Rendered at 09:04:25 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
OsrsNeedsf2P 6 hours ago [-]
Dumb question about reverse engineering binaries: is there a way to only do it piecemeal? I'm eventually waiting for LLMs and harnesses to get good enough to reverse engineer BFME (old Lord of the Rings game that still has an active modding community), but it's a multi GB sized game that would have to be done in bite-sized pieces.
Basically; can you reverse engineer in bite sized pieces, and recompile/customize their behavior, without needing to do it all at once?
jonhohle 6 hours ago [-]
Most decomp projects (that I know of) are Ship of Theseus style projects where the minimum unit is a function, give or take alignment requirements and quirks of the compiler. On the MIPS side, tools like Splat and SPIM can help identify function and even source file boundaries, generate inline ASM C files[0], and write linker scripts to build a matching binary. You can then go through and replace the ASM functions one at a time until you just have C left.
Interesting when you mention Ship of Theseus, I never thought of that but I wonder if that is where the name “Ship of Harkinian” comes from?
paavohtl 2 hours ago [-]
Yes, quite easily. It requires some setup, but the basic idea is that you create a DLL and a simple loader program which injects it into your target process. You can then use a hooking library like MinHook to replace individual functions with your own implementations. If the target application is in C++, you can additionally do vtable hooking and replace functions even easier (though it will always be a combination of the two techniques).
charcircuit 4 hours ago [-]
Have you tried? I've haven't tried anything huge but I've had LLMs decompile SNES ROMs for me.
Retr0id 7 hours ago [-]
I'd love it if there was some way to contribute to ongoing game decompilation projects, with a similarly streamlined web interface - it's something I'd be willing to dedicate some brain time to every so often, but setting up the toolchain etc. feels too much like work.
By the way, I was able to "cheat" on the second lesson with
That's what decomp.me is for, when I'm stuck on a function in my own projects I usually set it up on there and link it in the codebase so anyone can pick it up. Sometimes I like to browse the front page and hope I know enough to silently match somebody else's function (usually stays as a hope though...)
jackpriceburns 7 hours ago [-]
decomp.me is also a great tool! The playground section of the site allows you to turn the code into a decomp.me scratch.
I also use the objdiff wasm on the frontend for the assembly diffing. I don't see much point in reinventing the wheel and these tools are already great, so I'll deffo be leaning on them when I can
jackpriceburns 7 hours ago [-]
I was thinking of something similar as well, perhaps a section of this site after you've completed the course where we show functions from popular decomp projects that aren't 100% matched, and you can match it. Doing so will magic up a PR or something.. It's a great idea!
As for cheating, the community calls this a fake match. I don't check that the code you submit conforms to what I expect, I only check if the assembly matches. You can do interesting things where you do a series of bit shifts and bit masks, and you can replicate an equality operator `a == b` or a low clamp `x < 0 ? 0 : x`. I'm not sure if I'll lock this down or not, for people who have accounts, I can see their submissions so I think I'll play it by ear and see what happens. If it looks like people are constantly fake matching, I can look at tweaking the lessons or locking it down more
saturn8601 7 hours ago [-]
Damn this is next level. Congratulations on your achievements!
When Fable was around I thought i'd test it by taking an old piece of Windows software from the late 90s/2000s(ModPlug Player) and seeing how well it could convert it to being a native Mac application.
I was blown away at how it got 85% of the way there in one prompt. Things such as writing a PE extractor, recovering the complete skin, menu tree, full accelerator table, all dialogs, and then it delved into the registry value names as well. Some more prompts got it to 99%(I was happy with that and stopped)
I then took an old 1999 DOS demoscene and yet again it did wonderful magic and got me a native mac build.
I dropped everything I was doing and just started going through all these old apps that I couldn't easily enjoy since im on a Mac. It got to the point where I was losing sleep over it(was just so excited).
The fun ended when I was stopped mid-project with the Fable ban. Opus just does not compare and essentially killed all the enthusiasm after the nth failure of it to complete the task.
It made me realize that among the efforts of the RE community, and the emerging capabilities of these frontier models, in the future we could have the possibility living in a renaissance of open computing if we want any software we see on the market to be forever remixed and tailored to our uses and completely open.
I don't know how the business and legal side will deal with this. There needs to be new frameworks and ways of thinking about this stuff.
I'm just happy that hopefully no code will ever be lost to the sands of time ever again.
jackpriceburns 7 hours ago [-]
AI is being used in many retro game decomp projects!
One of the reasons I went down the path of learning decomp myself was because AI had hit a wall. Matching decomp is quite a bit harder than just normal decomp as even simple things like using an if/else instead of a terney actually change the assembly. AI did an amazing job of getting to 95% matches on nearly all functions, but once it got to that tail end, it started to struggle quite a lot and would often just claim "it's impossible". So that's when I pivoted and started learning actual decomp myself so that I could prompt AI better and finish off the star fox adventures decomp!
jonhohle 6 hours ago [-]
I say this every time it comes up, but polluting a decomp project with AI generated code is risky, imho. What makes decomp legal (in the US) is that it’s a creative transformation performed by a human and the resulting copyright of the code that just happens to compile to the same binary is owned by the person doing the decompiling.
USPTO and court precedent is leaning heavily toward LLM output not being transformative on its own, making it mechanical, and no longer fair use and in violation of copyright. This puts a legal gray cloud on a project where most contributors couldn’t defend themselves if a rights holder goes after it, and there’s a high likelihood that they would succeed. On the other hand there’s enough case law protecting human decompilation that even the most litigious game companies don’t go after decomp projects that have historically been done by humans.
(I’m not a lawyer, I’m not your lawyer, this is not legal advice, etc., etc.)
asiekierka 4 hours ago [-]
Does it being a creative transformation rob the derivative work status? Personally, I'd liken the process of decompilation to that of translating a book from one language to another - the copyright on the original work does not become void merely because the process of translation requires extensive creativity.
Nicalis and Take-Two have both gone after decompilation projects, also. In particular, Nicalis has gone after a decompilation of Cave Story, but not a black box reimplementation of the same, while Take-Two ended up suing a decompilation developer (albeit settled out of court). However, in some jurisdictions, even clean reimplementations have failed - see Tetris v. Xio.
(I am not a lawyer either, etc etc, but that's my understanding)
jonhohle 4 hours ago [-]
The RE3 devs were distributing binaries. This is known to be an issue. The source code is theirs, binaries mixed with other copyrighted content is not. They also allegedly violated a EULA, but I haven’t looked closely into that.
CSE2 was distributing binaries as well.
So was SM64 decomp and Nintendo told them to stop, they did and continued to share their source code.
Tetris v. Xio is unrelated to reverse engineering or decompilation.
paavohtl 1 hours ago [-]
> The source code is theirs, binaries mixed with other copyrighted content is not.
Distributing binaries should not matter. If the binary is just compiled from the source code, the binary is just an (non-)infringing as the source code.
> They also allegedly violated a EULA
Meaningless. EULAs are not the law.
charcircuit 3 hours ago [-]
These decomp projects are already violating copyright by distributing the decompiled source code. Using LLMs is less risky than sharing the code.
koala_man 3 hours ago [-]
Matching decomp would require the same compiler and flags as the original game, right? How is that determined?
ducktective 6 hours ago [-]
Before the advent of LLMs, ML was used in upscaling the assets and pre-rendered backgrounds of the first 3 classic Resident Evil games: https://www.reshdp.com
ducktective 6 hours ago [-]
Makes one wonder, why should anyone embark on learning this intricate and time-consuming art of reverse engineering when LLMs are on their way to automate it in seconds...
hsuduebc2 6 hours ago [-]
You can tell this basically about anything software related these days. Yet when human is in the loop, the insight is still needed.
sciencejerk 5 hours ago [-]
I recently heard that Super Mario 64 (N64) modding community reverse engineered the game enough to recreate more-or-less accurate C code that can be compiled in binaries to execute on many popular target architectures.
Have you managed to get beloved games into modifiable C code? Or is it more common to invest a lot of work to document assembly language functions? I know some old assembly but no idea what is involved at a high level. Maybe you explain in your lessons?
Also, how to folks obtain binaries? Presumably unless there is a source code breach or vulnerability, source never gets exposed, is thst correct?
xahrepap 5 hours ago [-]
Mario 64 was byte for byte decompiled to C. It was helped by using the Debug symbols accidentally(?) compiled into the final version of the game.
Otherwise they reference rips of the original game.
jackpriceburns 5 hours ago [-]
Most games will have been written in a higher level language first (like C or C++) and then compiled into assembly. With matching decomp, we write C, compile it to assembly, and see how much it matches the retail assembly. Using this we can write C that we theorise is almost identical to how it would have been written originally.
There are things lost during the compilation process (like comments, function names, etc) these we have to name manually and it's a long process to do! But yes, the goal is to have C at the end and once you have C you can recompile using a different compiler and target any architecture you like
teaearlgraycold 5 hours ago [-]
I suspect LLMs would do a good first pass with function naming.
jackpriceburns 4 hours ago [-]
They do an alright job, but they deffo need human-in-the-loop for the best results. I wrote on my blog about how I wrote an MCP to communicate with the Dolphin emulator. Allows Claude Code to set breakpoints, read the memory, write the memory, etc. It was a super fun way to work with Claude and has made naming functions/structs/fields/etc much easier! https://jpb.dev/blog/dolphin-debugger-mcp/
supaflybanzai 1 hours ago [-]
Is there something similar to learn ARM decompiling?
jackpriceburns 33 minutes ago [-]
I'm not aware of anything that's similar to this for ARM.. but in the future there is certainly room to add this. For now I'm focusing on getting the current set of lessons up to scratch as a lot of them need improvement. Then I think I want to add C++ as a language and allow you to change which version of MWCC you can run
oneshtein 3 hours ago [-]
Dumb question — can LLM be used to reverse-engineer firmware blobs or binary only drivers for Linux, to create open-source drivers, for example, for unsupported smartphones?
LelouBil 2 hours ago [-]
That is already happening for old games, and while they usually run on simpler CPUs than modern ones, I don't see why this couldn't be possible for binary Linux drivers.
The toolchain would also be easier to match, unless they were using some proprietary compiler you can't get your hands on.
Just lookup how they match the toolchain, and find an agent harness to do decompilation.
I wonder if doing this kind of stuff with more recent software will cause more legal problems though. I am not really sure of the legal status of the resulting code.
tudelo 2 hours ago [-]
Most likely, this (reverse engineering) is one of the numerous things these LLM companies target. You can also assume all of the internet has been slurped up in to any frontier model. That doesn't mean what you want will be a one shot prompt though...
jackpriceburns 8 hours ago [-]
The backend is closed source, but it runs all on AWS Lambda/DynamoDB/APIGateway and is written in Rust. Getting the compiler running in a Lambda was an adventure of it's own
rybosome 6 hours ago [-]
I’d be interested in hearing more detail on that. I’m actually surprised you were able to get the compiler, I assumed it would be expensive and proprietary.
soxfox42 4 hours ago [-]
Seems like a cool idea, but I can't even complete the first task. The compiler service seems to be broken, since in both lessons and the playground I just get "Could not write source: No space left on device (os error 28)".
jackpriceburns 4 hours ago [-]
Just deploying a fix for this right now! Didn't expect this to be so popular haha
nosioptar 7 hours ago [-]
This is cool as hell.
On the first lesson, it tells me there's a target on "the right". There isn't anything to the right, I've in clue where to look.
jackpriceburns 7 hours ago [-]
Are you on mobile? You'll need to switch to the code/review tab to see. I think mobile support is a bit funky, I'll look at fixing that as soon as I can!
bottlepalm 4 hours ago [-]
I like decomp, but it makes me nervous. Like how safe is it to decompile a game and publish it to like github with all the symbols, addresses, etc..
charcircuit 4 hours ago [-]
The risk is low assuming you respect a potential take down notice that comes in.
Basically; can you reverse engineer in bite sized pieces, and recompile/customize their behavior, without needing to do it all at once?
0 - for example: https://github.com/Xeeynamo/sotn-decomp/blob/master/src/boss...
By the way, I was able to "cheat" on the second lesson with
I gave up at https://decomp-academy.dev/lesson/workflow-what-matching-mea... when I was presented with a wall of LLM-flavoured textAs for cheating, the community calls this a fake match. I don't check that the code you submit conforms to what I expect, I only check if the assembly matches. You can do interesting things where you do a series of bit shifts and bit masks, and you can replicate an equality operator `a == b` or a low clamp `x < 0 ? 0 : x`. I'm not sure if I'll lock this down or not, for people who have accounts, I can see their submissions so I think I'll play it by ear and see what happens. If it looks like people are constantly fake matching, I can look at tweaking the lessons or locking it down more
When Fable was around I thought i'd test it by taking an old piece of Windows software from the late 90s/2000s(ModPlug Player) and seeing how well it could convert it to being a native Mac application.
I was blown away at how it got 85% of the way there in one prompt. Things such as writing a PE extractor, recovering the complete skin, menu tree, full accelerator table, all dialogs, and then it delved into the registry value names as well. Some more prompts got it to 99%(I was happy with that and stopped)
I then took an old 1999 DOS demoscene and yet again it did wonderful magic and got me a native mac build.
I dropped everything I was doing and just started going through all these old apps that I couldn't easily enjoy since im on a Mac. It got to the point where I was losing sleep over it(was just so excited).
The fun ended when I was stopped mid-project with the Fable ban. Opus just does not compare and essentially killed all the enthusiasm after the nth failure of it to complete the task.
It made me realize that among the efforts of the RE community, and the emerging capabilities of these frontier models, in the future we could have the possibility living in a renaissance of open computing if we want any software we see on the market to be forever remixed and tailored to our uses and completely open.
I don't know how the business and legal side will deal with this. There needs to be new frameworks and ways of thinking about this stuff.
I'm just happy that hopefully no code will ever be lost to the sands of time ever again.
One of the reasons I went down the path of learning decomp myself was because AI had hit a wall. Matching decomp is quite a bit harder than just normal decomp as even simple things like using an if/else instead of a terney actually change the assembly. AI did an amazing job of getting to 95% matches on nearly all functions, but once it got to that tail end, it started to struggle quite a lot and would often just claim "it's impossible". So that's when I pivoted and started learning actual decomp myself so that I could prompt AI better and finish off the star fox adventures decomp!
USPTO and court precedent is leaning heavily toward LLM output not being transformative on its own, making it mechanical, and no longer fair use and in violation of copyright. This puts a legal gray cloud on a project where most contributors couldn’t defend themselves if a rights holder goes after it, and there’s a high likelihood that they would succeed. On the other hand there’s enough case law protecting human decompilation that even the most litigious game companies don’t go after decomp projects that have historically been done by humans.
(I’m not a lawyer, I’m not your lawyer, this is not legal advice, etc., etc.)
Nicalis and Take-Two have both gone after decompilation projects, also. In particular, Nicalis has gone after a decompilation of Cave Story, but not a black box reimplementation of the same, while Take-Two ended up suing a decompilation developer (albeit settled out of court). However, in some jurisdictions, even clean reimplementations have failed - see Tetris v. Xio.
(I am not a lawyer either, etc etc, but that's my understanding)
CSE2 was distributing binaries as well.
So was SM64 decomp and Nintendo told them to stop, they did and continued to share their source code.
Tetris v. Xio is unrelated to reverse engineering or decompilation.
Distributing binaries should not matter. If the binary is just compiled from the source code, the binary is just an (non-)infringing as the source code.
> They also allegedly violated a EULA
Meaningless. EULAs are not the law.
Also, how to folks obtain binaries? Presumably unless there is a source code breach or vulnerability, source never gets exposed, is thst correct?
Otherwise they reference rips of the original game.
The toolchain would also be easier to match, unless they were using some proprietary compiler you can't get your hands on.
Just lookup how they match the toolchain, and find an agent harness to do decompilation.
I wonder if doing this kind of stuff with more recent software will cause more legal problems though. I am not really sure of the legal status of the resulting code.
On the first lesson, it tells me there's a target on "the right". There isn't anything to the right, I've in clue where to look.