- Mar 28, 2019
- 50
- 77
trueBro u sound like a bot making an AD......but yeh the game itselfs looks nc to mess with
trueBro u sound like a bot making an AD......but yeh the game itselfs looks nc to mess with
Yeah, this game is nice and all but it's also in the early stages in terms of the interactions, what you get is not that different from the first game unless you really wanna animate with keyframes, and it has its fair share of bugs, if you know that going in then sure, go ahead and support it, but if you expect something more i'd at the very least wait for the interaction cloud to get implemented.But the game for christ sake! Ure gonna fucking love it, and will not regret it. If you love furries youre not gonna like ANY other game of the sort. Once you start, you´ll see, you will NEVER want to leave.
Heres an example, this animation took me seconds to set up (apart from the time it takes to learn the basics of the program)
I got so aroused by some models I cannot stop getting excited. Sorry If I am being too sincere. But this program allows you to do all sorts of perversions without having to know anything about modelling or sculpting.
But the game for christ sake! Ure gonna fucking love it, and will not regret it. If you love furries youre not gonna like ANY other game of the sort. Once you start, you´ll see, you will NEVER want to leave.
Heres an example, this animation took me seconds to set up (apart from the time it takes to learn the basics of the program)
I got so aroused by some models I cannot stop getting excited. Sorry If I am being too sincere. But this program allows you to do all sorts of perversions without having to know anything about modelling or sculpting.
But the game for christ sake! Ure gonna fucking love it, and will not regret it. If you love furries youre not gonna like ANY other game of the sort. Once you start, you´ll see, you will NEVER want to leave.
Heres an example, this animation took me seconds to set up (apart from the time it takes to learn the basics of the program)
I got so aroused by some models I cannot stop getting excited. Sorry If I am being too sincere. But this program allows you to do all sorts of perversions without having to know anything about modelling or sculpting.
Try BepInEx. In my tries, on launch, it'd display that unity was trying to fetch cookies or something, I couldn't understand a lot because my knowledge is extremely limited. It showed what it was trying to call.I'm diving in back i'm sick so i have time to spend and also to learn but i wonder if anyone have an account and can trace function call?
What i need is what the compiler call just before loading the game after authentication
if anyone know if there a menu when the authentication and the pledge is validated that will help too
i will continue the manual reverse but its really more time consuming without a good entry point like the latest method called inside the Verify.(x) after a true login with pledge
have patience, saying it over and over isn't helping anything.Quick investigation create more questions
If i create a request were i say all is goo 200 Ok an retuning json the game stay stuck on the verifiying... exactly the same as my bypass each time i bypass the login the game stay stuck on this screen and nothing append i really need to find someone that has an account and can say to us if after the verifiying there something
like downloading or initializing screen best case he can lend his account to me but that i dont count on it
it looks like you broke the game. When I intercept this packet and stupidly spoof the code to 200 I am again thrown from infinite verification to login. When I put for example 304 or 204 I get a new error "invalid server response". It wants code 200 with some special token. I think you should try to bypass the check in the game code itself. But yeah as you said earlier without knowing what happens after verification, it's like looking for a needle in a haystack, especially with this fucking il2cppQuick investigation create more questions
If i create a request were i say all is goo 200 Ok an retuning json the game stay stuck on the verifiying... exactly the same as my bypass each time i bypass the login the game stay stuck on this screen and nothing append i really need to find someone that has an account and can say to us if after the verifiying there something
like downloading or initializing screen best case he can lend his account to me but that i dont count on it
no IL2CPP is not the ennemy here this is what make game easy to decompile if it was not that broken by design all the code will be obfuscated IL2CPP is an interpreter that sit between the script code and the real code his task is to convert whatever language script to c# and by doing this he need to keep a file encrypted with all the struct (name of the method) and all the metadata needed to assign them to obfuscated content so it make our job easier as there a big flaw that make decrypting the container easy because the key are in the binary and with a little trick you can extract them this is what IL2CPPDUMPERit looks like you broke the game. When I intercept this packet and stupidly spoof the code to 200 I am again thrown from infinite verification to login. When I put for example 304 or 204 I get a new error "invalid server response". It wants code 200 with some special token. I think you should try to bypass the check in the game code itself. But yeah as you said earlier without knowing what happens after verification, it's like looking for a needle in a haystack, especially with this fucking il2cpp
il2cpp:00007FFBFC6E3A99 loc_7FFBFC6E3A99: ; CODE XREF: YL2_Verification_Verify$$JLJBBEPJHKC_latestCall+7C0↑j
il2cpp:00007FFBFC6E3A99 test rbp, rbp
il2cpp:00007FFBFC6E3A9C jz short loc_7FFBFC6E3AFF <=Exeption catch
il2cpp:00007FFBFC6E3A9E mov r9, rbx ; callback
il2cpp:00007FFBFC6E3AA1 mov qword ptr [rsp+48h+strict], 0 ; method
il2cpp:00007FFBFC6E3AAA mov r8, rsi ; items
il2cpp:00007FFBFC6E3AAD mov rdx, r14 ; text
il2cpp:00007FFBFC6E3AB0 mov rcx, rbp ; this
il2cpp:00007FFBFC6E3AB3 call YL2_Modal$$Show_6452275376
il2cpp:00007FFBFC6E3AB8 jmp loc_7FFBFC6E360D
At first i wasnt sure what is wrong with this but then i noticed that the instead of doing a full spin the body just morphs together and the legs spin around like an unholy creation of a crazed elder god.
yeah.... unfortunately the spine node from the original Yiffalicious has been replaced with a far more dynamic (but really slow) 3-slider menu, making it a challenge to get it to spin around on cue, turning high-paced animations into blursed cinemaoh jesus i didnt notice that at first
yeah.... unfortunately the spine node from the original Yiffalicious has been replaced with a far more dynamic (but really slow) 3-slider menu, making it a challenge to get it to spin around on cue, turning high-paced animations into blursed cinema
View attachment 3339385
View attachment 3339389 "my child, you must end my suffering"
This guy gets the idea. Yes, Verify.JLJBBEPJHKC is the last method called if you do not have internet connection or have not pledged enough. A bunch of Verify methods get called before it but I haven't found anything interesting in those and assume they're there as a form of obfuscation or setupFor the i'm not only giving 200 im passing json wich what the game is wanting with some value tweaked to true but i think its not enough there an other trick in place i pretty sure the last method thats called and draw the message is YL2_Verification_Verify__JLJBBEPJHKC
and the code that draw the error pledge is :
the call to modal$$ YL2_Modal$$Show_6452275376 is what prepare the drawing of the pledge error and probably also do the checkCode:il2cpp:00007FFBFC6E3A99 loc_7FFBFC6E3A99: ; CODE XREF: YL2_Verification_Verify$$JLJBBEPJHKC_latestCall+7C0↑j il2cpp:00007FFBFC6E3A99 test rbp, rbp il2cpp:00007FFBFC6E3A9C jz short loc_7FFBFC6E3AFF <=Exeption catch il2cpp:00007FFBFC6E3A9E mov r9, rbx ; callback il2cpp:00007FFBFC6E3AA1 mov qword ptr [rsp+48h+strict], 0 ; method il2cpp:00007FFBFC6E3AAA mov r8, rsi ; items il2cpp:00007FFBFC6E3AAD mov rdx, r14 ; text il2cpp:00007FFBFC6E3AB0 mov rcx, rbp ; this il2cpp:00007FFBFC6E3AB3 call YL2_Modal$$Show_6452275376 il2cpp:00007FFBFC6E3AB8 jmp loc_7FFBFC6E360D
Verify$$.ctor > Verify$$Awake > Verify$$Start > Verify$$GNKKAIBCKFG > Verify$$MNFHGOOHPFL > Verify$$FBGIJGBDDLA > Verify$$CCICHFKODEK > Verify$$ABNFNAFACMJ > Verify$$FBGIJGBDDLA > Verify$$CCICHFKODEK > Verify$$JLJBBEPJHKC > FINISH ("Connection issue") / ("A pledge of $12 or more is required")
If JLJBBEPJHKC succeeds: Verify$$PCHDHEFEMEI > Verify$$ILELHEPOPDJ > Verify$$GNKKAIBCKFG (force TRUE) > Verify$$ONLAPIANNCH (force TRUE) > Verify$$LKMNBJMOFHB > ...
There is 128 verify not called on my Ida using no internet and no pledge as a Filter setting a break point on each one an deleting all break point that are called i think the solution is un one of the Unused one but if i force a fake login game always crash i think i Will continue m'y tinkering today but if i were to have an account that Will ne way easierHi, I come from the cracking forum. I've only spent less than an hour looking at the game and will be working slowly on it because I'm busy right now and have other hobby projects to work on alongside work. Because of this I figured I'll share my findings if anyone else finds them useful
Obviously, as you know, there's 40+ Verify functions that have had their names obfuscated. Also as we know, this doesn't matter a lot because IL2CPP is a godsend and the metadata it comes with is akin to debug symbols, but you can't strip them. Simple reasoning states that all functions will not be used, and looking at the dissasembly most are duplicates of one another
First order of business is to find which ones are actually called. Easiest way is to attach a debugger and give it a spin
This guy gets the idea. Yes, Verify.JLJBBEPJHKC is the last method called if you do not have internet connection or have not pledged enough. A bunch of Verify methods get called before it but I haven't found anything interesting in those and assume they're there as a form of obfuscation or setup
Looking into Verify.JLJBBEPJHKC you can see it calls UnityWebRequest.GetResponseCode. If it is code 200, continue with the verification. If not, figure out the error message to display, construct it, and show it.
Forcing Verify.JLJBBEPJHKC to accept any status code as valid, not just 200, leads to Verify.PCHDHEFEMEI. This one checks the content of the data received and, if everything looks good, sets several values with PlayerPrefs.Set. Forcing PCHDHEFEMEI to succeed moves on to ILELHEPOPDJ (which I haven't looked into yet) which unconditionally moves to GNKKAIBCKFG. GNKKAIBCKFG has the potential to be more interesting, it reads/writes to the "password" field and returns a bool. Forcing it to return true leads to ONLAPIANNCH, which does some SHA1 hashing on the password field and also returns a bool. Forcing this one to return true takes us to LKMNBJMOFHB (which I also haven't looked into and could be a garbage call). Game crashed here because an object wasn't initialised which, yeah, I got a little lazy on ONLAPIANNCH and just changed the "return false" bit (xor al,al) to "return true" (mov al,1) so some necessary instructions that normally run on a legitimate run weren't executed
Overall call chain of Verify functions where I've blocked network access for the game:
That's where I stopped yesterday, but I'll work more on it tonight. Again, if someone has more time to dedicate to this I hope I've helped youCode:Verify$$.ctor > Verify$$Awake > Verify$$Start > Verify$$GNKKAIBCKFG > Verify$$MNFHGOOHPFL > Verify$$FBGIJGBDDLA > Verify$$CCICHFKODEK > Verify$$ABNFNAFACMJ > Verify$$FBGIJGBDDLA > Verify$$CCICHFKODEK > Verify$$JLJBBEPJHKC > FINISH ("Connection issue") / ("A pledge of $12 or more is required") If JLJBBEPJHKC succeeds: Verify$$PCHDHEFEMEI > Verify$$ILELHEPOPDJ > Verify$$GNKKAIBCKFG (force TRUE) > Verify$$ONLAPIANNCH (force TRUE) > Verify$$LKMNBJMOFHB > ...
Maybe Maybe not i'm decompiling this one and we wil seeHopefully this doesn't mean that the crack progress has to start back up from scratch