Mac CS Hacks!

The TSC research is starting to get interesting. It turns out that each TSC file is encoded with a special character within the file itself. The character is always located in the middle of the TSC file. That also means, if you change the filesize of the TSC file, you change the way it's encoded.

For example, in the exact middle of the ArmsItem.tsc file, there is a (space) character. Now, the ascii code for the (space) character is 0x20. In the actual encoded TSC file, the 0x20 character in the middle gets replaced with 0x00. All the other characters, including the other space characters, get +0x20 added to their hex codes.

Now, it was a stroke of luck that cultr1 happened to pick ArmsItems.tsc. The method for converting an uppercase letter into a lowercase letter is to add 0x20 to the ascii code of that letter. That caused <FRE, <WAI to turn into fre, wai, so that you could see the TSC commands. For most of the other TSC files, all you would see is a jumble of total nonsense unicode.

So, now I need to get working on a deciphering routine. I believe it's still possible to finish the Mac TSC editor, though it might take a bit longer.

Ohhh I noticed something like this too, when I opened a TSC file on the PC with a hex editor. I noticed since there were a lot of repeated values (always a constant) that were repeated, and they seem to coincide with the decoded script where the "0's" were (since in TSC, you use a lot of 0's for various commands). I think I noticed it when I randomly opened the tetris script I made, since THAT has a lot of zeros in it. (It's really a cheap way to encode the file)

I think the TSC files are exactly the same as they are on the PC (this sentence seems stupid in hindsight, since of course they should be the same, only the .exe/.app should need to change to read them on a different OS), as should be the case for the other filetypes. You should ask someone (like Wistil or SP) if they have some documentation on the layout of these files if you want to make an editor, rather than just reverse engineering the filetypes all over again.

One other small thing: If the file size is that of a odd number of bits (like 6A9), then what you have to do to find the decoder bit is divide it by 2 and then round up (or add one) (ex. for 6A9, it would be 355).

 

One other small thing: If the file size is that of a odd number of bits (like 6A9), then what you have to do to find the decoder bit is divide it by 2 and then round up (or add one) (ex. for 6A9, it would be 355).

This works for an odd or even number of bytes:

PYTHON CODE

middlefile = int(round(endfile/2))     #divide by 2, then round away from 0.
#middlefile holds the location of the encoder char.

At this point, I've got a working program already. Now testing it on a Mac is all that's necessary.

 

This works for an odd or even number of bytes:

PYTHON CODE

middlefile = int(round(endfile/2))     #divide by 2, then round away from 0.
#middlefile holds the location of the encoder char.

At this point, I've got a working program already. Now testing it on a Mac is all that's necessary.

I can test it for you tomorrow (they force me to use a mac at work).

 

Here's the Cross-Platform TSC Converter.

Before using this program, you must download the Python Engine for your respective OS. Theoretically, this TSC/Plain-text converter should work on any OS that supports a build of Python. However, so far I've only been able to test it on Windows.

(Also, I should probably mention that Python comes pre-installed on Mac OS X.)

 

Congratulations guys...

I'll download it if I magically get a mac.

 

Okay in regards to the map data I have found some differences in byte ordering in bytes $40 to $43 of every 197 byte range, plus the map name is cut down by 3 bytes reducing each map's information down to 197 bytes per map instead of 200. A tool to convert the map data (which btw can be found at $9FD3D to $A465A, Doukutsu.app\Contents\MacOS\Doukutsu) would be greatly beneficial.

 

SOME BASIC RULES OF MAC PORTING:
ASM hacks don't go well on the Mac.
Noxid is working on porting an earlier version of his mod to Mac, whose assembly hacks are starting location and starting health.
We found a solution to both though.
With all mods you port, you have to add a little TSC code to the beginning of the first "from somwhere, a transmission." just delete that part of the code and replace it with a <TRA command that gives the starting map, location, and script.
ALSO, for starting health, just put <ML+ at the beginning of the first script of the mod.
<ML+000/ actually subtracts 1 health, <ML+000- subtracts 3.
WITH ALTERED GRAPHICS: they MUST be saved as 8-bit for CS Mac to read it with no issues.
That's about it!

 

This may or may not be an almost-working port of my mod. Eh, hex editors are hard to use.

http://www.mediafire.com/?kcoyjufnmyd

Cultr1, did you remove (C)Pixel and change to .bmp before you gave me that? Because if not that will need to me done.

 

Success Carrotlord! Next someone needs to make a map editor of sorts. Maybe it should be made it with java so it will be easier to be cross platform if anyone wants to edit and use it for the other systems. (or we could continue to use python)

This may or may not be an almost-working port of my mod. Eh, hex editors are hard to use.

http://www.mediafire.com/?kcoyjufnmyd

Cultr1, did you remove (C)Pixel and change to .bmp before you gave me that? Because if not that will need to me done.

I don't know why exactly (it didn't save an error log), but it didn't work. I'm currently on Mac OS X 10.6 if that has anything to do with it.

 

Hmm well when I tried to simply edit out (C)Pixel last time Cultr1 said it wouldn't open on his either. Maybe there's something corrupting about XVI32 or something idk. Either that, or I made a mistake and accidentally deleted a byte or something when I was trying to do over the map data.

also I only changed the 2nd set of Assembly which is what I assume to be the x86 one.

 

Yeah I gave noxid the hacked CS, with (C) Pixel removed, and it reads .bmp files.
I will test in a moment.
EDIT: It crashes immediately after i open it.
I have cincluded it is an excecutable error, i will replace it in a moment.

EDIT2: HOLY SHIT IT WORKS
I replaced the executable with a new one that was hacked AND IT WORKS.
Also, your mod starts with "Pixel presents"
Is that ok?

 

Well, that would mean that the map data is all messed up - so if you go to certain spots where map data was changed then it'll mess up.

I tried to change the map data but it obviously didnt' work well. If you want to give it a shot you could always just figure out a way to copy the map data from the PC executable to the Mac one (although AndWhy says it's diff...)

Also, there were a few ASM hacks I managed to try and throw together like fixing the XP crystals and the title screen; I think I wrote down where the stuff is so it would be easier to find a second time.

 

But it shows the right opening map, and it scrolls down and stuff.
I could probably just change the map name manually.
I forget what it's called.

 

Is this with the "Universal" or "PowerPC" binary

As far as I know, there is only a Universal binary.

I would also say to those people porting mods, that if they require assembly, you should consider either stripping out the PPC code or finding some way to convert the x86 code to PPC code.

I'll try to write a Python script to do the encoding/decoding automatically. Since Python is cross-platform, that means the script should work the same on a Mac, i.e., a Mac TSC editor (I hope...).

I really wish I had seen this thread earlier, because I wrote just such a Python script months ago.

I know that you have already completed and released yours, but I thought I might as well throw mine in here too. It's a true command-line program, meaning that you pass the file(s) for it to convert directly on the command-line rather than entering them into the program, but that also means you can encrypt/decrypt all TSC files in a specific directory with a single command, so there's an advantage to it.

ASM hacks don't go well on the Mac.

Uh. What? Explain.

With all mods you port, you have to add a little TSC code to the beginning of the first "from somwhere, a transmission." just delete that part of the code and replace it with a <TRA command that gives the starting map, location, and script.
ALSO, for starting health, just put <ML+ at the beginning of the first script of the mod.

Question. Why is this needed?

 

I have an idea;
Whenever I use the hex editor to do hacks to the main file for the mac version and send it off it never works. I don't know why. However, could carrotlord's autohacker be used on a mac, and then I just document the changes that need to be made so they can be applied by the person on the mac?

Oh, or better yet, can anyone give me a clue as to why it won't work? >.>

Question. Why is this needed?

Because CE has the ability to modify starting health and location. We can't do that on mac yet (although I might eventually find it)

 

However, could carrotlord's autohacker be used on a mac, and then I just document the changes that need to be made so they can be applied by the person on the mac?

I suppose that I should modify the Doukutsu autohacker so you can choose a program that's not named "Doukutsu.exe". Then it could work.

Or, maybe try a hex editor that's not XVI32 and see if there's any difference?

---
By the way, Celtic Minstrel, do you have experience with Tkinter or other GUI packages? I suppose those could be used to make a Mac map-editor.

 

XVI might actually be the problem because I compared the version I edited to the unedited one and there were like 10k+ changes soo...

yeah. Maybe I accidentaly a byte of data or something. I'll try Lowell's translhexilillion tomorrow.

 

http://mh-nexus.de/en/hxd/
this is what i use, it's called HxD

 

So I made some notes as I went. not much and they probably don't mean anything to anybody but me, but here you go:

Spoiler

(C)Pixel [2] around 134E50

cc2b8 start of stuff after a bunch of 00
334d48
CC3E7 = start of x86 code?

40A8f0 = 423F2c = ef1e4

42a9c0 = 429172 = F442A = entity 22

4265b0 = 4262da = f1592 = entity 1

43d992 = entity 175
43FA66 = entity 190
443c60 = entity 232
444eea = Entity 241

1268db = Random # generator function [

d2328 = Play sound (push channel push ID)

45ba52 = 40f9b0 = 126d0a = Title Screen Function

4224ce = 408230 = Ed786 = Nemesis (bullet) (maybe)

EF488 = 40AC90 = create animated effect

db790 = Create NPC

A9088 = Player.X?
A908C = Player.Y?

map data starts at 9FD84 and 1467E4


Entity Data

+0x00 - Event.InUse
+0x01 - Event.Collision
+0x05 - Event.X
+0x09 - Event.Y
+0x0D - Event.MoveX
+0x11 - Event.MoveY
+0x15 - Event.AltVel
+0x19 - Event.AltVel
+0x1D - Event.Unknown
+0x21 - Event.Unknown
+0x25 - Event.NPCID
+0x29 - Event.EntityID
+0x2D - Event.EventNum
+0x31 - Event.Tileset
+0x35 - Event.HurtSound
+0x39 - Event.DeathSound
+0x3D - Event.Health
+0x3F - Event.XP
+0x43 - Event.DeathGraphic
+0x47 - Event.Direction
+0x4B - Event.Flags
+0x4F - Event.Display_L
+0x53: Event.Display_U (N) ; top side of the display rect
+0x57: Event.Display_R (N) ; right side of the display rect
+0x5B: Event.Display_D (N) ; bottom side of the display rect
+0x5F: Event.FrameTimer ;
+0x63: Event.FrameNum ;
+0x67: Event.ObjectTimer ;
+0x6B: Event.Directive ; Usually something from the parent.
+0x6F: Event.ScriptState ;
+0x73: Event.ScriptTimer ;
+0x77: Event.HitRect_L (N) ;
+0x7B: Event.HitRect_U (N) ;
+0x7F: Event.HitRect_R (N) ;
+0x83: Event.HitRect_D (N) ;
~~Uncertain beyond this point~~
+0x87: ??? ; nonzero 1000
+0x8B: ??? ; nonzero 1000
+0x8F: ??? ; nonzero 1000
+0x93: ??? ; nonzero 3000
+0x97: Event.HitTrue [N] ; Has the entity been Hit? {THIS MAY BE BYTE-LENGTH}
+0x9B: Event.DamageTaken(N) ; Damage displayed by damage numbers
+0x9F: Event.Damage (N) ; Damage done to Player
+0xA3: Event.Parent [N] ; It's like the ebp+8 of the parent

Err.. some of those offsets that start with 4 you need to subtract 334d48 from in order to find the address the hex editor uses. This is because to view it in Olly I copypasted a large portion over the .exe of regular doukutsu (It would not open otherwise)

And some of them are actually the comparable address IN doukutsu.exe :]

And some of them I converted before writing down.

If anybody could figure out where all the entities are I'd be pretty happy.

 

I made a rudimentary little console program to move map data between the mac x86 map data and the PC map data. It isn't perfect but I think it at least does what it's supposed to.

Executable file only
Source code and stuff

feel free to modify it in any way whatsoever, especially if it doesn't work. It's pretty much my first program that does anything so try not to make fun of it :s