Difference between revisions of "Sims 3:0x073FAA07"

Revision as of 13:01, 2 June 2010

Overview

Signed assemblies, encrypted .NET assemblies. They function as the game scripts.

These are the scripts that run when a Sim interacts with an object, or another Sim, or just performs its own inner metabolic processes.

Currently no way is known to get the game to accept piecemeal overrides, so global hacks for a particular assembly as of 6 / 6 / 2009 are having to replace the entire set - meaning that you can only have global hacks for a particular assembly from one creator at a time.

It is possible to create new scripts for new custom objects, however.

For some information about how to import/export scripts in s3pi DemoFE, in a way that you can look at them in Reflector, see [this thread].

There some more in depth technical guidance on how to get your code to be run by the game in [this thread].

Where used

• gameplay.package
• scripts.package
• simcore.package

In addition, scripts can be placed in custom content packages and the game will load them when they are referenced.

Format

Pre-Ambitions (Provided by Rick.)

BYTE Version		// Pre-EP2: 1; EP2+: 2
--if Version >= 2	// (Provided by Grant.)
	DWORD Count
	--repeat Count
		WORD
DWORD checksum_typeid	// 0x2BC4F79F
BYTE[64] checksum_data
WORD block_count
QWORD[block_count]	// decryption table
BYTE[block_count*512]	// encrypted data

(I think the checksum and encryption method are MD5Cng -- PLJ.)

Decryption method

Initialise the decryption seed by scanning the decryption table:

foreach(QWORD q in decryption table) decryption seed += q

Truncate (mask off) the decryption seed to the length of decryption table:

decryption seed = decryption seed & (decryption table Length - 1)

Now process each QWORD in the decryption table. Where an entry has bit 0 set, write 512 zero bytes to the output, otherwise, read 512 bytes into a buffer from the encrypted data and process as follows:

foreach(byte b in buffer)
{
  byte value = b;
  b ^= decryption table[decryption seed];
  decryption seed = (decryption seed + value) % (decryption table Length);
}

Then write out the decrypted buffer.

Encryption Method

To encrypt, reverse the process for decryption. We cannot currently create our own signatures of data, as this requires EA's private key (the signature is created with a private / public key pair). Therefore you must use the fake sign method.

Fake Sign Method

Fake signed assemblies require a special hack that disables the validation of signed assemblies, d3dx9_31.dll.

• Download d3dx9_31.dll.
• Place in Game\Bin.

Creating a fake signed assembly is simple. To fake sign, reverse the process for decryption.

There is no need to create a valid checksum and the decryption table table can be left full of zeros (which saves identifying empty 512 byte chunks). I would suggest including "This is a fake signed assembly." in the checksum data to make it obvious to others what it is.

d3dx9_31.dll

This DLL is a wrapper for the real DLL that resides in system32, it was chosen because The Sims 3 loads this DLL pretty early on. What the wrapper does is effectively disable a specific Windows API function used in the validation of signed assembly data.

Data content

The decrypted content is a Common Language Runtime assembly.

How the game uses Assemblies

TBC