Category Archives: Origin Xan

Posts relating to reverse engineering the Origin Xan video codec

Xan Binary Decoding

In the time-honored tradition of avoiding real work, I made an extension to xine that will decode Origin’s Xan codec (FourCC: Xxan). This is despite my long-standing policy that I will not invest any effort into making open source programs leverage closed, binary code in order to decode data.


Wing Commander IV Title

I have no intention of committing it to the xine codebase because, really, who cares? But let’s see MPlayer decode Xan data! Ha! Oh, why do I provoke them so? They’re going to have a workable decoder 20 minutes after I post this.

If you care, I posted the xine plugin code here: http://multimedia.cx/xan/. This is based on Mário Brito’s extensive Wing Commander research. It needs a very large table for decoding (128KB of data expressed in ASCII text) and that’s contained in xandata.h[.bz2]. Ideally, I think that table is supposed to be generated by some DLL function. Xan samples and the xanlib.dll are located at the MPlayer samples repository.

This particular plugin is based on one of my old reverse engineering experiments. The reason I took on this task is because loading xanlib.dll and calling into it isn’t especially difficult. At least, none of the relevant functions are dependent upon any external functions. Thus, I just used a few strategic mmap() functions and loaded the binary code directly into specific memory regions. Oh, the code only works on x86 architectures, of course.

Fun Graphs With IDA Pro

Pursuant to my last post on IDA Pro, Benjamin Larsson kindly pointed me to an older version of IDA Pro that has been released as freeware: IDA Pro v4.3. The version is uncrippled for what it can do so you can save your work and not have to worry about needing to RE an entire target in one sitting. This version is also reported to work beautifully under Wine, if that’s your thing. This version is supposed to have great support for Win32 PE files (the most common executable format you will find under Windows) but somewhat lacking in the area of Linux ELF files (apparently, it is not entirely correct when loading relocation tables).

I decided to take a step back and examine an old favorite target, xanlib.dll. This is the binary module responsible for decoding video data in the ‘Xxan’-fourcc format used in certain Origin games circa 1995. The format has remained a thorn in my side since it should be so simple yet I have never quite reverse engineered the entire thing.

Perhaps the most curious feature I see in IDA Pro is its graphing feature. Actually, IDA Pro subcontracts to a GPL’d graphing library named Visualization and Computer Graphics Lib to handle its graph display. The Win32 graph viewer features a number of fish eye perspective modes for warping the graph view. This is the “fixed radius polar fish eye perspective”:


fixed radius polar fish eye perspective

What is the reason for this feature? If I were a guessing man, I would probably have to guess: “Because they could.” Weird perspective aside, you can see how clearly IDA Pro + VCG illustrate the flow of the assembly language blocks (also called basic blocks in certain academic RE literature), as well as the way I am able to substitute my own identifiers (xan_1000_validate_struct as the function name and xan_last_error for a particular global variable). I am eager to explore more of IDA Pro’s legendary RE features as I finish tearing apart this ancient codec.