Profile/Burnout Paradise
This page is under construction. Please leave any thoughts on the talk page or on Discord - preferably the latter.
The profile for Burnout Paradise contains all saved progression, including event completion, collectible discovery, records, and unlocked vehicles, among other things. It also contains user-selected data such as vehicle colors, options, and custom online race routes.
The only major content not saved in the profile is mugshot data, which is stored independently. Its location is platform-specific.
Overview
TODO: Describe some common stuff here. High-level overviews of components saved: vehicles, records, progression, etc.
Known issues and exploits
Buffer overread via color indices
Colors and color types may be modified by changing the selected index on a given vehicle. As there is no bounds checking in place, it is possible to read data beyond the selected color type and the PlayerCarColours resource altogether. What's read in is interpreted as floating-point data representing percentages of 255, leading to values less than 0% and greater than 100%. The resulting colors often glow and have been dubbed "neon" colors. The exact process by which these colors are formed is currently unknown and likely requires shader research to understand.
TODO: Add picture of a neon car
Replacement of selected liveries with other vehicles
The selected livery of a given vehicle is stored as a vehicle ID. As there are no checks in place to ensure the selected vehicle is a child of the given vehicle, this can be replaced with any other vehicle, including undrivable vehicles such as traffic. Liveries set this way cannot be selected normally in the junkyard but can be used by other means, such as waiting for the countdown to end in an online race or having the host of an online room start a Marked Man game.
TODO: Add a picture of an unselectable traffic car
Time and distance limitations
Time played, measured in seconds, was originally stored as a float. Due to the imprecision inherent to the float datatype, the smallest increments at which a value can increase get larger with bigger values. In this case, time stopped increasing when it could no longer increment by the frametime (16.6 ms), which limited the value to just 262144 seconds (72.8 hours).
Distance travelled suffers the same imprecision woes but at a later point. While it is still added to every frame, the increase changes based on speed, so the limit changes based on speed as well: 10425 mi at 67-134 mph, 20850 mi at 134-268 mph, and 41700 mi at 268-537 mph, to name some common ones. These limits apply to both total and per-car mileage.
In version 1.3, time played was fixed by creating a structure specifically to address the issue:
| Offset | Length | Type | Name | Description | Comments |
|---|---|---|---|---|---|
| 0x0 | 0x4 | int32_t | seconds | Seconds | |
| 0x4 | 0x4 | float32_t | fraction | Milliseconds |
Unfortunately, this fix was only applied to time, meaning distance remains limited even in the latest versions of the game.
Layout
ProfileStoredData
This is the primary profile structure which holds all data.
TODO: Create structures for other platforms/versions, including for development builds. (Perhaps make a dedicated section for each profile iteration?)
PlayStation 3
| Offset | Length | Type | Name | Description | Comments |
|---|---|---|---|---|---|
| 0x0 | 0x1DA30 | Profile | mProgressionProfile | Profile 1.0 | |
| 0x1DA30 | 0x7540 | LiveRevengeProfile | mLiveRevengeProfile | Live Revenge Profile | |
| 0x24F70 | 0x7370 | OptionsDataProfile | mOptionsDataProfile | Options Data Profile 1.0 | |
| 0x2C2E0 | 0xAC0 | Profile 1.3 | |||
| 0x2CDA0 | 0x18 | Options Data Profile 1.3 | |||
| 0x2CDB8 | 0x19C8 | Profile 1.4 | |||
| 0x2E780 | 0x1C60 | Profile 1.7 | |||
| 0x303E0 | 0x268 | Profile 1.8 | |||
| 0x30648 | 0x10A8 | Profile 1.9 | |||
| 0x316F0 | 0xE910 | char[59664] | macPadData | Padding |
Profile 1.0
TODO
Live Revenge Profile
TODO
Options Data Profile 1.0
TODO
Profile 1.3
TODO
Options Data Profile 1.3
TODO
Profile 1.4
TODO
Recent Players
TODO
Profile 1.7
TODO
Profile 1.8
TODO
Profile 1.9
TODO
Enumerations
BrnGameState::GameStateModuleIO::EGameModeType
| Name | Value | Comments |
|---|---|---|
| E_MODE_NONE | -1 | |
| E_MODE_OFFLINE_RACE | 0 | |
| E_MODE_FACE_OFF | 1 | |
| E_MODE_OFFLINE_SHOWTIME | 2 | |
| E_MODE_ROAD_RAGE | 3 | |
| E_MODE_PURSUIT | 4 | |
| E_MODE_BURNING_ROUTE | 5 | |
| E_MODE_ELIMINATOR | 6 | |
| E_MODE_STUNT_ATTACK | 7 | |
| E_MODE_MARKED_MAN | 8 | |
| E_MODE_TRAFFIC_ATTACK | 9 | |
| E_MODE_OFFLINE_COUNT | 10 | |
| E_MODE_ONLINE_MODE_START | 10 | |
| E_MODE_ONLINE_RACE | 10 | |
| E_MODE_ONLINE_ROAD_RAGE | 11 | |
| E_MODE_ONLINE_FUGITIVE | 12 | |
| E_MODE_ONLINE_BURNING_HOME_RUN | 13 | |
| E_MODE_ONLINE_FREE_BURN | 14 | |
| E_MODE_ONLINE_FREE_BURN_LOBBY | 15 | |
| E_MODE_ONLINE_SHOWTIME | 16 | |
| E_MODE_ONLINE_MODE_END | 17 | |
| E_MODE_COUNT | 17 |
BrnGameState::ETakedownType
Note: Unknown0 and 1 are the official Criterion names.
| Name | Value | Comments |
|---|---|---|
| E_TAKEDOWN_NONE | -1 | |
| E_TAKEDOWN_STANDARD | 0 | |
| E_TAKEDOWN_GRINDING | 1 | |
| E_TAKEDOWN_T_BONE | 2 | |
| E_TAKEDOWN_VERTICAL | 3 | |
| E_TAKEDOWN_TRAFFIC_CHECK | 4 | |
| E_TAKEDOWN_HEAD_ON | 5 | |
| E_TAKEDOWN_UNKNOWN0 | 6 | |
| E_TAKEDOWN_UNKNOWN1 | 7 | |
| E_TAKEDOWN_DOUBLE | 8 | |
| E_TAKEDOWN_REVENGE | 9 | |
| E_TAKEDOWN_INTO_CAR | 10 | |
| E_TAKEDOWN_INTO_VAN | 11 | |
| E_TAKEDOWN_INTO_BUS | 12 | |
| E_TAKEDOWN_COUNT | 13 |
BrnGameState::EStuntType
| Name | Value | Comments |
|---|---|---|
| E_STUNT_ELEMENT_TYPE_JUMP | 0 | |
| E_STUNT_ELEMENT_TYPE_SMASH | 1 | |
| E_STUNT_ELEMENT_TYPE_BILLBOARD | 2 | |
| E_STUNT_ELEMENT_TYPE_COUNT | 3 |
BrnResource::ECarType
| Name | Value | Comments |
|---|---|---|
| E_CARTYPE_DANGER | 0 | Speed |
| E_CARTYPE_AGGRESSION | 1 | |
| E_CARTYPE_STUNTS | 2 | |
| E_CARTYPE_INVALID | 3 | |
| E_CARTYPE_COUNT | 3 |
BrnProgression::CarData::UnlockType
| Name | Value | Comment |
|---|---|---|
| E_UNLOCK_TYPE_UNLOCK | 0 | Unlocked at start |
| E_UNLOCK_TYPE_GIFT | 1 | Secondary finishes and Burning Route unlocks |
| E_UNLOCK_TYPE_TROPHY | 2 | Unlocked through achievements (carbon cars) |
| E_UNLOCK_TYPE_SHUTDOWN_RIVAL | 3 | |
| E_UNLOCK_TYPE_GOLD_SILVER | 4 | Gold and platinum cars |
| E_UNLOCK_TYPE_SPONSOR | 5 |
BrnProgression::RivalData::EState
| Name | Value | Comments |
|---|---|---|
| E_STATE_LOCKED | 0 | |
| E_STATE_UNLOCKED | 1 | Roaming rival |
| E_STATE_FLEEING | 2 | |
| E_STATE_BEATEN | 3 | IsDefeated flag |
| E_STATE_COUNT | 4 |
BrnProgression::ProfileEvent::Flags
| Name | Value | Comments |
|---|---|---|
| E_FLAG_UNDISCOVERED | 0x0 | |
| E_FLAG_DISCOVERED | 0x1 | |
| E_FLAG_FINISHED | 0x2 | |
| E_FLAG_RANK_WIN | 0x4 | |
| E_FLAG_NON_RANK_WIN | 0x8 | |
| E_FLAG_WON_SPECIAL_EVENT_BEFORE | 0x10 | |
| E_FLAG_WON_EVENT_BEFORE | 0x20 |
renderengine::PixelFormat
See PixelFormat (PS3).
BrnWorld::ECounty
See Counties (Burnout Paradise).
BrnWorld::EDistrict
See Districts (Burnout Paradise).
BrnNetwork::EBoostType
| Name | Value | Comments |
|---|---|---|
| E_BOOST_TYPE_NORMAL | 0 | |
| E_BOOST_TYPE_DANGER | 1 | |
| E_BOOST_TYPE_AGGRESSION | 2 | |
| E_BOOST_TYPE_STUNT | 3 | |
| E_BOOST_TYPE_INFINITE | 4 | |
| E_BOOST_TYPE_COUNT | 5 |
BrnNetwork::EVehicleChoice
| Name | Value | Comments |
|---|---|---|
| E_VEHICLE_CHOICE_FREE | 0 | Player chooses car |
| E_VEHICLE_CHOICE_HOST | 1 | Host's choice of car |
| E_VEHICLE_CHOICE_COUNT | 2 |
BrnDirector::GameState::ECameraMode
| Name | Value | Comments |
|---|---|---|
| E_CAMERA_MODE_FIRST_PERSON | 0 | |
| E_CAMERA_MODE_THIRD_PERSON | 1 | |
| E_CAMERA_MODE_COUNT | 2 |