Opening Virtools Files
Recently, I was assisting on resurrecting an old game via emulation. The first thing I usually do is determining what type of engine/software system the game uses. The files from the game usually give it away. However, the game was from 2008 and the engines were not yet (apparently) standardized at the time. The game was distributed by Nick.com. They and Sarbakan Studios seem to use the same engine for that time period. The folder structure had some key file extensions such as ".NMO" and ".CMO". After a bit of research, these games used Virtools SDK, some type of 3D modeling application with scripting and logic capabilities for games and web applications.
From what I gathered, these files are more or less zlib modifications with the signature "NEMO Fi". There is a tool made by Luigi Auriemma that can extract these files, but doesn't parse the "objects" or "components" files. These two files contains (what I assume) scripts and schematics of models. I thought that is not problem because Virtools saves these files as projects so we can use Virtools itself open them but problem occurred:
After double checking my version of Virtools, it seems that I would have to poke a bit at the player vs. SDK to see what the difference is. I luckily came into contact with a user "Zhenya1690" from FPS Creator World. He showed me that when saving a .VMO / .NMO, you have options to make it player viewable only.
So, I asked to make two identical VMO files, TEST1.VMO will be viewable by Virtools and TEST2.VMO will be viewable by custom players only. Utilizing unvirt tool earlier, I check the differences.
Ignoring the compressed size (csz) and uncompressed size (sz) differences, we can see the "flags" (offset+0x18) are different. Open-able files have a flags value of 0x8 while player-only files have a flags of 0xC. I thought, surely it cannot be that easy. I used a hex editor to change the byte. Thankfully it was and the file loaded into Virtools just fine. Success!
There is just one last hurdle: the scripts are hidden.
Unfortunately, this seems to be much more complicated than just a simple flag change. The entire components and objects files are different. Virtools strips these files to bytecode only and the script is no longer accessible. There is a project on github called VirtoolsScriptDeobfuscation which does exactly what we need. It is a DLL for Virtools that makes bytecode readable similar to how Lua Bytecode (.LUB) is decompiled back to Lua Script files (.LUA). Though, this plugin is for Virtools 2.1 thru 3.5 meaning it requires some modification for 4.0 thru 5.0.
Hopefully this post is helpful to anyone working with Virtools because it is increasingly hard to find information about this. Special thanks to Luigi and Zhenya1690. :)
From what I gathered, these files are more or less zlib modifications with the signature "NEMO Fi". There is a tool made by Luigi Auriemma that can extract these files, but doesn't parse the "objects" or "components" files. These two files contains (what I assume) scripts and schematics of models. I thought that is not problem because Virtools saves these files as projects so we can use Virtools itself open them but problem occurred:
After double checking my version of Virtools, it seems that I would have to poke a bit at the player vs. SDK to see what the difference is. I luckily came into contact with a user "Zhenya1690" from FPS Creator World. He showed me that when saving a .VMO / .NMO, you have options to make it player viewable only.
So, I asked to make two identical VMO files, TEST1.VMO will be viewable by Virtools and TEST2.VMO will be viewable by custom players only. Utilizing unvirt tool earlier, I check the differences.
Ignoring the compressed size (csz) and uncompressed size (sz) differences, we can see the "flags" (offset+0x18) are different. Open-able files have a flags value of 0x8 while player-only files have a flags of 0xC. I thought, surely it cannot be that easy. I used a hex editor to change the byte. Thankfully it was and the file loaded into Virtools just fine. Success!
There is just one last hurdle: the scripts are hidden.
Unfortunately, this seems to be much more complicated than just a simple flag change. The entire components and objects files are different. Virtools strips these files to bytecode only and the script is no longer accessible. There is a project on github called VirtoolsScriptDeobfuscation which does exactly what we need. It is a DLL for Virtools that makes bytecode readable similar to how Lua Bytecode (.LUB) is decompiled back to Lua Script files (.LUA). Though, this plugin is for Virtools 2.1 thru 3.5 meaning it requires some modification for 4.0 thru 5.0.
Hopefully this post is helpful to anyone working with Virtools because it is increasingly hard to find information about this. Special thanks to Luigi and Zhenya1690. :)
