furrycat

Tiger Woods 2003 string mangling


Game data in, for example in PLR files, is mangled before being written to disk. Upon being read back into memory, data is passed through the same (reversible) mangling algorithm to reveal the original information.

A quick and dirty mangling function (written in C) is described here.

int tbf_mangle(char *src, char *dest, int len);

The first argument to the function is a pointer to a buffer containing the data to be mangled. The second argument is a pointer to a buffer which will receive the mangled data. The third is the size of the input buffer. The output buffer MUST be of even size. The forthcoming TBF library will include a function, tbf_alloc_mangle_buffer(int len), that ensures this is the case.

int tbf_mangle(char *src, char *dest, int len) {
  int i;
  char bl, cl;
  char *allocated, *s;

  if (! src) return 1;
  if (! dest) return 2;
  if (! len) return 3;

  /* Single-octet buffers not affected */
  if (len == 1) {
    *dest = *src;
    return 0;
  }

  /* Make sure the input buffer matches the output buffer size */
  if (len % 2) {
    allocated = tbf_alloc_mangle_buffer(len);
    if (! allocated) return 4;
    memmove(allocated, src, len);
    allocated[len] = '\0';
    src = allocated;
    len++;
  }
  else allocated = 0;

  s = dest + len - 1;
  src++;
  for (i = 0; i < len / 2; i++) {
    bl = *src;
    cl = *(src - 1);
    bl ^= cl;
    bl &= 0x55;
    bl ^= cl;
    *s = bl;
    s--;
    src += 2;
    cl = *(src - 2);
    bl = cl;
    bl ^= *(src - 3);
    bl &= 0x55;
    bl ^= cl;
    *s = bl;
    s--;
  }

  if (allocated) tbf_cleanup_mangle_buffer(allocated);

  return 0;
}

If you don't understand what the function does ... don't worry, nor do I. I simply copied down what SoftICE showed me the game was doing!

Feedback

Send any comments to golf@furrycat.net.

Please note I have configured ICQ to ignore messages from individuals not on my contact list.