- Mar 28, 2019
- 50
- 77
Unity FurryVNE [2024-03-12] [FurryVNE Team]
- Thread starter RedPillBlues
- Start date
- Jul 27, 2017
- 351
- 268
Yeah, this game is nice and all but it's also in the early stages in terms of the interactions, what you get is not that different from the first game unless you really wanna animate with keyframes, and it has its fair share of bugs, if you know that going in then sure, go ahead and support it, but if you expect something more i'd at the very least wait for the interaction cloud to get implemented.
As for nothing like it existing i can only assume you've never used Virt a Mate as it is still the far superior experience in terms of interactions if you know what you're doing, especially in VR, that said, this coupled with the character editor is really powerful, there is no easy way to make a decent character for VAM, it is WAY harder.
- Oct 28, 2017
- 59
- 138
- Mar 28, 2019
- 50
- 77
- Nov 20, 2020
- 292
- 390
I'm diving in back i'm sick so i have time to spend and also to learn but i wonder if anyone have an account and can trace function call?
What i need is what the compiler call just before loading the game after authentication
if anyone know if there a menu when the authentication and the pledge is validated that will help too
i will continue the manual reverse but its really more time consuming without a good entry point like the latest method called inside the Verify.(x) after a true login with pledge
What i need is what the compiler call just before loading the game after authentication
if anyone know if there a menu when the authentication and the pledge is validated that will help too
i will continue the manual reverse but its really more time consuming without a good entry point like the latest method called inside the Verify.(x) after a true login with pledge
- Jun 4, 2019
- 138
- 219
Try BepInEx. In my tries, on launch, it'd display that unity was trying to fetch cookies or something, I couldn't understand a lot because my knowledge is extremely limited. It showed what it was trying to call.
- Nov 20, 2020
- 292
- 390
i think they double check or something i got the game stuck on this screen when trying to crack him this go after the pledge message but
After that i used fiddle to check if there is some web request and found this :
After that i used fiddle to check if there is some web request and found this :
- Nov 20, 2020
- 292
- 390
Quick investigation create more questions
If i create a request were i say all is goo 200 Ok an retuning json the game stay stuck on the verifiying... exactly the same as my bypass each time i bypass the login the game stay stuck on this screen and nothing append i really need to find someone that has an account and can say to us if after the verifiying there something
like downloading or initializing screen best case he can lend his account to me but that i dont count on it
If i create a request were i say all is goo 200 Ok an retuning json the game stay stuck on the verifiying... exactly the same as my bypass each time i bypass the login the game stay stuck on this screen and nothing append i really need to find someone that has an account and can say to us if after the verifiying there something
like downloading or initializing screen best case he can lend his account to me but that i dont count on it
- Oct 11, 2021
- 29
- 31
it looks like you broke the game. When I intercept this packet and stupidly spoof the code to 200 I am again thrown from infinite verification to login. When I put for example 304 or 204 I get a new error "invalid server response". It wants code 200 with some special token. I think you should try to bypass the check in the game code itself. But yeah as you said earlier without knowing what happens after verification, it's like looking for a needle in a haystack, especially with this fucking il2cpp
Upd: i sent 200 with json set to true. Still taking me back to login. Im pretty sure it needs some token, not just json.
Last edited:
- Jun 4, 2019
- 138
- 219
I salute you lads, doing god's work
- Nov 20, 2020
- 292
- 390
no IL2CPP is not the ennemy here this is what make game easy to decompile if it was not that broken by design all the code will be obfuscated IL2CPP is an interpreter that sit between the script code and the real code his task is to convert whatever language script to c# and by doing this he need to keep a file encrypted with all the struct (name of the method) and all the metadata needed to assign them to obfuscated content so it make our job easier as there a big flaw that make decrypting the container easy because the key are in the binary and with a little trick you can extract them this is what IL2CPPDUMPER
is doing and works great!
For the i'm not only giving 200 im passing json wich what the game is wanting with some value tweaked to true but i think its not enough there an other trick in place i pretty sure the last method thats called and draw the message is YL2_Verification_Verify__JLJBBEPJHKC
and the code that draw the error pledge is :
Code:
il2cpp:00007FFBFC6E3A99 loc_7FFBFC6E3A99: ; CODE XREF: YL2_Verification_Verify$$JLJBBEPJHKC_latestCall+7C0↑j
il2cpp:00007FFBFC6E3A99 test rbp, rbp
il2cpp:00007FFBFC6E3A9C jz short loc_7FFBFC6E3AFF <=Exeption catch
il2cpp:00007FFBFC6E3A9E mov r9, rbx ; callback
il2cpp:00007FFBFC6E3AA1 mov qword ptr [rsp+48h+strict], 0 ; method
il2cpp:00007FFBFC6E3AAA mov r8, rsi ; items
il2cpp:00007FFBFC6E3AAD mov rdx, r14 ; text
il2cpp:00007FFBFC6E3AB0 mov rcx, rbp ; this
il2cpp:00007FFBFC6E3AB3 call YL2_Modal$$Show_6452275376
il2cpp:00007FFBFC6E3AB8 jmp loc_7FFBFC6E360Dloc_7FFBFC6E3AFF call a sub that allways jumping to other subroutines that are exception related so its error and this subroutine is everywhere
the fact i know my code doesnt really broke the game is because i never fall into these subroutines and i get spike when he try to recheck the request there is missing data here thats not a broken game!
- Oct 20, 2019
- 25
- 191
yeah.... unfortunately the spine node from the original Yiffalicious has been replaced with a far more dynamic (but really slow) 3-slider menu, making it a challenge to get it to spin around on cue, turning high-paced animations into blursed cinema
"my child, you must end my suffering"
- Sep 19, 2018
- 45
- 49
someone hmu when yall get this shit working in an easy install file, its about time i jack my dick off to big ass
- Mar 28, 2019
- 50
- 77
- Nov 8, 2021
- 132
- 304
Hi, I come from the cracking forum. I've only spent less than an hour looking at the game and will be working slowly on it because I'm busy right now and have other hobby projects to work on alongside work. Because of this I figured I'll share my findings if anyone else finds them useful
Obviously, as you know, there's 40+ Verify functions that have had their names obfuscated. Also as we know, this doesn't matter a lot because IL2CPP is a godsend and the metadata it comes with is akin to debug symbols, but you can't strip them. Simple reasoning states that all functions will not be used, and looking at the dissasembly most are duplicates of one another
First order of business is to find which ones are actually called. Easiest way is to attach a debugger and give it a spin
Looking into Verify.JLJBBEPJHKC you can see it calls UnityWebRequest.GetResponseCode. If it is code 200, continue with the verification. If not, figure out the error message to display, construct it, and show it.
Forcing Verify.JLJBBEPJHKC to accept any status code as valid, not just 200, leads to Verify.PCHDHEFEMEI. This one checks the content of the data received and, if everything looks good, sets several values with PlayerPrefs.Set. Forcing PCHDHEFEMEI to succeed moves on to ILELHEPOPDJ (which I haven't looked into yet) which unconditionally moves to GNKKAIBCKFG. GNKKAIBCKFG has the potential to be more interesting, it reads/writes to the "password" field and returns a bool. Forcing it to return true leads to ONLAPIANNCH, which does some SHA1 hashing on the password field and also returns a bool. Forcing this one to return true takes us to LKMNBJMOFHB (which I also haven't looked into and could be a garbage call). Game crashed here because an object wasn't initialised which, yeah, I got a little lazy on ONLAPIANNCH and just changed the "return false" bit (xor al,al) to "return true" (mov al,1) so some necessary instructions that normally run on a legitimate run weren't executed
Overall call chain of Verify functions where I've blocked network access for the game:
That's where I stopped yesterday, but I'll work more on it tonight. Again, if someone has more time to dedicate to this I hope I've helped you
Obviously, as you know, there's 40+ Verify functions that have had their names obfuscated. Also as we know, this doesn't matter a lot because IL2CPP is a godsend and the metadata it comes with is akin to debug symbols, but you can't strip them. Simple reasoning states that all functions will not be used, and looking at the dissasembly most are duplicates of one another
First order of business is to find which ones are actually called. Easiest way is to attach a debugger and give it a spin
This guy gets the idea. Yes, Verify.JLJBBEPJHKC is the last method called if you do not have internet connection or have not pledged enough. A bunch of Verify methods get called before it but I haven't found anything interesting in those and assume they're there as a form of obfuscation or setup
Looking into Verify.JLJBBEPJHKC you can see it calls UnityWebRequest.GetResponseCode. If it is code 200, continue with the verification. If not, figure out the error message to display, construct it, and show it.
Forcing Verify.JLJBBEPJHKC to accept any status code as valid, not just 200, leads to Verify.PCHDHEFEMEI. This one checks the content of the data received and, if everything looks good, sets several values with PlayerPrefs.Set. Forcing PCHDHEFEMEI to succeed moves on to ILELHEPOPDJ (which I haven't looked into yet) which unconditionally moves to GNKKAIBCKFG. GNKKAIBCKFG has the potential to be more interesting, it reads/writes to the "password" field and returns a bool. Forcing it to return true leads to ONLAPIANNCH, which does some SHA1 hashing on the password field and also returns a bool. Forcing this one to return true takes us to LKMNBJMOFHB (which I also haven't looked into and could be a garbage call). Game crashed here because an object wasn't initialised which, yeah, I got a little lazy on ONLAPIANNCH and just changed the "return false" bit (xor al,al) to "return true" (mov al,1) so some necessary instructions that normally run on a legitimate run weren't executed
Overall call chain of Verify functions where I've blocked network access for the game:
Code:
Verify$$.ctor > Verify$$Awake > Verify$$Start > Verify$$GNKKAIBCKFG > Verify$$MNFHGOOHPFL > Verify$$FBGIJGBDDLA > Verify$$CCICHFKODEK > Verify$$ABNFNAFACMJ > Verify$$FBGIJGBDDLA > Verify$$CCICHFKODEK > Verify$$JLJBBEPJHKC > FINISH ("Connection issue") / ("A pledge of $12 or more is required")
If JLJBBEPJHKC succeeds: Verify$$PCHDHEFEMEI > Verify$$ILELHEPOPDJ > Verify$$GNKKAIBCKFG (force TRUE) > Verify$$ONLAPIANNCH (force TRUE) > Verify$$LKMNBJMOFHB > ...- Nov 20, 2020
- 292
- 390
There is 128 verify not called on my Ida using no internet and no pledge as a Filter setting a break point on each one an deleting all break point that are called i think the solution is un one of the Unused one but if i force a fake login game always crash i think i Will continue m'y tinkering today but if i were to have an account that Will ne way easier
- May 4, 2021
- 37
- 269
FurryVNE 2024-02-09
You must be registered to see the links
You must be registered to see the links
You must be registered to see the links
- Nov 20, 2020
- 292
- 390