Seeking ADRIFT file magic

DavidG · August 31, 2015, 7:59am

Looking at a plain ADRIFT executable file, how can I extract the information printed when one types “VERSION” in the interpreter? So far I’ve identified bytes 8, 9, 10, and 11 as having something to do with it.

cas · September 1, 2015, 5:56pm

I’ve got some code I wrote a while back to determine this, and I pulled the info from the SCARE interpreter source, so it’s as reliable as SCARE is.

If you’ve verified that a file is an ADRIFT game, then the byte at 0x0a in the file determines the version: 0x3e is 4.00, 0x37 is 3.90, and 0x36 is 3.80.

The relevant extract from SCARE follows, and it allows you to simply map a 14-byte sequence to a version if you so desire:

static const sc_byte
  V400_SIGNATURE[VERSION_HEADER_SIZE] = {0x3c, 0x42, 0x3f, 0xc9, 0x6a, 0x87,
                                         0xc2, 0xcf, 0x93, 0x45, 0x3e, 0x61,
                                         0x39, 0xfa};
static const sc_byte
  V390_SIGNATURE[VERSION_HEADER_SIZE] = {0x3c, 0x42, 0x3f, 0xc9, 0x6a, 0x87,
                                         0xc2, 0xcf, 0x94, 0x45, 0x37, 0x61,
                                         0x39, 0xfa};
static const sc_byte
  V380_SIGNATURE[VERSION_HEADER_SIZE] = {0x3c, 0x42, 0x3f, 0xc9, 0x6a, 0x87,
                                         0xc2, 0xcf, 0x94, 0x45, 0x36, 0x61,
                                         0x39, 0xfa};

DavidG · September 1, 2015, 9:51pm

My survey of .taf files in the IF Archive suggests that the only versions out in the wild are 3.80, 3.90, 4.00, and 5.00. I identified the magic bytes that indicate each, but I was hoping those bytes specifically encoded the string “3.80” somehow. I guess that’s not strictly necessary. I’ve updated the old scanblorb.pl script to be able to deal with Adrift blorbs. This new information will be the icing on the cake. Thanks! I’ll have an announcement shortly on what I’ve been doing with Blorbs.

djfletch · September 2, 2015, 7:06am

Try the Babel source - in adrift.c:

 /* Bytes 8-11 contain the Adrift version number in the formay N.NN */
 buf[0]=taf_translate(sf[8]);
 taf_translate(0);
 buf[1]=taf_translate(sf[10]);
 buf[2]=taf_translate(sf[11]);

where taf_translate does this:

/*
  Unobfuscates one byte from a taf file. This should be called on each byte
  in order, as the ADRIFT obfuscation function is stately.

  The de-obfuscation algorithm works by xoring the byte with the next
  byte in the sequence produced by the Visual Basic pseudorandom number
  generator, which is simulated here.
*/

(yikes)