Trainer manager in Python

General discussion relating to XBMC4XBOX. Please use the support forums for help on using the software or plugins.
Post Reply
nodots
Posts: 23
Joined: Sun Mar 29, 2015 9:34 pm
Has thanked: 2 times
Been thanked: 1 time

Trainer manager in Python

Post by nodots »

I am writing an Xbox trainer manager in Python/PyGame (to make it cross-platform). I already have ".etm" support, but I do not have ".xbtf" support.

Does any one here know how software reads XBTF files? I can read C/C++, but not when it drops to ASM inline. Anyone that helps me get's credit!

Q: Why Python, there's a Windows binary version!
A: Something old isn't guaranteed to run on something new, something new isn't guaranteed to run on something old. Python runs everywhere (and classes can be backported/updated to other versions of Python). This will be open source (DUH!) so there is no worry of the program dying or being tied to a specific OS or OS version.

I can read C/C++, but not when it drops to ASM inline (I don't know C, but logic is logic). PM me if you can help with XBTF files.

EDIT: All I need to know is how to read the text from an ".xbtf" file. Is it 7-bit? Is is compressed? Where are the pointers?
nodots
Posts: 23
Joined: Sun Mar 29, 2015 9:34 pm
Has thanked: 2 times
Been thanked: 1 time

Re: Trainer manager in Python

Post by nodots »

In "utils\Trainer.cpp" on line 64:

Code: Select all

    __asm // unmangle trainer
Not even remotely a great comment, LOL.

No comment's on what it's doing and how, or how this is derived on line 70:

Code: Select all

      add al, byte ptr [esi+027h]
I am just looking for what the ASM code (lines 64-90) does, and I can glean the rest.
User avatar
professor_jonny
Posts: 1296
Joined: Thu Jul 05, 2012 5:41 am
Location: New Zealand
Has thanked: 66 times
Been thanked: 196 times

Re: Trainer manager in Python

Post by professor_jonny »

have a look here on X86 assembly:

http://www.cs.virginia.edu/~evans/cs216/guides/x86.html

Code: Select all

add al, byte ptr [esi+027h]
basically it is adding two bytes together

the end result gets stored in the al register

al is the lower 8 bits in the eax register esi is a 32 bit register so as you can imagine you cant add the two directly because they are two different sizes so it is using it as a pointer to where the number you require is stored to add to al.

byte ptr tells it it to look for look for the number stored in the address eax+027h rather than the actual address value + 027h.

buggered if I know what that address has some significance to something related to patching in the trainer.


I don't know if you have access to the hardware directly in python and the trainer may not work without access to adding those two values together

Code: Select all

_asm
just tells the compiler the code block is assembly no c++

https://msdn.microsoft.com/en-us/library/45yd4tzz.aspx
User avatar
professor_jonny
Posts: 1296
Joined: Thu Jul 05, 2012 5:41 am
Location: New Zealand
Has thanked: 66 times
Been thanked: 196 times

Re: Trainer manager in Python

Post by professor_jonny »

maybe you could look at the Xored ETM to XBTF Converter 2.0 and compare the diff between two files.

this is what I found:

XBTF trainers are based on Evox's ETM standard with 1 added section and 15k of buffer space. This section and buffer space allows us to give trainer authors access to "built in" support functions so they can spend more time on the important hacks. These functions also work regardless of end-users hardware, meaning if you call LCDCLEAR() your trainer calls the code injected by the Mini Launcher (configured by end-users ini file) so as long as the Mini Launcher supports their LCD your trainer will also).
nodots
Posts: 23
Joined: Sun Mar 29, 2015 9:34 pm
Has thanked: 2 times
Been thanked: 1 time

Re: Trainer manager in Python

Post by nodots »

Well, I ditched the Pygame idea and just went with GTK/Tkinter because it comes with python.

Most everything works, but no one can tell me how XBTF works. That little bit of "it's just an ETM" is crap.
ETM's are super easy to reverse engineer/modify. I just had a feature request to allow renaming of cheat options, and I'm adding it.

What I'm really asking, is how to derive the same variables used in the ASM code. What info from the file is it using/manipulating?
I know what the ASM is doing, I just can't tell what with.
Attachments
Python Trainer Manager at work.
Python Trainer Manager at work.
User avatar
Rocky5
Posts: 974
Joined: Sat Feb 08, 2014 5:27 am
Has thanked: 101 times
Been thanked: 257 times

Re: Trainer manager in Python

Post by Rocky5 »

Here is the asm code snippet.

Code: Select all

unsigned int iTextOffset;
  if (m_bIsXBTF)
  {
    void* buffer = m_pData;
    unsigned int trainerbytesread = m_iSize;

    __asm // unmangle trainer
    {
      pushad

      mov esi, buffer
      xor eax, eax
      add al, byte ptr [esi+027h]
      add al, byte ptr [esi+02Fh]
      add al, byte ptr [esi+037h]
      mov	ecx, 0FFFFFFh
      imul ecx
      xor dword ptr [esi], eax
      mov ebx, dword ptr [esi]
      add esi, 4
      xor eax, eax
      mov ecx, trainerbytesread
      sub ecx, 4
    loopme:
      xor byte ptr [esi], bl
      sub byte ptr [esi], al
      add eax, 3
      add eax, ecx
      inc esi
      loop loopme

      popad
    }
Maybe better of asking over at the http://forum.xentax.com forums, as they are damn good at reversing formats.

The ETM format is straight forward to reverse as it has all the offsets at the beginning of the file and visually you can see stuff, XBTF is compressed or encrypted in some way.

I created a batch file and a quick me script to rename all files to there internal names, also added truncating as the Xbox only accepts 42 or less characters.

Info and stuff here.
http://www.emuxtras.net/forum/viewtopic.php?f=179&t=361

I tried to workout how the xbtf works but couldn't find any way to reverse it, so gave up.

Code: Select all

#=================================================================================================
# etm_trainer_name_extractor.bms
# (c) 01/08/2014 by Rocky5
#=================================================================================================

get FILESIZE asize
goto 0xE
get METAOFFSET long
goto METAOFFSET
get NAMEOFFSET short
get NULL short
get DESCOFFSET short
math DESCOFFSET -= NAMEOFFSET
math DESCOFFSET -= 1
goto NAMEOFFSET
savepos FOUND
getdstring NAME DESCOFFSET
set NAME NAME
log "export.txt" NAMEOFFSET DESCOFFSET
Cleanexit
Download Xbox Softmodding Tool & Extras Disc
XBMC4Kids Mod


Xbox Gamertag = Connxtion
PSN ID = JCRocky5
nodots
Posts: 23
Joined: Sun Mar 29, 2015 9:34 pm
Has thanked: 2 times
Been thanked: 1 time

Re: Trainer manager in Python

Post by nodots »

Rocky5 wrote:Here is the asm code snippet...
Yeah, I have the source. I am looking for someone to help me understand it.
Rocky5 wrote:Maybe better of asking over at the http://forum.xentax.com forums, as they are damn good at reversing formats.
Thanks, will try there too.
Rocky5 wrote:The ETM format is straight forward to reverse as it has all the offsets at the beginning of the file and visually you can see stuff, XBTF is compressed or encrypted in some way.
ETM took <5 minutes to reverse... I think the XBTF is compressed. 7-bit (for text only) was popular in the DOS era, and it's relatively easy and fast.

Rocky5 wrote:Info and stuff here.
http://www.emuxtras.net/forum/viewtopic.php?f=179&t=361

I tried to workout how the xbtf works but couldn't find any way to reverse it, so gave up.
dominater01 showed me that page already, LOL.
Look, when I get help and understand I will make sure to document it so no one else will need to ask. ;)
User avatar
Rocky5
Posts: 974
Joined: Sat Feb 08, 2014 5:27 am
Has thanked: 101 times
Been thanked: 257 times

Re: Trainer manager in Python

Post by Rocky5 »

The snippet was for folk other than me and you :lol: saves them having to scour the source code to find it.
Download Xbox Softmodding Tool & Extras Disc
XBMC4Kids Mod


Xbox Gamertag = Connxtion
PSN ID = JCRocky5
nodots
Posts: 23
Joined: Sun Mar 29, 2015 9:34 pm
Has thanked: 2 times
Been thanked: 1 time

Re: Trainer manager in Python

Post by nodots »

Rocky5 wrote:The snippet was for folk other than me and you :lol: saves them having to scour the source code to find it.
I was hoping that one of the Devs would read this and know what I'm asking for... I was hoping that the site that does the dev would have the answers.
The file format will be documented when I get done, no one will ever have to ask the question again if they know how to use google.
I am also going to document the ETM file well enough that you could build/mod it by hand if you wanted. One of the functions of
PTM (Python Trainer Manager) will be to edit the text fields. I am also going to make a database of the trainers like the GOOD tools do.
User avatar
Rocky5
Posts: 974
Joined: Sat Feb 08, 2014 5:27 am
Has thanked: 101 times
Been thanked: 257 times

Re: Trainer manager in Python

Post by Rocky5 »

You may want to post a link to the trainer.cpp, trainer.h file and also a xbtf trainer for someone to look at. They won't go looking for this stuff. ( been a member on there for a long time )
Download Xbox Softmodding Tool & Extras Disc
XBMC4Kids Mod


Xbox Gamertag = Connxtion
PSN ID = JCRocky5
nodots
Posts: 23
Joined: Sun Mar 29, 2015 9:34 pm
Has thanked: 2 times
Been thanked: 1 time

Re: Trainer manager in Python

Post by nodots »

Holy crap, you all are havin' a laugh. It's a *special* routine I'm looking at. Meh, I'll try to mask what I'm doing in my code. It's there for a reason, and I agree.

REALLY? THE PRICE OF ADMISSION IS NOT TO LEARN ASM AND C, BUT ASM IN C? lmfao, I mighta done it too. Nothing to see here, move along script kiddies. I'll give you no scraps!

Now I gotta turn ASM into Python. If someone would have PM'd me, I coulda had this sooner. Like a year sooner.
User avatar
Rocky5
Posts: 974
Joined: Sat Feb 08, 2014 5:27 am
Has thanked: 101 times
Been thanked: 257 times

Re: Trainer manager in Python

Post by Rocky5 »

?
Download Xbox Softmodding Tool & Extras Disc
XBMC4Kids Mod


Xbox Gamertag = Connxtion
PSN ID = JCRocky5
nodots
Posts: 23
Joined: Sun Mar 29, 2015 9:34 pm
Has thanked: 2 times
Been thanked: 1 time

Re: Trainer manager in Python

Post by nodots »

I just figured out what I couldn't figure out! XBTF support will come within the month (when depends on my amount of lazy). I know what the code does, and how it does it, where it get's it's data. I looked for an hour, and it clicked.
User avatar
Rocky5
Posts: 974
Joined: Sat Feb 08, 2014 5:27 am
Has thanked: 101 times
Been thanked: 257 times

Re: Trainer manager in Python

Post by Rocky5 »

You going to go into detail on how it gets the data or how it's done?

I'm interested as I was scratching my head.

From what I could see and interparate is it gets the data ( sets it as the buffer ) gets the size, the asm code moves the buffer some where? ( or moves the buffer to a point in memory? ) then it adds a few bytes to the end? then other things :lol:
Download Xbox Softmodding Tool & Extras Disc
XBMC4Kids Mod


Xbox Gamertag = Connxtion
PSN ID = JCRocky5
nodots
Posts: 23
Joined: Sun Mar 29, 2015 9:34 pm
Has thanked: 2 times
Been thanked: 1 time

Re: Trainer manager in Python

Post by nodots »

As soon as I have a "GOOD" list of originals, I will document. I don't want credit where credit is not due. This is why the trainers were "mangled" as the source states.
nodots
Posts: 23
Joined: Sun Mar 29, 2015 9:34 pm
Has thanked: 2 times
Been thanked: 1 time

Re: Trainer manager in Python

Post by nodots »

Is there a game cover scan pack labeled by TitleID? If any project had one, it should be here.

Rocky5, you are on the right track. It moves it into memory in "buffer", unmangles in place, and reads the info needed.
This is why it takes so long to start up xored functionality with a big amount of trainers. Pretty easy to read now, actually. ;)
User avatar
Rocky5
Posts: 974
Joined: Sat Feb 08, 2014 5:27 am
Has thanked: 101 times
Been thanked: 257 times

Re: Trainer manager in Python

Post by Rocky5 »

nodots wrote:Is there a game cover scan pack labeled by TitleID? If any project had one, it should be here.

Rocky5, you are on the right track. It moves it into memory in "buffer", unmangles in place, and reads the info needed.
This is why it takes so long to start up xored functionality with a big amount of trainers. Pretty easy to read now, actually. ;)
I have a pack of over 200, but not in titleid format. But I made batch files to extract the titleids from a FTP source so give me a few hours and I will get you them all as titleids.

Do you want a extension or folderized?
( Halo\titeid )

Update:
Here you go there are 3 variants.
Download Xbox Softmodding Tool & Extras Disc
XBMC4Kids Mod


Xbox Gamertag = Connxtion
PSN ID = JCRocky5
Post Reply