h4rdx8 Posted August 20 Posted August 20 I'm trying to figure out how this old 32-bit iOS interactive novel game (Cause of Death) loads its episode files (.exp format), especially the dialogue strings. Currently I'm able to extract the pictures out of the file (using scalpel and https://www.toolsley.com/inspect.html), but I had no luck doing strings analysis to get any actual text. I loaded the main game binary in IDA, and found out that the game loads the exp file by reading the CSPUD header (12 bytes) and builds a resource table. Each entry maps a resource ID to a file offset. When the game needs a specific resource (like image 0xA9), it looks up the offset, reads the data, checks if it's LZMA compressed (13-byte header), and decompresses if needed. Attached below are some of the episode files, I checked some using a hex editor and seems to use a similar magic header as LZMA in various locations of the file (5D 00 10 00 00). Would really appreciate guidance on this! episodes.zip
Moderators Solution ikskoks Posted August 20 Moderators Solution Posted August 20 Hi. I've created a script which allows to extract and import data from/to those archives https://github.com/bartlomiejduda/Tools/blob/master/NEW Tools/Cause of Death/Cause_of_Death_EXP_script.bms In case you'll have some issues with using the script, please follow this tutorial https://ikskoks.pl/tutorial-what-is-quickbms-how-to-export-and-import-with-quickbms/ Also if you're interested in technical details, please read this wiki article https://rewiki.miraheze.org/wiki/Cause_of_Death_EXP
h4rdx8 Posted August 21 Author Posted August 21 18 hours ago, ikskoks said: Hi. I've created a script which allows to extract and import data from/to those archives https://github.com/bartlomiejduda/Tools/blob/master/NEW Tools/Cause of Death/Cause_of_Death_EXP_script.bms In case you'll have some issues with using the script, please follow this tutorial https://ikskoks.pl/tutorial-what-is-quickbms-how-to-export-and-import-with-quickbms/ Also if you're interested in technical details, please read this wiki article https://rewiki.miraheze.org/wiki/Cause_of_Death_EXP thank you so much! i've tested the script on another similar game Surviving High School (they both use .exp episode files) and can confirm it works there too 1
RachelO Posted Sunday at 08:17 PM Posted Sunday at 08:17 PM @ikskoks Thank you for this script, I also was able to use it successfully. I had a question about the outputted `.kiw` files, there is bytecode in each file that corresponds to in game instructions like character dialogue expressions, choices, background images and music cues. What is the best way to reverse engineer the bytecode in these files? I am not sure of the game engine that made this but are there any existing parsers or scripts for `.kiw` or similar you know of? 1
Moderators ikskoks Posted Monday at 11:06 AM Moderators Posted Monday at 11:06 AM 14 hours ago, RachelO said: are there any existing parsers or scripts for `.kiw` or similar you know of? Hm, not any that I know. 14 hours ago, RachelO said: What is the best way to reverse engineer the bytecode in these files? Probably by loading game executable in IDA/Ghidra and searching for function responsible for parsing text data or by trial and error method with manipulating content of each KIW file and checking changes in the game. You can also create a new topic on the forum. Maybe someone else will have some better ideas.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now