Note: LucasForums Archive Project
The content here was reconstructed by scraping the Wayback Machine in an effort to restore some of what was lost when LF went down. The LucasForums Archive Project claims no ownership over the content or assets that were archived on archive.org.

This project is meant for research purposes only.

How do you hack?

Page: 1 of 1
 checkmate
05-31-2002, 4:37 AM
#1
Where do you SCUMM hackers find out how to decode all that SCUMM stuff? I've heard of disassemblers (eeeeuuuuugggghhhh!) helping with the job, but I've used a disassembler before (eeeeuuuuugggghhhh!) and I can't imagine how you do it. How do you find what you want in there?
I reckon tons of other people are wondering this too. There is a similar thread on the ScummVM forum, to which nobody has replied yet.

Serge....Buddy....Pal....?
 Drigo Zoxx
05-31-2002, 8:59 PM
#2
I usually surf through the code using a debugger so that I can follow the program during its execution. That way you can find the main loop of the program even if it's a bit boring and sometimes it takes a while to find out.
 checkmate
06-01-2002, 4:36 AM
#3
Really? What tool do you use?
 Serge
06-01-2002, 12:00 PM
#4
As for me, I use a disassembler, yes. With a debugger only being the helpful tool to find out the program flow when I'm in doubt. Simply because using a debugger tends to become a tedious process of trial and error when dealing with stuff that only occurs in some instances (or never, in the case of disabled stuff in the game code).

As for the tool itself, I use IDA (Interactive DisAssembler). For debugger I use(d) SoftIce, but haven't been using it since I switched to XP. Haven't had any use for it, and since a patch is needed for it to work with XP, I haven't bothered - it's a rather low level program, and right now I don't like the idea of a patched program messing with the internals of the OS.

Both those are rather expensive programs. Alternatives exist, but the ones I've seen don't do the job for me :)

- Serge
 Drigo Zoxx
06-01-2002, 2:07 PM
#5
Serge, me too use a disassembler, but at first I prefer to find out the program's main loop with a debugger. I've never used a PC debugger, but the MacsBug (Motorola Advanced Chipset Debugger) on Macintosh is really useful in such situations.
After all the DisAssembler is certainly better cause it allows me to check for jumps into the code. However I cannot figure out how did Ludvig came out with ScummVM, I already asked him and he said he used a disassembler :) As far as I know that's a really boring job. Maybe he had some connections with LEC?

Drigo
 checkmate
06-01-2002, 7:33 PM
#6
So, Serge, what kind of scenario did you go through to crack the background images? I'll bet you're proud of yourself.:) You can't just type "IMAG" in the search tool and expect to find it right away...:(
 Serge
06-01-2002, 9:30 PM
#7
Good thing you asked about backgrounds. Some of the other stuff in SCUMMRev I'd be hesitant to talk about... ;)

As for how Ludde turned it all into SCUMMVM, I can't tell either. I have a IDA disassembly of CMI that pretty much tells me how to do a new CMI engine from scratch - if it weren't for SMUSH and iMUSE - and that took me 4 years, on and off, to do. :) LEC connections? Who knows. Everyone has them these days ;)

Can't exactly say I'm proud of what I found. I'd be more proud of myself if I actually did any SCUMM work anymore, but I tend to let myself get distracted from it these days. No work done on SCUMMBag for the past month or so :P

Anyway, background images... They were all found by first using the disassembly of CMI's SPUTM engine (which has code for all image codecs other than the ones used in Indy3 and earlier. Don't remember exactly what I did back then, but it probably involved lots of variable and function naming in the disassembler, changing the type of operands (to get block names, which are practical in assembly, since being 4 bytes means that they can be managed directly by a dword, rather than using a string). Of course, the error messages of the engine are always helpful when figuring out what the assembly does, and what names are actually used for various variables as well as what the variables hold etc.

What I do remember is that I spent a lot of time on trial and error because back then I didn't really have enough grasp of assembly to be able to see exactly what a function did by just reading it :) Lots of random colours spewed out on the screen, and lots of decoded images going beyond the width and height of the images etc.

The same thing went for the music decoder, where I simply took the original assembly and stuffed it into SCUMMRev as inline assembly :P Only when I did decoders for Grim and Dig stuff, did I figure out how those decompressors actually worked.

- Serge
 checkmate
06-02-2002, 12:01 AM
#8
Okay, so if I try 0x494D4147 in the search tool, I might find something? According to the miniature char-to-hex program I just banged up, that's the value for 'IMAG', and I'm not sure it's very reliable.
 checkmate
06-02-2002, 4:46 AM
#9
Hey, as long as we've got something about my knowledge of scumm going again, I'll have you know I'm still confused about endianness. Remember my AKOS viewer project? Work on it is kinda slow right now, but....uhh.....yeah.:confused:

What I really need is somebody to just post some conversion code for words and double-words...I've got some of my own, but they're just guesses:

This is C++. i means "input".
Word (16 bits): (((i >> 8) & 0x00FF) | ((i << 8) & 0xFF00)));
Dword (32 bits): (((i >> 24) & 0x000000FF) | ((i >> 16) & 0x0000FF00) | ((i << 16) & 0x00FF0000) | ((i << 24) & 0xFF000000)));
Sorry if my parentheses are wrong:(
Yes, I am a semi-beginner programmer.

CTRL-X is for "cut", because it looks like a pair of scissors.
CTRL-C is for "copy" because it starts with a C,
and CTRL-V is for "vomit", because it makes your computer vomit that data into your text.
Sorry, I couldn't resist.
 Ender
06-03-2002, 2:42 PM
#10
ScummVM was not created with inside information or help :)

ludde was just a machine, disassembling like a madman. Actually, most of the original disassembly work was done by Sander Buskens, with Ludde filling in the rather large blanks.

Most of the recent advances have been based off of the hard work of Serge (of course :) and Kevin Carnes (Scumm16), as far as graphics decoding, etc, goes.

That, and a lot of guess work! If we did have access to inside information, we probably wouldn't use it (unless sanctioned by LEC legal) for fear of possible legal issues;

- Ender
ScummVM Project Leader
 Drigo Zoxx
06-04-2002, 9:24 PM
#11
talking about reverse enginering, there's a compiled sputm engine v 7 on Mac enclosed with an Humongous software game which includes function names into the code (that's rare as you know) but it might really be useful :)
 checkmate
06-05-2002, 3:06 AM
#12
What a coincidence...I own two Putt-putt games!
 Ender
06-05-2002, 9:17 AM
#13
Originally posted by Drigo Zoxx
talking about reverse enginering, there's a compiled sputm engine v 7 on Mac enclosed with an Humongous software game which includes function names into the code (that's rare as you know) but it might really be useful :)

Yeah, all the Humongous games have WINDEX (sputms inbuilt debugger) compiled in by default. With the right key combinations you can probably have a lot of fun :)

Although I (speaking on behalf of ScummVM) don't want to copy the original SPUTM engine too closely. For a start, it's a horrible mess :) And secondly it helps to prove ScummVM is 'unique' if LEC legal ever decide they need to breath down our backs. Which, from my experience in the gaming industry, they will do as soon as LEC actually come out with those updated versions of things like DOTT Simon mentioned in an interview.
 Drigo Zoxx
06-05-2002, 7:17 PM
#14
actually if you read the disclaimer enclosed with CMI it's said:

you cant:
...
(4) decompile,
disassemble or make reverse engineering on this Software.
....

so maybe the entire work made by Ludvig might be considered unlegal. However who knows? Of course, LEC legals may not be much happy of the paypal idea :)
 Serge
06-05-2002, 10:01 PM
#15
Back to the "is this legal?" issue for the umpteenth time... :) Lengthy legal mumbo jumbo that I'm really not in the position to talk about coming up. All of the following is just an examination of what the law says, not what it actually means. It's me trying to be an expert on something I know nothing about. So if you want to just know what it all comes down to, go to the bottom.

OK, let's see... As the CMI disclaimer also states "THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY HAVE OTHER RIGHTS DEPENDING ON THE LAWS IN YOUR STATE". An unsigned "license agreement" cannot, as far as I'm aware, counteract a country's jurisdiction (in fact, I'll get back to that). If the law opposes what's written in the "agreement", the law applies.

Now,I am so (un)fortunate to live in the European Union. Although Ludde doesn't, I'm quite sure Norway's rules are relatively harmonized with the EU legislation. This most likely does NOT apply to US citizens or most other countries of the world.

OK, let's look at what the EEC directives say about all this:

"COUNCIL DIRECTIVE of 14 May 1991 on the legal protection of computer programs (91/250/EEC)

...

Article 6 Decompilation
1. The authorization of the rightholder shall not be required where reproduction of the code and translation of its form within the meaning of Article 4 (a) and (b) are indispensable to obtain the information necessary to achieve the interoperability of an independently created computer program with other programs, provided that the following conditions are met:"

In other words, if it doesn't work, you're allowed to "decompile" to fix it. The conditions being that you're a licensee, there isn't a fix already available, and you only decompile the parts needed to make it work... Vague at best. "bgbennyboy, I need interoperability between Windows XP and Sam and Max...", "Endy, I need to play that MI2 game I paid $30 for some years ago".

Lets go on...

"Article 5 Exceptions to the restricted acts

...

3. The person having a right to use a copy of a computer program shall be entitled, without the authorization of the rightholder, to observe, study or test the functioning of the program in order to determine the ideas and principles which underlie any element of the program if he does so while performing any of the acts of loading, displaying, running, transmitting or storing the program which he is entitled to do."

So, for educational purposes, we're allowed to decompile. "Serge, I want to know how an LEC game works"

Now, are we entitled to decompile if the license agreement says "NO"?

"Article 9 Continued application of other legal provisions

1. The provisions of this Directive shall be without prejudice to any other legal provisions such as those concerning patent rights, trade-marks, unfair competition, trade secrets, protection of semi-conductor products or the law of contract. Any contractual provisions contrary to Article 6 or to the exceptions provided for in Article 5 (2) and (3) shall be null and void."

As I read it (and I'm not a lawyer), a license agreement can't remove your right to decompile for studying (under the conditions of article 5 (2) and (3)) or to fix bugs (under the condition of article 6).

We're not breaking patent rights (as long as we don't reuse iMUSE), we're not breaking trade-marks (the code isn't a trademark, we're not selling anything etc. In any case, our use of trademarks seems "fair use" - educational purposes etc.), we aren't doing unfair competition, or revealing trade secrets (As long as LEC seem to have lost interest in SCUMM) we're not breaking protection of semi-conductor products (until LEC release "the world's first SCUMM Processing Unit!"). Law of contract? I never signed any contract with LEC, I read a license agreement, I agreed to it, knowing that "contractual provisions contrary to Article 6" or "to the exceptions in Article 5 (2) and (3)" are "null and void". Once again, vague, vague, vague.

Enough mumbo jumbo

What all this comes down to is, I guess it's all vague(TM) enough to allow LEC to have a very strong case (they're the strong ones here) if they DO plan to sue us. So, in essence, we're not talking about jurisdiction, legislation or anything. We're talking "is this fair use?" And with the power of Lucas Legal, that's for them to decide, not the judges :) The real "law" here is, as long as the reverse engineering of their games doesn't get in their way, I doubt they'll bother. And at the moment, it doesn't, on the contrary:

SCUMM Revisited, SCUMMVM, Quick & Easy, whatever... None of them form any kind of threat to LEC's business. They don't take away customers. In fact, I know of at least 20 people (and I'm sure there are several hundreds) who've bought LucasArts games mainly DUE to these programs. They don't bring a bad name to the LEC products (like some (I won't name them) "fan games").

I know nothing, but at least I want to believe what I just wrote :)

- Serge
 Drigo Zoxx
06-06-2002, 12:44 PM
#16
Serge I agree 100%, I'm not a lawyer too, but I got your point, and also i'm from Europe too :) :) so I don't worry about it
 Ender
06-07-2002, 7:32 AM
#17
Yep, as Serge said, the license cannot override the laws allowing reverse engineering for interoperability or study. Australia and the US both have similiar laws (of course, they can always get you with the DMCA :).

If LEC are planning, as Simon said in his interview, to re-release the classics, LEC legal might want to sue. However they are on shaky ground there as I know many LEC employees are well aware of the existance of programs like ScummVM and of course many more know of Serges fantastic work. Because they havn't decided to take any action yet, there are other laws protecting us from spontaniously being sued retrospectivly.

Quick and Easy is totally safe from a legal standpoint, because it doesn't actually 'do' anything in itself, it's just a wrapper around VDMSound.

Again, I'm not a lawyer, but if the the laws wern't in place two things would have happened.. BNetD (http://www.bnetd.org) would have been sued long ago, and so would have WINE (http://www.winehq.com) :)
 Drigo Zoxx
06-07-2002, 6:31 PM
#18
hmm.... I thought Microsoft made a cause to Wine... or was it Lindows?.... Or am I totally wrong? :)
 Ender
06-07-2002, 11:27 PM
#19
Originally posted by Drigo Zoxx
hmm.... I thought Microsoft made a cause to Wine... or was it Lindows?.... Or am I totally wrong? :)

That was Lindows - and only because they said it was too close to 'Windows' and may have caused name confusion :P

They losts of course, the judge ruling that 'Windows' is NOT a word owned by Microsoft ;)
 MeddlingMonk
06-07-2002, 11:50 PM
#20
I believe that case is ongoing. From a logic standpoint Microsoft seems bound to lose, but they haven't lost yet.
 Drigo Zoxx
06-08-2002, 10:11 PM
#21
If Microsoft will ever win, then we'll pay a buck every time we ask : 'could you please open the window?' :))
 checkmate
06-11-2002, 2:56 AM
#22
Hey, that reminds me of a joke newspaper article reporting how Microsoft would patent the binary system, and possibly all math! Then, you would have to pay to do such mathematical things as walking, standing, and breathing.:)
Page: 1 of 1