I'm currently working on reverse engineering a game so that me and my friends can look through it and edit stuff. I have much experience with modding games, but the issue here is that it looks like the developer of this game in particular uses a proprietary archive format, and then converted it to a .dat file. From the looks of it, they stripped the header from the file so no luck there when I was checking it in hex. What's the best way to go about getting the files out of here? I'm pretty sure it's not encrypted, as when looking at the hex I can see some file names. Any help would be appreciated, I don't mind doing the work if someone could point me in the right direction.
Below I attached the first few lines of the hex, where I'm pretty sure the header was stripped
This game was made for Nintendo by Namco, who worked with a company called Now Production who seem to have mostly made the game (or at least the . They made some other Wii games and are all stored the same way, in their own proprietary archive and then made into a dat file. The file is 700mb for reference. It has all the files for the game, save for the sounds and cutscenes (which I have extracted and they work fine).
Any help appreciated, can supply the file if need be.
I highly recommend a tool like 010 Editor for this, as it provide a really nice way to make a binary template.
But, you want to start by looking where they load file with a debugger. When the file is loaded, look at how they parse the file.
While the file is 700 MB, odds are it's going to be relatively easy to decode. This is due to the nature of file formats. Most of the complexity is in the headers, and then you have Data sections which just include pure data.
So,
Step 1. Set a breakpoint on the Load file system call, and check to see if it loads.
Step 2. Look at what is viewed first by the program. There's a very good change 4442 is part of the file type identifier. A big indicator of this is DB. Programmers are people and like to throw in jokes in code, especially arbitrary magic values like a file format identifier. You can try googling some variation of "44 42 20 20 01 32 42 D9" on the internet and see if someone else has found this.
Step 3. Since "hball_ribbon am_filter force_mulforce force_dir" is plain text. You have a really good indicator. Knowing that C strings are terminated with a NULL, and the only mainstream alternative is a pascal string, you likely know you have 3 strings here.
Step 4. Using the knowledge of the strings. Figure out how the strings are referenced. Most use RVA for the file format addressing. Once you do this, you should have enough strings to start tugging on to reverse most of the format.
Alternatively, try using open source knowledge. Look at an emulator or some other tool that parses Wii files.