Reverse engineering the AirStrike 3D game series

PCGamingWiki - Original Game

My nostalgic journey into reverse engineering AirStrike 3D - the first PC game that captured my imagination as a kid. This repository contains tools and research for understanding the game's internals.

AirStrike 3D is a helicopter shoot-em-up series developed by DivoGames (Nizhny Novgorod, Russia) and published through Alawar Entertainment. The engine and all three franchise titles were built by a two-person team.

Both names are embedded as string literals ({Anton Petrov}, {Dmitry Zakharov}) in the Gulf Thunder executable's credits data. Petrov describes the engine on LinkedIn as "my first game engine featuring a custom scripting language and hardware-accelerated 3D graphics — powered three titles in the Air Strike 3D franchise".

After DivoGames, Petrov became CTO at Game Insight (2012–2019, Nizhny Novgorod department), then co-founded Colossi Games in Cyprus (2020–present).

Before DivoGames was officially founded (~2004), the initial AirStrike chapters were developed under a group called Deaddybear. Community research on r/airstrike3d found that Deaddybear's earlier game Treasure Mole used a nearly identical .pak archive format — confirming shared codebase ancestry. Deaddybear also released Bomberman vs Digger (2002).

Custom C++ engine with no third-party framework. Uses Quake-style subsystem prefixes:

• BASS — Audio library. 3D positional audio, EAX effects, MO3/tracker module playback.
• libjpeg — Copyright (C) 1996, Thomas G. Lane (found in Gulf exe strings).
• zlib + libpng — PNG texture support.
• Custom scripting language — Confirmed by Petrov on LinkedIn, no public documentation survived.

MSVC RTTI type descriptors found in the Gulf binary (e.g. .?AVIntroPageDivoGames@@), confirming C++ with virtual inheritance and RTTI enabled. Divo Master string suggests an internal tool or debug mode.

The v2.06 executable (as3d2.exe, 199,680 bytes) is packed with ASProtect 1.0 by Alexey Solodovnikov.

1. Section wiping — Original section names erased, all flags set to 0xC0000040. Two .data stubs appended.
2. aPLib decompression — Compressed .text stored in oversized .data (VirtSize 30 MB, RawSize 4 KB).
3. OEP byte stealing — First bytes of Original Entry Point executed inside the stub before jumping to OEP+N.
4. IAT redirection — Import calls routed through ASProtect memory; executes first instructions of real API in-place, then jumps mid-body.
5. Anti-debug — IsDebuggerPresent(), RDTSC timing, SEH breakpoint detection, debugger driver CreateFile() probes.
6. Checksums — Code integrity verification to detect runtime patching.
7. Anti-disasm — Junk bytes after CALL instructions break linear-sweep disassemblers (W32DASM, SOURCER); IDA handles fine.

Gulf Thunder ships completely unprotected: EP in .text, entropy 6.83, full IAT, developer credits and error strings plainly readable. Much better target for engine analysis.

• r/airstrike3d — community research & modding
• Ithamar's APK scripts — updated extraction with text decryption
• QindieGL — OpenGL-to-D3D wrapper for running on modern Windows
• PCGamingWiki: AirStrike 2 — compatibility fixes
• xakep.ru: ASProtect taming — technical packer analysis (Russian)
• ASProtect homepage — Alexey Solodovnikov's official site

# Extract game assets from encrypted .apk archives
python extract_apk.py pak0.apk        # Extracts all files
python pack_apk.py extracted_dir/ new.apk  # Repack modified assets

python mdl_obj_converter.py some_file.mdl
python mdl_obj_converter.py some_file.obj

python decrypt_save.py decrypt game.bin -o decrypted.bin

# Convert MO3 tracker modules to standard audio
sudo dnf install libopenmpt openmpt123
openmpt123 --render file.mo3 --output file.wav

# Best TGA texture viewer for Linux
# https://github.com/bluescan/tacentview
tacentview texture.tga

# Fix OpenGL extension issues for old games
MESA_EXTENSION_MAX_YEAR=2003 %command%

Add this to the game's launch options in Steam.

• Archive Format: Custom encrypted APK containers (not Android APK)
• Executable: ASProtect v1.0 packed (detected via YARA rules)
• Assets: TGA textures, MDL 3D models, MO3 audio modules
• Encryption: XOR cipher with 1024-byte key table

1. Clone this repository
2. Extract game assets: python extract_pak.py /path/to/pak0.apk
3. Browse extracted files in the created directory
4. Convert audio files as needed

1. download llvm-mingw from https://github.com/mstorsjo/llvm-mingw/releases:

• llvm-mingw-YYYYMMDD-ucrt-ubuntu-20.04-x86_64.tar.xz for win10+ (ucrt)
• llvm-mingw-YYYYMMDD-msvcrt-ubuntu-20.04-x86_64.tar.xz for win7+ (legacy crt)

1. extract to repository root in dir llvm-mingw

2. Run

cmake --preset llvm-mingw-i686
cmake --build --preset llvm-mingw-i686

note: preset uses jobs=1 due to lld linker deadlock on parallel linking in mingw context

🔒 Since the project uses ASProtect 1.0, I decided on Linux using a simple debugger to just walk until we get some kind of loop. The game seems to unpack itself creating some thread, so even the debugger detaches at some moment in ntdll magic 🪄, so we need just to pause at any moment and get the address of the desired function (loop).

🎯 The next step is using x64dbg with DumpEx plugin—dump with the address of main loop function. And that's all!

📊 Stats:

• 📦 Game weights: 31.2 MB
• 🔍 In Ghidra project I've marked some of the interesting places:
  • 🎮 Loading models
  • 💾 Working with saves
  • 🔧 Core game mechanics

🚀 Usage:

Just clone and open with Ghidra—the project is ready to explore yourself!

Maybe some time someone will reverse it completely 😏 🦀⚡

Educational and preservation purposes only. Respect original copyrights.

MIT - Because knowledge should be free, just like the joy of playing games.

To that old PC that could barely run the game but somehow made it magical anyway.