Team 17 apparently agreed with you that this was overly complicated, because in Worms Armageddon they ripped the whole thing out and replaced it with an IRC server with some HTTP apis
I was honestly wondering if a potential solution is to just patch out some/all of the network code with a more modern implementation, rather than trying to stand up an ancient server list/join protocol
Honestly, that is probably good enough for a simple turn-based game like Worms. There isn't any serious real-time updating required - just push the data to the other client and let the client game "play back" the action as if it were local real time. IRC is grand, as you could just encapsulate game updates as some kind of text-based chat message. On a game like Worms, you don't have to worry half as much about things like keeping physics in sync, client-side prediction, pings and latency management etc.
@@halfbakedproductions7887 Once you're actually in-game it uses a different protocol connecting between players directly, it's the matchmaking server that uses the IRC+HTTP thing.
@@RobotnikPlays Nope. Nathan's method of emulating the original server is the least invasive. Actually it is non-invasive, so no one has to patch a client or juggle some versions around or add some DLL or stuff ... which leads to all sorts of horrors and uncertainties and frustration, as we know from history. I believe you had good intentions, but by adding additional dependencies and excluding the original clients (and with that: time travelers .... hehehehe) you go down the path to the dark side ...:P P.S.: Some of those projects reviving the network capabilities of our old beloved games can take years or over a decade to get into a working state. But who cares? Let's rather pay our respect: F. Well, and at all: That is part of the reverse engineering fun;)
This is some of the most accessible reverse engineering content on RUclips. Thanks! Do you keep any notes while you're doing this work? For me it's essential to have a text doc of discoveries and to rename things/add comments to the decompiled output.
My aim is to try and make things like this approachable, so I’m glad that comes through. My usual approach is to do most of the RE ahead of time and aggressively keep notes, I can then script up a video with a clearer narrative (and cut out most of the bits where I just stare blankly at a debugger hoping for inspiration)
don't just scream into the void! screaming is a great catch all experimental interface method random people ask you to sign up for things on the street? SCREAM computer wont start? maybe SCREAMING fixes it its 2 minutes before clockout and your boss walks in with more work? GUESS WHAT
something that could really use some help is Sonic R, the main version we use from 1997 doesn't have the netcode that shipped with the original release, so the original version for networking just won't run at all, so while the game did support networking at one point, it's not something anyone is working on sadly. this is one of those things where if it could get working again the community im sure would use it.
Marvellous and inspiring. It's fascinating to see problem-solving at this level. I recall only having to produce one pretty simple program in assembly at university - we all had a mortal fear as students, lol. Most of us thought Java was a tough cookie to crack! Your fluidity and mastery blows my mind!
This is a fantastic introduction to reverse engineering, glad RUclips recommended me this - I already know the tools but always love a good reverse engineering story.
I'm not a programmer so I understood close to 0% of what you were doing, but I still loved the video and especially loved how somehow this game is still being played. I'll have to dust off my Worms 2 CD and give it a try!
Awesome stuff. I have fond memories of playing Worms 2. Online, people mention Armageddon or WWP more often, but I always felt that those added too much convoluted stuff.
Best video that finally made RE seem practical and not some black magic! Aside, distance to camera seems decent and moving it back a bit may be even better [the closeup one].
I like this video a lot. As a computer scientist with a specialization in distributed and networked systems, this is very well-explained. For me it would be more interest to see the connections between the output of the "real game" and the ghydra assembly. Maybe you can show the path, how you see the details to follow back the path and the find the values and functions that are important ? :D Thank you
This looks like old fashioned, direct Winsock function calls and everything built from scratch. I can see why that made sense at the time and for this kind of application, but nobody really does that anymore.
just saying that your work wasnt for nothing. i am currently learning about networking and IT in generall and this video really helps to understand the inner workings of a simple multiplayer funktion really good and understandable. also i really like the editing. thanks :)
Wow thanks for bringing back so many good memories, besides this video encourages me to go back to low level tinkering just for fun. I'm eager to watch more content from you about this masterpiece of software.
I'm curious about the function you identify at ~5:40 How did you identify that it takes 2 parameters? Was it purely by looking at the assembly rather than the decomp? And is there a reason you're not renaming and correcting the decomp?
It would probably show the real number of arguments during the actual function decompilation. Ghidra only decompiles a function if it's actually opened. What you see in the video is just a guess based on the passed arguments. To be able to see the real arguments (or rather another guess based on the internals of the function) at calling sites, you need to decompile that function and commit its parameters ('P' by default). If I remember correctly, it's done automatically while renaming a function or its parameters. It's strange he doesn't do it, being able to set comments and types is literally the best feature of tools like Ghidra and IDA
@@bobbyaremyshoes2233 I've used Ghidra myself for a little while when attempting to recover the source code to several functions in an old game (Enemy Nations), so I'm somewhat familiar with Ghidra at a basic level. I had the benefit of source code to work from, which made identifying various functions far easier, but the decomp definitely didn't always get things right. vtables in particular were a nightmare to reconstruct (I never tried automating things or using the header parsing features though). But yeah, it just stuck out as weird to me that there was absolutely no visible use of any of the functionality Ghidra exposes in the video.
Amazing content, superbly presented! I really hope there's more to come :) Have you tried using Ghidra's debugger? I don't have experience with it myself but it might make it easier to debug alongside the decompiled code and all the info you've documented.
title talks about "fixing" but the video seems to be all about discovery, apparently the context for this video is in prior videos, it might be worth mentioning that somewhere
i wonder if this kind of thing is what the Northstar Server and Client team for Titanfall 2 had to do, its interesting to see the gritty details that make it clear why these things are difficult, but still possible.
nostalgia Before this vid: alright im done coding today, was a nice long coding session, but gotta take a break *sees this video*... Hang in there brain
NGL i thought this was going to be about reverse engineering worms as in the malicious software type, used in the spreading of malware on networks. Even though the video is on something else entirely it was still worth the watch :)
What a nice channel, you deserve more subscribers, very nice explanation and very logical to follow, maybe you can show more in detail some bits of the workflow in ghidra ?
Hello. While watching your video i couldn't resist hopping on my disassembler and looking in worms main executable. There is 605 references of "OutputDebugStringA" logging which probably would be useful in your research since i noticed a bunch of DirectPlay debug strings.
Great channel. I've been randomly recommended your Roller Coaster Tycoon video and I can't wait for more content like this. I've dabbled with reverse engineering in the past with Ghidra and x64dbg, it's really interesting seeing how to use them in tandem like you do.
What an underrated channel - Reverse engineering has always been on my bucket list, but I never have the time to discover these things on my own. This content is literally a strong push towards my dreams, thank you!
I have yet to watch the video, but I'm sure it will be a good one. Is Midtown Madness also a childhood game of yours? A lot of the exe has already been reverse engineered (see Open1560). I have been wondering lately how difficult it would be to upgrade some of the network libraries they used back in the day. As currently, it visually appears as though the player's network data is only updated a few times a second.
Although I love worms and your enthusiasm and skillset in resolving Worms 2, I wonder why 2? Why not Worms Armageddon, that to me was the best Worms and only because I hated the damn Magic bullet, it was way to god damn strong. Anyway Worms Armageddon is readily available and works already for newest OS's, so is it nostalgia? or is it just the interest in getting it done, curiosity :)? love your content though.
I haven't finished the video, yet, but did you try editing the function signature of the function that was only showing you one of two arguments being passed?
When you stuck at client not sending anything to server my first thought was that server must send back how many bytes of the next message it will read. This is what SSH does for its channels. But I guess it is not necessary in here since all possible data is structured and expected to be meaningfull.
I'm sure I'm not the only genius to say it...but why didn't you just spin up a couple Windows 95 VMs, install it there, and then start doing packet capture between the two?
You discovered the byte for the flags, that's pretty good. I'd assume it goes from 01 to 10, or longer to maybe X amount of flags so it might end up at like 20 or 30? not sure how many flags there are but, at least you've gotten some progress in. Then you could write a packet-like thing like this: packet { var flag_byte:0x02; type:mumbo jumbo; ... } This might be the way to reply to the response or something like that to ACK (acknowledge that the packet is received via TCP/UDP.
Hi Nathan. If you interested in some old cd / dvd based pc games get in touch. I buy and sell them as part of my business and would be happy to send you a box full over for free to have a play with. Sadly most these days aren’t worth much as the common consumer struggles to get them to run on current windows . Just thought I’d offer and even if most is over my head I enjoy these videos . 😊
Hmm, I've always wanted to get into reversing, but not sure how doable it is for windows games on a freedom loving OS (and how much windows-specific knowledge is required)...
I'm battling to understand how you manage to run two separate processes listening under the same port number, I'm really new to this but I've experienced issues when trying to run services on Linux at least when they share the same port number there's always been an issue.
please make more game reversal hacking videos, and instead of replacing, as a challenge, find the way the game engine adds gameobjects into the game and add your own custom gameobjects into the scene and as a additional challenge, make your own gameobject do stuff.
Team 17 apparently agreed with you that this was overly complicated, because in Worms Armageddon they ripped the whole thing out and replaced it with an IRC server with some HTTP apis
I was honestly wondering if a potential solution is to just patch out some/all of the network code with a more modern implementation, rather than trying to stand up an ancient server list/join protocol
Honestly, that is probably good enough for a simple turn-based game like Worms. There isn't any serious real-time updating required - just push the data to the other client and let the client game "play back" the action as if it were local real time. IRC is grand, as you could just encapsulate game updates as some kind of text-based chat message.
On a game like Worms, you don't have to worry half as much about things like keeping physics in sync, client-side prediction, pings and latency management etc.
@@halfbakedproductions7887 Once you're actually in-game it uses a different protocol connecting between players directly, it's the matchmaking server that uses the IRC+HTTP thing.
@@RobotnikPlays Nope. Nathan's method of emulating the original server is the least invasive. Actually it is non-invasive, so no one has to patch a client or juggle some versions around or add some DLL or stuff ... which leads to all sorts of horrors and uncertainties and frustration, as we know from history.
I believe you had good intentions, but by adding additional dependencies and excluding the original clients (and with that: time travelers .... hehehehe) you go down the path to the dark side ...:P
P.S.: Some of those projects reviving the network capabilities of our old beloved games can take years or over a decade to get into a working state. But who cares? Let's rather pay our respect: F. Well, and at all: That is part of the reverse engineering fun;)
This is some of the most accessible reverse engineering content on RUclips. Thanks! Do you keep any notes while you're doing this work? For me it's essential to have a text doc of discoveries and to rename things/add comments to the decompiled output.
My aim is to try and make things like this approachable, so I’m glad that comes through.
My usual approach is to do most of the RE ahead of time and aggressively keep notes, I can then script up a video with a clearer narrative (and cut out most of the bits where I just stare blankly at a debugger hoping for inspiration)
@@nathanbaggs I am sure that there are people who would appreciate more advanced content and longer videos
Dude you’ve got a knack for this type of content. I could watch these all day. Please make more!
11k subs is criminally low for how entertaining you make such a frequently frustrating process look. Glad to have stumbled on your channel!
Glad you enjoy it!
oh coach banan is also interested in comp sci? and yeah if he just keeps up this quality at least a 100k is to be expected, truly outstanding content
Sitting on 14k now, this channel could be huge
3:50, finally my go-to solution of screaming into the void has been validated
Sometimes that’s all you can do
When you scream into the void, the void screams back at you
don't just scream into the void! screaming is a great catch all experimental interface method
random people ask you to sign up for things on the street? SCREAM
computer wont start? maybe SCREAMING fixes it
its 2 minutes before clockout and your boss walks in with more work? GUESS WHAT
something that could really use some help is Sonic R, the main version we use from 1997 doesn't have the netcode that shipped with the original release, so the original version for networking just won't run at all, so while the game did support networking at one point, it's not something anyone is working on sadly. this is one of those things where if it could get working again the community im sure would use it.
Please continue making this kind of videos, your work is truly amazing
Marvellous and inspiring. It's fascinating to see problem-solving at this level. I recall only having to produce one pretty simple program in assembly at university - we all had a mortal fear as students, lol. Most of us thought Java was a tough cookie to crack! Your fluidity and mastery blows my mind!
This is a fantastic introduction to reverse engineering, glad RUclips recommended me this - I already know the tools but always love a good reverse engineering story.
I'm not a programmer so I understood close to 0% of what you were doing, but I still loved the video and especially loved how somehow this game is still being played. I'll have to dust off my Worms 2 CD and give it a try!
Awesome stuff. I have fond memories of playing Worms 2.
Online, people mention Armageddon or WWP more often, but I always felt that those added too much convoluted stuff.
This is incredible content. Keep making videos like these!
Will do!
Best video that finally made RE seem practical and not some black magic! Aside, distance to camera seems decent and moving it back a bit may be even better [the closeup one].
I watched the first part yesterday, so glad that the algorithm blessed me with the fresh upload! Keep up the good work mate
Met too! RUclips at it's best
i'm in a similar process with a game that closed more than a decade ago called Infinity online, thanks for all those precious informations
I like this video a lot. As a computer scientist with a specialization in distributed and networked systems, this is very well-explained. For me it would be more interest to see the connections between the output of the "real game" and the ghydra assembly. Maybe you can show the path, how you see the details to follow back the path and the find the values and functions that are important ? :D
Thank you
stare at bytes and divine some meaning from them sounds like a good job title
Mate, this is unreal. I've learnt so much. Thanks heaps for making it. I glad it's you and not me though, looks pretty tricky.
This looks like old fashioned, direct Winsock function calls and everything built from scratch. I can see why that made sense at the time and for this kind of application, but nobody really does that anymore.
Kinda sucks that your journey on this project is over, but it is nice that it was finished at least
just saying that your work wasnt for nothing. i am currently learning about networking and IT in generall and this video really helps to understand the inner workings of a simple multiplayer funktion really good and understandable. also i really like the editing. thanks :)
I would absolutely love if you could fix lego rock raiders. Such a nostalgic game that I cannot get to work for the life of me.
This is a really really interesting project, thank you for going through the process and showing it to us :O
Watching this brings back very old memories
Wow thanks for bringing back so many good memories, besides this video encourages me to go back to low level tinkering just for fun. I'm eager to watch more content from you about this masterpiece of software.
I'm curious about the function you identify at ~5:40 How did you identify that it takes 2 parameters? Was it purely by looking at the assembly rather than the decomp? And is there a reason you're not renaming and correcting the decomp?
The decompilation of the function showed two args, I think I might have cut that out to zoom into the actual code
He use IDA decompiler instead Hydra 🤣
It would probably show the real number of arguments during the actual function decompilation. Ghidra only decompiles a function if it's actually opened. What you see in the video is just a guess based on the passed arguments. To be able to see the real arguments (or rather another guess based on the internals of the function) at calling sites, you need to decompile that function and commit its parameters ('P' by default). If I remember correctly, it's done automatically while renaming a function or its parameters. It's strange he doesn't do it, being able to set comments and types is literally the best feature of tools like Ghidra and IDA
@@bobbyaremyshoes2233 I've used Ghidra myself for a little while when attempting to recover the source code to several functions in an old game (Enemy Nations), so I'm somewhat familiar with Ghidra at a basic level. I had the benefit of source code to work from, which made identifying various functions far easier, but the decomp definitely didn't always get things right. vtables in particular were a nightmare to reconstruct (I never tried automating things or using the header parsing features though).
But yeah, it just stuck out as weird to me that there was absolutely no visible use of any of the functionality Ghidra exposes in the video.
The thought of yelling at something to potentially get an answer is hilarious
"We can't just stare at these bytes and try to divine some meaning from them.."
Rofl. This was probably funnier than it was supposed to be 😂😂
oh the memories... in our local computer club, we had a worms 2 Lan tournament. i made 2nd place. won a copy of quake. :D
This video really makes me want to finally dive into the code of one of my old favorite now delisted/offline titles of Spartacus Legends...
Awesome, a really cool idea for a video. I can't wait to watch it all when I get a minute o.o
Amazing content, superbly presented! I really hope there's more to come :)
Have you tried using Ghidra's debugger? I don't have experience with it myself but it might make it easier to debug alongside the decompiled code and all the info you've documented.
Not yet, just been sticking to what I know. I also think it provides a bit of visual variety in the video
It is a lot of FUN with all those FUNctions.
title talks about "fixing" but the video seems to be all about discovery, apparently the context for this video is in prior videos, it might be worth mentioning that somewhere
i wonder if this kind of thing is what the Northstar Server and Client team for Titanfall 2 had to do, its interesting to see the gritty details that make it clear why these things are difficult, but still possible.
This is unreal stuff mate, just seen the first part recently too! Subbed for sure
Thanks!
No this is Worms, not Unreal 😆
@@KingMoronProductions any more of this and I'm unsubbing! 😂
nostalgia
Before this vid: alright im done coding today, was a nice long coding session, but gotta take a break
*sees this video*...
Hang in there brain
NGL i thought this was going to be about reverse engineering worms as in the malicious software type, used in the spreading of malware on networks. Even though the video is on something else entirely it was still worth the watch :)
Wonderfully enjoyable content for a programming novice like myself!
Just for digging this old gem up you get a 👍
This channel is a true gem.
What a nice channel, you deserve more subscribers, very nice explanation and very logical to follow, maybe you can show more in detail some bits of the workflow in ghidra ?
Hello. While watching your video i couldn't resist hopping on my disassembler and looking in worms main executable. There is 605 references of "OutputDebugStringA" logging which probably would be useful in your research since i noticed a bunch of DirectPlay debug strings.
Great channel. I've been randomly recommended your Roller Coaster Tycoon video and I can't wait for more content like this.
I've dabbled with reverse engineering in the past with Ghidra and x64dbg, it's really interesting seeing how to use them in tandem like you do.
It's baffling to me that you only have 18K subscribers!
Epic. Finally some interesting content on the tube. Thanks for this.
I have to say this is basic stuff but it's very interesting
oh SHIT he actually did it
Did what?
(:
Brilliant video. I love your process and your explanations are really good too
Oh its a good day when Nathan posts ❤️
Thx for letting us in your brain and way of thinking. You are true ninja.
That's fascinating and impressive.
Loved it, thank you for the follow-up!
It was interesting to watch, thanks!
Absolutely great content. I've never seen one presenting how to reverse engineer code on RUclips with so much detail. Subbed!
A wizard in action. Thank you for the interesting content.
Mega interesting! Looking forward to watching more. Thank you algorithm.
Subbed. This video was great!
how long have you been doing this stuff? it's so cool (sorry i don't understand this stuff so i don't know how to verbalize it)
Ive been doing forward and reverse engineering for about a decade
Very informative! Thanks for the video.
I used to play this game all the time when I was a kid. 😎
Love the content, keep it up
What an underrated channel - Reverse engineering has always been on my bucket list, but I never have the time to discover these things on my own. This content is literally a strong push towards my dreams, thank you!
Your content is marvelous
I have yet to watch the video, but I'm sure it will be a good one. Is Midtown Madness also a childhood game of yours? A lot of the exe has already been reverse engineered (see Open1560). I have been wondering lately how difficult it would be to upgrade some of the network libraries they used back in the day. As currently, it visually appears as though the player's network data is only updated a few times a second.
I relate to how he looks at the end when he turns off his camera. No explanation. Deal with it.
That was an accident (: just didn’t want to rerender the whole thing to cut a second off the end
Although I love worms and your enthusiasm and skillset in resolving Worms 2, I wonder why 2? Why not Worms Armageddon, that to me was the best Worms and only because I hated the damn Magic bullet, it was way to god damn strong. Anyway Worms Armageddon is readily available and works already for newest OS's, so is it nostalgia? or is it just the interest in getting it done, curiosity :)? love your content though.
Armageddon's servers are still alive, in this case it's nostalgia
Really great work! Both the hacking & the video.
well, it's possible to create OnlineServer for marioKart8 on switch - for play without subscription?=)
I haven't finished the video, yet, but did you try editing the function signature of the function that was only showing you one of two arguments being passed?
Nah I just powered through (:
Is it local network multiplayer? Have you tried spinning up two instances and watching how they talk to each other?
I want more videos about RE worms 2!
thank you kindly for interesting video
Please do not stop making these videos, they are great! You will definetly get the attention you deserve 👍🏼
When you stuck at client not sending anything to server my first thought was that server must send back how many bytes of the next message it will read. This is what SSH does for its channels. But I guess it is not necessary in here since all possible data is structured and expected to be meaningfull.
Very interesting!
Wonderful stuff!
Keep it up. Great content
If you want to have a poor round of worms 2 let me know!
Bought this game for my stepson. His brother wouldnt let him play the playstation so Ihad to give hime something that was his to play.
I'm sure I'm not the only genius to say it...but why didn't you just spin up a couple Windows 95 VMs, install it there, and then start doing packet capture between the two?
okay you gotta be a new channel, cuz there is no way you only have 12k subs
You discovered the byte for the flags, that's pretty good. I'd assume it goes from 01 to 10, or longer to maybe X amount of flags so it might end up at like 20 or 30? not sure how many flags there are but, at least you've gotten some progress in. Then you could write a packet-like thing like this:
packet {
var flag_byte:0x02;
type:mumbo jumbo;
...
}
This might be the way to reply to the response or something like that to ACK (acknowledge that the packet is received via TCP/UDP.
Do you have any recommended resources, for example books or websites, to learn reverse engineering?
The first multiplayer game we got to work was 688 Attach Sub
Hi Nathan. If you interested in some old cd / dvd based pc games get in touch. I buy and sell them as part of my business and would be happy to send you a box full over for free to have a play with. Sadly most these days aren’t worth much as the common consumer struggles to get them to run on current windows . Just thought I’d offer and even if most is over my head I enjoy these videos . 😊
Is it possible to do this for a game which has SSL cert inside it for networking ? (server-client).
So how is the discord community playing the network version? Have they all hacked the app too?
Hmm, I've always wanted to get into reversing, but not sure how doable it is for windows games on a freedom loving OS (and how much windows-specific knowledge is required)...
I don’t understanding one fucking thing but great video
nice work
Are you able to fix the de sync on cities in motion 2?
This is very cool, though O != 0 ;)
I believe you meant 20 thousand (20s) at 5:22
Good spot (:
This. 🔥
What is geedra?
I'm battling to understand how you manage to run two separate processes listening under the same port number, I'm really new to this but I've experienced issues when trying to run services on Linux at least when they share the same port number there's always been an issue.
The server is listening on that port and the client is connecting to it, so there’s no conflict
@@nathanbaggs but what about the python script, how is that able to process the traffic as well?
or is the python script acting as the server.
Yes the python script is the server
please make more game reversal hacking videos, and instead of replacing, as a challenge, find the way the game engine adds gameobjects into the game and add your own custom gameobjects into the scene and as a additional challenge, make your own gameobject do stuff.
5:45 can you explain how you know it has 2 parameters?
I could see from the dissemblly of the function itself, sorry for not making that clear
When will Cyberpunk get multiplayer