Editing Kantai Collection/Vita/Decompilation

The Kancolle Vita game provides the entire engine and logic of Kantai Collection in full, but in Unity. This makes decompilation and even a possible port to PC easy.

Unity uses one of two languages (C# and UnityScript), both of which use Microsoft's .NET framework. The .NET framework is cross-platform since it uses a unified bytecode format: Common Intermediate Language (CIL) which then runs on the portable Common Language Runtime (CLR). Like Java bytecode, CIL is designed for an idealized computer that is emulated by the CLR, so the bytecode is easier to decompile.

== Move to PC Unity ==

It may be possible that the same binaries, which are cross platform, will work on a PC Unity project. I'm not familiar with using it but I can learn.

== Decompiling Unity DLLs ==

Use ILSpy or dotPeek to open three files, <code>Assembly-CSharp.dll</code>, <code>Assembly-CSharp-firstpass.dll</code>, and <code>Assembly-UnityScript.dll</code>.

* C#
* UnityScript (JavaScript basically)

http://stackoverflow.com/a/5188580

http://www.alanzucconi.com/2015/09/02/a-practical-tutorial-to-hack-and-protect-unity-games http://archive.is/ATA5L

This is a starter guide to direct CIL editing:

http://resources.infosecinstitute.com/net-reverse-engineering-1cil-programming/#gref

Basic CIL editing of unity and put back into dll: https://www.unknowncheats.me/forum/general-programming-and-reversing/106107-patching-cil-instructions-ida-hxd.html

=== JetBrains dotPeek ===

You can use JetBrains dotPeek to figure out which IL code corresponds to an interpretation of it into C#. This allows you to read actual C# code so you know what you're dealing with.

Note that this is just a viewing method, you still need to get down and dirty with ilasm as stated in the next section. But at least dotPeek will show you exactly which C# code line corresponds with what IL.

# drag and drop the assembly-csharp.dll file into the leftmost assembly explorer pane
# Press the arrow next to the list entry for Assembly-CSharp
# At the top left menu click Windows->IL Viewer
# click the arrow next to a namespace you want to see, such as Server_Models
# Double-click the file you want to see, such as Mst_ships
# Click a line in the C# code that you want to read in IL, such as the Name equals Nashi code

=== Change strings within DLLs ===

An easy test case to prove that we can edit to strings is to do a simple test case:

# {{ic|Server_Models/Mst_ship.cs}} Change なし to None
# Change all instances of なし to None in mst_ships.xml
# You may need to open the dll and recompile it in using [http://stackoverflow.com/questions/6746387/manually-edit-msil-in-compiled-dll islasm.exe].

The relevant code line: https://github.com/limyz/KCKaiVita/blob/master/Assembly-CSharp/dotPeek/Server_Models/Mst_ship.cs#L941

If the modified Assembly-CSharp.dll works, this proves that DLLs can have their CIL code strings modified.


This is a starter guide to direct CIL editing:

http://resources.infosecinstitute.com/net-reverse-engineering-1cil-programming/#gref

=== Change strings within DLLs ===

An easy test case to prove that we can edit to strings is to do a simple test case:

# {{ic|Server_Models/Mst_ship.cs}} Change なし to None
# Change all instances of なし to None in mst_ships.xml

The relevant code line: https://github.com/limyz/KCKaiVita/blob/master/Assembly-CSharp/dotPeek/Server_Models/Mst_ship.cs#L941

If the modified Assembly-CSharp.dll works, this proves that DLLs can have their CIL code strings modified.

== Decompiling Unity Assets ==

We do this all the time with the translation project, it's easy.

== Recompiled/Reverse Engineered Replacement ==

After decompilation, the next step is to produce a completely reverse engineered version.

=== Engine ===

The first step is to simply extract the crucial game elements, and reimplement them in another form. This

=== UI and Visuals ===

The UI and Visuals must be implemented in Unity, since that's where the assets come from. This is a bit harder and can be more of a grey area. Maybe we could pitch this as providing Vita style visuals for the browser game.
@@ Line 2: / Line 2: @@
 Unity uses one of two languages (C# and UnityScript), both of which use Microsoft's .NET framework. The .NET framework is cross-platform since it uses a unified bytecode format: Common Intermediate Language (CIL) which then runs on the portable Common Language Runtime (CLR). Like Java bytecode, CIL is designed for an idealized computer that is emulated by the CLR, so the bytecode is easier to decompile.
-The C# code is located in {{ic|Media/Managed/Assembly-CSharp.dll}}
-The XML "server" data defining ships and accessories and other strings are in {{ic|Media/StreamingAssets/Xml/tables/master/}}
-Some chinese decompilers managed to figure out all the formulas in the game, see japanese translation document: https://twitter.com/KennethWWKK/status/780793591387959297
 == Move to PC Unity ==
@@ Line 14: / Line 9: @@
 == Decompiling Unity DLLs ==
-Use ILSpy or dotPeek to open three files located under {{ic|PCSG00684/Media/Managed/}}, <code>Assembly-CSharp.dll</code>, <code>Assembly-CSharp-firstpass.dll</code>, and <code>Assembly-UnityScript.dll</code>.
+Use ILSpy or dotPeek to open three files, <code>Assembly-CSharp.dll</code>, <code>Assembly-CSharp-firstpass.dll</code>, and <code>Assembly-UnityScript.dll</code>.
 * C#
@@ Line 26: / Line 21: @@
 http://resources.infosecinstitute.com/net-reverse-engineering-1cil-programming/#gref
-ilasm.exe can display as html or rtf? https://msdn.microsoft.com/en-us/library/f7dy01k1(v=vs.80).aspx
 Basic CIL editing of unity and put back into dll: https://www.unknowncheats.me/forum/general-programming-and-reversing/106107-patching-cil-instructions-ida-hxd.html
@@ Line 33: / Line 26: @@
 === JetBrains dotPeek ===
-You can use [https://www.jetbrains.com/decompiler/ JetBrains dotPeek], a free .NET decompiler, to figure out which IL code corresponds to an interpretation of it into C#. This allows you to read actual C# code so you know what you're dealing with.
+You can use JetBrains dotPeek to figure out which IL code corresponds to an interpretation of it into C#. This allows you to read actual C# code so you know what you're dealing with.
 Note that this is just a viewing method, you still need to get down and dirty with ilasm as stated in the next section. But at least dotPeek will show you exactly which C# code line corresponds with what IL.
@@ Line 42: / Line 35: @@
 # click the arrow next to a namespace you want to see, such as Server_Models
 # Double-click the file you want to see, such as Mst_ships
-# Click a line in the C# code that you want to read in IL, such as the "Name equals なし" code
+# Click a line in the C# code that you want to read in IL, such as the Name equals Nashi code
-=== Change strings within DLLs (the Hard Way) ===
+=== Change strings within DLLs ===
 An easy test case to prove that we can edit to strings is to do a simple test case:
-# Use find/replace in Notepad to change all instances of なし to None in [https://github.com/BASLQC/kc-vita-translation/blob/master/en/Xml/tables/master/mst_ship.xml mst_ship.xml].
+# {{ic|Server_Models/Mst_ship.cs}} Change なし to None
-# Decompile {{ic|Assembly-CSharp.dll}} using [http://stackoverflow.com/questions/6746387/manually-edit-msil-in-compiled-dll islasm.exe]. Choose '''UTF-8 Mode''' (it actually doesn't matter, just be consistent).
+# Change all instances of なし to None in mst_ships.xml
-# In line number 974858 Change {{ic|なし}} to {{ic|None}} in this line:
+# You may need to open the dll and recompile it in using [http://stackoverflow.com/questions/6746387/manually-edit-msil-in-compiled-dll islasm.exe].
-#* '''C#''': {{ic|if(this.Name.Equals("なし"))}} (from dotPeek interpretation, {{ic|Server_Models/Mst_ship.cs}})
-#* '''IL''': {{ic|IL_0084:  ldstr      bytearray (6A 30 57 30 )}} (little endian Unicode byte)
-#* '''IL''' (modified) {{ic|IL_0084:  ldstr   "None"}}
-# Recompile it in using [http://stackoverflow.com/questions/6746387/manually-edit-msil-in-compiled-dll islasm.exe].
-#* Ensure that there are no compilation errors before proceeding.
-# After that, copy to {{ic|Media/Managed/Assembly-CSharp.dll}} and {{ic|Media/StreamingAssets/Xml/tables/master/mst_ship.xml}} in the Kancolle game folder in your vita.
-# Then just run the game again to see if it crashes on the title screen.
-#* If there are no crashes, your mod works!
-#* If there are crashes, you may have forgotten to change all instances of なし to None in mst_ship.xml. See step 1.
 The relevant code line: https://github.com/limyz/KCKaiVita/blob/master/Assembly-CSharp/dotPeek/Server_Models/Mst_ship.cs#L941
@@ Line 65: / Line 49: @@
 If the modified Assembly-CSharp.dll works, this proves that DLLs can have their CIL code strings modified.
-=== Change strings within DLLs (the graphical way) ===
-{{#evu:https://www.youtube.com/watch?v=fAHvevOFdbo|alignment=right}}
-.NET Reflector with [http://reflexil.net/ Reflexil] can be used to directly edit the CIL bytecode and recompile it back in. This allows us to visually see Unicode strings and see code separated by classes as they would have originally been in C#.
+This is a starter guide to direct CIL editing:
-http://resources.infosecinstitute.com/damn-vulnerable-thick-client-app-part-10/
+http://resources.infosecinstitute.com/net-reverse-engineering-1cil-programming/#gref
+=== Change strings within DLLs ===
+An easy test case to prove that we can edit to strings is to do a simple test case:
+# {{ic|Server_Models/Mst_ship.cs}} Change なし to None
+# Change all instances of なし to None in mst_ships.xml
+The relevant code line: https://github.com/limyz/KCKaiVita/blob/master/Assembly-CSharp/dotPeek/Server_Models/Mst_ship.cs#L941
+If the modified Assembly-CSharp.dll works, this proves that DLLs can have their CIL code strings modified.
 == Decompiling Unity Assets ==