Can you decompile a game down to its original source code?

novs12 picture novs12 · Jan 2, 2014 · Viewed 27.6k times · Source

I use Battlefield 4 just as an example, this can go for any game really. I've been wondering if something like this is possible:

Since BF4 is running client-side, that means you have all the code that makes up the game.

Would it 'technically' be possible to decompile the code and view its source?

All the way down to the core mechanics of the game? Or is there some sort of encryption protecting it?

I do realize that if you do successfully decompile something like that it would be a mess to deal with and not organized at all, but hey, it's still the source.

Just a little something I couldn't find an answer to anywhere else.

Answer

Alec Teal picture Alec Teal · Jan 2, 2014

No, because the mapping from instructions to code is not 1:1.

No, the compiler mangles the structure of your program, there is no other word for it, scheduling and the quest to reduce register pressure at certain points can mean instructions from the same operation can be up to 150,000 instructions away from each other ( IIRC this is the stock cap on GCC, you can change it with a -f option of course :P)

No, no, no.

The only promise the complication process offers is that the result will work as if it actually did what the programmers wrote. That's it.

Looking at Stuxnet was interesting (yes, not a game, I know) and practical because it was small, the parts of the program driving the scene graph alone will be huge and so well optimised. I'd also be shocked if they didn't use link time optimisation which removes even more of the structure.

this answer lacks a lot of detail, but that's because one explaining everything would be huge, you obviously have no idea how this works and it's good you want to learn.

http://luaforge.net/docman/83/98/ANoFrillsIntroToLua51VMInstructions.pdf

I've linked this many-a-time, it's got some examples of code mapping to register instructions. That isn't optimised and they are small samples for a much simpler (sort of, depends how you look at it) machine, can you see how difficult even reversing these would be?

Lastly, debugging with -O3 is a joke, we have -Og now, where the compiler optimises but avoids structure-changing optimisations so debugging doesn't jump around so much, when you use -g the resulting object files are littered with the code they came from and stuff, above the instructions they generated. Fun facts!