E-Maculation

Hi,

I would like to Reverse Engineering a game for Mac.
The game is only available for PowerPC Macs. I’m currently running it in SheepShaver with Mac OS 9.

I would like to add some features to the game (widescreen support for example) but I don’t know the source code. So I have to inject some code (ppc assembly code I think) in it (I’m not an expert, I know this will be a challenging task to do).
People did it for the Windows version of the game, I want to do it for macOS.

- Where to start?
- Fundamentals to know
- Can I RE from the host Mac?
- Program suggested?
- Have you ever done this?

Thank you

Why not just tell us the name of the game you're looking at?

My second question would be, are you sure widescreen support is feasible at all? I wasn't aware Sheepshaver could run in widescreen.

I expect for starters you'll want some kind of debugger or disassembler, but I wouldn't know what the best options are for PPC.

Jorpho wrote:I wasn't aware Sheepshaver could run in widescreen.

SheepShaver can run in many different screen sizes. I myself run SheepShaver usually in a 1280/800 window or 1920/1080 full-screen.

The game is Age of Empires II.
I run SheepShaver at 1280x800 too, in fullscreen.

I would start by making absolutely sure no one's gone down this path before. There are probably many things done to the Windows version that might apply directly to the PPC version, once you understand how they were done to the Windows version in the first place.

But I also expect that, as noted in your other thread, almost everyone will tell you to use WineSkin or a virtual machine. See also https://gist.github.com/contra/554f541f ... 29439860eb .

The people who made the Windows patch seems not wanting to share their work. I didn’t want to insist though.
I think the development could be 80% faster.
Maybe if I’m not the only one, I can try to convince him/them.

The point is not only to play Age of Empires, but to play the original Mac version. Overall seems simpler to setup and play using SheepShaver.

The problem is multiplayer. Since GameRanger doesn’t support Mac OS 9 anymore. And Voobly for Windows offers many rooms and people to play with.

Last but not least, there will be much fun in trying and testing an updated Age of Empires II for Macintosh, with HD support and all that kind of HD Edition improvements.

While writing this actually I’m thinking of setting this idea apart and try to setup Wineskin. But there is something every time convincing me to want to continue make this upgraded version of Age for Mac.

The things are:

• Rosetta for newer Macs (like Wine)
• Patched version of Age for Macintosh

Also, I was thinking...
Making Age of Empires available for Mac, isn’t all a matters of recompiling it for Intel architecture? ...

mePy2
Maybe it wouldn't be a much of help here, but you could try to do this task not on SheepShaver, but in QEMU as the recent QEMU versions (3.0.0-rc0 and higher) support MacsBug (native Mac debugger), so it would be easier for you to reverse-engineer that game. As to SheepShaver, I was unable to start up MacsBug there for some reason. I'm not sure if it allows inline patching at all, but you could study the disassembly at least and step/trace through it (w/ altering the memory/registers, if needed). Browse MacsBug Reference and Debugging Guide, which's floating on the internet.
There was Jasik debugger also, but I couldn't figure out how to use it. To get a plain disasm listings you might try MacNosy, The Fragmalyzer or IDA (on modern OS'es).

dadreamer wrote:mePy2
Maybe it wouldn't be a much of help here, but you could try to do this task not on SheepShaver, but in QEMU as the recent QEMU versions (3.0.0-rc0 and higher) support MacsBug (native Mac debugger), so it would be easier for you to reverse-engineer that game. As to SheepShaver, I was unable to start up MacsBug there for some reason. I'm not sure if it allows inline patching at all, but you could study the disassembly at least and step/trace through it (w/ altering the memory/registers, if needed). Browse MacsBug Reference and Debugging Guide, which's floating on the internet.
There was Jasik debugger also, but I couldn't figure out how to use it. To get a plain disasm listings you might try MacNosy, The Fragmalyzer or IDA (on modern OS'es).

Many many thanks!!

What do you suggest (or/and which are the differences) using Macbugs, debugger in Codewarrior (?), Hopper just saying a recent app to be run on the host machine.

MACSbug is a lot like gdb or windbg in how it operates, except that you are sitting on "bare metal" of the machine, underneath most of the OS. After familiarizing yourself with the reference listed, you should be able to set breakpoints and isolate flow issues. It doesn't have any bells or whistles by default, but it has a plugin architecture, so you can write or script your own workflows and commands (someone's written breakout for MACSbug among other things).

If you want to just look at the PPC disassembled and have access to IDA 7, that's probably the way to go -- it should disassemble all the structures and instructions and let you do a thorough static analysis.

CodeWarrior's debugger is MUCH more friendly, but doesn't give you as much control of your environment; it's more for debugging a particular app that you have the symbols for.

As for your wonderings about re-compilation for Intel... that sounds simple, but the underlying architecture (all the APIs and ABIs) have changed significantly since then; it's a challenge enough sometimes to take a 32-bit Intel OS X source tree and re-compile it for Mojave -- I've been hitting a number of programs recently that use the old scripting engine which no longer exists; they need any Apple Event related routines completely re-written using the modern interface. Taking the original source and re-compiling for 10.6 should be only a minor headache though, as long as there isn't a bunch of legacy 68k stuff coming along for the ride. This all, of course, assumes you've got the original source, the original build chain, and a similar IDE/compiler/toolchain; my guess is that AOEII was compiled on CodeWarrior, which means it'd have to be ported to XCode, then ported to x86, then have all the deprecated calls modernized. This is a LOT of work for a product that would only have moderate sales as a result.

mePy2 wrote:What do you suggest (or/and which are the differences) using Macbugs, debugger in Codewarrior (?), Hopper just saying a recent app to be run on the host machine.

My own task was pretty slim and consisted in debugging some drivers mostly. MacsBug was the everything I needed that time (well, I used some helper tools like TattleTech, but it doesn't seem to be useful for the subject). As I'm not a professional in Linux/Mac RE, I can't say which would be best in the case. I had a try of IDA in all three wide-known OS'es and it does its job just fine (on Windows there's much more additional utilities, of course), but there was no port of IDA for Classic Mac AFAIK. Had a very little experience with Hopper and no deals with the others.

The straightforward way of completing the work is trying to do everything in Classic Mac environment, but as to me it's unlikely to be completed, because just a few tools for this OS were written. So, it would be more practical to transfer part of the work to the host OS, e.g. you might disasm and learn the code w/ IDA or Hopper, cross-compile (if possible) a shared library (or resource) for the game, write a "glue" layer for the injection and link your library to the game. When you get the final binaries, then you're able to test them on your Mac.

Thank you for your useful replies.

I’ll give a try soon.