Reverse Engineering Pixelmonsters from 39c3
| src | ||
| .gitignore | ||
| bindump_marvin | ||
| build.rs | ||
| Cargo.lock | ||
| Cargo.toml | ||
| monsters.hexproj | ||
| README.md | ||
| rustfmt.toml | ||
Reverse engineering Spacehuhn's NFC monsters for 39C3
This is also a rust program that can decode parts of it. Planned features include a full decode and create of monster payloads.
Technical information
- Monsters are saved on an Ntag216 -> Payload is 858 bytes
| offset | length | name | description |
|---|---|---|---|
0x00 |
2 |
Magic Number | Always contains 39C3 |
0x02 |
1 |
Palette | Defines the color palette (see below for more info) |
0x03 |
6 |
Unknown | Currently unknown |
0x09 |
722 |
Image Data | Half-byte pixel encoding (see below for more) |
0x2DB |
18 |
Name | 6-bit encoded fixed-length string in base63 |
0x2ED |
12 |
Trait 1 | 6-bit encoded fixed-length string in base63 |
0x2F9 |
12 |
Trait 2 | 6-bit encoded fixed-length string in base63 |
0x305 |
12 |
Trait 3 | 6-bit encoded fixed-length string in base63 |
0x311 |
24 |
Secret | fixed-length ASCII string |
0x329 |
48 |
Unknown | Currently Unknown |
0x359 |
1 |
Unused | Unused Byte |
If you want a deeper inspection of the file, monsters.hexproj is my ImHex Workspace that contains everything I know up to this point
What can be improved
- If you encode secret as base63 aswell you save 9 bytes
- Instead of fixxed length strings save a null terminator or prefix with length
0300 89 A6 F1 C7 02 E2 D6 95 23 EA A6 AD F8 B1 00 00
0310 00 42 75 62 61 74 7A 00 00 00 00 00 00 00 00 00
0320 00 00 00 00 00 00 00 00 00 <- Trailing null bytes
0300 89 A6 F1 C7 02 E2 D6 95 23 EA A6 AD F8 B1 00 00
0310 00 42 75 62 61 74 7A 00 <- null byte as indicator of end of string