3.80 star(s) 64 Votes

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,341
1,892
I mean like the tutorial in #123, as a computer idiot it looks like programming to me :LOL: I mean is not code and stuff but yah.
That was for v16 and under. v17 had another protection. A check of the original MD5 of the binary. Showed nonymouse. v18 was funny to look at from an insider's POV (Princess Peach was moved to another castle and Mario could get a good chuckle if he noticed something about where she was (being cryptic because I don't hand out things, I try to teach)).
 
  • Wow
Reactions: CosmicBreak

kangsgem2

New Member
Aug 6, 2019
5
1
That was for v16 and under. v17 had another protection. A check of the original MD5 of the binary. Showed nonymouse. v18 was funny to look at from an insider's POV (Princess Peach was moved to another castle and Mario could get a good chuckle if he noticed something about where she was (being cryptic because I don't hand out things, I try to teach)).
I can see you are trying to teach people but the reality is most of the people (including me) in here is just for pirated game. I did try to understand some of the stuff you mentioned and do it myself but it is something I searched on google and still don't understand. I can sense your desperate for people just shouting for cracks & questions and I appreciate the fact you releasing things later so developer can earn better. Anyhow thank you for your contribution. :LOL:
 

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,341
1,892
I can see you are trying to teach people but the reality is most of the people (including me) in here is just for pirated game. I did try to understand some of the stuff you mentioned and do it myself but it is something I searched on google and still don't understand. I can sense your desperate for people just shouting for cracks & questions and I appreciate the fact you releasing things later so developer can earn better. Anyhow thank you for your contribution. :LOL:
Thanks. :)
 

daddybronkus

New Member
Aug 29, 2019
1
1
Been beating my head against a proverbial wall trying to figure out how to crack .18 with little to no understanding of the subject matter. However, I think I've made some progress, though this is difficult for me to quantify as I have no idea what I'm doing.

I've gotten as far as finding the jmp rax, but I'm not sure what to do with this information. I've created a dump but it doesn't do much. (At the moment I am inordinately tired, I feel like I should elaborate on some of my steps thus far but for now I am incapable of doing so.)

All things considered, I'm a complete layman and figured I'd give it a shot trying to figure this all out. It has been interesting, though I'm certain there is a prerequisite body of knowledge that I am ignorant to. If ya'll would be willing, I'd appreciate it if someone could point me towards some literature or guides that would give me a better idea of what is going on here and how to use better use the information within the thread.

You don't have permission to view the spoiler content. Log in or register now.

I would appreciate some help, preferably candid directions with little room for misinterpretation, though I wholly understand if I am too far off the mark for consideration. In any case, thank you for reading and sorry if I'm too much of a dipshit.
 

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,341
1,892
Been beating my head against a proverbial wall trying to figure out how to crack .18 with little to no understanding of the subject matter. However, I think I've made some progress, though this is difficult for me to quantify as I have no idea what I'm doing.

I've gotten as far as finding the jmp rax, but I'm not sure what to do with this information. I've created a dump but it doesn't do much. (At the moment I am inordinately tired, I feel like I should elaborate on some of my steps thus far but for now I am incapable of doing so.)

All things considered, I'm a complete layman and figured I'd give it a shot trying to figure this all out. It has been interesting, though I'm certain there is a prerequisite body of knowledge that I am ignorant to. If ya'll would be willing, I'd appreciate it if someone could point me towards some literature or guides that would give me a better idea of what is going on here and how to use better use the information within the thread.

You don't have permission to view the spoiler content. Log in or register now.

I would appreciate some help, preferably candid directions with little room for misinterpretation, though I wholly understand if I am too far off the mark for consideration. In any case, thank you for reading and sorry if I'm too much of a dipshit.
Actually I thank you for reading. :) Not a dipshit, anyone who wants to learn is more than welcome and applauded. Check convo sent.

I can't give candid answers, it would only enable gimmies and n00bs. But I can guide you a bit. Maybe more-so in a conversation. As for this...

If you can take that jmp rax, you'll be at OEP. Be very specific to let that stack correction happen (the sub rsp after return to module) or you'll corrupt the stack. You can then dump it, no need to do anything else to it (technically). I don't expect most reverse-engineers to also know Unreal Engine, so I'll hand out this next bit. Once the dump is done, you'll need to determine the AES key for the Pak files. Google is your friend on this one. Easy guide out there. Unpack the Pak files and see if you can find any files (binary search all if that helps) that have to do with an MD5 hash...of the original executable. in v17 it was in Paralogue\Content\BP\GlobalFunctionLibrary.uexp. Bowser moved Princess Peach. See if you can find out where and replace that MD5 with your new MD5. Put the Pak files where they need to be (maybe download Epic Games Launcher and "make" a do-nothing game to determine file structure?) That'd be the bare minimum for a 'release'. You'd want to clean your dump up a bit so that most AVs don't grumble but it isn't necessary.

Btw if you are capable of getting to the jmp rax properly, you don't need to do any of it...since you can then just Run... ;) And since the MD5 isn't changed at that point...see where I'm going? (That way if you can at least get there, you can play even if you can't release.) I'd like to urge that you continue this whole "teaching" thing. The more people learn to reverse-engineer, the stronger this forum can become. I don't spell things out, specifically to do exactly that, teach.

You can Google what OEP, EIP, and RIP are. Not hard. "reverse engineering oep eip rip" would get you in the right direction. I guess I can save you time... OEP is Original Entry Point (the start of an executable/library of code), IP is Instruction Pointer ("current line of code"), EIP is Extended IP (32-bit), RIP is 64-bit (Instruction Pointer, R doesn't have a defined meaning anymore).

Unreal Engine can use regular filesystem for loading content or a virtualized filesystem (where all the files for the game are packaged into a single file, a Pak file, usually encrypted with an AES key.)

v17 and v18 are 99% same for protection. Princess Peach has simply been moved to another castle. If you take a look at the old castle's decor...you should notice something funny (if you saw v16-v17 castle)

Look at v17, then look at my v17. Look at the structure of everything. That should help you regarding file structure...and for AES keys, Google is your friend here. Finding an AES key to an Unreal Pak...should be relatively easy.
 
Last edited:

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,341
1,892
Anyone know if the Valve Index will work with the VR?
Good question considering the game engine is Unreal Engine. I don't use VR so I've not monkeyed with Unreal Engine VR API (specifically enabling certain types or if there is any initialization needed per brand etc...) If you try it and it works, could you report back?
 

KodyJones

Newbie
Jul 17, 2019
17
4
Good question considering the game engine is Unreal Engine. I don't use VR so I've not monkeyed with Unreal Engine VR API (specifically enabling certain types or if there is any initialization needed per brand etc...) If you try it and it works, could you report back?
Contemplating Oculus vs Index atm, but I'll lyk! Thank you
 

WhyDoesMyLifeSuck

New Member
May 8, 2018
2
3
Actually I thank you for reading. :) Not a dipshit, anyone who wants to learn is more than welcome and applauded. Check convo sent.

I can't give candid answers, it would only enable gimmies and n00bs. But I can guide you a bit. Maybe more-so in a conversation. As for this...

If you can take that jmp rax, you'll be at OEP. Be very specific to let that stack correction happen (the sub rsp after return to module) or you'll corrupt the stack. You can then dump it, no need to do anything else to it (technically). I don't expect most reverse-engineers to also know Unreal Engine, so I'll hand out this next bit. Once the dump is done, you'll need to determine the AES key for the Pak files. Google is your friend on this one. Easy guide out there. Unpack the Pak files and see if you can find any files (binary search all if that helps) that have to do with an MD5 hash...of the original executable. in v17 it was in Paralogue\Content\BP\GlobalFunctionLibrary.uexp. Bowser moved Princess Peach. See if you can find out where and replace that MD5 with your new MD5. Put the Pak files where they need to be (maybe download Epic Games Launcher and "make" a do-nothing game to determine file structure?) That'd be the bare minimum for a 'release'. You'd want to clean your dump up a bit so that most AVs don't grumble but it isn't necessary.

Btw if you are capable of getting to the jmp rax properly, you don't need to do any of it...since you can then just Run... ;) And since the MD5 isn't changed at that point...see where I'm going? (That way if you can at least get there, you can play even if you can't release.) I'd like to urge that you continue this whole "teaching" thing. The more people learn to reverse-engineer, the stronger this forum can become. I don't spell things out, specifically to do exactly that, teach.

You can Google what OEP, EIP, and RIP are. Not hard. "reverse engineering oep eip rip" would get you in the right direction. I guess I can save you time... OEP is Original Entry Point (the start of an executable/library of code), IP is Instruction Pointer ("current line of code"), EIP is Extended IP (32-bit), RIP is 64-bit (Instruction Pointer, R doesn't have a defined meaning anymore).

Unreal Engine can use regular filesystem for loading content or a virtualized filesystem (where all the files for the game are packaged into a single file, a Pak file, usually encrypted with an AES key.)

v17 and v18 are 99% same for protection. Princess Peach has simply been moved to another castle. If you take a look at the old castle's decor...you should notice something funny (if you saw v16-v17 castle)

Look at v17, then look at my v17. Look at the structure of everything. That should help you regarding file structure...and for AES keys, Google is your friend here. Finding an AES key to an Unreal Pak...should be relatively easy.
As someone who's only assembly experience was with a STM32 in ARM, I find it pleasantly surprising that a fucking porn game of all things has been the motivator of my dive into a more profound understanding of x86 and the technology I use every day.
As the saying goes, if I have seen further it is because I have thought with my penis.

Thank you sensei.
 

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,341
1,892
As someone who's only assembly experience was with a STM32 in ARM, I find it pleasantly surprising that a fucking porn game of all things has been the motivator of my dive into a more profound understanding of x86 and the technology I use every day.
As the saying goes, if I have seen further it is because I have thought with my penis.

Thank you sensei.
Oh I love ARM...low power, used everywhere, easy to build your own projects...Ah. My first experience with ARM was revengineering Motorola (now Arris) SB61XX Series Cable Modems and developing a firmware for them. Good times.
I cant waiting, some one have crack?
If you can't wait, crack it yourself. Read this thread and the Fallen Doll thread. Plenty of hints...
 
  • Like
Reactions: WhyDoesMyLifeSuck

Nero28

Newbie
Sep 3, 2018
27
34
Oh I love ARM...low power, used everywhere, easy to build your own projects...Ah. My first experience with ARM was revengineering Motorola (now Arris) SB61XX Series Cable Modems and developing a firmware for them. Good times.

If you can't wait, crack it yourself. Read this thread and the Fallen Doll thread. Plenty of hints...
if I weren’t stupid, then maybe 6% of 100% could have tried, but there is nothing to be done about it ((man, give me a present for my lonely birthday))
 

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,341
1,892
if I weren’t stupid, then maybe 6% of 100% could have tried, but there is nothing to be done about it ((man, give me a present for my lonely birthday))
I've been told most guys try to pull that with hookers and wives. Doesn't work for them and doesn't work for me. xD Besides, I think nonymouse got my hint and did it. :) Hoping so. They just had a chance to look at it. Woo!

*Edit* Yep. I give the floor to nonymouse, he noticed and has done it. Nice to pass the torch.
 
Last edited:
  • Love
Reactions: nonymouse

nonymouse

Newbie
Jan 4, 2018
19
71
Following BupoTiling03-Retired advice I am still cleaning up the files for a proper release.
Expect a cleaned up release to come in a few days time.

In the meantime. I would highly encourage people to try to run it by themselves using the guides Bupo has shared, no need to do everything just the OEP jump in the debugger is enough to get it working for yourself. Its simple and pretty rewarding.

Plus as they have mentioned that some time should be allowed for the dev to generate revenue from their games.
 

pansch

Newbie
Jun 5, 2017
66
87
I very much like how this thread is developing. Some people might have their rough edges, but they're mostly willing to still help out others and it's refreshing to see that a few people are willing to jump over their shadow and actually challenge themselves to learn new things.

To those who give up as soon as they don't understand something: DON'T give up! It's always a process and you're unlikely to see results within a couple of minutes, so just keep trying and look up what you don't understand. Nothing of this is witchcraft, really.
Not understanding something doesn't make you an idiot, accepting that you don't understand and not doing anything about it makes you an idiot.

Also, patience is a virtue.

Thanks Bupo for poking a few people towards learning some reverse engineering, myself included. Nothing's more fun than learning new things. I also very much agree with the ethical approach that is imparted.
 
3.80 star(s) 64 Votes