The reverse engineering games

This post should have started with the words “last week” but unfortunately I was not able to follow the weekly cadence I had planned. Instead of just the trivial matters I announced then I will also cover more topics than initially planned, going from a very short entry to hopefully an entry that still qualifies as short.

The reason why I started the xadec.dll reverse engineering game was as I said in the first post of this series the prospect of living in a bigger place with enough space to use my electronic drum kit. One thought led to another and I remembered the fun I had playing GuitarFreaks and DrumMania. The reason why this post is late is because in the process of moving my laptop was stolen.

I’m not too worried about the contents of the laptop because it should be a brick to anyone but me. Considering the current trend among politicians against strong cryptography, I’m very glad to be in the other camp. However having the laptop stolen is not the only reason for a whole month delay: I also lost some of my backups, including the sources of this blog.

I have a NAS at home for local backups, and copies online (or as the sheeps say these days, in the cloud). Some of my things are inherently backed up, because hosted online: emails, source code. Stuff that is not important tend to live on only one device until I archive it just in case, that’s obviously gone. The big bummer is a couple of local backups that fail to restore, a procedure I usually test when I switch laptops (that is, not often enough) so the local backups are useless and the on-device archives are gone.

If you paid attention, source code should not be a problem, but I lost the blog sources. I forgot for some reason to host a clone online and I had to reverse engineer the HTML web site and figure all the changes I had made to the theme to get it back. I guess I should talk about vim in a future post because it helped a lot in the process, but I digress… And with that this post is already longer than the original one I had in mind.

The music games

Anothernother reason for being so late is the fact that I eventually moved, and this was the occasion to revisit my games collection.

Some of my music games

On this picture you should see the boxes containing the guitar controller I ordered before Guitar Hero happened, the Guitar Hero controller I then bought along with the first game, two original games from Japan and one more controller. The Playstation 2 game is GuitarFreaks and DrumMania V3, and missing from that picture are the defunct drums controller, the defunct modded Playstation 2 and the defunct modded Wii.

So unless I manage to use those controllers on a PC beefy enough to emulate those consoles and manage to run such an emulator, at best they can be seen as geeky decoration, otherwise dead weight that belongs in the basement. But surely, running those games using an emulator would be piracy, right?

The music game

The game I’m interested in (DTXMania) is officially a piece of software that anyone can use to practice their Yamaha DTX electronic drum kits. If you look closer though, it’s a DrumMania and GuitarFreaks clone, because yes you can also play the guitar. But to be fair DTXMania goes beyond the arcade nature of DrumMania and can support many more elements on a drum kit, and even elements with multiple states such as a hi hat that can be either open or closed.

Out of curiosity I looked at the source code beyond the presence of xadec.dll and found a well maintained copyright statement of its bundled dependencies. It mentions that xadec.dll can only be used free of charge, so any paid for game would not be allowed to ship and use it. It’s a bit challenging to find information in a code base maintained in Japanese, and that goes for the web site too, but there are some English resources. In there I found xa.exe apparently also shipped by the BandJam developer, and still accessible thanks to projects like DTXMania. xa.exe can both encode and decode this XA format, and I was probably wrong to think that the BandJam author was not behind this format. Now the question is the following: should I also reverse engineer the encoder?

Disassembly of a static program

Unlike a library that needs an entry point for each public symbol of its API, a quick try on xa.exe gives no starting point. Worse, even though I reinstalled the same OS, objdump no longer gives me the useful all-in-one output I was used to. That in itself is very puzzling.

One thing I could hope is to find the xadec.dll code in xa.exe since it can both encode and decode. The problem is that even if the code is virtually the same with identical optimizations for a similar output, it is likely that the choice of registers would differ, and it is even more likely that addresses wouldn’t match.

That would make an interesting coding exercise, trying to find the same code in two binaries with possibly slight differences, but for now I have other plans, like maybe playing some drums at some point, maybe?

Pouring some wine

Finally, I got hold of older versions of DTXMania, and managed to run them! At this point I should stop this reverse engineering game and fulfill my original goal of playing the game with my electronic drum kit. But that would imply sanity, a trait I do not claim. After all, when I initially tied to run the game I naturally went for the latest builds to no avail. I searched online and found that people tried to use Wine before and it failed miserably.

Well, Wine today can run DTXMania 067b just fine, even the version 061. In fact, those are versions that predate the open-sourcing of the game. And since I fail to build it on Fedora, I can’t assess when things broke today’s Wine.

$ dnf info wine
Installed Packages
Name         : wine
Version      : 3.13
Release      : 3.fc28
Arch         : x86_64
Size         : 0.0
Source       : wine-3.13-3.fc28.src.rpm
Repo         : @System
From repo    : updates
Summary      : A compatibility layer for windows applications
URL          : https://www.winehq.org/
License      : LGPLv2+
Description  : Wine as a compatibility layer for UNIX to run Windows applications. This
             : package includes a program loader, which allows unmodified Windows
             : 3.x/9x/NT binaries to run on x86 and x86_64 Unixes. Wine can use native system
             : .dll files if they are available.
             :
             : In Fedora wine is a meta-package which will install everything needed for wine
             : to work smoothly. Smaller setups can be achieved by installing some of the
             : wine-* sub packages.

All I can say is that it broke somewhere between 067b and 087. Maybe in a couple years Wine will catch up and run it like a champ! But I’m not here to reverse engineer the Windows APIs, so in the next post I will resume my report on xadec.dll but I don’t expect to stick to one post a week. While I still have my decompiled source code, I lost the side-by-side decompilation with the assembly.