Corrupting a flash game

This experiment documents how the mid-2000s Adobe-Flash-based video game "Harry the Hamster 2: The Quest for the Golden Wheel" by CITV behaves when corrupted by changing bytes in the SWF (Shockwave Flash Object) file, which can be done using any hex editor (or "byte editor") software.

The game is exactly 1191736 bytes (hexadecimal: 0x122F38 bytes) in size. It still starts when truncated down to 1191727 bytes. One less byte however, and the preloader stops at 99%. But when appending a null byte, it starts again. The only observable difference is that the flash movie does not loop from the beginning anymore when clicking on "Play" in the context menu.

When changing the byte at position 0x122DDF (close to end) from B3 to A3, the squeaking wheel sound at "Well Done! screen is muted. Changing byte 0x100753 from D4 to D5 causes the game not to be able to start anymore. Changing byte 0x50000 from 09 to 08 does not seem to affect anything. After changing byte 0x30000 from 9F to 9E, the game still runs well. Changing byte 0x20000 from 94 to 95 still has no effect. Changing "94 51 81 30" to "00 00 00 00" at the same position causes the game to refuse to start at all. "95 51 82 30" still works.

At byte position 0x15000, funny things happen. When changing 4D to 4E the game still works, but changing 0x15001 from AF to AE causes the title screen animation to freeze. At 0x15000, "00 AE", "00 AF", "4D A0", and "4F AF" return to loading screen that indicates "100%", after playing a part of the title menu animation. "01 AF" and "4E AE" work fine. "01 B0" and "4D B0" crash the game immediately. Every value between "4D A1" and "4D AE" gets stuck on title screen animation. "4D 00": also gets stuck on title screen. "5D 00": same. "9D 00": same. "FF 00": crash.

When changing byte 0x14ECC from 5E to 5F, the game works fine. "5E C3" to "5F C4": works. 0x25000: A3 to A7: Works. A3 C9 to A7 F9: works. 0x3000 (near the beginning): 53 to 54: crashes when pressing "how to play" or "start game". And with 52: glitch on "how to play" screen. And 00: glitching deterioated. And "53 36" to "00 00": crash. "00 35": works. "53 35", "53 00", "52 37", and "52 00" crash. Setting byte 0x2FFF from 2F to 2E: game works. "2F 00": crash. "2F 4E": works. Byte 0x2000: "40" to "3F": glitch on "start game" button. 0x1000: "A9" to "A8": only "how to play" crashes, but normal gameplay works. When changing 0x1100 from D0 to CF, the appearance of a glitch on top right changed a bit. It appears that decreasing bytes is less likely to crash the game than increasing. Changing byte 0x1200 from 15 to 14: said glitch is larger. Changing 0x1300: 73->72: glitch changed once again.

Now we go into territory dangerously close to the beginning. When changing 0x500 from E3 to E2, the game crashes. E3 to E4: crashes too. At 0x600, 50 to 4F: crashes. At 0x700, AA to A9 works, but crashes when trying to pick up the in-game "passport" item, but not the snail shell item. However, this crash might have been caused by an earlier byte change.