An introduction to hacking video games with Ghidra
Vložit
- čas přidán 2. 01. 2024
- Support my projects on Patreon to get your name added to their in-game credits, and more.
/ hilltopworks
Follow me on Twitter for news on future English patches.
/ hilltopworks
Thumbnail by andmdesigns
Thank you for sharing your knowledge on this, it's something I've been meaning to learn but I've been busy with other projects but I'll keep this video for when I get around to it. Nice work on all your translation patches by the way, you work at an insanely high standard and insanely fast as well.
Great video, I love that you give practical examples of how Ghidra can be used in this context
Just came from your interview with "Press Start Turbo"
I'll probably never get a chance to give the games you worked on a try, but you're doing really amazing work! I'm definitely telling my friends, who are really into the type of games you work on, about your projects!
Nothing but the best for you man! 👍
I love how ASM programming is a prereq but unzipping shareware isn't.
I mean if they can't figure the unzip out... they probably shouldn't be using it to begin with yet lol.
if you dont know how to extract a zip file you shouldn't even think about reverse engineering...
Anyone know how to exit vim?
😁
Thank you for another big video insight into your process, can't wait to watch it!
Update: You're a wizard man the amount of work and understanding you put into translating games that the original IP owners probably won't ever touch again is astonishing and commendable and super impressive, real happy that people like you exist. Thanks for everything. Also hilarious that without the NSA we probably wouldn't get BokuNatsu in english so... thanks guys?!
I would say to not be discouraged if you don't know C very well, I feel like as long as you vaguely know programming you're good to begin.
My only real programming knowledge is python and i've managed to make basic hacks for a PSP game
Ragnar Rox Video brought me over and i am glad it did.
Can’t wait to watch this❤
God bless you, Hilltop
Becoming a legend in the community awful quick
your thumbnails are awesome
Man I understood the basic part, I'll watch the rest to have everything heard already and come back later, thats some complicated stuff! The fact that you must be aware of the target platform you want to work with is already mind-blowing to me, eventhough when thinking about it its just logical.
But the amount of knowledge... I want you to know that if youre capeable of that, thats impressive
nice video please make more like a playlist or series
Omaigad papu esto va tar epico
Tbh this content is way better than ur previous content. Continue with these type of content maybe how to RE protobuf files or use frida lol
This stumbled on my feed and thoroughly enjoyed it, straight to the point. Not really interested in making hacks; mostly thought it would be a good way to have a more through understanding of more low-level stuff and programming in general. I do know some C and use Odin to learn more C, and C to learn more Odin type of situation.
But I was fumbling around trying to learn text rendering and image compression without libraries; cause I just wanted to do something simple like get the r/g/b/a variables in a union/struct, change it and slam it back in. Couldnt get a straight answer and felt like going lower would answer the unexplained aspects concerning memory, how its laid out and if/how to read and write it(?)
Good day, What documentation are you using 8:18 for ps1 library? Can I have a copy or is it as site?
Hi Hilltop. appreciate the work you do. I used Ghidra and no$psx a few years ago to modify NBA Jam TE for the PSX, though I didn't know what I was doing. I mainly use Ghidra to find clues on where certain functions were located and then just tinker around with hex values. I was wondering, does Ghidra let you recompile the executable? Because when i was using it, I assume it only analyzes the executable. I would then try to modify the values using a hex editor
Ghidra doesn't compile anything. It has an instruction modifying feature but it warns you that you shouldn't use it. It would be much easier to use an assembler like Armips to patch the executable than to use a hex editor to modify any code.
@@hilltopworks i see. well i don't know C or assembly, but I feel like I can grasp C code easier which is why I would have liked to modify values in the pseudo C code opposed to Armips. But i'll look into Armips
@@DemiGodX You can modify the assembly in Ghidra and then export the binary back out. It's under file > "export program" and then you select "original file". You can also get to this menu via right click on the binary in the main ghidra window with all the binaries for the project and clicking export
This way you can use the pseudo code from the decomp as a guide. You should still learn how assembly works, but this will help you. I learned a lot of the basics of assembly, and then from there I learned by following the pseudo code from the decomp and looking at what the associated assembly looks like. Usually Ghidra will follow along in the decomp when you select something in the assembly, but not always.
Another format in the Export Program menu that is important is the ghidra zip file, which basically zips up the entire project with all of the markup and documentation.
I don't know if this method exports any additional memory segments you may have imported from a dump of the process, though. I haven't really looked to find out. I would hope it doesn't, when you select "Original File"
Alright, just checked. It does not export the additional memory segments, but you CAN export them via the options in that menu. Checkbox that says "Save multiple file sources to directory" and then it will put them all in order, I think? Not entirely sure. Sucks cause it doesn't tell you the address of the data :(
Just installed Ghidra today and jumped right in. Being a clueless idiot who hasn't even finished a simple Python app he's been building for months, who couldn't hello his world out of a C/C++ box and who only knows assembly from YT videos, I disregarded the tutorial on the official website the moment I installed it and immediately imported a 2016 Unity-made game's exe into a project. Um, shall we say, I didn’t go very far. Who would have thought that the lack of familiarity with basic software engineering concepts would prove a serious obstacle in reverse engineering games?
All joking aside, I think that given enough time I might be able to crack this one open. It looks intimidating, but I've seen worse. And hell, at the very least I managed to locate a string loading a library by searching "load" in hexidecimal. So not the worst for a very dirst day, I guess.
Keep at it bro, it gets easier
thank you for bokunonatsu :)
There was a time, long ago, where there was a tool that pre-dated Ghidra, called SoftICE that allowed exactly this and more, because unlike Ghidra it was a kernel-mode debugger, so below even User Mode where Ghidra is limited out-of-the-box. Also though, pretty sure the correct pronunciation is more like "Geedra" not "Giydra."
When installing on Linux you can't just unzip and it's ready have to have jdk installed and if it doesn't automatically find it you have to give it's destination and hopefully it works if not gotta find out where and add that and stuff. On Linux little more than just unzip
woow I dont know any of the pre reqs :(
May i ask what Emotion Engine you used? i cant find one for the current version of ghidra and older ones dont work for me atleast
"Emotion Engine: Reloaded" is a fork of the older one and it supports Ghidra 11.
@@hilltopworks thank you 🙏
more pls
I wonder if you can use ghidra as a frontend for the debugger within the ps2 emulator. I see Ghidra has support for GDB and windbg - but those are PCs .
It’s kinda funny, Ghidra is a tool NSA would use for reverse engineering, say, router and cellular phone firmware for, um, reasons but it can be used for games, too!
i've had a little bit of success using GHIDRA with a GBA debugger.
Ghidras debugger is painfully slow, unfortunately. Goose, above me, mentioned GBA, but, this is a very old 32 bit processor. Probably a smaller address space (although IDK) and definitely a lot less complex than modern processors. IDK if the PS2 would run well or not for the debugging process. You absolutely cannot use it on a modern game.
As far as the tool being from the NSA and being used for video games, the tool is just generic. It's a binary RE tool. It will work for anything that you hook up to SLEIGH, which is the spec that allows Ghidras decompiler to work on multiple architectures (SLEIGH > PCODE > Decomp).
spriggan 👀
Why doesn't ghida define all instructions?
No audio?
or you could just wait two years and let AI completely reverse engineer any piece of code totally automatically. literally by the time you finish a project you start today, AI will make your effort completely redundant. but people are very hard headed and refuse to admit this.
AI is just a fancy term for humans trying to make more money from their computer algorithms post-2017. Intelligence agencies already write code/software to reverse engineer most stuff automatically