Previous versions Information on previous versions of the PlayerCarColours resource.

The PlayerCarColours resource contains all the colors available to the player in Burnout Paradise.

Overview

Colors in Burnout Paradise are stored separately per color type, or palette. Each palette has a specified number of colors. Each color is made up of two values, a paint color and a pearl color. These two values are applied using a shader to create the colors seen on vehicles. Colors may appear different depending on the materials used in a vehicle.

Despite the logical assumption that they would, color types do not impact the appearance of colors. They are used strictly as a way to switch between palettes and do not have any specific materials or shaders associated with them. All differences between palettes are from differences in the values of the colors themselves.

Colors are stored as RGBA values, each of which is on a scale of 0 to 255. These are stored as a Vector4 where the fields are red, green, blue, and alpha, respectively. Each field represents a percentage of 255, meaning 255 is 1.0, 100 is 0.392(...), and so on. Despite the more accurate color range available because of this, only integers are used in color values.

Exploitation

The PlayerCarColours resource is the resource impacted by the buffer overread exploit seen in the profile. This occurs because the color and palette indices are not bounds checked, meaning values can be set high enough that they read memory outside the PlayerCarColours resource. In memory, the color index can also be altered but, unlike in the profile, it is stored as a 4-byte integer, allowing for further access to memory and thus more colors.

In regards to the underlying values, due to the use of percentages for color values, any 4-byte hexadecimal value not between 0x0 and 0x3F800000 goes beyond the range of the standard RGB CLUT; often, this value can be negative or extremely high when using high indices. Values above 1 are likely to create extremely bright colors, aptly nicknamed "neon colors" by the community that arose around this exploit, while negative values appear to be to impact the positive values being used. Setting all values to -1 results in neon black, while setting all to 5 results in neon white. Much of the time, using these colors eliminates reflections and may hide accents and features on the car.

Another aspect is the use of the palette index to go even further into memory. This is especially relevant on PlayStation 3, where certain indices from 0xE7 to 0xFE go to valid pointers not part of the PlayerCarColours resource. This allows for values completely outside the normal range to be used, and in this specific case, the memory changes when the player goes online. It is presently unclear whether the pointer or data changes, but the end result is pseudorandom changing of the player's vehicle color during gameplay.

Note that due to the constraints of the float type, not all colors are guaranteed to be usable. If an index is set to an unusable color in the profile, the game may crash. This does not appear to be an issue when changing the color index in memory.

Structures

BrnWorld::GlobalColourPalette

32-bit

64-bit

BrnWorld::PlayerCarColourPalette

32-bit

64-bit

Enumerations

BrnWorld::EPallettesTypes