Gildor's Forums

Author Topic: Analyze any Binary file of Packages  (Read 896 times)
BatFan
Newbie
*
Posts: 31


Smasha


View Profile
Analyze any Binary file of Packages
« on: September 20, 2020, 20:31 »

I loaded the SkeletalMesh in Ghidra for RE and I found readable parts of mesh located in memory.
It happens becuase I specfied the:
Processor - x86
Endian - Little

also it's Raw Binary.

and before anayze the full file I enabled some options that force read the file.

Now if you want edit meshes of packages in my case I analyze the file in Ghidra then in my windows 10 sticky notes I store these adresses and informations. Now I know what I should looking for before patching Mesh of SkeletalMesh.
After that I need to decrease or increase bytes to the default original size after patching file in Hex, because the file size can't be changed and in result it won't load.

I still working on it becuase it's not even analyzed at 100% as you can see I have 9-10%.



* 2020-09-20_18h57_18.png (468.35 KB, 1920x1040 - viewed 265 times.)
Logged
BatFan
Newbie
*
Posts: 31


Smasha


View Profile
Re: Analyze any Binary file of Packages
« Reply #1 on: September 20, 2020, 23:45 »

Once you have selected this memory in listing window you should see 'XREF'. if you have XREF[3]: or maybe XREF[5]: it' mean that you have 3 or 5 referenced adresses of this mesh part that you find in reseach memory string before. So double-click on on XREF and your next window pop up.
You should see that it is DATA type. So in my case it looks like 'Helm Front' that is divided into 3 parts of 3 adresses, so we can say if we deleted it in HexEditor this character lost mesh from front side on helmet.

Okey so now we know where it's stored. Open Hexeditor (not the hexeditor inside) and select it that we find in Data before.
Okey instead delete replace it with empty bytes that does nothing (00).


* MemoryMesh2.png (13.14 KB, 793x325 - viewed 165 times.)
« Last Edit: September 21, 2020, 00:27 by BatFan » Logged
Gildor
Administrator
Hero Member
*****
Posts: 7969



View Profile WWW
Re: Analyze any Binary file of Packages
« Reply #2 on: September 21, 2020, 08:23 »

Man, sorry to disappoint you, but Hydra is CODE reverse engineering tool, what means - disassembler. Upk/uasset files has no machine code inside, what could be analyzed with disassembler, and you're trying to treat Unreal DATA as code. Of course it will show you some "xrefs" because large block of binary data will have values which are close to random, and these xrefs might randomly appear. Hydra can also show you data as code (you'll get entirely garbage code), but just because it will try to consider data this way. If you'd know basics of Unreal data formats, you'd understand that these "XREFS" can't be applied to Unreal data.
Logged
BatFan
Newbie
*
Posts: 31


Smasha


View Profile
Re: Analyze any Binary file of Packages
« Reply #3 on: September 22, 2020, 10:53 »

Man, sorry to disappoint you, but Hydra is CODE reverse engineering tool, what means - disassembler. Upk/uasset files has no machine code inside, what could be analyzed with disassembler, and you're trying to treat Unreal DATA as code. Of course it will show you some "xrefs" because large block of binary data will have values which are close to random, and these xrefs might randomly appear. Hydra can also show you data as code (you'll get entirely garbage code), but just because it will try to consider data this way. If you'd know basics of Unreal data formats, you'd understand that these "XREFS" can't be applied to Unreal data.

You saved my time because it didn't make sense what I done, but soon I get another idea in which way mod 3d object stored in game archives in the unreal data.   Roll Eyes
Logged
spiritovod
Global Moderator
Hero Member
*****
Posts: 2163


View Profile
Re: Analyze any Binary file of Packages
« Reply #4 on: September 22, 2020, 14:13 »

@BatFan: I'm sorry, but why usual way of modding UE stuff is not an option? I mean exporting mesh via umodel -> editing via 3d modeling software -> packing back. While I'm not familiar with UE3, it should work as in case with UE4 in general - i.e. UE3 is still downloadable and there are open source solutions for packing specific UE3 games, where you can find out upk format (aside from umodel).
Logged
Jump to:  

Powered by SMF | SMF © 2006-2009, Simple Machines LLC
Leviathan design by Bloc | XHTML | CSS