player has progressed into the game, which hoops he has jumped through, and, by extension, what special things need to happen on certain screens. this would also pertain to various puzzles which are typically comprised of series of FMV files.

So here’s the pitch: A portable virtual machine in the spirit of ScummVM that knows how to interpret the data files for a variety of these I-movies and force them into a common model. This would probably entail a graph data structure describing a map and which FMV files get played when the player chooses to transition from point A to point B. Further, there would be some list of game goals to progress through. Most of these I-movies couldn’t possibly be much more involved than that. From my understanding, most of the FMV formats that these games use are already well supported by portable, open source software.

It’s just crazy enough to work. And to what end? That should be obvious– to continue humiliating the people responsible for these tarnishes on the good name of computer gaming.

Unnamed RE Project

“Unnamed RE Project” is the impromptu name I gave to a program that I hastily wanted to start but couldn’t be bothered to come up with even a quasi-clever name. Moreover, I actually got it to do something. I can’t believe I actually made a go of this, perhaps one of the most useless reverse engineering exercises.

Aside: Does this still qualify for my “outlandish brainstorms” blog category if I actually made it work?

The basic idea is one that a lot of reverse engineers surely kick around at some point: A set of CPU registers can be abstracted as a set of global C program variables and individual assembly language instructions map quite neatly onto C program statements. Thus, what about an automatic conversion utility that can take an ASM disassembly and convert it into a C program that can be portably compiled? Not optimal, but it might be a start for other RE projects.

Traditionally, I objected to this approach on the basis of its inherent impurity– one of my objectives in this RE journey is to understand the algorithms being recovered. Technically, while it sounded like a simple enough concept, when one actually sits down to think about, all kinds of problems crop up. One of the most immediate is how case statements (jumps using dynamic tables) would be handled.

Putting aside all uncertainty, I decided to go for it and see what could happen. Believe it or not, I met with some success while also discovering a number of problems I hadn’t yet realized (for example, the dream of portability goes right out the window). I hope to write up some more about this shortly. But for tonight, I will just show the results of the first experiment.

Continue reading

Mounting An Executable

I was studying the Executable & Linking Format (ELF) recently. I realized how hierarchically it is organized. Nowadays, whenever I think of something hierarchical, for some reason, I think of cramming it into a filesystem structure via FUSE. Imagine mounting an executable file as a filesystem. One directory could have a list of exported function names. When reading those files, it would automatically disassemble that section of the file.


Executable

I’m working off of the ‘readelf -a’ command here. There would be a directory at the top level called sections/ and would contain 

  .interp/
  .hash/
  .dynsym/
  .dynstr/

And so on. It might be a little tricky because those names have dots in front of them. Another directory can list shared libraries and have symbolic links to the correct libraries. Another directory will list the exported, public symbols. Opening these files would disassemble the functions for display in whatever text editor you want. Of course, not all of the interesting stuff is found at the public entry points, so it will be necessary to employ heuristics to locate other, private function entry points.

For bonus points, make the filesystem writable. This will allow annotations in the disassembled source. This will probably require that a “work” copy of the binary to be stored in the user’s home directory.

New Filesystem Ideas

I really like FUSE, the filesystem in userspace that facilitated the creation of gcfuse. I think the killer app for FUSE is sshfs. It’s a minor miracle that if you have an SSH server running on a machine you can use sshfs to mount a filesystem from another machine. Authentication, encryption, all taken care of. None of that NFS or Samba configuration hassle.

I started wondering what else I might be able to use FUSE for. There is the small issue of Sega Dreamcast disc images. These games contain a lot of multimedia encoded with Sofdec’s middleware tools. For the most part, these discs use an ISO-9660-like filesystem that’s just a little different and doesn’t operate with Linux’s ISO-9660 module. Perhaps a FUSE/ISO-9660 module that can also handle the modified Dreamcast variant? Actually, I see that the big FUSE app directory lists an app appropriately named fuseiso which can load an ISO-9660 filesystem. It might be worth a look.

Thinking bigger, what about a FUSE module that mounts a DVD and presents it in some interesting manner? For starters, it will transparently decrypt the data. Then, present the contents of the DVD as a series of chapters or tracks or menu options. Since a DVD is not necessarily a strict hierarchy, perhaps organize the different viewing options in different directories. Or a /proc-like special filesystem that allows tinkering with the audio and subtitle options. It’s late and I’m just tossing out ideas here. Feel free to jump in.