kiwidog's blog - o snap.

VeniceFX Public Beta v3.3b Is Released for End Game Patch!

February 25, 2013 kiwidog 36 comments

Update for VeniceFX v4.0:Hello everyone, I just have a status update about VeniceFX. Everything should be 100% working with most bugs fixed for the 4.x release of VeniceFX which will probably be the last build to be created. In theory VeniceFX 4.x+ should be backwards and forward compatible with any update. But only tested and developed for the latest patch. (End Game 1.0)

Alt-Tab Fix Required – Fixed
Clicking the mouse breaks freecam – Fixed
Random loss of keyboard device – Fixed
Xbox 360 Controller Crash – Fixed
DirectX 11 Tweaks (Wireframe + Shaders) Re-Implemented
Proxy Module is auto-loaded, or injected with the VeniceFXLoader tool
Non-Structural Auto-Updater Created

Welcome everyone again, if you are viewing this page you have seen/been told about the previous version of VeniceFX or the great boost in support for Spectator Mode or Free Flying Camera. Well thanks to all who donated to the project, here is a beta release! Most all of the features have been implemented or planned to be implemented. I want to get this build out there for the people who have been waiting for a long time. Thanks to the people who did intermediate beta testing when new builds were created. Please if there are any issues/bugs that are not already noted, leave me a comment on the post and I will take a look at it. If you crash (which you shouldn’t I haven’t had crashes at all) please let me know what you were doing at the time of the crash.

Please I ask, just read the readme. But if you don’t want to do that, here are some highlights from it.

Changelog for V3.3b:
* Updated for End Game Patch
	- No New Features

VeniceFX v3.3b Beta (March 5-2013 Patch)

Modding, Research and Development Battlefield 3, DICE, EA, FrostEd, Mod Tool

Unlocking Brink’s Console on Xbox 360

January 15, 2013 kiwidog No comments

Brink, one of the newer id Tech games running under the engine idTech4 still keeps to the original roots of the idTech engine. I had a hunch that the console would be easily unlocked with just a keyboard. Well they did better than that to leave a console fully enabled in the game…or did they?

I started to mess around with Brink, reversing the engine and comparing it to the previous idTech games. They are very similar with huge improvements and very good work done by the guys at id software. Just for personal use I wanted to be able to run my console commands just like on the PC version.

The console command that gets pushed through the engine to “show” the console is “com_allowConsole” or “com_allowFullConsole”. With experimenting with this engine, I found out that the button binds are re-loaded from a .cfg file within the files inside of the games archives. I did not to very much research into the game archives, BUT all hope is not lost. If you were to search for the string “com_allowFullConsole” you can find where a cvar list is generated with defaults and pointers to game code to execute similar to Call of Duty (Quake 3 Engine). The engines are similar in the way that they handle cvars.

dogbit.in archives, Research and Development, Xbox 360 none

Call of Duty Series Console Unlocking on All Platforms

January 15, 2013 kiwidog 1 comment

Since Call of Duty 4 was released on PC, I wished that there would be some way or form to enable console for the Xbox 360 and PlayStation 3 platforms. There were findings in the way of removing the RSA Security checks on the executable on both platforms when the appropriate tools were released publicly. Mainly that method was used for cheating, unlocking everything online and changing leaderboard stats. This is not what I wanted to be done. Some cool things did come out of it like a CoDJumper mod and a few other zombie mods but most of the time it was just for “10th Prestige Lobbies” and for cheating.

In early of 2007 Infinity Ward and Activision Released a open public beta of Call of Duty 4 for the masses to play, then pulled the servers after the beta went down. This left a collector that wanted to play the game again unable due to the LIVE servers being taken down and getting signed out of live when they wanted to play.

dogbit.in archives, Playstation 3, Research and Development, Xbox 360 none

Call of Duty: Modern Warfare 2 Debug Output

January 14, 2013 kiwidog No comments

Some patches were created to have all of the debug output that gets suppressed in the retail versions of Call of Duty to get spit out over a custom console. This is just an output that was created. The patch is also included with the debug output. You will need xorloser’s xextool and TheFallen93′s xepatcher tools to compile this patch on to a clean xex. The patches were created by kiwidog (http://allenthinks.com)

Here is the patch.

# ============================================================================
#   Call of Duty Modern Warfare 2 Multiplayer Debug Output Patches by kiwidog
# ============================================================================
		.globl _start
_start:
		.set DisableChecks, 0x821AF044
		.set InstallHook,	0x8227EB58
		.set Hook,			0x820C8390
		.set DbgPrint,		0x8242CCA4
# ============================================================================
#	Hook
# ============================================================================
		.long Hook-0x8000
		.long (9f - 0f) / 4
0:
		mflr	%r23
		mr		%r3, %r4
		li		%r4, 0
8:		bl		DbgPrint-((8b-0b)+Hook)		
		mtlr	%r23
		blr
9:
# ============================================================================
#	Disable RSA/Sha256 Checks
# ============================================================================
		.long DisableChecks-0x8000
		.long (9f - 0f) / 4
0:
		li	%r3,	1
9:
# ============================================================================
#	Install Hook
# ============================================================================
		.long InstallHook-0x8000
		.long (9f - 0f) / 4
0:
		bl		Hook-InstallHook
9:
# ============================================================================
		.long 0xffffffff
		.end
# ============================================================================

Have fun and good luck

dogbit.in archives, Research and Development, Xbox 360 none

A Ghetto C++ Patching Library

December 9, 2012 kiwidog No comments

I noticed that when most people patch their modules that they have some issues, like they will have to precompile all of their works then copy memcpy the precompiled byte array over (with VirtualProtect and other goodies). I was wanting a method that would be a little bit more hackish but would make testing patches easier in the long run. I started messing around with __declspec( naked ) and this is what it got me.

__declspec( naked ) void mPatch()
{
// Insert Assmebly Code Below
__asm
{
// Add Assembly Here
nop;
}

// Do not erase, its for protection
__asm
{
INT 3;
INT 3;
INT 3;
INT 3;
}
}

DWORD calcPatchSize(void* funcBase, DWORD timeoutSize)
{
for (DWORD i = 0; i < timeoutSize; i+=4)
if (*(DWORD*)((DWORD)funcBase + i) == 0xCCCCCCCC)
return i;
return 0;
}

Research and Development none

venicefx – Progress Update 2, 3 & 4

August 24, 2012 kiwidog No comments

As many of you may have seen, I started working with DirectX 11 and Battlefield 3 to create some modified textures etc. Primarily for movie/machinima makers. The project has changed from TeamCanineConfig to venicefx for the updated framework and using quite a few engine features in Frostbite 2. Here are a few videos that show off the features so far.

EDIT: The newest video of VeniceFX is up, it will use everything through console commands. Thanks DICE for re-implementing that

Modding, Research and Development none

Battlefield Bad Company (Frostbite Legacy) File Research

August 6, 2012 kiwidog No comments

I will try to do my best to update this with most of my newest research as I continue on with the project. I plan on making beloved Mod Tools for Bad Company 2. So far we can remove the “safe play area” so you can go exploring outside of the map with no problems. I do think something similar will be done for Battlefield 3 (Frostbite 2 Engine) but you never know. So far from what I can tell most of the files are way different and look just like raw data at a glance. (I will post/talk about my Battlefield 3 Venice Mod Tools at a later date).

It seems like no body has really taken a crack at the game files. Or if they did, its incorrect except for 1 or 2 items, which won’t cut it at all. So far my current tool does not extract all the files that are found inside of the fbrb archive. It extracts the majority of them which is a hell lot more than what I can say for other bms scripts. (~39 Files :: ~10MB of data???? wtf, versus ~348 Files :: ~90MB of Data)

        struct fbrb_header
        {
            public char[] m_magic; // "FbRB"
            public int m_firstFileSize;
        }

        struct fbrb_containerHeader
        {
            public int m_version;
            public int m_fileNameTableSize;
            // String Data Here
            public int m_numFiles;
            // Not part of struct, adding for ease
            public List szItems;
        }

        struct containerHeader_Item
        {
            public int m_fileNameOffset;
            public int m_fileFlags;
            public int m_fileDataOffset; // Inside Data Container
            public int m_fileDataSize; // Inside Data Container
            public int m_fileDataSize_1; // Unknown
            public int m_fileTypeOffset; // Read As String to Figure out what kind
            // Not part of struct, adding for ease
            public string szFileType;
            public string szFileName;
        }

Thats all for now folks.

Modding, Research and Development none

Breeze – Halo 2 Rank System Update 2, 3, & 4

July 4, 2012 kiwidog No comments

Thanks to many people that have helped me out along the way with either the database work, online server work, and random bugs that occur in Halo 2 and C++ in general. I finally got a build of breeze working that will fetch the rank off of a server and continue to run. After a few bug fixes are implemented and some configurations can be made there will be a private release of Breeze to a select few server administrators. You as the client need to do nothing but join a Breeze Enabled server and just play normally. You will not need any modifications to your game in any way. There will be a few patches made available for the mainmenu to re-align the rank symbols and other various fixes, but as the video below shows it will run on a vanilla Halo 2 Vista.

Modding, Research and Development none

TeamCanineConfig – Battlefield 3 Movie Config

March 22, 2012 kiwidog No comments

So far, this is a work in progress. Thanks to fatboy88 from uc-forum for helping me along with the reversing even though I am currently reversing from a laptop that can barely run Battlefield 3. I want a beta of this to be available for the public when BattleRecorder drops for Batlefield 3. This will give you Wireframe mode, Anti-Aliasing tweaks and some of the color correction issues that you can do with the FXAA Injector. I will have more later, but for now here is some screenshots.

Modding, Research and Development none

Modern Warfare 3 [PC] – Alternative Console Released

February 25, 2012 kiwidog 16 comments

Someone gifted me Modern Warfare 3 and wanted me to make some modifications to it. Primarily enabling the console which I wanted to do for previous Call of Duty games anyway. I always wanted to re-create the Call of Duty console using a few Direct X hooks and Keyboard hooks. Lets say I got a very rough beta done for Modern Warfare 3. It has quite a few bugs that need to be worked out but so far it works quite nicely. The few bugs that I have managed to see is…