Kantai Collection/Vita/Decompilation: Difference between revisions
Antonizoon (talk | contribs) No edit summary |
Antonizoon (talk | contribs) No edit summary |
||
(6 intermediate revisions by the same user not shown) | |||
Line 26: | Line 26: | ||
http://resources.infosecinstitute.com/net-reverse-engineering-1cil-programming/#gref | http://resources.infosecinstitute.com/net-reverse-engineering-1cil-programming/#gref | ||
ilasm.exe can display as html or rtf? https://msdn.microsoft.com/en-us/library/f7dy01k1(v=vs.80).aspx | |||
Basic CIL editing of unity and put back into dll: https://www.unknowncheats.me/forum/general-programming-and-reversing/106107-patching-cil-instructions-ida-hxd.html | Basic CIL editing of unity and put back into dll: https://www.unknowncheats.me/forum/general-programming-and-reversing/106107-patching-cil-instructions-ida-hxd.html | ||
Line 42: | Line 44: | ||
# Click a line in the C# code that you want to read in IL, such as the "Name equals なし" code | # Click a line in the C# code that you want to read in IL, such as the "Name equals なし" code | ||
=== Change strings within DLLs === | === Change strings within DLLs (the Hard Way) === | ||
An easy test case to prove that we can edit to strings is to do a simple test case: | An easy test case to prove that we can edit to strings is to do a simple test case: | ||
Line 57: | Line 59: | ||
# Then just run the game again to see if it crashes on the title screen. | # Then just run the game again to see if it crashes on the title screen. | ||
#* If there are no crashes, your mod works! | #* If there are no crashes, your mod works! | ||
#* If there are crashes, you may have forgotten to change | #* If there are crashes, you may have forgotten to change all instances of なし to None in mst_ship.xml. See step 1. | ||
The relevant code line: https://github.com/limyz/KCKaiVita/blob/master/Assembly-CSharp/dotPeek/Server_Models/Mst_ship.cs#L941 | The relevant code line: https://github.com/limyz/KCKaiVita/blob/master/Assembly-CSharp/dotPeek/Server_Models/Mst_ship.cs#L941 | ||
Line 63: | Line 65: | ||
If the modified Assembly-CSharp.dll works, this proves that DLLs can have their CIL code strings modified. | If the modified Assembly-CSharp.dll works, this proves that DLLs can have their CIL code strings modified. | ||
=== Change strings within DLLs (the graphical way) === | |||
{{#evu:https://www.youtube.com/watch?v=fAHvevOFdbo|alignment=right}} | |||
This | .NET Reflector with [http://reflexil.net/ Reflexil] can be used to directly edit the CIL bytecode and recompile it back in. This allows us to visually see Unicode strings and see code separated by classes as they would have originally been in C#. | ||
http://resources.infosecinstitute.com/ | http://resources.infosecinstitute.com/damn-vulnerable-thick-client-app-part-10/ | ||
== Decompiling Unity Assets == | == Decompiling Unity Assets == |
Latest revision as of 03:17, 22 January 2017
The Kancolle Vita game provides the entire engine and logic of Kantai Collection in full, but in Unity. This makes decompilation and even a possible port to PC easy.
Unity uses one of two languages (C# and UnityScript), both of which use Microsoft's .NET framework. The .NET framework is cross-platform since it uses a unified bytecode format: Common Intermediate Language (CIL) which then runs on the portable Common Language Runtime (CLR). Like Java bytecode, CIL is designed for an idealized computer that is emulated by the CLR, so the bytecode is easier to decompile.
The C# code is located in Media/Managed/Assembly-CSharp.dll
The XML "server" data defining ships and accessories and other strings are in Media/StreamingAssets/Xml/tables/master/
Some chinese decompilers managed to figure out all the formulas in the game, see japanese translation document: https://twitter.com/KennethWWKK/status/780793591387959297
Move to PC Unity[edit]
It may be possible that the same binaries, which are cross platform, will work on a PC Unity project. I'm not familiar with using it but I can learn.
Decompiling Unity DLLs[edit]
Use ILSpy or dotPeek to open three files located under PCSG00684/Media/Managed/
, Assembly-CSharp.dll
, Assembly-CSharp-firstpass.dll
, and Assembly-UnityScript.dll
.
- C#
- UnityScript (JavaScript basically)
http://stackoverflow.com/a/5188580
http://www.alanzucconi.com/2015/09/02/a-practical-tutorial-to-hack-and-protect-unity-games http://archive.is/ATA5L
This is a starter guide to direct CIL editing:
http://resources.infosecinstitute.com/net-reverse-engineering-1cil-programming/#gref
ilasm.exe can display as html or rtf? https://msdn.microsoft.com/en-us/library/f7dy01k1(v=vs.80).aspx
Basic CIL editing of unity and put back into dll: https://www.unknowncheats.me/forum/general-programming-and-reversing/106107-patching-cil-instructions-ida-hxd.html
JetBrains dotPeek[edit]
You can use JetBrains dotPeek, a free .NET decompiler, to figure out which IL code corresponds to an interpretation of it into C#. This allows you to read actual C# code so you know what you're dealing with.
Note that this is just a viewing method, you still need to get down and dirty with ilasm as stated in the next section. But at least dotPeek will show you exactly which C# code line corresponds with what IL.
- drag and drop the assembly-csharp.dll file into the leftmost assembly explorer pane
- Press the arrow next to the list entry for Assembly-CSharp
- At the top left menu click Windows->IL Viewer
- click the arrow next to a namespace you want to see, such as Server_Models
- Double-click the file you want to see, such as Mst_ships
- Click a line in the C# code that you want to read in IL, such as the "Name equals なし" code
Change strings within DLLs (the Hard Way)[edit]
An easy test case to prove that we can edit to strings is to do a simple test case:
- Use find/replace in Notepad to change all instances of なし to None in mst_ship.xml.
- Decompile
Assembly-CSharp.dll
using islasm.exe. Choose UTF-8 Mode (it actually doesn't matter, just be consistent). - In line number 974858 Change
なし
toNone
in this line:- C#:
if(this.Name.Equals("なし"))
(from dotPeek interpretation,Server_Models/Mst_ship.cs
) - IL:
IL_0084: ldstr bytearray (6A 30 57 30 )
(little endian Unicode byte) - IL (modified)
IL_0084: ldstr "None"
- C#:
- Recompile it in using islasm.exe.
- Ensure that there are no compilation errors before proceeding.
- After that, copy to
Media/Managed/Assembly-CSharp.dll
andMedia/StreamingAssets/Xml/tables/master/mst_ship.xml
in the Kancolle game folder in your vita. - Then just run the game again to see if it crashes on the title screen.
- If there are no crashes, your mod works!
- If there are crashes, you may have forgotten to change all instances of なし to None in mst_ship.xml. See step 1.
The relevant code line: https://github.com/limyz/KCKaiVita/blob/master/Assembly-CSharp/dotPeek/Server_Models/Mst_ship.cs#L941
If the modified Assembly-CSharp.dll works, this proves that DLLs can have their CIL code strings modified.
Change strings within DLLs (the graphical way)[edit]
{{#evu:https://www.youtube.com/watch?v=fAHvevOFdbo%7Calignment=right}}
.NET Reflector with Reflexil can be used to directly edit the CIL bytecode and recompile it back in. This allows us to visually see Unicode strings and see code separated by classes as they would have originally been in C#.
http://resources.infosecinstitute.com/damn-vulnerable-thick-client-app-part-10/
Decompiling Unity Assets[edit]
We do this all the time with the translation project, it's easy.
Recompiled/Reverse Engineered Replacement[edit]
After decompilation, the next step is to produce a completely reverse engineered version.
Engine[edit]
The first step is to simply extract the crucial game elements, and reimplement them in another form. This
UI and Visuals[edit]
The UI and Visuals must be implemented in Unity, since that's where the assets come from. This is a bit harder and can be more of a grey area. Maybe we could pitch this as providing Vita style visuals for the browser game.