Decompiling Tenchu: Stealth Assassins part 1: what's decompiling?
After laying some context for this project, it’s time to not start the decompilation of Tenchu: Stealth Assassins just yet. We need to do some recon first before jumping head-first into this project and answer some important questions.
This is my own personal take on a topic I’ve never attempted before. It is not intended to be an authoritative document on the subject but rather a brain-dump on how I approached this problem.
What is decompilation?
Let’s take this diagram from part 2 of my series of articles about reverse-engineering:
When a developer built a program, the original source code of the program went through a number of steps (compiler, assembler, linker…) before the artifact we’re interested in was produced. Each step is lossy, with less and less information retained at is goes down the chain, leaving us with just the end result.
Decompilation is the act of taking a binary artifact (on the right) and creating some sort of source code out of it (on the left). Depending on the goal and effort spent, it can go from a loosely inspired reimplementation using the original artifact as a reference, all the way to a source tree and build procedure that can reproduce byte-for-byte the original artifact.
I’m also including reimplementation (clean-room or otherwise) as an option alongside decompilation interchangeably in this article. While technically different from a pure decompilation effort, the end result is essentially the same for the end-user.
Even perfect decompilation can’t recover things like comments or (if debugging symbols are missing) variables names, due to the lossy nature of toolchains. It’s a recreation of one possible source tree, not a recovery of the original source code.
So I want to decompile a video game?
At this point, it’s time to start asking questions and gather as much intel as possible.
Performing acts of reverse-engineering or decompilation may have legal issues surrounding them depending on your jurisdiction. Such issues will not be covered here.
Can I decompile?
Reverse-engineering in general use skills that are uncommonly used during everyday software development work, which itself is a prerequisite in my opinion (it’s hard to pick apart a program if you don’t know how they are made in the first place). That being said, there are plenty of resources online like videos, write-ups or other decompilation projects that show the ropes.
But like any skill it also takes practice to learn. You might want to start with smaller projects or case studies if you lack experience before taking on a big project. Additionally, prior knowledge of things like the instruction set architecture or technical details about the target platform will be very helpful, as programs do not execute in a vacuum.
Ultimately, there is only one way to find out if you can indeed decompile: give it a try. At least you’re bound to learn something on the way, regardless of the outcome.
What to decompile?
Before jumping head first into the thick of it, have a look around:
- Did someone already do or is doing a decompilation or reimplementation project?
- Has the source code been open-sourced or leaked at some point?
- Are there multiple versions, builds or ports of the video game, including demos or betas?
- Does the game use third-party libraries or SDKs?
- Is there a build with debugging symbols or a linker map file?
- Is there a build with a debug menu or leftover data?
- Are there any editors, mods, hacks or fan translations?
- Are there any GameShark codes or RetroAchievements?
- …
Looking around might help uncover important artifacts or helpful knowledge that you might miss otherwise. Needless to say, it is also necessary to acquire artifacts before one can start reverse-engineering or decompiling them.
Here, we have four main releases, not distinguishing between various revisions and demos:
- Rittai Ninja Katsugeki Tenchu, the original JP release with eight levels ;
- Tenchu: Stealth Assassins, released for NA and EU with two additional levels and localizations ;
- Rittai Ninja Katsugeki Tenchu: Shinobi Gaisen, an updated re-release for JP with a level editor ;
- Rittai Ninja Katsugeki Tenchu: Shinobi Hyakusen, a standalone level pack released for JP.
As mentioned before, the game is a PlayStation exclusive, a well-documented video game console with lots of resources online about it. It also uses PSY-Q, the official PlayStation SDK used back in the day to make commercial games. I did not find any debugging symbols or map files, but there are lots of GameShark codes, RetroAchievements and an extensive debug menu.
How to decompile?
Unless you enjoy staring at raw hexadecimal dumps, you probably want to use tools to help the reverse-engineering and decompilation project. There are lots and lots of tools out there for various purposes (disassembler, decompiler, asset extractors, level editors, …), to the point where it would be futile to try and make a list here.
Be on the lookout for anything that could be useful in case someone already covered that use-case. Check out other similar decompilation projects for inspiration and guidance. You might also need to write some tools yourself at some point.
I will introduce tools as they are used, but most of the reverse-engineering work will likely be done with Ghidra, an open-source software reverse engineering framework.
Where to decompile?
Simply put, what is the end goal?
- Is it a pristine preservation effort of the original game, like for Super Mario 64?
- Is it a port of the vanilla experience but with bux fixes and improvements, like for REDRIVER2?
- Is it an effort to recreate and modernize a classic game, like for Command & Conquer?
- …
For this project, I’m aiming for something roughly similar in spirit to REDRIVER2. Most of the effort is expected to be centered around Rittai Ninja Katsugeki Tenchu: Shinobi Gaisen, which is the latest release of this game. However, I’ll also take a look at other editions as I see fit, like looting the title screen from Tenchu: Stealth Assassin for example.
Conclusion
We went through most of the interrogative words regarding this project and came up with some answers. Next time, we’ll actually start reverse-engineering activities by extracting assets from artifacts.