Hi All. I'm new to the PSPDev community, but I've been taking a look at the WipeOut Pure wad files, and hoepfully my observations may be of use.
All the WipeOut Pure data is held in .wad files, which are just a bunch of files concatenated without any compression / encryption (much like the original Doom .wad files of old!).
There are a few main .wad files containing the tracks, graphics and music, and a seperate .wad file for each of the ships.
What is interesting is that a lot of the data files are XML, which makes understanding them very easy. The ship .wad files each contain 3 other files, the first of which is an XML file containing the ship profile for each league.
The other two files also appear to be archive files, containing vector / texture data for the ship.
Each of the files in the .wad doesn't have a filename, but does have a 32-bit id. At first I thought this is a CRC, but it seems likely that it is instead a filename hash, kind of like a 32 bit MD5.
Anyway, the interesting things that might come out of this:
1. Since WipeOut Pure allows additional ships to be loaded from the memory card, it is possible that the other data files could be loaded also. That would open up scope for custom music (the existing ones are just ac3 files, as far as I can tell), custom textures and even custom tracks.
2. There is already an additional ship/track/theme downloadable data file available for the Japanese version, which has an encrypted .wad file. Since it is likely that the downloadable .wad and internal .wad files are the same format, it could be a way to work out how the downloadable .wad has been encrypted.
I'm happy to post the source to the dump tool if it's not against the rules of the forum. I won't provide dumps of any of the .wad files though, so don't ask!
Cheers,
GoatSucker
WipeOut Pure wad dump
-
GoatSucker
- Posts: 6
- Joined: Sun May 08, 2005 1:49 am
Ok. Code is attached. BTW, I can confirm that the 32-bit id is a filename hash. There are several data files that appear in more than one .wad file with the same hash, which leads to the idea that any file could be patched from the memory stick.
It should be easy to understand the .wad file structure from the code below.
I'd be interested in any links that may help with being able to decrypt the downloadable .wad files, as this may help with being able to decrypt general memory stick files.
Anyway, enjoy.
It should be easy to understand the .wad file structure from the code below.
I'd be interested in any links that may help with being able to decrypt the downloadable .wad files, as this may help with being able to decrypt general memory stick files.
Anyway, enjoy.
Code: Select all
// wpdump.cpp
//
#include "stdafx.h"
#include <stdlib.h>
struct fileInfo
{
int name;
int start;
int length;
int length2;
};
void DumpFile(char* aFile) {
printf("Dumping:");
printf(aFile);
printf("\n");
FILE* f = fopen(aFile, "r+b");
if (f == NULL) {
printf("Cannot open file\n");
return;
}
int value;
fread(&value, 4, 1, f);
printf("Version = %d\n", value);
int files;
fread(&files, 4, 1, f);
printf("Files = %d\n", files);
fileInfo* fiArray = (fileInfo*)malloc(files * sizeof fileInfo);
fileInfo* fiPtr = fiArray;
for (int i=0; i<files; i++)
{
fread(&(fiPtr->name), 4, 1, f);
fread(&(fiPtr->start), 4, 1, f);
fread(&(fiPtr->length), 4, 1, f);
fread(&(fiPtr->length2), 4, 1, f);
fiPtr++;
}
fiPtr = fiArray;
for (int j=0; j<files; j++)
{
printf("%03d / %03d : 0x%x : Size: %d ", j+1, files, fiPtr->name, fiPtr->length);
fseek(f, fiPtr->start, SEEK_SET);
char* buffer = (char*)malloc(fiPtr->length);
fread(buffer, fiPtr->length, 1, f);
int isXml = 0;
if (fiPtr->length > 5)
{
if (buffer[0] == '<' && buffer[1] == '?' && buffer[2] == 'x' && buffer[3] == 'm' && buffer[4] == 'l')
{
isXml = 1;
}
}
char name[256];
if (isXml) {
sprintf(name,"%03d.%x.xml", j+1, fiPtr->name);
}
else {
sprintf(name,"%03d.%x.dat", j+1, fiPtr->name);
}
printf("Writing:");
printf(name);
printf("\n");
FILE* out = fopen(name, "w+b");
if (out)
{
fwrite(buffer, fiPtr->length, 1, out);
fclose(out);
}
delete buffer;
fiPtr++;
}
delete fiArray;
fclose(f);
}
int main(int argc, char* argv[])
{
printf("WPDUMP [GoatSucker]\n");
if (argc != 2) {
printf("No file specified\n");
return 0;
}
DumpFile(argv[1]);
return 0;
}
-
GoatSucker
- Posts: 6
- Joined: Sun May 08, 2005 1:49 am
How do I compile it? I ran it through gcc, but it spit out an error.GoatSucker wrote:kagaku - The tool I posted will automatically extract all the files from the given .wad. It doesn't rename the files to ac3 yet, but that should be an easy mod.
Code: Select all
kagaku@tomiko psp $ make wpdump
g++ wpdump.cpp -o wpdump
wpdump.cpp:4:20: stdafx.h: No such file or directory
wpdump.cpp: In function `void DumpFile(char*)':
wpdump.cpp:17: error: `printf' undeclared (first use this function)
wpdump.cpp:17: error: (Each undeclared identifier is reported only once for
each function it appears in.)
wpdump.cpp:21: error: `FILE' undeclared (first use this function)
wpdump.cpp:21: error: `f' undeclared (first use this function)
wpdump.cpp:21: error: `fopen' undeclared (first use this function)
wpdump.cpp:28: error: `fread' undeclared (first use this function)
wpdump.cpp:34: error: parse error before `)' token
wpdump.cpp:53: error: `SEEK_SET' undeclared (first use this function)
wpdump.cpp:53: error: `fseek' undeclared (first use this function)
wpdump.cpp:67: error: `sprintf' undeclared (first use this function)
wpdump.cpp:77: error: `out' undeclared (first use this function)
wpdump.cpp:80: error: `fwrite' undeclared (first use this function)
wpdump.cpp:81: error: `fclose' undeclared (first use this function)
wpdump.cpp: In function `int main(int, char**)':
wpdump.cpp:96: error: `printf' undeclared (first use this function)
wpdump.cpp:103:2: warning: no newline at end of file
make: *** [wpdump] Error 1
kagaku@tomiko psp $-
allthatinny
- Posts: 24
- Joined: Fri May 06, 2005 5:59 pm
if you guys looking for a wad dumper i found one at psphacks.net here is the link http://www.psphacks.net/forums/viewtopic.php?t=757
-
GoatSucker
- Posts: 6
- Joined: Sun May 08, 2005 1:49 am
Sorry - should have said the code was for MSDev, but it should work on gcc by changing the header to stdio.h. Haven't verified that myself, though.
Didn't know about the existing tools, but thanks for pointing them out.
Now I just need a tool to make new encrypted wad's for the memory stick - any pointers?
Didn't know about the existing tools, but thanks for pointing them out.
Now I just need a tool to make new encrypted wad's for the memory stick - any pointers?
Wrong.... it's an automatic .h file generated by msvc for the project...Orion_ wrote:stdafx is a windows header
replace stdafx with stdio for FILE things
pixel: A mischievous magical spirit associated with screen displays. The computer industry has frequently borrowed from mythology. Witness the sprites in computer graphics, the demons in artificial intelligence and the trolls in the marketing department.
I've been looking at them. Their codec type is 0xFFFF, which means it's something specific to Wipeout Pure, but the rest of the header seems to match the AT3 files that go along with saved games and whatnot. I tried patching the codec type to 0xFEFF (atrac3plus, same as the AT3 files) and then copying it over one of the SND0.AT3 files from a saved game, but it didn't work.
They may have the 'RIFF WAVEfmt' header, but the actual header info is completely weird.
Bits per sample is 0, so it won't render, and it has 34 bytes extra after the header.
Normally fffe means it is uncompressed, just has more than 2 channels or more than 16bits per sample, but in this case this means something else. - or thats what I am led to understand.
On a side note 'all' the 383KB files (146 in total) are *.TGA and can be openned in photoshop or any other 'art' application, some really nice images in that lot to :D
Bits per sample is 0, so it won't render, and it has 34 bytes extra after the header.
Normally fffe means it is uncompressed, just has more than 2 channels or more than 16bits per sample, but in this case this means something else. - or thats what I am led to understand.
On a side note 'all' the 383KB files (146 in total) are *.TGA and can be openned in photoshop or any other 'art' application, some really nice images in that lot to :D
-
GoatSucker
- Posts: 6
- Joined: Sun May 08, 2005 1:49 am
Ok - trying to steer this back, I've noticed that some of the files in the data.wad file are ELF binaries.
This leads to a couple of things that could help homebrew:
1. If a way can be found to patch .wad files from the memory stick (and this is certainly possible to an extent with the already available download - albeit in an encrypted form) then maybe the ELF files could be patched to run homebrew code instead. That is assuming that the ELF files in the data.wad are actually used, and not there by mistake.
2. The ELF files appear to be very similar to the .prx files, except they are unencrypted. There are lots of plaintext comments about MPEG, HTTP and crypto stuff. There loads of crypto stuff referenced in 197.dc55e1dd.elf, produced by the code below.
Anyway, hope this might be useful to someone. I've attached the latest code below. Note that the sysp, vex and sblk files are just attempts to name the files based on the contents - the contents are still unknown.
This leads to a couple of things that could help homebrew:
1. If a way can be found to patch .wad files from the memory stick (and this is certainly possible to an extent with the already available download - albeit in an encrypted form) then maybe the ELF files could be patched to run homebrew code instead. That is assuming that the ELF files in the data.wad are actually used, and not there by mistake.
2. The ELF files appear to be very similar to the .prx files, except they are unencrypted. There are lots of plaintext comments about MPEG, HTTP and crypto stuff. There loads of crypto stuff referenced in 197.dc55e1dd.elf, produced by the code below.
Anyway, hope this might be useful to someone. I've attached the latest code below. Note that the sysp, vex and sblk files are just attempts to name the files based on the contents - the contents are still unknown.
Code: Select all
// wpdump.cpp
//
#include "stdafx.h"
#include <stdlib.h>
#include <string.h>
struct fileInfo
{
int name;
int start;
int length;
int length2;
};
int isFileType(char* aBuffer, char* aID)
{
int length = strlen(aID);
int cnt = 0;
for (int i=0; i<length; i++) {
if (aBuffer[i] == aID[i]) {
cnt++;
}
}
if (cnt == length) {
return 1;
}
return 0;
}
void DumpFile(char* aFile) {
printf("Dumping:");
printf(aFile);
printf("\n");
FILE* f = fopen(aFile, "r+b");
if (f == NULL) {
printf("Cannot open file\n");
return;
}
int value;
fread(&value, 4, 1, f);
printf("Version = %d\n", value);
int files;
fread(&files, 4, 1, f);
printf("Files = %d\n", files);
fileInfo* fiArray = (fileInfo*)malloc(files * sizeof fileInfo);
fileInfo* fiPtr = fiArray;
for (int i=0; i<files; i++)
{
fread(&(fiPtr->name), 4, 1, f);
fread(&(fiPtr->start), 4, 1, f);
fread(&(fiPtr->length), 4, 1, f);
fread(&(fiPtr->length2), 4, 1, f);
fiPtr++;
}
fiPtr = fiArray;
for (int j=0; j<files; j++)
{
printf("%03d / %03d : 0x%x : Size: %d ", j+1, files, fiPtr->name, fiPtr->length);
fseek(f, fiPtr->start, SEEK_SET);
char* buffer = (char*)malloc(fiPtr->length);
fread(buffer, fiPtr->length, 1, f);
char ext[16];
if (isFileType(buffer, "<?xml")) {
strcpy(ext, "xml");
}
else if (isFileType(buffer+2, "<?xml")) {
strcpy(ext, "xml");
}
else if (isFileType(buffer+fiPtr->length-18, "TRUEVISION")) {
strcpy(ext, "tga");
}
else if (isFileType(buffer, "PSMF")) {
strcpy(ext, "pmf");
}
else if (isFileType(buffer, "RIFF")) {
strcpy(ext, "ac3");
}
else if (isFileType(buffer, "SYSP")) {
strcpy(ext, "sysp");
}
else if (isFileType(buffer+1, "ELF")) {
strcpy(ext, "elf");
}
else if (isFileType(buffer+12, "VEXX")) {
strcpy(ext, "vex");
}
else if (isFileType(buffer+24, "SBlk")) {
strcpy(ext, "sblk");
}
else {
strcpy(ext, "dat");
}
char name[256];
sprintf(name,"%03d.%x.%s", j+1, fiPtr->name, ext);
printf("Writing:");
printf(name);
printf("\n");
FILE* out = fopen(name, "w+b");
if (out)
{
fwrite(buffer, fiPtr->length, 1, out);
fclose(out);
}
delete buffer;
fiPtr++;
}
delete fiArray;
fclose(f);
}
int main(int argc, char* argv[])
{
printf("WPDUMP [GoatSucker]\n");
if (argc != 2) {
printf("No file specified\n");
return 0;
}
DumpFile(argv[1]);
return 0;
}
-
GoatSucker
- Posts: 6
- Joined: Sun May 08, 2005 1:49 am
Probably of no help at all, but I attended a lecture at GDCE by the lead programmer of wipeout pure...
He said that the the downloads were encrypted and I also remember that the "vexx" file you mentioned is the file that contains the track data. He demonstrated designing a simple track in Maya, exporting it using their custom plugin and then running it on a PSP emulator on his laptop.
He said that the the downloads were encrypted and I also remember that the "vexx" file you mentioned is the file that contains the track data. He demonstrated designing a simple track in Maya, exporting it using their custom plugin and then running it on a PSP emulator on his laptop.