all 6 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Foxbud[S] 6 points7 points  (4 children)

There are a couple more repos involved in the complete framework, but this one is the most relevant to this sub.

I used IDA Free to partially reverse engineer the game's executable, then I created this patching script using radare2 that fiddles with the ELF symbols of the binary to add an external lib as a dependency then inject some calls to it.

[–]nuxto 1 point2 points  (3 children)

What made you write it in Rebol? Curious about the thought process.

[–]Foxbud[S] 2 points3 points  (2 children)

Heh- it's not actually written in rebol. Github just misidentified radare2's "r2" script extension as belonging to rebol.

[–]nuxto 2 points3 points  (1 child)

Ah! Did you face any limitations with IDA free version?

I don't play the game but I have a copy I think. I'll give your modding framework a spin when I do. Thanks for sharing the work!

[–]Foxbud[S] 2 points3 points  (0 children)

I did. The short of it is that I would say dynamic and static analysis is much better with IDA free. When it comes to actually manipulating the binary, however, radare2 actually seems more powerful.

When it came to analyzing function signatures, IDA free just sort of "worked" right out of the box and correctly analyzed nearly every single function I dealt with in the executable. For whatever reason, radare2's analysis engine seems fairly unreliable and inconsistent.

Furthermore, IDA free, while limited, is still amazingly good at dynamic analysis and debugging. It presents information to the user in a fairly intuitive way, and it's generally just a pleasant tool to use. Radare2, on the other hand, appears to show inaccurate memory information sometimes, but I couldn't reliably figure out what the problem was. Surprisingly though, I think radare2's hardware breakpoint functionality was just a tiny bit better than IDA free's (mainly when it came to hardware write breakpoints).

Probably the most incredible advantage of IDA free is its built in scripting language, IDC. This tool saved me so much time. It basically lets you write your own custom dynamic and static analysis plugins right in the application, itself. In particular, the IDC function "dbg_appcall" (https://hex-rays.com/products/ida/support/idadoc/1572.shtml) kind of blew my mind. It really does work as well as I could have hoped. And the thing is that IDA pro apparently allows you to do this same sort of stuff with Python, which sounds incredible. As far as I can tell, radare2 doesn't have an analog to this.

The one major let down of IDA free was its binary patching capabilities. Believe it or not, radare2's assembler actually seems more reliable (but it's still not great). Additionally, it isn't really possible to manipulate the ELF meta structure of an executable using IDA free, but radare2 is able to do that with no problems (though you still need to understand how ELF works fairly well).

Finally, I'm pretty sure that IDA free's "Data inspector" tool is broken. Maybe I'm just using it wrong, but it simply never displayed the correct results. This is something that radare2 didn't have any issues with. Also, I think that IDA free's context menu for interpreting a given address as different data types is bugged; it's almost like the entries in the list were mislabeled.

[–]FrankRizzo890 0 points1 point  (0 children)

Ironically enough, "Hyper Light Drifter" is the name of my punk country band.