Hi, I come from the cracking forum. I've only spent less than an hour looking at the game and will be working slowly on it because I'm busy right now and have other hobby projects to work on alongside work. Because of this I figured I'll share my findings if anyone else finds them useful
Obviously, as you know, there's 40+ Verify functions that have had their names obfuscated. Also as we know, this doesn't matter a lot because IL2CPP is a godsend and the metadata it comes with is akin to debug symbols, but you can't strip them. Simple reasoning states that all functions will not be used, and looking at the dissasembly most are duplicates of one another
First order of business is to find which ones are actually called. Easiest way is to attach a debugger and give it a spin
This guy gets the idea. Yes, Verify.JLJBBEPJHKC is the last method called if you do not have internet connection or have not pledged enough. A bunch of Verify methods get called before it but I haven't found anything interesting in those and assume they're there as a form of obfuscation or setup
Looking into Verify.JLJBBEPJHKC you can see it calls UnityWebRequest.GetResponseCode. If it is code 200, continue with the verification. If not, figure out the error message to display, construct it, and show it.
Forcing Verify.JLJBBEPJHKC to accept any status code as valid, not just 200, leads to Verify.PCHDHEFEMEI. This one checks the content of the data received and, if everything looks good, sets several values with PlayerPrefs.Set. Forcing PCHDHEFEMEI to succeed moves on to ILELHEPOPDJ (which I haven't looked into yet) which unconditionally moves to GNKKAIBCKFG. GNKKAIBCKFG has the potential to be more interesting, it reads/writes to the "password" field and returns a bool. Forcing it to return true leads to ONLAPIANNCH, which does some SHA1 hashing on the password field and also returns a bool. Forcing this one to return true takes us to LKMNBJMOFHB (which I also haven't looked into and could be a garbage call). Game crashed here because an object wasn't initialised which, yeah, I got a little lazy on ONLAPIANNCH and just changed the "return false" bit (xor al,al) to "return true" (mov al,1) so some necessary instructions that normally run on a legitimate run weren't executed
Overall call chain of Verify functions where I've blocked network access for the game:
Code:
Verify$$.ctor > Verify$$Awake > Verify$$Start > Verify$$GNKKAIBCKFG > Verify$$MNFHGOOHPFL > Verify$$FBGIJGBDDLA > Verify$$CCICHFKODEK > Verify$$ABNFNAFACMJ > Verify$$FBGIJGBDDLA > Verify$$CCICHFKODEK > Verify$$JLJBBEPJHKC > FINISH ("Connection issue") / ("A pledge of $12 or more is required")
If JLJBBEPJHKC succeeds: Verify$$PCHDHEFEMEI > Verify$$ILELHEPOPDJ > Verify$$GNKKAIBCKFG (force TRUE) > Verify$$ONLAPIANNCH (force TRUE) > Verify$$LKMNBJMOFHB > ...
That's where I stopped yesterday, but I'll work more on it tonight. Again, if someone has more time to dedicate to this I hope I've helped you
"my child, you must end my suffering"
