VARIFY YOUR PASSWORD
okay this is really weird. The game stores user-created fashion designs as highly compressed jpeg.
Kinda. See, it actually stores them TWICE. And it defaults to the jpeg version, but as soon as you modify the texture again, it regenerates them.
but if I hit the edit button, it's back to the original version.
Strange decision. It means if you load a saved game, all your clothing has JPEG artifacts until you edit it again
now I want to design an outfit by making an image, jpeg compressing it a lot, then scaling it up with nearest-neighbor scaling. a walking jpeg glitch
as a reverse engineer, there is nothing I love more than seeing this:
int ivar3 = FUN_2980348();
if(ivar3!=0){
abort_with_message("R0SystemInit failed!");
}
you might as well just give me the symbols at that point
Fun fact: You can alter the game resolution using the undocumented ini settings. This works great in the 3D segments
It works less great on the 2D screens
oh my god
when you go into the edit screen, it loads 12 patterns.
all 12 are named "Pattern01.tga"
that's for the 12 plain-color cloth textures.
The next page has 12 more colorful patterns, plaids and such.
You'll never guess what filename those 12 have
then they've got 10 digits, 26 letters, and 8 sporty icons. 44 in total.
You'll never guess what filenames those 44 images have
oh hey I see now why they have the debug_mode global boolean turned off.
this game is spewing CONSTANT error messages.
"PR: (ERROR) PR_SelectTexture Parameter 1 is out of range (0 to 228). Value was -4"
I'm not sure why this error message is being generated (though I have a guess and it involves this untextured desk stand) but it's coming out at least once per frame
so they load 68 files named Patterns01.tga when you click the desk, but the function PR_LoadTGA is never called?
suspicious.
I'll set a breakpoint on PR_LoadPRO (the proprietary file format for this engine), PR_LoadPNG (a sensible choice), PR_LoadBMP (it's a windows game, so maybe).
PR_LoadPCX and PR_LoadLBM... yeah let's not bother.
I think they did finally figure out an engine name, based on these function names.
It's "R0"
Hey, it's something, I guess.
It's got a feature to upload your designs to the barbie website, and I think it internally calls all user uploads "Girl_One_Cheezy_Fashion"
__stdcall my beloved. best x86 calling convention ever.
how do we pass arguments? you stick them on the stack, right to left. return values are in EAX.
it's so fucking simple I love it
I was wrong on both counts! I netcatted it, and it turns out "Girl_One_Cheezy_Fashion" is indeed the filename, and the bfs~^abcdefg~^ is the "bfs_authenticate".
I hacked the EXE to upload to localhost. The game originally pointed at vvjpgxfr.barbie.com, which is a domain that doesn't exist anymore and there are no references to it online that I can find
I had to name the game-specific allocation and free functions, and this is a barbie game, so of course they're barbie_malloc and barbie_free.
Every time I see those it makes me smile. Barbie is a C++ programmer now! with barbie_malloc!
yeah the bastard thing is loading "files" named like "E13841F5C_00.PRM", and that string is located in memory at the suspiciously similar location of 0x13949D8C.
these are not files. these are memory!