VIRGIN KLM
Member
Level: 21
   
Posts: 65/89
EXP: 45114
For next: 4829
Since: 06-07-14
Since last post: 6.4 years
Last activity: 6.1 years
|
|
| The geometry is identical and I see why the breasts were fixed. In texturing what they did is wrong, it appears as her breasts end halfway the bra geometry which either is wrong or it makes it look like she wears somekind of wonderbra or she have socks/somekind of enhancement on her bra. Common mistake in drawing too. |
akafa123
Random nobody
Level: 4
Posts: 3/3
EXP: 272
For next: 7
Since: 10-19-14
Since last post: 7.5 years
Last activity: 7.4 years
|
|
There was some VIP box in the game, It was located on Eden, right after Expressway.
We found it when we was translating locations names.
3987║$m_res_mn_s2203║VIP Box{End}{Question} |
VIRGIN KLM
Member
Level: 21
Posts: 66/89
EXP: 45114
For next: 4829
Since: 06-07-14
Since last post: 6.4 years
Last activity: 6.1 years
|
| Posted on 10-26-14 02:14:48 PM (last edited by VIRGIN KLM at 10-26-14 02:16:09 PM) |
Link | Quote
| |
Originally posted by akafa123
There was some VIP box in the game, It was located on Eden, right after Expressway.
We found it when we was translating locations names.
3987║$m_res_mn_s2203║VIP Box{End}{Question}
Wonder what that is or if it can be forced back into the game.
Also I'm 100% sure you can force the game to run as demo mode or TGS/E3/Alpha previews.
I guess some modes will not work perfectly because of missing elements but the Demo mode should run perfectly. |
hedgehog89
Member
Level: 19
Posts: 64/75
EXP: 34374
For next: 1403
Since: 09-02-14
Since last post: 7.1 years
Last activity: 6.7 years
|
| Posted on 10-26-14 03:18:59 PM (last edited by hedgehog89 at 10-26-14 04:35:48 PM) |
Link | Quote
| |
I've made this table, using the pointer KazukiMutou found for changing the savepoint, as was the only one that worked in my version. Through adding values to the first pointer it can edit the zone code and the three bytes related to the 7th.
Also, I've managed to get my own pointer for Axis 01, and again, with adding values to it I've got pointers for Axis 01, 02 and 03 and for the same axis again when you're offbounds.
I didn't noticed until yesterday that, the first three axis values in the table do work until you're offbounds, you must use the other three to warp until you're not offbounds, the former three will work again.
KazukiMutou tested them and they worked, so this table could work for everybody.
http://www.mediafire.com/view/ype4am3l13oapup/ffxiiiimg_7th_rev2.CT
EDIT: Uploaded the second revision, with .c201 and first teammate axis pointers. |
EternalSoft
Member
Level: 19
Posts: 63/72
EXP: 33237
For next: 2540
Since: 03-27-14
Since last post: 3.9 years
Last activity: 3.8 years
|
|
Originally posted by VIRGIN KLM
Also I'm 100% sure you can force the game to run as demo mode or TGS/E3/Alpha previews.
I guess some modes will not work perfectly because of missing elements but the Demo mode should run perfectly.
yeah,theres these comments on the memory:
PlayModeDebug..I..ConstantValue..PlayModeRelease..PlayModeAlpha..PlayModeBeta..PlayModeTgs..PlayModeE3 |
VIRGIN KLM
Member
Level: 21
Posts: 67/89
EXP: 45114
For next: 4829
Since: 06-07-14
Since last post: 6.4 years
Last activity: 6.1 years
|
| Posted on 10-26-14 11:07:55 PM (last edited by VIRGIN KLM at 10-26-14 11:22:39 PM) |
Link | Quote
| |
Originally posted by EternalSoft
Originally posted by VIRGIN KLM
Also I'm 100% sure you can force the game to run as demo mode or TGS/E3/Alpha previews.
I guess some modes will not work perfectly because of missing elements but the Demo mode should run perfectly.
yeah,theres these comments on the memory:
PlayModeDebug..I..ConstantValue..PlayModeRelease..PlayModeAlpha..PlayModeBeta..PlayModeTgs..PlayModeE3
So, it's an Integer value saved as a constant which means at boot of the executable. It might need an EXE edit, I'm almost able to see that the value is set in the source code as:
#define PlayModeDebug 01
...which means the value is read only at the boot of the game and altering it after won't change anything.
For sure the value it's between 00-05 most possibly in our case it's set either 00 or 01. Doesn't help alot but better than nothing. I guess it would be more usefull for the E3 Disc that I can see that all debugging elements are still present. |
EternalSoft
Member
Level: 19
Posts: 64/72
EXP: 33237
For next: 2540
Since: 03-27-14
Since last post: 3.9 years
Last activity: 3.8 years
|
|
| oh well,what can we do about it then? i dont know this kind of hacking stuff on the exe |
SkacikPL
Member
Level: 15
Posts: 20/41
EXP: 13774
For next: 2610
Since: 10-19-14
Since last post: 7.4 years
Last activity: 7.3 years
|
|
Originally posted by EternalSoft
oh well,what can we do about it then? i dont know this kind of hacking stuff on the exe
Open the exe with a hex editor.
But to find the proper value is the other thing.
Perhaps IDA pro or ollydbg would prove useful |
hedgehog89
Member
Level: 19
Posts: 65/75
EXP: 34374
For next: 1403
Since: 09-02-14
Since last post: 7.1 years
Last activity: 6.7 years
|
| Posted on 10-27-14 11:00:53 PM (last edited by hedgehog89 at 10-27-14 11:04:42 PM) |
Link | Quote
| |
I'm going throw some light into this boot modes stuff, as I've got many clues about it's inner workings.
Crystal Tools seems to be using a modified Java Virtual Machine, that run compiled .java source files that are on a format extremely diffirent from a java class, You can see references to java source files in the RAM. The magic number of a java class is 0xCAFEBABE while in the compiled ones used by Crystal Tools, with .clb extension have the magic number 0x54545454, with in ASCII appears as "TTTT".
These clb, "java classes" are stored in an encrypted format in the white_scru.win32 file. Someone on Xentax forum made a program to decrypt them, however you can see them decrypted in the RAM.
The main script is WhiteResident.clb and it have three variables defined for debug modes. If we were needing to set a possible constant variable, it won't be on the EXE but on this partcular .clb, decrypted.
A better workaround seem to be using IDA or Ollydbg to locate the routine that decides with boot mode will do and, maybe do a code injection to force it to boot debug mode or E3.
EDIT: To see the decrypted WhiteResident.clb in the RAM, find one of these strings:
FINAL_GLOBAL_DEBUG_FLAG
FINAL_VALUE_DEBUG_NO_DEBUG
FINAL_VALUE_DEBUG_DEBUG
FINAL_VALUE_DEBUG_SKIP |
VIRGIN KLM
Member
Level: 21
Posts: 68/89
EXP: 45114
For next: 4829
Since: 06-07-14
Since last post: 6.4 years
Last activity: 6.1 years
|
| Posted on 10-27-14 11:25:40 PM (last edited by VIRGIN KLM at 10-27-14 11:28:00 PM) |
Link | Quote
| |
Shouldn't the game mode be set as an integer global constant at the boot of the game? Whatever routine that is must be on the very first lines of the executable or on a Function that gets executed very early because for example the E3 mode gives you a warning screen before the video intro. Whatever happens, happens for SURE before exeuting that video file. Dunno if that helps, I just felt like sharing it.
Also, hedgehog89 do you have any clue how formations get loaded on the game?
I'm checking one by one wdb files of each map to get an idea but I'm not really sure of anything to make a conclusion. Also I tried replacing Fang's summon with the dummy/placeholder/testing summon but what happens is that it simply starts to swirl around the character without the game hanging and then nothing, you need to close the game and restart. |
hedgehog89
Member
Level: 19
Posts: 67/75
EXP: 34374
For next: 1403
Since: 09-02-14
Since last post: 7.1 years
Last activity: 6.7 years
|
|
I'm pretty sure the WhiteResident.clb is the first and, main routine in the game, it's placed first of all .clb files and it have the boot modes, debug strings I've dumped from RAM, when I've got that japanese text.
About formations, the only clue I have is that, they could have been coded in .clb files, in the ones for each zone. In the 7th clbs, there is one called scr010.clb that seem to have references to monsters, there are strings of type gr_mon_XXXX where XXXX is a number, a number that I couldn't get related to the actual monsters models. |
SkacikPL
Member
Level: 15
Posts: 21/41
EXP: 13774
For next: 2610
Since: 10-19-14
Since last post: 7.4 years
Last activity: 7.3 years
|
|
Does the xentax unpacker work with PC version? Also does it allow you to repack the scripts?
That would be quite useful for modding the core game itself. |
VIRGIN KLM
Member
Level: 21
Posts: 69/89
EXP: 45114
For next: 4829
Since: 06-07-14
Since last post: 6.4 years
Last activity: 6.1 years
|
| Posted on 10-28-14 11:21:38 AM (last edited by VIRGIN KLM at 10-28-14 11:22:07 AM) |
Link | Quote
| |
Originally posted by SkacikPL
Does the xentax unpacker work with PC version? Originally posted by SkacikPL
Yep.
Originally posted by SkacikPL
Also does it allow you to repack the scripts?
That would be quite useful for modding the core game itself.
Nope. I heavily doubt this will ever happen. |
SkacikPL
Member
Level: 15
Posts: 22/41
EXP: 13774
For next: 2610
Since: 10-19-14
Since last post: 7.4 years
Last activity: 7.3 years
|
| Posted on 10-28-14 06:25:09 PM (last edited by SkacikPL at 10-28-14 06:25:31 PM) |
Link | Quote
| |
Perhaps i didn't express myself clearly enough.
AFAIK, we're already able to unpack and repack base archives.
There is a tool which unpacks (console) .clb scripts. As Square bothered to scramble other file formats a bit for the PC release, i wonder whether .clb scripts also were changed.
I wonder whether it works on PC and whether it even had an option to re-crypt the scripts.
I don't have an account on XentaX so i can't even check it out.
It'd be really handy for fixing the Ark. Editing the script directly would be way better than blindly 00'ing or FF'ing values in memory. |
VIRGIN KLM
Member
Level: 21
Posts: 70/89
EXP: 45114
For next: 4829
Since: 06-07-14
Since last post: 6.4 years
Last activity: 6.1 years
|
|
Originally posted by SkacikPL
Perhaps i didn't express myself clearly enough.
AFAIK, we're already able to unpack and repack base archives.
There is a tool which unpacks (console) .clb scripts. As Square bothered to scramble other file formats a bit for the PC release, i wonder whether .clb scripts also were changed.
I wonder whether it works on PC and whether it even had an option to re-crypt the scripts.
I don't have an account on XentaX so i can't even check it out.
The problem is that there is no tool that recompresses the white_scru file back so the game can read it and it doesn't sound like a tool that is easy to make, or something that I really see happening, even though I really hope.
Originally posted by SkacikPL
It'd be really handy for fixing the Ark. Editing the script directly would be way better than blindly 00'ing or FF'ing values in memory.
Actually, to be honest, I see it as the ONLY way to fix 7th Ark since the FF'ing way will get us nowhere, some of those values store the XYZ placements of some objects and enemies and some hitboxes that trigger some stuff. We talk about millions of depended variables here.
BTW, is there any file that has a full list of the names of ALL enemies and all Summons? If it lists the dummy ones then there is a string near it that has a byte long value that calls it's AI, model and animations from a list. This should help figuring out what calls what when we fight enemies. |
SkacikPL
Member
Level: 15
Posts: 23/41
EXP: 13774
For next: 2610
Since: 10-19-14
Since last post: 7.4 years
Last activity: 7.3 years
|
| Posted on 10-29-14 10:23:34 AM (last edited by SkacikPL at 10-29-14 10:26:46 AM) |
Link | Quote
| |
Originally posted by VIRGIN KLM
The problem is that there is no tool that recompresses the white_scru file back so the game can read it and it doesn't sound like a tool that is easy to make, or something that I really see happening, even though I really hope.
Uh, FFXIII tool has an option to extract and repack scrc and imgc archives. AFAIK it also does work with scru and imgu archives.
As it states in readme:
Final Fantasy XIII extraction/repacking command line tool. v1.0
Program is supposed to be used in command line, but there's a few batch files for the most obvious actions.
There's 3 different ways to use the tool:
- Extract all files from a container file. Example: ff13tool -x filelist_scrc.win32.bin white_scrc.win32.bin
- Repack all files into a container file. Note that it requires the filelist as it uses it as base. It has a limitation that it can't add new files, it'll compress the same files as the ones listed in filelist. Example: ff13tool -c filelist_scrc.win32.bin white_scrc
- Import one file into container file. Repacking an entire container file is slow since they're so big, so this is intended for quick iteration on testing mods. Note that it appends file data to the end of the container file, so it'll make the container file larger each time you do this. Example: ff13tool -i filelist_scrc.win32.bin white_scrc.win32.bin white_scrc/chr/pc/c205/bin/c205.win32.trb
Some notes:
- This is only tested with PC version of FFXIII. I don't know if it works on 360 and PS3 versions.
- As mentioned above, since new filelist is based on the old filelist, the tool can't add all new files. It has to be replacing files already in the container file.
- Zone container files can be extracted/repacked too. Their corresponding filelists is in white_imgc.win32.bin.
- Any container file with "c" are Japanese files, and any container file with "u" are English files. Many of these are actually identical. There's no difference between white_scrc.win32.bin and white_scru.win32.bin
- I have no idea what white_scrc.win32.sdat is used for. I have tried experimenting with it and I couldn't see any ingame effect. It might not actually be used for anything.
- The batch files are configured to extract/repack the img and scr Japanese container files.
|
hedgehog89
Member
Level: 19
Posts: 68/75
EXP: 34374
For next: 1403
Since: 09-02-14
Since last post: 7.1 years
Last activity: 6.7 years
|
|
Awesome, now the only thing left is the save editor, as for example, I don't know yet how to port my savegame modding knowledge regarding the party, for example, play with the unused Serah ghost.
About the 7th, I doubt there is a way to make it work as the original one, as I'm sure Square removed some parts of the code as it was meant to be released as DLC. The leftovers we found was probably left there for making the DLC smaller in size. As proof of this is the .ztr text files of the 7th, they, even in the JP version, doesn't have any text.
So, if someone were to make it work, it would be a mod on it's own, making it work creatively as the original thing is lost. For making it, good luck in finding a way to reverse engineer the *.clb files, just the 7th .clb reverse engineered would tell us why the swtiches keep endlessly spinning and what values could make the leftovers do stuff.
I will continue try the blind 00'ing and FF'ing, it's not the best approach, but as I don't know where to begin with assembler, I will get the most of it. I know there is an actual offset that controls the monsters appearance in Zone C, but since I'm not at home I couldn't get it yet. The trick with FF'ing is to get a result, then try FF'ing only a sector and seek the same result, if not try other sector until you get the actual offset, then go on playing around with it to see what happens.
-------------------------------------
Here is another version of my warping table, using level 5 pointers, this one keeps the pointers during and after battles, but they will get lost if the party changes. I want to try exploring other areas of the game, like Palumpolum, Eden or Mah'habara Subterra, maybe that VIP box or something lies hidden in those offlimits areas. I hope it works for you.
http://www.mediafire.com/view/yeaap6xzbjz7gmj/ffxiiiimg_7th_rev3.CT |
SkacikPL
Member
Level: 15
Posts: 24/41
EXP: 13774
For next: 2610
Since: 10-19-14
Since last post: 7.4 years
Last activity: 7.3 years
|
|
I tried the .clb decompiler and i've mixed feelings.
I don't know much about java and how it is compiled, but after a running the script through that .clb decryptor it seems to be kind of decrpyted or at least more ordered to the eye. But it still makes zero sense, so unless i still need a specific tool to read them i don't think it works in 100%.
I don't have a ps3/360 version to compare whether the output is really how it should be, so yeah... |
hedgehog89
Member
Level: 19
Posts: 69/75
EXP: 34374
For next: 1403
Since: 09-02-14
Since last post: 7.1 years
Last activity: 6.7 years
|
| Posted on 10-30-14 04:25:06 PM (last edited by hedgehog89 at 10-30-14 04:28:32 PM) |
Link | Quote
| |
Originally posted by SkacikPL
... after a running the script through that .clb decryptor it seems to be kind of decrpyted or at least more ordered to the eye. But it still makes zero sense, so unless i still need a specific tool to read them i don't think it works in 100%.
I don't have a ps3/360 version to compare whether the output is really how it should be, so yeah...
If the beginning of the decrypted clb file is 54 54 54 54 or in ASCII "TTTT" and, you can see actual function names, that is the clb decrypted. But as I said earlier, they aren't a normal compiled java classes but a brand new format of compiled java code made in the Crystal Tools engine.
EDIT: I wonder if these clb are converted into a javaclass during runtime, In a snapshot of the PS3 RAM I was able to find CAFEBABE once, the magic number of a javaclass. Maybe it's an actual javaclass being used in that snapshot at that time. But modding may be tricky even if this were the case. I hasn't researched a lot this. |
hedgehog89
Member
Level: 19
Posts: 70/75
EXP: 34374
For next: 1403
Since: 09-02-14
Since last post: 7.1 years
Last activity: 6.7 years
|
| Posted on 11-09-14 07:34:39 PM (last edited by hedgehog89 at 11-09-14 10:30:29 PM) |
Link | Quote
| |
I'm back again.
This time, I want to present you my Youtube channel, where I will be uploading my findings.
After messing around with the offsets that when FF'd would dissappear the monsters of Zone C, I've found how to trigger the monsters of both Zone C and A. Just after the offset where the Treaseure Flag is stored (you can view it with the cheat table I've uploaded before), fill the next 4 bytes with FF but leave the next 5 bytes as 00. This will make monsters appear on both Zones and in Zone A Rotten Tomato and Metal Gigantuar appears!!, but, it's giving me the black screen instead of the Event of the invisible monster that it's Metal Gigantuar.
Here is the link to the channel: https://www.youtube.com/channel/UCRp1MI20VwWT-cRHaorisLQ
Stay tuned on both, here and my channel for more!
EDIT: So far the research on 7th monsters goes as follows:
We have the Nemesis, Switch Event and Treasure Flag offsets as follows:
03 04 05
FF FF FF
The monsters seem to be controlled by the next 8 bytes:
03 04 05 06 07 08 09 0A 0B 0C 0D
FF FF FF FF FF FF FF 00 00 00 00
Playing around with them, changing from FF to 00 and viceversa seem to change the monsters that appear and, setting the bytes 06 and 07 to 00 deletes the monsters in the beginning of Zone A while 08 and 09 the ones at the end.
Offset 0B seems to control the Metal Gigantuar Event and Metal Gigantuar itself. Setting to FF triggers the event but no monsters, and they go deleted too. While 00 Metal Gigantuar appers but event gives black screen.
EDIT 2: Through warping, just before crossing the gate setting the third axis to -550, you can battle Gigantuar Prime. The battle have been uploaded to my channel.
EDIT 3: Savegame for battling Gigantuar Prime: http://www.mediafire.com/download/l5efya9qgcyvgfh/ff13-35.dat |
