Author Topic: Save game editor work in progress  (Read 256026 times)

zin_type

  • Survivor
    • View Profile
Save game editor work in progress
« on: September 13, 2013, 05:03:12 PM »
I'm interested in making a utility that will allow users to edit inventory items, haven't xfered over a save game file to my laptop to play around with it yet.  But wanted to save a bit of headache and ask around if anyone has tried or succeeded at decoding a save game file and if so, in which format.

glyth

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #1 on: September 14, 2013, 02:35:16 PM »
i hope you make one 0.0

zin_type

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #2 on: September 15, 2013, 06:46:16 PM »
just an update... finally broke out the laptop.. have figured out the rather simple file structure in the .zhs file... now to figure out the state.xml file therein... anyone with any info... do tell

zin_type

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #3 on: September 15, 2013, 07:33:21 PM »
kk... was hoping it would be rather simple.. but it wont be... i'mma have to call it a night and kick it back up once i take a look at exactly how the game is creating the state.xml file... so until i do that... meh

Current abilities:
i can open the .zhs file
i can edit the diary.xml
i can even go so far as changing the .png files...
only thing that i can't quite mess with is the state.xml...

g'night all... see you soon... and as always... anyone is free to contribute to the project...

vinkolat

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #4 on: September 16, 2013, 12:38:57 AM »
state.xml is a masked xml,
Reserved xml characters, date, and integer/float value are masked using [255- char.value].
Now i'll try to find the mask (looks like a variable one) used for tag names and string values. Progress so far : the file starts with
"<ZAFEHOUSEDIARIESSAVEGAME V="1.2.02"> ..." ;
Stay tuned ...

(now, seing the way saved games are "encrypted", i understand why it takes "so much time" for the game to save !!)

Coolguy

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #5 on: September 16, 2013, 01:59:56 PM »
What language are you using?  As long as it is well-formed XML, masked or not, the XML libraries in the .NET framework should  be able to handle it.  If it's not in any way you can toss up the error you get and I can probably recommend a different library to handle it.  Don't roll your own XML deserializer, for goodness sake, this is a problem that's been solved about a thousand times already.

zin_type

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #6 on: September 16, 2013, 04:39:09 PM »
using multiple langs, loading vis c# on my desktop... tired of xfering files back and forth between desktop and laptop... let's see how it goes :)

zin_type

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #7 on: September 16, 2013, 05:35:21 PM »
alright... looks like you've been able to make a bit more progress on opening state.xml than i have been... calling it a night for tonight... however here's something for ppl to play with if they want... it's a fresh state.xml... generated on the first hour of the first day...

unable to open it with any of my current xml stuffs or any of my current c# bits...

advice?

state.xml

vinkolat

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #8 on: September 16, 2013, 08:51:45 PM »
What language are you using? 
A pen and a sheet of paper mostly :) (then some java code)

Quote
As long as it is well-formed XML, masked or not, the XML libraries in the .NET framework should  be able to handle it.  If it's not in any way you can toss up the error you get and I can probably recommend a different library to handle it.  Don't roll your own XML deserializer, for goodness sake, this is a problem that's been solved about a thousand times already.
Fully agree with you on not reinvinting the wheel for the 100000³ time. But the problem here is that you first need to "unmasked" the file to reaveal xml control characters (make it somehow "valid"), and then you need to unmasked tag names, values & attributes in order to make them human readable so those who want to mess with a savegame have a chance to understand what to change to impact a saved game.
I don't know C# at all (java dev here :)), but i guess a decompilation of .exe should give us the algo or the mask(s).

On a side note, i don't understand the rational behind saved game file "obfuscation", as it's always just a matter of time for someone to find a way to un-obfuscate and re-obfuscate and propose a simple tool to the game community. I'd be really happy to have a word on that from the Screwfly team :)
« Last Edit: September 16, 2013, 08:57:00 PM by vinkolat »

zin_type

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #9 on: September 19, 2013, 02:22:54 PM »
On a side note, i don't understand the rational behind saved game file "obfuscation", as it's always just a matter of time for someone to find a way to un-obfuscate and re-obfuscate and propose a simple tool to the game community. I'd be really happy to have a word on that from the Screwfly team :)

very much so agreed... anything from the devs on this? or maybe ... just maybe... a bit of help or insight? :)

zin_type

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #10 on: September 19, 2013, 05:48:04 PM »
just an update this time... and not much to update :(

I've spent a good chunk of the night running the state.xml file through any and every decoder/ resource i have... i'm not the strongest at decoding but figured i'd have a bit of luck.. and i was wrong :(

so far i've ran the contents through roughly 400+ different possible types of encoding and no usable results what so ever... however i HAVE found a few nice tools along the way.. nothing to help here...

i've noticed the compression method the game uses to create the .zhs file in the first place is ZipStorer... eliminating any possible encoding on this part/ i've used zipstorer to extract the contents of the zhs file, and there is no dif in unpacking via any other program... the code is exactly the same in the state.xml file...

next step from this point as far as i can see is to attempt to breakdown the actual exe and find out at which point and which resources the game is using to actually encode the state.xml file to begin with since the encoding is happening pre packing obviously... ( I'm approaching this in a scientific method and not assuming anything... avoids overlooking simple stuffs )

possible solution would be:
A) find and isolate the code that forces the state.xml to be encoded in the first place and modify the code to make it easily readable in a dependable manner
B) find and isolate the code that forces the state.xml to be encoded and use that to extrapolate a decode method
C) continue to run code through other decoders/decryps and hope to get lucky ( as i said... not my strong suit )
D) sum'n else

just letting everyone know where i'm at so far and where i'm looking at going...

on a side note... i'd be up for a lesson if you'd care to share exactly HOW you were able to decode the first part of the file thus far vinkolat :)

and as always... a word on the encryption in the first place from the devs would be awesome  too :))

zin_type

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #11 on: September 19, 2013, 06:09:02 PM »
on an important note, due to eula restraints, i need to get intouch with the devs before i can actually break their code down and modify it at all... lots of legal stuffs there, so yea... email time i suppose :)

on another side note... LOOKING at the code in vs, it's not hard to see a component "DataManager.SavedGame.CompressModes" so assuming i can get approval, the rest should be relatively easy...

now to truly test the devs openness with the modders :)

zin_type

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #12 on: September 19, 2013, 06:52:18 PM »
ppmd... nuff said... working on decoding the ppmd file... but rather tired.. may shelf till tomorrow... but that's a derp moment...

Coolguy

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #13 on: September 20, 2013, 04:15:32 AM »
When you say you're looking at the code in visual studio, do you mean the disassembled binary from building it out from Reflector/etc?  What did you disassemble, precisely?  To my memory a few of the binaries do some gymnastics with anonymous types, which plays hell with disassembly attempts.  Heck, Mono.Cecil told me that it couldn't disassemble Scripts.dll at all.

Basically what I'm thinking is that you might be looking at a red herring due to how poorly Zafehouse disassembles in the first place.  Some stuff is pretty clear though so I'm not sure of that.

vinkolat

  • Survivor
    • View Profile
Re: Save game editor work in progress
« Reply #14 on: September 20, 2013, 07:02:19 AM »
Quote from: zin_type
on a side note... i'd be up for a lesson if you'd care to share exactly HOW you were able to decode the first part of the file thus far vinkolat.

How ? Mostly, from experience.
Experience as gamer, as using  compression over char masking is rather common in the gaming industry. When you doesn't want gamers to mess with saved game file, that's a cheap and easy solution. Problem : there is always at least one programmer in the audience that is able to identify this encryption method, and it's a matter of time that he/she will break it. Hence my question to the devs a few days ago : why encryption ? Moreover, knowing that  this .NET app is so easy to decompile, I really don't understand why spending time (and money) on a feature with no value (and I mean no ca$h here). But that's not the question here.

Experience as dev, too. As said, i'm  a dev myself ... and I implemented a (stronger) variant of this encryption method ... 20 years ago (yep, i'm that old and still gaming)  So I kind of recognize the algo signature by just opening a save file with notepad.
Zip file (even with another extension) starts by PK and a constant number of byte : pkzip file header (suggestion to screwfly : mask this header too, next time !)
From there, I unzip the zhs (as you do, zin_type), and got state.xml. Notepad again ...
Bleuah : nothing that is human readable here. However, a quick look shows that some sequences of char are reapeated a lot, and some char occur a lot more. Ok, knowing the xml heavy usage of "<" and ">" AND that it always starts with "<" and ends with ">", let's switch to hexadecimal view (and grab a sheet of paper and a pen) : file starts with char C3/195 and ends with char C1/193. Héhé : ascii code for < is 60, > is 62 ... that's not a coincidence. And there is also a lot of char C2/194 ... Between 60 and 62, there 61 which is ... = ! So is another layer of encryption broken : 255 (max ascii value) - 195 = ... 60 !, 255 - 194 = 61, 255-193 = 62.
Let's apply this 255 - [encoded value] formula to the entire file (by firing a few lines of java) to decode the file... Gasp, there is a second layer of encryption, applied to non date, numeric values or XML control character.
Decode file starts with
Code: [Select]
<Z????????D??????S????G??? v=1.2.02 .... Even on a Sunday afternoon, it immediatly pops to my eyes that this means
Code: [Select]
<ZAFEHOUSEDIARIESSAVEDGAME v=1.2.02.
I didn't pushed my investigations further, knowing that with these information, i can easily write a decoder that will guess the encryption dictionary containing some random values, probably based on the length of the string to encrypt.
Don't take it badly, zin_type, but i didn't spent more than 15 minutes on this decryption ...

However, i goes a little further this evening (before writing this answer). Using a free decompiler that is not yet mentionned in this thread, i was able to decompile zafehouse.exe to plain readable C# code. Code proves my right for dictionary and length.
My conclusion to this very looooong answer to you (he, you asked for it, no ? :D ) : i don't know what you want to do with decrypted saved game, but if you have some coding skills (and i guess you have), take some time to read and understand DataManager, and you'll soon discover that it no that hard to use the existing code to decode and reencode your saved game.
I'm not a C# dev (no experience at all until last week !), but i'm sure I can do it in a couple hours.

@coolguy : i was able to decompile and extract clean, readable and compilable cs out of the exe and script.dll. Interesting info in the latest one : I didn't know that, during daytime, patrol/report gives a penalty, while patrol/attack gives a bonus to survivors when resolving patrol.

Now before giving the name of this tool, i really would like to know if dev@screwfly have no problem with us messing with their code !
And to make it clear : this post may sound like i find your work "badly done". It's ABSOLUTLY not the case ! First, i won't have spend a second on investigation if i don't appreciate what you have done ! This game is really good, good as in "Ok, just another turn and i go to spleep ... Ho f*ck, it's 02:00 AM already !!! ;)

« Last Edit: September 20, 2013, 07:31:49 AM by vinkolat »

 

archive
archive
archive
archive