Unreal Engine Abandoned Fallen Doll [v1.31] [Project Helius]

4.30 star(s) 25 Votes
Discussion Reviews (25)
D

DickFartVaginaButt

New Member
Dec 4, 2018
11
27
redrosid said:
I spent a few minutes yesterday looking at it, the drm's not obfuscated in any way, part of it is in c# and part of it is c++. it sends a http request to *some ip*:5534/service.asmx (which I redirected to localhost by adding a loopback adapter), and it wants a response similar to
C: 
            Response.ContentType = "text/xml";
            Response.StatusCode = 200;
          
            string errorCode = "0";
            string errorMessage = "";
            string activated = "true";
            string destroyed = "false";
            string maxActivations = "1337";
            string activationCount = "1";
            string licUpgradeId = "1";
            string licKey = "1337133713371337";
            string res = $"<?xml version=\"1.0\" encoding=\"utf-8\"?><soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"><soap:Body><GetStatusResponse xmlns=\"http://demo.eleckey.net/\"><GetStatusResult><ErrorCode>{errorCode}</ErrorCode><ErrorMessage>{errorMessage}</ErrorMessage><ActivationMode>0</ActivationMode><Activated>{activated}</Activated><Destroyed>{destroyed}</Destroyed><MaxActivation>{maxActivations}</MaxActivation><ActivationCount>{activationCount}</ActivationCount><LicUpgradeID>{licUpgradeId}</LicUpgradeID><LicenseKey>{licKey}</LicenseKey></GetStatusResult></GetStatusResponse></soap:Body></soap:Envelope>";

            return Content(res);
but once that is finished, the c++ portion of the drm complains about the license being invalid (or whatever..) and I was too lazy to tryhard in IDA to find what it exactly checks. all of the exports in the c# portion of the drm (Deactivation.exe and Phsrv.dll) are named functions in the c++ dll (ekc6420.dll or ekc3220.dll)

if I had a valid key I could use to activate it and sniff the packets I'd probably be able to fake a valid response, but oh well.
I used dnspy for exploring the c# part of the drm, and ida for c++ bits

source for the web app in attachments (.net core 3)
Click to expand...
Maybe talk to this person and see if they can deactivate their key for you?
 
iAmErmac

iAmErmac

Active Member
Aug 20, 2018
835
5,198
There is only 3 usage per key, so anyone can take it whenever its free. I've checked this DRM stuff as well and now stucked at not getting a valid license key back from the server response. With a valid license key I can probably bypass the online activation and just activate this locally. If anyone has a spare key feel free to message me so I can try making the bypass.
 
  • Like
Reactions: drpavelcia and DickFartVaginaButt
Prick

Prick

Well-Known Member
Jul 17, 2017
1,997
1,733
156_163_146_167 said:
So the thing about the $295 post. Was that for real, or just a mess-up? I assumed it was the latter, because who in their right mind would make a post only accessible for such a high tier.
Click to expand...
It's a real tier, not that anybody is actually subbed for it.
You don't have permission to view the spoiler content. Log in or register now.
 
H

Heffy

New Member
Sep 14, 2017
5
1
Does anyone know what the "Paralogue 0.1" update is? Seems like it is only present in the description of the $8 onlooker tier...
 
byran47

byran47

Member
Jun 8, 2017
453
655
Prick said:
It's a real tier, not that anybody is actually subbed for it.
You don't have permission to view the spoiler content. Log in or register now.
Click to expand...
But people are subbed to it. Otherwise there wouldn't be any comments on those $295 only posts, but there was and before he removed it there was around 21 comments. So give or take probably at least 20-35 people.
 
Evans15

Evans15

Member
Game Developer
Oct 20, 2017
343
414
Heffy said:
Does anyone know what the "Paralogue 0.1" update is? Seems like it is only present in the description of the $8 onlooker tier...
Click to expand...
It is the build dedicated to Alet the new girl, short pink-colored hair, cute voice.
 
drpavelcia

drpavelcia

Member
Aug 19, 2018
433
764
NukaCola said:
Why can't you get it from google link? if its beucase exceed download quota you can create a copy on your google drive and download it or just use my copy.
You must be registered to see the links
Click to expand...
yomamasass said:
Hang in there, uploading to mega... ETA 5 hours so hang tight in there :p
Click to expand...
Thanks guys, but I was hoping to crack the VR version actually. I don't want to make a Google copy because I don't want Google knowing my porn habits, and I can't make a new account without a phone number.

redrosid said:
I spent a few minutes yesterday looking at it, the drm's not obfuscated in any way, part of it is in c# and part of it is c++. it sends a http request to *some ip*:5534/service.asmx (which I redirected to localhost by adding a loopback adapter), and it wants a response similar to
C: 
            Response.ContentType = "text/xml";
            Response.StatusCode = 200;
         
            string errorCode = "0";
            string errorMessage = "";
            string activated = "true";
            string destroyed = "false";
            string maxActivations = "1337";
            string activationCount = "1";
            string licUpgradeId = "1";
            string licKey = "1337133713371337";
            string res = $"<?xml version=\"1.0\" encoding=\"utf-8\"?><soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"><soap:Body><GetStatusResponse xmlns=\"http://demo.eleckey.net/\"><GetStatusResult><ErrorCode>{errorCode}</ErrorCode><ErrorMessage>{errorMessage}</ErrorMessage><ActivationMode>0</ActivationMode><Activated>{activated}</Activated><Destroyed>{destroyed}</Destroyed><MaxActivation>{maxActivations}</MaxActivation><ActivationCount>{activationCount}</ActivationCount><LicUpgradeID>{licUpgradeId}</LicUpgradeID><LicenseKey>{licKey}</LicenseKey></GetStatusResult></GetStatusResponse></soap:Body></soap:Envelope>";

            return Content(res);
but once that is finished, the c++ portion of the drm complains about the license being invalid (or whatever..) and I was too lazy to tryhard in IDA to find what it exactly checks. all of the exports in the c# portion of the drm (Deactivation.exe and Phsrv.dll) are named functions in the c++ dll (ekc6420.dll or ekc3220.dll)

if I had a valid key I could use to activate it and sniff the packets I'd probably be able to fake a valid response, but oh well.
I used dnspy for exploring the c# part of the drm, and ida for c++ bits

source for the web app in attachments (.net core 3)
Click to expand...
Useful! I was looking to use the NSA Ghidra tool, but dnspy looks useful too. I bet there's a way to modify the code to just always return valid in the DRM in that case. As usual this DRM seems to cause legitimate users issues while not really stopping piracy.
 
  • Like
Reactions: especially08
iAmErmac

iAmErmac

Active Member
Aug 20, 2018
835
5,198
drpavelcia said:
Useful! I was looking to use the NSA Ghidra tool, but dnspy looks useful too. I bet there's a way to modify the code to just always return valid in the DRM in that case. As usual this DRM seems to cause legitimate users issues while not really stopping piracy.
Click to expand...
It's easy to modify the c# part to skip online check, but the game launcher binary which is UE4 (c++) codes always looking for a valid license in your computer. You'll either need to remove that part from the game's bytecodes or generate a license using a valid license key with the DRM itself (c# part).

the game uses this for the activation server (SOAP) btw:
You must be registered to see the links
 
  • Like
Reactions: Lif3mau5, drpavelcia and especially08
redrosid

redrosid

New Member
Sep 20, 2018
14
44
drpavelcia said:
I bet there's a way to modify the code to just always return valid in the DRM in that case.
Click to expand...
I have tried that as well, yes. but the c++ portion of the drm (the bit that's embedded/loaded by the game itself) still checks if it's a valid license that gets saved to a file *somewhere*
editing code with dnspy is really easy, just navigate to whatever function, right click and 'edit method (c#)' and you can write anything in there
 
drpavelcia

drpavelcia

Member
Aug 19, 2018
433
764
iAmErmac said:
It's easy to modify the c# part to skip online check, but the game launcher binary which is UE4 (c++) codes always looking for a valid license in your computer. You'll either need to remove that part from the game's bytecodes or generate a license using a valid license key with the DRM itself (c# part).

the game uses this for the activation server (SOAP) btw:
You must be registered to see the links
Click to expand...
Thanks for the info! I saw you're really close to figuring this out; I hope someone can get you a working key so you can get it running.

yomamasass said:
Oh.. Dear, well.. That will be few more hours. I have to download it first soo hang in there again.
Though i would also appreciate if you try to crack the non-vr as well, i can't afford a headset atm.
Click to expand...
Thanks for the upload! If I can get the VR one cracked, I'll definitely try doing the flat version afterward. This is a chance for me to learn more about cracking/reverse engineering, most of what I've done with this before has been limited to minor things like uncapping FPS in games.
 
  • Like
Reactions: eigadora, swallowed, mr.cutuli12 and 5 others
You must log in or register to reply here.
Top Bottom
4.30 star(s) 25 Votes