CREATE YOUR AI CUM SLUT ON CANDY.AI TRY FOR FREE
x
3.80 star(s) 64 Votes

dafafa

Newbie
Dec 15, 2018
43
28
Hey Bupo instead of bumping my head trying to crack it with 0 starting knowledge on pretty much everything, are there some resources, books, places that you can suggest where to learn this stuff from the beginning?
Of course i get that i can just google it, but since you are so knowledgeable maybe you can point me to the most efficient resources.
 

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,351
1,907
Hey Bupo instead of bumping my head trying to crack it with 0 starting knowledge on pretty much everything, are there some resources, books, places that you can suggest where to learn this stuff from the beginning?
Of course i get that i can just google it, but since you are so knowledgeable maybe you can point me to the most efficient resources.
Google is the most efficient. xD Eh, Tuts4You is good. Another good resource would be Micro$hit's PE Format.
 
Last edited:

Dyatlov

Newbie
Jul 22, 2019
82
249
This is my first attempt at reverse engineering, and I've never touched a assembly code before, so it looks chinese to me xD

Thanks for your tutorial. I was following it, i'm stuck at this part

Allow the kernel to load EKC6420, let it execute until it returns to main executable, step over the stack pointer add. You'll see a jmp just above before the call that caused the loading of EKC6420. Set EIP to follow, continue until you see a jmp rax (function end isn't a return but a simple jmp OEP). That is your jump to OEP. Step, you're now at OEP. 60 seconds tops.
Is this the correct jump ? after setting rip (assuming rip and eip is the same) to this jump, i was stepping over but i didn't find a jmp rax instead i received a EXCEPTION_ACCESS_VIOLATION after stepping through about 14 lines

1567255545719.png

also i'm not sure if i understood this part "let it execute until it returns to main executable, step over the stack pointer add"
how do i know if it has returned to the main executable ?

i can't see a add sp, i googled and found rsp means Register Stack pointer. i'm not sure if it's same as add sp
 

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,351
1,907
You forgot to let it load the library. Right now, you're in the Kernel. You're not looking for the JMP yet. When it RETs back to Paralogue module, you'll see what you need to. Notice the module you're in, title of your debugger says it all. (You're very close btw...you'll probably laugh once you figure it out. Very glad you're this far. :D) Remember to let it Load the protection and then let it Return to the main module... SP means Stack Pointer (16-bit). ESP means Extended Stack Pointer (32-bit), RSP means Register Stack Pointer (64-bit). Though technically, 64-bit registers never actually have that name-prefix. We just go with it. :) (It'll probably be easier for you to use "Step Over" instructions when in the Kernel btw.) I use shortcut keys, much faster stepping into/over/blablabla.
 
Last edited:

badboyqq22

New Member
Aug 8, 2019
2
1
@ [USER = 765911] BupoTiling03-退休[/ USER]
“跳过堆栈指针添加。在导致加载EKC6420的调用之前,你会在上面看到一个jmp。设置EIP跟随”

上面是什么意思,我怎么找到jmp?
 
Last edited:

Dyatlov

Newbie
Jul 22, 2019
82
249
You forgot to let it load the library. Right now, you're in the Kernel. You're not looking for the JMP yet. When it RETs back to Paralogue module, you'll see what you need to. Notice the module you're in, title of your debugger says it all. (You're very close btw...you'll probably laugh once you figure it out. Very glad you're this far. :D) Remember to let it Load the protection and then let it Return to the main module... SP means Stack Pointer (16-bit). ESP means Extended Stack Pointer (32-bit), RSP means Register Stack Pointer (64-bit). Though technically, 64-bit registers never actually have that name-prefix. We just go with it. :) (It'll probably be easier for you to use "Step Over" instructions when in the Kernel btw.) I use shortcut keys, much faster stepping into/over/blablabla.
I got it to work for myself :D this is the first time i reverse engineered anything. i wanted to learn it for a long time but never had the motivation to start.. haha

when I have free time again, I'm going to give a shot at making a crack, although i probably won't succeed :LOL:

Thank you so much for the tutorial and help (y)

 
Last edited:

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,351
1,907
I got it to work for myself :D this is the first time i reverse engineered anything. i wanted to learn it for a long time but never had the motivation to start.. haha

when I have free time, I will give a shot at making a crack, although i probably won't succeed :LOL:

Thank you so much for the tutorial and help (y)
Glad you could learn something from it all. :) Actually, if you were on v16, you could just dump it and it'd work. Sure it'd be professional to clean up the exe a bit but it'd work regardless. Since v17, another piece of protection was added. Not difficult but not for newcomers. :) Enjoy. :) How do you feel about that comment earlier, 10 hours nothing...and so close all along?

Also, I'd like for nonymouse to be the one to release v18, being the first one to learn how. They also know how to clean up the executable. Makes for less AVs flagging and fussing. They will probably release on Monday, giving the author a week to make his income.
 

nonymouse

Newbie
Jan 4, 2018
19
71
Nice to see so many people are able to get it working now. I imagine they are just as excited about it as I was when it worked for me the first time as well :LOL:

BupoTiling03-Retired this proves you are a good teacher, repeating the steps multiple times until people could make it this far :)
 
  • Like
Reactions: 00Bob00 and Dyatlov

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,351
1,907
Nice to see so many people are able to get it working now. I imagine they are just as excited about it as I was when it worked for me the first time as well :LOL:

BupoTiling03-Retired this proves you are a good teacher, repeating the steps multiple times until people could make it this far :)
Thanks. :) Glad people can learn and grow. Btw I made a script for you.
 

VLindemann

Member
Apr 25, 2018
153
265
I could probably give it a try but my daily life is already busy as hell so i'll wait for someone to upload it here yet good job everyone.I also occasionally i crack steam games for my personal use.
 

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,351
1,907
I could probably give it a try but my daily life is already busy as hell so i'll wait for someone to upload it here yet good job everyone.I also occasionally i crack steam games for my personal use.
Heh, same. If you can remove SteamDRM, you can easily do this.
 

156_163_146_167

Engaged Member
Jun 5, 2017
3,138
2,512
After two afternoons of trying and reading a lot of hints in this thread, I think I might have done it. The reason I say I might is that I have an exe now that I can run and it skips the activation dialogue. The problem is that the next thing I get is a few seconds of black screen and then it closes itself. And I don't know if this is due to me performing the crack incorrectly or some problem with the game itself. For what it's worth, the 0.17 crack works fine on my computer.
 

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,351
1,907
After two afternoons of trying and reading a lot of hints in this thread, I think I might have done it. The reason I say I might is that I have an exe now that I can run and it skips the activation dialogue. The problem is that the next thing I get is a few seconds of black screen and then it closes itself. And I don't know if this is due to me performing the crack incorrectly or some problem with the game itself. For what it's worth, the 0.17 crack works fine on my computer.
No, you performed it correctly. Half of it. The rest of the protection isn't in the executables. Look into the Pak files. The game is calling "Quit" to exit...for a reason. In fact, Page 17 has what you need.
 
  • Like
Reactions: 00Bob00

BupoTiling03-Retired

Well-Known Member
Modder
Jul 21, 2018
1,351
1,907
You need to come to jmp rax by natural means (with the exception of taking the one jmp above that call to load the protection). Besides, this all assumes you have some experience reverse-engineering/computer-literacy.
 

156_163_146_167

Engaged Member
Jun 5, 2017
3,138
2,512
No, you performed it correctly. Half of it. The rest of the protection isn't in the executables. Look into the Pak files. The game is calling "Quit" to exit...for a reason. In fact, Page 17 has what you need.
Hmm. Some posts lead me to believe I could just run it at that point without having to mess with the pak files. Guess I'll keep looking.
 
3.80 star(s) 64 Votes