Playstation Mobile games are all build using C# and the Mono Runtime environment and thus are trivial to reverse engineer with standard .NET decompilers in many cases with full debug symbols in tact.
The first step to reverse engineering a Playstation Mobile game is to decrypt the files on the device and find the application executable.
This section will cover how to extract and decrypt Playstation Mobile games using a Jailbroken Playstation Vita.
First of all you need to have the PS Mobile game installed on your Vita and playable.
When installed the contents will be extracted to the folder:
However all of these files are encrypted with PSSE DRM so if you try to open any of the files including text files they will be un-openable.
So in order to decrypt the contents you will need to install the plugin FuckPSSE on your vita, the easiest way is to use AutoPlugin.
When the plugin is installed open the game you want to reverse engineer and it will simply show a red screen now, that means its started decrypting! When finished the screen will turn green, when that happens you can safely close the game and disable the plugin.
The contents of the Application will have been extracted to the folder:
You can now find the application executables (app.exe) and libraries (.dll) in this folder, you should then copy these executables to your PC and now you are ready to decompile them in the next step.
The most cross-platform way to decompile the executables or dlls is to use the IDE by JetBrains called Rider.
An alternative if you use Windows is dotPeek which has the same result but this post will cover Rider as it also works on MacOSX and Linux.
In Rider you need to open the Folder that your executables are in (File->Open) and it will show all the files in the left pane File System. You can now right click and select View in Assembly Explorer.
You can now view all the classes and when you double click them you will see the full C# source code, which is pretty much everything from the original code apart from the comments (which get stripped by the compiler).
This section will cover the folders and files that you will often find in a decrypted/extracted Playstation Mobile game.
The RO folder is where all the application and license files that don’t need to be editable by the game/application reside.
Some common files that are in this folder:
This folder also contains DLL files, which are libraries of shared code that get loaded at runtime, these are also .NET based and you can find a list of the most common in the section below entitled Common Dynamically Linked Libraries.
This is where you will find the RIF licenses, you won’t need to do anything with these files they are just used to decrypt the content.
The RW contains any files that need to be changed by the game/application such as save data or temporary files.
The /RW/Documents folder is used to store files such as Save Games.
The /RW/System folder is normally used for files such as crash dumps and commonly contains:
The Temp folder is not a standard folder for PS Mobile titles it is created when the FuckPSSE is installed and the game is run, it then puts all the extracted files from the /RO/Application folder.
This section contains a list of some of the most common files you will find when looking into the contents of Playstation Mobile games.
Mono Debug files are created by the Mono compiler toolchain when the DLLs or executables are compiled from source code.
This section has a list of all the dynamic libraries that are used in most if not all of the Playstation Mobile games.
|Microsoft.Xna.Framework.dll||Some games are build with Microsofts XNA framework and require this DLL|
Developers can also make their own DLL files so you can find many more that are custom to a particular game or developer, such as SampleLib.dll.
The following table has all of the DLLs used by Unity games on the Playstation Mobile store.
The Playstation Mobile game Instant Dungeon! is an interesting game as it is built with a custom in-house engine called the WithTheLove engine or WTL and it includes a C# interpreter inside it and uses the following 2 DLLs to support it:
|Mono.CSharp.dll||Only One game is known to have included this (Instant Dungeon! - NPNA00174) Used for a C# Interpreter 1|
|Microsoft.CSharp.dll||Only One game is known to have included this (Instant Dungeon! - NPNA00174) Used for the Dynamic Keyword in C# 2|
The Mono.CSharp.dll contains a full C# interpreter allowing scripts to be interpreted on the fly rather than having pre-compiled C# scripts, so the user could potentially modify these scripts to customize the game.
The game’s engine code is contained in the library wtlGameEngine.dll and this seems to be the only Playstation Mobile game that uses it.
This all points to the game supporting a custom scripting language that could be used to mod the game!