Gildor's Forums

Author Topic: UE Explorer can view the code, but how do I modify it?  (Read 21466 times)
Gildor
Administrator
Hero Member
*****
Posts: 7971



View Profile WWW
Re: UE Explorer can view the code, but how do I modify it?
« Reply #15 on: August 18, 2012, 20:50 »

Unreal engine 3 has transparent compression - engine does not know that packages are compressed. I knew that for a long time, plus I seen the engine source code. If you don't trust me - why do you asking me?
Engine has ability to protect packages from modification using md5 hashes, and this possibility was used by Tribes authors.

About LZO - there is a library available on the web. Just search in a google and the 1st link will be what you're looking for. It is C library partially written on assembler. And yes, you'll need a compiler to build it (I hope you're a programmer).
Logged
sskillz
Newbie
*
Posts: 12


View Profile
Re: UE Explorer can view the code, but how do I modify it?
« Reply #16 on: August 18, 2012, 22:08 »

So your saying that if it doesn't run the decompressed package its a good chance that it checks the file hash?

I used to code once....
About LZO, I tried this:

Code:

int __lzo_cdecl_main main(int argc, char *argv[])
{
    if (lzo_init() != LZO_E_OK) { printf("internal error - lzo_init() failed !!!\n"); return 4; }
   
    FILE *fi = NULL;
    FILE *fo = NULL;
    unsigned char bufferin[37210] = { 0 }; //Size of the first chunk block (After all the checks blocks compressed and ucompressed sizes)
    unsigned char bufferout[131072] = { 0 }; //Block size
    memset(bufferin, 0, sizeof(bufferin));
    memset(bufferout, 0, sizeof(bufferout));
    fi = fopen("in.bin", "rb");
    if (fi == NULL) { printf("cannot open input file %s\n", "in.bin"); exit(1); }
    fo = fopen("out.bin", "wb");
    if (fo == NULL) { printf("cannot create output file %s\n", "out.bin"); exit(1); }
   
    int i = fread(bufferin, 1, sizeof(bufferin), fi);
    lzo_uint inlen = sizeof(bufferin);
    lzo_uint outlen = sizeof(bufferout);
    int r = lzo1_decompress(bufferin, inlen, bufferout, &outlen, NULL);
    if (r == LZO_E_OK) {
         
          fwrite(bufferout, 1, 1024, fo);
          printf("done");
    }
    else
    {
        printf("internal error - compression failed: %d\n", r);
        return 2;
    }
    fclose(fi);
    fclose(fo);

    return 0;
}

With  lzo1_decompress it gets LZO_E_INPUT_OVERRUN.
With  lzo1x_decompress it completes but the output data is wrong compared to orignal (But the all the 00 bytes are in the right place, Good sign that it is the first block of the chunk)
With  lzo1c_decompress the program crushes.

And ideas, Even if it won't help me for the final goal, I just want to finish it :|

Logged
Gildor
Administrator
Hero Member
*****
Posts: 7971



View Profile WWW
Re: UE Explorer can view the code, but how do I modify it?
« Reply #17 on: August 18, 2012, 22:15 »

I used to code once....
bad sign Smiley
Quote
With  lzo1_decompress it gets LZO_E_INPUT_OVERRUN.
With  lzo1x_decompress it completes but the output data is wrong compared to orignal (But the all the 00 bytes are in the right place, Good sign that it is the first block of the chunk)
With  lzo1c_decompress the program crushes.
I used lzo1x_decompress_safe(). If you'll get a wrong data - check your code and data, most probably you made mistake somewhere.
Logged
sskillz
Newbie
*
Posts: 12


View Profile
Re: UE Explorer can view the code, but how do I modify it?
« Reply #18 on: August 19, 2012, 00:13 »

So you are using x and not c when you see a package that is compressed with LZO?
What did you mean by LZO (C-version) on you reply to this thread?
http://www.gildor.org/smf/index.php/topic,1278.0.html

« Last Edit: August 19, 2012, 00:48 by sskillz » Logged
Gildor
Administrator
Hero Member
*****
Posts: 7971



View Profile WWW
Re: UE Explorer can view the code, but how do I modify it?
« Reply #19 on: August 19, 2012, 00:18 »

I don't remember, but perhaps I meant C-language, because there is also assembly version available.
Logged
sskillz
Newbie
*
Posts: 12


View Profile
Re: UE Explorer can view the code, but how do I modify it?
« Reply #20 on: August 19, 2012, 00:47 »

And about what I did was:
1) I used UE Explorer to open the compressed file which showed me all the compressed chunks with their UC Offset, UC Size, C Offset, C Size.
2) I got those values for the compressed chunk that holds the value I want to change: 12443150,     1048555,      2707149,       285394, Respectively
3) I extracted the first 16 bytes of the header at that "C Offset", they gave me:
tag: 0x9E2A83C1 = PACKAGE_FILE_TAG
BlockSize: 131072
CompressedSize: 285314
UncompressedSize: 1048555
Which shows me that part is at least correct, since the uncompressed size matches the first.
4) I calculated that  I need 8 blocks: UncompressedSize / BlockSize = 7.9998
5) I followed 8  4 byte pairs for each compressed block, they gave me:
First block, c_size = 37210, u_size=131072
2nd   block, c_size = 18667, u_size=131072
3rd   block, c_size = 25844, u_size=131072
4rd   block, c_size = 27692, u_size=131072
5rd   block, c_size = 40648, u_size=131072
6rd   block, c_size = 46525, u_size=131072
7rd   block, c_size = 51358, u_size=131072
8rd   block, c_size = 37370, u_size=131051
which if you add all the uncompressed sizes of all the blocks you get 104855 total uncompressed size like before
and if you add the compressed sizes you get 285314, which I figured you need to add the header size: 16 and the u_size, c_sizes pairs: 8*2*4 = 64
if you add it all, you get 285314 + 64 + 16 = 285394 total  like it should, so I figured that part is correct.
* I also verified that after those 285314 bytes I get the next PACKAGE_FILE_TAG
6) Than if I understand right, follows all the compressed blocks together, so I dumped the first 37210 bytes to a different file (in.bin).
7) Than I tried the decompress LZO program on it, which gave the results I posted before.


Do you see anything wrong about my calculations? Maybe I needed all the blocks data together?
So you are using lzo1x one right? Could you show me a snippet?

And really, Thanks for your patience and your quick responses.
« Last Edit: August 19, 2012, 00:51 by sskillz » Logged
sskillz
Newbie
*
Posts: 12


View Profile
Re: UE Explorer can view the code, but how do I modify it?
« Reply #21 on: August 19, 2012, 01:26 »

Hey it turns out it was working! Cheesy
I was just forgot that the decoded block is not the start of the defaultproperties of the object I wanted to change
but a memory map/piece containing it. So I compared it with the start of the uncompressed data with the first
decompressed chunk and it matches Cheesy

thanks Cheesy


EDIT:
What I did now, is extract the first chunkblock like I said before, decompressed it and matched it to original,
re-compressed (Without modifying the code) it again using lzo1x_999 to a smaller size than original uncompressed. Modified all the sizes
block size, total compressed size, table compressed size (header + compressed size + block pairs) and
to make the file the same size and to avoid changing all the other compressedchunks offsets in the table
I padded the last (8th) chunk with the 00.

The package successfully decompress with your tools to the same package as the original decompressed.
It also opens up in UE Explorer with code seems to be intact.
But the game doesn't run it, so it was fun and all, but I guess you're right about the hash.
Now just to trace the executable and try to break it Tongue

Thanks for all the help,
Cya.
« Last Edit: August 19, 2012, 03:08 by sskillz » Logged
Gildor
Administrator
Hero Member
*****
Posts: 7971



View Profile WWW
Re: UE Explorer can view the code, but how do I modify it?
« Reply #22 on: August 19, 2012, 09:30 »

My congratulations with your experiments !
I warned you that you'll just waste your time with compression Wink
Logged
Jump to:  

Powered by SMF | SMF © 2006-2009, Simple Machines LLC
Leviathan design by Bloc | XHTML | CSS