From 927c9cf689201b93a26e62fe0a872c92b5a33dd3 Mon Sep 17 00:00:00 2001 From: Hunter Kvalevog Date: Tue, 9 Jun 2026 17:59:08 -0500 Subject: --- content/articles/girlfriend-of-steel-re.md | 149 ----------------------------- 1 file changed, 149 deletions(-) delete mode 100644 content/articles/girlfriend-of-steel-re.md (limited to 'content/articles/girlfriend-of-steel-re.md') diff --git a/content/articles/girlfriend-of-steel-re.md b/content/articles/girlfriend-of-steel-re.md deleted file mode 100644 index 49fa18d..0000000 --- a/content/articles/girlfriend-of-steel-re.md +++ /dev/null @@ -1,149 +0,0 @@ -+++ -title = 'Reverse Engineering _Neon Genesis Evangelion: Girlfriend of Steel_' -date = 2026-04-22T20:30:53-05:00 -draft = true -+++ - -![weeb-header](/files/girlfriend-of-steel-re/000-weeb-header.jpg) - -Last year, I started reverse enginering _Neon Genesis Evangelion: Girlfriend of Steel_ with the intention of writing a replacement engine that runs on modern computers. -I ended up losing interest, but not before cracking a few of the game data formats. I'm going to document them here, that way anyone who takes a similar -interest in restoration or modding can have a head start. - -The source code of the abandoned project is available here: [fantatech-1776908508.tar.gz](/files/girlfriend-of-steel-re/fantatech-1776908508.tar.gz). -It includes [ImHex](https://imhex.werwolv.net/) patterns and rudimentary decoders for some of the formats described below. - -## What game am I talking about? - -I actually looked at two different games. I will share the information I know about the 1997 formats, but the primary focus will be on the 2006 version. -VNDB has a good record of all the available ports and translations here: [https://vndb.org/v556](https://vndb.org/v556). - -**_Neon Genesis Evangelion: Girlfriend of Steel (1997, PC)_**: This is the original release of the game. It's also the most widely available. -I was able to buy a factory sealed copy on eBay. Surprisingly, you can still mount the ISO and run the ~30 year old binaries on Windows 11. It plays mostly -fine with a [Shift-JIS locale emulator](https://github.com/xupefei/Locale-Emulator). -The chunky bitmap graphics and audio, although charming, are considerably lower quality than in the 2006 version. - -**_Neon Genesis Evangelion: Girlfriend of Steel (Special Edition) (2006, PC)_**: Also called _Shin Seiki Evangelion: Koutetsu no Girlfriend Tokubetsu-hen_, is a remake. -It has upgraded sounds and visuals, additional scenarios, and a full-motion video (Cinepak) intro sequence. It's also filled to the brim with DRM that makes it completely -broken on any system that isn't running Windows XP with Direct3D acceleration. -This will only run in VMWare because VirtualBox dropped 3D acceleration support for Windows XP guests. - -I have not been able to find a physical copy of the PC version of Special Edition for sale anywhere. -The PSP version is available, but the image resolutions are smaller than those found in the PC version. - -Luckily, someone in 2020 found a copy and had the foresight to rip the disc and upload it to the The Internet Archive. This is the raw, original disc; DRM and all: -[https://archive.org/details/ssekngpcredump](https://archive.org/details/ssekngpcredump) - [http://redump.org/disc/74520/](http://redump.org/disc/74520/). - -MD5: `536adbefc80a84378b65224fddf122e7` SHA-1: `77a03fb1823cb96189ac50b9afece8930e709c93` - -## Getting around DRM - -Special edition is secured with [SafeDisc](https://en.wikipedia.org/wiki/SafeDisc). It's completely broken on modern Windows, so you'll need to use a virtual machine to run the game. -I had good success with Windows XP in VMWare with 3D acceleration enabled. - -Once the game is running in the VM (lots of fiddling, unfortunately) the executable can be dumped with [Scylla x86](https://x64dbg.com/). -To save you the headache, here's the dump: [mana01_dump.tar.gz](/files/girlfriend-of-steel-re/mana01_dump.tar.gz) - -![001-scylla.png](/files/girlfriend-of-steel-re/001-scylla.png) - -Although it doesn't run, the dump is a correct PE file. -Ghidra is able to create proper data and code cross-references. Here's a function that parses script keywords: - -![002-ghidra.png](/files/girlfriend-of-steel-re/002-ghidra.png) - -## Custom file types (1997) - -* **LB5**: Lump file -* **BP2**: Image (1997) -* **BP3**: Image (2006) -* **TXT**: Game script -* **ZDF**: Animation data - -## Prior work - -When reverse engineering the 1997 game executable, I found several strings referencing something called "bmpwaku". -This was the name given to the tiled bitmap rasterizer written by programmer Ritsurō Hashimoto. - -A small portion of the source code is still available on his website to this day: [bmpwaku.cpp](http://www.ritsuro.com/prog1/bmpwaku.html). -This wasn't particularly useful, but it was cool to find. - -Aside from that, here are the existing tools I looked at: -* [evac010](https://www.vector.co.jp/soft/win95/art/se055672.html): BP2 <-> BMP transcoder, likely written when the game came out in the 1990s. -* [mdukat/EvaGOS\_engine](https://github.com/mdukat/EvaGOS_engine): Includes partial documentation of the game scripting language from the 1997 game. -* [lb5\_decode.c](https://d3suu.neocities.org/EvaGOS_engine/lb5_decode.txt): LB5 unpacker, written by either mdukat or roxfan. -* [Durik256/GOS2-Tools](https://github.com/Durik256/GOS2-Tools): Tools for dealing with files found in Girlfriend of Steel 2. Some overlap. - -## LB5 - -These are very basic file archives. It's an `.IDX` file paired with either a `.BIN` or `.LB5`. - -There's no encryption, the idx file just stores the index into the bin/lb5. See ImHex patterns. - -## BP2 image format (1997) - -BP2 image format start with a custom header, followed by the standard bitmap file headers (`BITMAPFILEHEADER`, then `BITMAPINFOHEADER`). -The custom header starts with a 32-bit uint32_t with value `999`. Search for that literal in the decompiler output to find the parser function. - -The 2nd field in the custom header defines the pixel format. -| Value | Format | -| ----- | ---------------------------------------- | -| `1` | `INDEX8` - 8-bit index into palette data | -| `2` | `RGB24` | -| `3` | `GRAY8` | - -If the format is `INDEX8`, then the palette data is next. -The length of the buffer is defined in the custom header. - -The rest of the file is image data encoded into chunks: -```c -struct BP2_Chunk -{ - u32 len; - u8 buf[len]; -}; -``` - -Each chunk is a run-length encoded column of 8 pixels. -To understand the specifics, it's easier to just look at the decompiler output or `ftformat.cc` in the source code linked above. - -## BP3 image format (Special Editioin) - -BP3 is similar. It supports more pixel formats and the image data is compressed into 8x8 blocks instead of 8-tall columns. - -| Value | Format | -| ----- | ------------------- | -| `0` | `SOLID` - One color | -| `2` | `BGR332` | -| `3` | `BGR233` | -| `4` | `GRAY4` | -| `5` | `GRAY8` | -| `6` | `BGR555` | -| `7` | `BGR888` | - -The decoder for BP3 is also in `ftformat.cc`. - -## TXT (1997) - -This is XOR-encrypted Shift_JIS text: - -```c -for (u32 i = 0; i < txt_len; ++i) { - data[i] ^= 0xFF; -} -``` - -## TXT (Special Edition) - -Same thing, but slightly different: - -```c -for (u32 i = 0; i < len; ++i) { - if (data[i] > 0xF) { - data[i] = 0xE - data[i]; - } -} -``` - -## ZDF - -This file starts with a fourcc of `DFS0`. -- cgit v1.2.3