fun fact:
This game I'm trying to reverse engineer defines one thousand, one hundred, and fifteen v-tables!

second fun fact:
I'M ABOUT TO PULL OUT ALL MY HAIR

on the positive side, I think I've discovered built-in modding capability that's gone unnoticed for 13 years

I've moved on to ADVANCED reverse engineering techniques.

I emailed the company that made the game asking them for the specs/SDK for their engine.

oh sweet lord this code uses TEMPLATES.
like C++ reverse engineering isn't bad enough, now I have to deal with TEMPLATES?

vtables, templates, and a compiler that aggressively inlines.
this is SO MUCH FUN

OH GOODY they have a sentinel value in their vector implementation.
is it NULL?

nope. it's '#EOF'. as a pointer.
(void*)0x23454f46

This is safer than it sounds: The Wii's virtual addresses are in the 0x80000000 - 0xD3FFFFFF range, with 32 kb of registers up in 0xCD000000.

Nothing is ever mapped at 0x23000000.

I want to ask the developers so many things.
like why they're calling getBinaryData on a GuiAssetProvider (and providing a GuiResourceLock) to load a TEXT FILE.

I wonder if there's a way to get a zlib chunk to compress into a specific size. like a harmless way to pad it out? because otherwise I'm gonna have to figure out some more info about the format of these bundles, as any changes I make will make the file-regions change size.

turns out to be a non-issue. I modified the data to have more redundancy (overwrote one filename with another) and now it got bigger

what

it's mocking me. I swapped "classic" for "hawaii" and it got 2 bytes bigger.
so I tried "ny" instead. much shorter!
now the file is 6 bytes bigger.

boo. patching doesn't seem to work.

I'll have to understand the BundleManager system a lot better to figure out why that is, or if I am simply wrong. Anyways, I can always patch the files on the disc.

hot take: if "(int*)(this + 0x56990)" ever appears in the decompiled code, YOUR CLASS IS WAY TOO FUCKING BIG

ugh. I think I found an ad-hoc CRC function and a bloom filter. aka NOTHING THAT'S GONNA BE FUN TO REVERSE

and the CRC function matches the one from this CTF challenge.
what the heck. did someone put reverse engineering in my reverse engineering?

https://jctf.team/Mossad-Challenge-5779/

I changed one register during boot to enable debugging, and it crashed the game and then my emulator.
10 out of 10, would recommend again

hacking on big-endian code/data after so long on little-endian is weird.
why are the numbers in the right order? that's wrong. they're supposed to be all backwards!

wait does this really store chunk sizes as 24-bit integers in actual-size-minus-1 form?

I've got the decoded puzzles open in my text editor and IT ASKS TOO MANY QUESTIONS

found a clever thing they're doing. They have a virtualized filesystem, where multiple bundle files are mounted, and files are located in a reverse-added order. But they subclassed the bundle method so that instead of a filename, you can set up a bundle backed by a pointer+length.

why are they doing this?
because one of the bundles is statically compiled into the executable itself. They just do BundleManager::mountBundle(INTERNAL_BUNDLE_STRING,INTERNAL_BUNDLE_LENGTH);

wait why is there a method on the App class to parse commandline tokens.

this is a Wii game.
what command line?

AppWii::tickleDVD?

DO NOT TICKLE THE DVD