Dissecting iPod Games

Over at [random()type](http://www.randomtype.com/?p=190), someone noticed that dropping an iPod game onto Stuffit Expander results in a decompressed bundle.
I have purchased six iPod Games at this point, so I figured some poking around may be useful for the sake of science.

The files are compressed using standard ZIP compression.

# Standard Files

There are a handful of files that are common across all games:


This folder contains two files for each game: a .bin file, and a .sinf. The name of the bin file is of the following construction:


The name of the sinf file is exactly the same as that of the bin file – include the .bin extension – with an extra .sinf extension.

The .bin is the executable, as shown in the manifest below; the .sinf file appears to have something to do with the FairPlay DRM as my name is recorded in the file.

Nothing useful comes out if you try and run strings on the binary.


This is presumable the “album art” photo that shows up when you view a game in iTunes. [Ben Sinclair noted](http://bensinclair.com/article/whats-inside-an-ipod-game) that it’s a JPEG file.


This file contains resource-fork style data with the metadata that shows up when you get info on a game in iTunes.


The manifest file describes all of the files internal to the bundle. All files get a Digest (not md5, can’t determine the algorithm), a Path, and a Size.

There are two extra plist keys used for the binary: one called *DRM* (set to true) and one labeled *Verify* (also set to true).

At the end of the manifest is an array with the key of “Platforms”. This contains keys that we’ve seen before – *BuildID*, *PlatformID*, *PlatformVersion*, and *Size* – as well as ExecutablePath (specifies the binary) and *LaunchingArtwork* (specifies the file to display while the game loads).


This is the PKCS #7 format certificate for the Manifest.plist file. This is undoubtedly to check the integrity of your Manifest.plist. Certificate is signed by the [Apple Root CA](https://www.apple.com/certificateauthority/).


The Resources folder is used locally by iTunes to show the help screen when you view it in your library. There is typically a JPEG, which is what displays to the user, as well as an XML file (Description.xml) which basically sets the layout.

Resources contains separate folders for each localization. Note that all the localizations are listed in the manifest, so trying to remove them would probably break your game if iTunes is actively checking the bundle integrity.

# Bundles Tidyness, Audio, and Images

It’s a crap shoot. Some games have very tidy bundles – Apple’s two games in particular – and some are a mess, like Mini Golf.

All of the in-game audio tends to be as a .wav or a .m4a, and there’s no copy protection on them. If you’re dying to hear that Tetris remix somewhere outside the game, well, there you go.

Other files are in a wide range of formats – ipd, pix, raw, lcd5, ro, anm, and so on.

# Strings

## Cubis2

Cubis2 has localized strings files, but without delimiters, it’s difficult to tell what they’re for.

## Mini Golf

Mini Golf’s bundle is a mess because all the course data is loose in the root folder. This includes localizations like hole names. Yeesh.

## Tetris

Tetris has Strings.dta, which is tab delimited and contains all the strings for all the languages. Very easy to read, and amusing to read the rules of Tetris in multiple languages.

## Texas Hold Em

This one was a lot of fun.

Holdem has a Localization folder, and three files full of strings. Apparently there are a number of secret characters – two aliens (one “with a crazy inappropriate name” of BUTCH, on “with big mouth” named MOUTH), three robots, and five dogs – a rottweiler, a bull mastiff, a pug, a bulldog, and in what may be the funniest easter egg I’ve seen from Apple in a while, a chihuahua named BERTRAM. There’s also a secret cheat menu as evidenced in strings.strings,

Also in strings.strings are a list of locations in the game, including an Apple Conference Room, The Dog House, and Zythlgrak (in the Alpha Centauri System, natch).
There’s also a strings file for the tutorial, which includes a number of strings with graphic placement data named things like “DO NOT LOCALIZE ME 16″. This is additionally funny since all of them are preceded with a comment of “do not localize this”. Perhaps I should localize it.

There’s also a string titled “YOU LOST POT”. Snicker.

## Vortex

Vortex has a text.strings file that mentions a cheat mode. Oddly, it’s not constructed at all in the same way as Texas Hold Em, and is considerably less fun.

## Zuma

All of Zuma’s text is in graphic form, so no stringy goodness.


# Summing Up

* Modifying the games is difficult at best, if not impossible, because of the checksumming of every file in the bundle, and then the certificate against the manifest.
* Game resource files, particularly audio, aren’t obfuscated and can be extracted successfully.
* Homebrew is probably an impossibility at this point because of the expectation of a signed cert from Apple.
* The fact that there are platform identifiers in the plists makes me wonder what Apple’s future plans entail. Maybe this would just be for later iPod revisions, or maybe they’re just looking forward. Still, quite interesting.

If you find anything else interesting, let me know, and I’ll add it to the post.

  • http://www.ipodgames.com PaulGoodman

    Dan, great work mate… if enough people get together I’m sure that we can come up with something. I’ve got the perfect website to aid the process….
    email me if you have any ideas

  • http://husk.org/ Paul Mison

    Have you tried using the modified M4p digest style that Apple uses on the iTunes Music^W Store and for DAAP to check the value in the Manifest?

  • fluffyduckie87

    Hey I have a question…I downloaded some of these games, and I cant get them to load on my ipod. I added the files, and I dont know what file exicutes the game on the ipod. Can you help me? my email address is mrs.hdavis@yahoo.com. If you could email me i would appreciate it! Thanks

  • http://www.ipodgames.com/ PaulGoodman

    Dan, great work mate… if enough people get together I’m sure that we can come up with something. I’ve got the perfect website to aid the process….


    email me if you have any ideas

  • jon

    fuck you question

  • jon

    fuck you question

  • W27138

    I have “cheated” on some games that are quite easy. E.g: Modern Combat 2(Bluetooth rank) and undercroft.

    So it is possible on some games.