Page 7 of 59
Re: Project: UnLockRay ( ULR / REL )
Posted: Sat Nov 22, 2008 10:08 pm
by Joshua822
But we can find those things in the source code

Re: Project: UnLockRay ( ULR / REL )
Posted: Sat Nov 22, 2008 10:11 pm
by spiraldoor
Gah! We must obtain this code! Perhaps it could be stolen somehow...
Re: Project: UnLockRay ( ULR / REL )
Posted: Sun Nov 23, 2008 7:01 pm
by CheatCat
Joshua822 wrote:But we can find those things in the source code

Yes, of course, but we can do it without source code, many hackers have do it, and if they can...
spiraldoor wrote:Gah! We must obtain this code! Perhaps it could be stolen somehow...
Ask UbiSoft! XD
Re: Project: UnLockRay ( ULR / REL )
Posted: Wed Apr 08, 2009 9:34 pm
by CheatCat
I am so sorry for the bump, but want to keep this project alive!
Have anyone look at the file fix.lvl? At the top of the file there is strings that the game uses. And you can CHANGE the strings and the text in the game will changes! However you cannot add or remove characters. The new word must have same amount of characters as the old one.
Some things that I found in the file:
Code: Select all
Just like playing chess, except you throw plums\lto zap Hoodlums instead of moving pawns to put \lthe king in check.
A chess mini game in R3??? :O
WHAT?! :O :O
Code: Select all
global save...save current life...save max life
Save life?
Maybe you was able to play this on PC also?
Code: Select all
Ranking : Jacques Mesrine...Ranking : Tony Soprano...Ranking : Pablo Escobar
Code: Select all
Find the outfit that'll make their heads turn!
Maybe there is some way to make the texts bigger and smaller?
Anyway, maybe changing the texts is a small step to unlock the Rayman games..
Re: Project: UnLockRay ( ULR / REL )
Posted: Thu Apr 09, 2009 12:29 pm
by spiraldoor
Those are interesting...
Re: Project: UnLockRay ( ULR / REL )
Posted: Fri Apr 10, 2009 10:56 am
by CheatCat
Maybe I can make a program that change the strings!

However I have edit the file too much and I have to reinstall the game because it crashes.

Re: Project: UnLockRay ( ULR / REL )
Posted: Sat Apr 11, 2009 3:08 pm
by LunaVorax
Hi again folks !
I made new discoveries with Rayman 2.
First of all, even if I succeded ripping the sounds effects of Rayman 2, it was kind of a brutal method. The
.bnm files are apparently used to store
WAV encoded sounds, it's apprently not encoded o/ encrypted or something, it's just raw. And then I decided to oppened it with
Hex Workshop and I discovered this :

So it proves what I said in a certain way, I don't really know if
- The
.bnm files
contains a lot of
.wav files, but without compressing them
OR
- The
.bnm is just a simple big
.wav file with a header that told how to be
splitted and renamed
But that's not important.
Hex Workshop is a really wonderful tool, I a real newbie with hexadecimal I don't really know how does things works, but since I know how to read and compare the strings of two files I can found interesting stuffs like that :

Apparently, Rayman 2
MAY use
LZSS compression method to compress stuff. It's common in video game to use
LZSS o/ LZ77 compression since it's extremely powerful. So now we need to know if it's the case and what file are compressed.
And then, good news about decoding the music : I have been an idiot.
The following screenshot will tell you why

The is a screenshot of the Dll folder in the Rayman 2 CD (also copied on your harddrive when you install the game), and how the first 4 DLLs are called ?
APMmxBVR.dll,
APMmxSVR.dll,
APMP5BVR.dll and
APMP5SVR.dll
And
surprisingly the extenstions of the music file is
.apm
So it's getting a lot more simple now, to decode the music we just have to build a program that actually "
call" thoses DLL and use them to decode the file.
And with a little more knowledge we could even build a Winamp plugin ;P
Now all we need is just a good programmer
Sorry for my horrible english, I'm just really tired now.
Re: Project: UnLockRay ( ULR / REL )
Posted: Sun Apr 12, 2009 2:22 pm
by CheatCat
Great!

Maybe we can use the Hex editor on the other files?
However I must learn decryption to open Rayman3 files. The Raman3 game know how to decrypt the files, right? Either it use a dll file or it's hard coded into the exe file. The admin on XeNTaX has already figured out the encryption method (
http://forum.xentax.com/viewtopic.php?f ... hilit=.cnt), but I think he don't want to tell me because business is business..
But I will look at the R3 file with the Hex editor. By the way I wasn't able to build a string extractor program because I don't know ho to remove the ASCII nulls.
Oh! I found something more in the fix.lvl file:
Was the game planed to be in more languages?
Display the Engine menu!

I think is something with the debug mode to do.
More debug things..
Re: Project: UnLockRay ( ULR / REL )
Posted: Sun Apr 12, 2009 7:34 pm
by LunaVorax
What fix.lvl did you looked, was it the Rayman 2 or the Rayman 3 one ?
Re: Project: UnLockRay ( ULR / REL )
Posted: Sun Apr 12, 2009 7:54 pm
by CheatCat
Rayman 3. There is one for R2?
Re: Project: UnLockRay ( ULR / REL )
Posted: Sun Apr 12, 2009 8:04 pm
by LunaVorax
Not a .lvl file, but there is a lot of "fix.*" files in the UbiSoft\Rayman2\Data\World\Levels folder.
Maybe the Rayman 3 engine is an heavily modified version of the Rayman 2 engine
Re: Project: UnLockRay ( ULR / REL )
Posted: Sun Apr 12, 2009 9:06 pm
by CheatCat
Yeah, take a look. If I should program Rayman 3 I should build it on Rayman 2 instead of begin from a empty project.
I find nothing readable in the files else then file names. But try to open Rayman2.exe in the HEX editor...

Re: Project: UnLockRay ( ULR / REL )
Posted: Sun Apr 12, 2009 10:21 pm
by LunaVorax
I already tried, but it's not a Hex Editor we should use,
it's a disassembler.
Re: Project: UnLockRay ( ULR / REL )
Posted: Mon Apr 13, 2009 11:29 am
by CheatCat
Oh, sorry!

But can you see what files the program loads in the disassembler?
EDIT:
In Rayman2 every folder in the Level folder contain 5 different files: dsb (database?); gpt (gameplay?); ptx (pointer file?); sna (ambient sound?); snd (sound?).
But in the Raycap folder there is also a pgb file. In that file I found this:
Code: Select all
; SCR 552
; Scripts Parser Version 5.5.2
; (c) Ubi Simulations 1997
{Vignette:
LoadLevelVignette("Rayman.bmp")
InitBarOutlineColor(255,255,255,128)
InitBarInsideColor(0,0,96,196)
InitBarColor(255,0,0,64,255,255,0,64,255,0,128,196,255,255,128,196)
CreateBar(20,430,620,445)
MaxValueBar(30)
AddBar
DisplayVignette
}
Now I know what it is! The loading screen!

Maybe we can use this file to call other functions?
EDIT
2: Maybe I have found the decryption functions: __unlock_file and __unlock_file2.
Re: Project: UnLockRay ( ULR / REL )
Posted: Mon Apr 13, 2009 7:02 pm
by LunaVorax
It's getting more and more interesting.
A disassembler is a program that turn a file into source code (basicaly). Unfortunately, only a genius would understand everything written in the rayman2.exe file ; it can only guide us on certains things the programs do.
Re: Project: UnLockRay ( ULR / REL )
Posted: Mon Apr 13, 2009 8:40 pm
by CheatCat
Do you think the unlock file function would decrypt them? But unlock also have other meanings. For example you can unlock a file so you can open it or write thing to it and you can unlock a file by remove it from a temporary memory place that Rayman2 may creates.
I think you can use program as dll files, if so, I maybe can call the unlock file function from the Rayman program and see whats happens.
EDIT: You can't!

Re: Project: UnLockRay ( ULR / REL )
Posted: Tue Apr 14, 2009 4:20 pm
by CLARK1
LunaVorax wrote:Hi again folks !
I made new discoveries with Rayman 2.
First of all, even if I succeded ripping the sounds effects of Rayman 2, it was kind of a brutal method. The
.bnm files are apparently used to store
WAV encoded sounds, it's apprently not encoded o/ encrypted or something, it's just raw. And then I decided to oppened it with
Hex Workshop and I discovered this :

So it proves what I said in a certain way, I don't really know if
- The
.bnm files
contains a lot of
.wav files, but without compressing them
OR
- The
.bnm is just a simple big
.wav file with a header that told how to be
splitted and renamed
But that's not important.
Hex Workshop is a really wonderful tool, I a real newbie with hexadecimal I don't really know how does things works, but since I know how to read and compare the strings of two files I can found interesting stuffs like that :

Apparently, Rayman 2
MAY use
LZSS compression method to compress stuff. It's common in video game to use
LZ77 compression since it's extremely powerful. So now we need to know if it's the case and what file are compressed.
And then, good news about decoding the music : I have been an idiot.
The following screenshot will tell you why

The is a screenshot of the Dll folder in the Rayman 2 CD (also copied on your harddrive when you install the game), and how the first 4 DLLs are called ?
APMmxBVR.dll,
APMmxSVR.dll,
APMP5BVR.dll and
APMP5SVR.dll
And
surprisingly the extenstions of the music file is
.apm
So it's getting a lot more simple now, to decode the music we just have to build a program that actually "
call" thoses DLL and use them to decode the file.
And with a little more knowledge we could even build a Winamp plugin ;P
Now all we need is just a good programmer
Sorry for my horrible english, I'm just really tired now.
AAAAAAAAHHHHHHHHHHGGGGGGGGG were did you learn about all of that.

Re: Project: UnLockRay ( ULR / REL )
Posted: Tue Apr 14, 2009 5:15 pm
by CheatCat
It's very easy. Just download Hex Workshop and open some files with it.
I can bulid a dll calling program. A dll file contain functions that you can call from a program, right? But I don't know what functions the dll files contains and the arguments. I will run dissembler on the dlls when have time.
Re: Project: UnLockRay ( ULR / REL )
Posted: Wed Apr 15, 2009 4:02 pm
by stan423321
EXE files contain usually both opcodes and data, so using Hex-something wouldn't be worst thing ever.
Re: Project: UnLockRay ( ULR / REL )
Posted: Wed Apr 15, 2009 5:12 pm
by CheatCat
With IDA you can read both the opcodes and data I think..