OSRS The Great NXT OSRS Dump Thread

Pazaz

Forum Moderator
Staff member
 
 
Oct 28, 2013
66
83
5,050
For a very short window of time - a bit more than 30 minutes - there was a debug macOS build deployed for revision 216 last year. It went undiscovered at the time but was downloaded automatically to my archive nevertheless.

The NXT RS3 beta that was released 8 years ago was a huge boon to our understanding. This is much better than that. This isn't a release build with debug symbols included, it's a complete debug build and functions are not inlined.
The OSRS C++ client is built atop NXT's codebase and there's plenty of overlap between the two. The RS3 revision at the time was 930 so it includes information relevant to 930 as well.
NXT is dragged in as a library dependency and OSRS-specifics typically go into the jag::oldscape namespace.

Yes, it's runnable. Some patching required.

Downloads

1. Debug macOS executable: https://www.runewiki.org/archive/rsps/osrs-dump/osclient-216-mac
2. Organized function signatures: https://www.runewiki.org/archive/rsps/osrs-dump/symbols.txt
3. Raw symbol table: https://www.runewiki.org/archive/rsps/symbols-table.txt & symbols-table-demangled.txt
4. Constants: https://www.runewiki.org/archive/rsps/osrs-dump/constants.txt - open up IDA to get the initializers
5. Strings: https://www.runewiki.org/archive/rsps/osrs-dump/strings.txt
6. File paths: https://www.runewiki.org/archive/rsps/osrs-dump/paths.txt - useless, but cool to see laid out
7. Shaders: https://www.runewiki.org/archive/rsps/osrs-dump/shaders.zip

If needed, OpenRS2 has mirrored my archive: https://archive.openrs2.org/pub/mirrors/runewiki.org/archive/ and I'm hoping with enough time this has propagated enough to never disappear.

Digging In

I'll start the thread off with some things I've gleaned. I want you guys to post stuff too!
  • 3D rasterization is in a class called Pix3D
  • 2D drawing is in a class called Pix2D
  • Sprites use two classes, Pix8 and Pix32 (in Java this is the byte[] and int[] sprite classes). "Pix8" was previously discovered in RS2, Pix32 is newly discovered.
  • NPC_INFO is structurally like:
Code:
getNpcPos()
    getNpcPosOldVis()
    getNpcPosNewVis()
    getNpcPosExtended()
  • Because NXT is embedded, you'll find names for the RS3 protocol in here. OSRS doesn't match from enums so you won't find OSRS prot names or any CS2 instructions' names, though there is overlap. I wonder if the scrambled IDs match RS3 from the same time!
  • There's debug strings in the protocol which provides the names of some transmitted variables
  • RT7 HD renderer exists with an imgui interface to tweak it
  • CollisionMap's memory layout (which is the same as Java - note these variable names are my own)
C++:
namespace jag::oldscape::movement {
    struct CollisionMap {
        int originX;
        int originZ;
        int sizeX;
        int sizeZ;
        int *flags;
    }
}

Code:
CollisionMap    struc ; (sizeof=0x14)
00000000 originX         dd ?
00000004 originZ         dd ?
00000008 sizeX           dd ?
0000000C sizeZ           dd ?
00000010 flags           dd ?
00000014 CollisionMap    ends
  • In IDA you may come across some functions that don't make sense contextually. Some functions that are duplicates of others may appear in the same place, but all of the names still exist in the symbol table at the same location! IDA just doesn't have the context to use the right one.
  • Disable demangled names when you're searching in IDA, or it'll freeze repeatedly...
Farewell

My hope is the spirit of collaboration and sharing continues for years to come.
Please, learn and then share what you've discovered for others after us! I'm simply trying to preserve the game.

P.S. check out 2004Scape
 
Last edited:
Excited to see the next transitional period of rsps with the aid of this find. Great work to those involved in the discovery.
 
What a find, amazing catch :o I haven't been this excited about something in a long time on this forum!!!
 
Added a new download with a raw dump of the mach-o symbols - symbols-table.txt & symbols-table-demangled.txt - use this when you need to see all functions at a specific address.

Here's an example. IDA can only show one name at a location so you'll notice contextually jag::BaseApp::GetExitAfterInit makes no sense, but there's another one that does... jag::Js5NetQueueRequest::IsUrgent. This is a pretty common occurrence and can be confusing if you're not aware.
1722403815474.png

I generated the table using https://github.com/0cyn/ktool: ktool symbols --symtab osclient-216-mac > symbols-table.txt and removed some redundant data. You don't need to use demangler.com like my screenshot, I've already processed everything for you in the second file.
 
  • Like
Reactions: Sub
Thank you @Pazaz - You are a god amongst men - I was looking at a 2019scape Packet class as I was looking for Jagex naming and saw a commit mentioning a new nxt beta dump, I had to come here. This is amazing!
 
  • Like
Reactions: Pazaz
Wow, this is incredible!

I wonder how much of the NXT client was ported from the existing Java (e.g. function signatures, symbol names.)

jag::oldscape::Client::LogoutWithReason(jag::oldscape::shared::PlayerFacingLogoutReason::ID) matches the forceDisconnect method in RuneLite refactors (although it is orphaned in another class here due to static method obfuscation.)

Thanks for sharing!

Edit:
The inner code is also identical (except for inline obfuscation).
1726474157544.png
 
Last edited:

Users who are viewing this thread (total: 1, members: 0, guests: 1)