- Jun 4, 2019
- 149
- 242
What if you'd take a base character model from an older, unprotected version, and slap it inside the new one ? :^}
Unity FurryVNE [2024-11-09] [FurryVNE Team]
- Thread starter RedPillBlues
- Start date
Any chance the newest version with keyframes can be cracked? I don’t want to fork over cash, but this is Yiffalicious 2 we’re talking about.
- Nov 20, 2020
- 396
- 609
iknow there missing file i use these log extensively to print various data as its easy to pach code and call unity Error log function
Then i can't import old model as the dev changed the skeleton completely
And finally :
Probably but right now i'm trying to crack this game without an account as i don't have the money to pledge 12$ and it's in most case not a problem but the drm they use load a browser with a version of their website inside the game and the said browser do magic thing and when you got a pledged account
EDIT: And also we dont have the real lastest file wich doesnt help as the backend check build version !!
To log i suppose they read the cookies and authentify you into the cloud probably load the scene skyTemple after setting some variables bu thats the part i'm not sure as i fail to bypass the authentication completly and when i manage to load the scene i jmp to far in the code and get messed up model strange error message and so on
And if you ask me how i know the login screen is a webbrowser after breaking headers you can get to the source code to print and also display what you want image etc with the right header
Then i can't import old model as the dev changed the skeleton completely
And finally :
Probably but right now i'm trying to crack this game without an account as i don't have the money to pledge 12$ and it's in most case not a problem but the drm they use load a browser with a version of their website inside the game and the said browser do magic thing and when you got a pledged account
EDIT: And also we dont have the real lastest file wich doesnt help as the backend check build version !!
To log i suppose they read the cookies and authentify you into the cloud probably load the scene skyTemple after setting some variables bu thats the part i'm not sure as i fail to bypass the authentication completly and when i manage to load the scene i jmp to far in the code and get messed up model strange error message and so on
And if you ask me how i know the login screen is a webbrowser after breaking headers you can get to the source code to print and also display what you want image etc with the right header
Last edited:
The way this game is being encrypted so hardcore and to such an extent, it sounds like the developers want to make it a tool a la Blender or Maya without the part of making character models from scratch by using the FVNE part.
I seem to remember the devs once upon a time (like back when they started working on it) saying they would make Yiffalicious 2 free like the first. That sure seems like a lie now, unless they make it free after sorting out the many issues it currently has, though that begs the question of why not make it available to even the pirates who would also give insight into bugs and other issues that would need fixed.
I seem to remember the devs once upon a time (like back when they started working on it) saying they would make Yiffalicious 2 free like the first. That sure seems like a lie now, unless they make it free after sorting out the many issues it currently has, though that begs the question of why not make it available to even the pirates who would also give insight into bugs and other issues that would need fixed.
- Nov 20, 2020
- 396
- 609
because now they get 8000$+ per month before they were 6000$+ per month they started to milk the last cent of their fan i think
and i dont think there is that much encryption and if there is one the keys a stored in the game or in the request made to their server and i dont think the key is unique to the account the code i found isnt that complex and if we can get a account we also can get the file decrypted and patch the game to use the local one already decrypted that also a possibility
SodaSoda if you manage to find something please report as i'm stuck in a loop were the game take me back to the login screen after dysplaying a shot grey screen that seem to be the transition to the loading of the game but after that it get back to login so idk i can be wrong here
I'm quiting reversing this mess until i can get an account or someone lend me one i can't find the needle i miss and i'm starting to waste to much time on it i think the solution is located inside :
YL2_Verification_Verify__BDBIJPCFAJB ==> this check if the server response are not 403 and are 200 and direct the code to the error according to the encoutered errors
or
YL2_Verification_Verify_JGOEKHJEBJM__IBJJHCBJNCH ==> this seem to hash password and do some deciphering its probably the more ineresting one
Inside the dump.rar are dummy dll and the file that are needed to get the function name in ida because i don't know for sure that we all have the same result in the function naming
and i'm not giving up just i can't progress anymore i need more data and without account it's too hard to get these data
Last edited:
- Jun 4, 2019
- 149
- 242
- Nov 20, 2020
- 396
- 609
No i can't with my skillset try more thing i need an account to gather data we just need to find someone that want to take the risk or wait until i find a way to pledge the dev even if i don't want to
and also i'm so frustrated that this became personnal if it's crackable i will crack this game !
- May 4, 2021
- 37
- 269
FurryVNE 2024-02-11
You must be registered to see the links
You must be registered to see the links
You must be registered to see the links
I can confirm that the installation directory did not change in size after logging in!
Going so open about all this process wouldnt make the devs more aware and tricky about how to encrypt it? Im sure they are aware of the existence of this thread
- Jan 3, 2019
- 276
- 248
Oh, it will. And its not like were deep in some form of unknown, dark-web forum. If the devs arent aware of f95's existence, someone under their belt would be.
Buuuut its the best we got atm, lets just see how things go from here.
- Dec 29, 2018
- 452
- 878
I thought devs said the game will be free for everybody when interactions come? Or it's about release version 20 years later?
- Nov 20, 2020
- 396
- 609
Yeah but they can see what we Do and how we patch the game using exactly the same method we use in like 12 minutes they can compare the patched gameassembly see the byte that we modified decompile the thing see how we Do IT and change the code thats the game and talking about our process and what wee see Will change nothing
Would the last option also mean that if at any point this team ceases to exist for whatever reason then the whole "game" would die like all these online only games without servers?
- Oct 11, 2021
- 34
- 56
As someone said earlier, indeed their first game when it was in beta had similar protection only without the obfuscator. I don't think it's difficult for them to maintain these servers since their first game is still with working servers after 8 years. Most likely they will actually make this "game" free too when it comes out of beta.
To be honest, I'm only interested in this game because of these kinda innovative interactions. Well im probably asking too much but it’s a pity that it’s not open source and on il2cpp
Last edited:
Same,this looks far superior to what can be done on trash like Honey Select or Koikatsu studio
Just...with furries,tho i dont mind that,pr0nz is pr0nz
- Jul 27, 2018
- 30
- 26
Yes and no. You can force any unity scene to load either by making a custom hack or via UnityExplorer but all of the actual content of the program (namely meshes and such) isn't loaded, thus, all you get is a map, useless menus and background music. The current consensus of how this protection works is that the authorization function that npomme analyzed, somehow loads the needed content after authenticating patreon user.
Il2CppDumper gave me the function names that you mentioned so I think we can assume that the results of header dumping are consistent.
Also, may I ask you whether you use IDA pro or the free version of IDA?
For the past 3 days I've been trying to learn reverse engineering with Ghidra but this program has been EXTREMELY uncooperative when it comes to debugging features. It cannot attach the debugger to a process that is already running without vomiting java exceptions and starting FurryVNE with a debugger attached at launch makes it crash with the "Failed to load original DLL" just like it sometimes does when you open it normally.
If I have to use an external debugger alongside Ghidra and look up decompiled functions by hand, then I'd rather give up Ghidra and try out IDA since I really want to be able to do proper decompilation debugging like you seem to be doing.
I'm trying to get my setup in working order by testing it on notepad.exe first, but at this point my patience has worn really thin. I already encountered multitude of problems I later found on Ghidra's github forums, many of which seem still unresolved...
That is a valid concern but I don't think it matters, especially at this point because:
1. Fiddling with their protection will always cost time, and at this point it'll probably be a lot of work for very diminished returns.
2. The guys here (or 1 guy mostly, thank you again for your effort npomme) haven't done nowhere near that much progress to justify making all this talk more private, imo.
However if someone here cracked it, then maybe it would be smart to not disclose the most technical details publicly.
Last edited:
- Nov 8, 2021
- 141
- 442
Free is ass. Either use a paid version with a HexRays Decompiler license or use Ghidra
Both Ghidra and IDA are designed as static disassembly tools first and foremost. I thoroughly recommend getting a dedicated debugger (x64dbg), the experience is significantly better. You do not have to look up disassembled/named functions by hand: you can either make or use a pre-existing script to export IDA databases to x64dbg databases
Anyway, I found some more time to look at it. Content is encrypted on-disk and gets decrypted through a field from the Patreon request. Essentially, you can't just patch the program to say blindly say "oh okay this unregistered user does have access," you'll need to figure out the encryption scheme and incorporate a keygen. Alternatively, a paid user could theoretically just dump the encrypted files from memory and then the crack would be distributed with those now-decrypted files
- Jul 27, 2018
- 30
- 26
THANK YOU.
Being able to load decompiled data into x64dbg is exactly what I needed so this is excellent news. Now I'll be able to actually start learning SRE somewhat properly instead of wasting time on bullshit java errors.
Funny thing is, I was already thinking about trying x64dbg for the dynamic part of analysis because I didn't llike WinDbg that much. Most tutorials I've seen used Ghidra alongside x64dbg anyway. Now I know why
- Nov 20, 2020
- 396
- 609
I'm using ida pro and debuger work but you need to consider that :Yes and no. You can force any unity scene to load either by making a custom hack or via UnityExplorer but all of the actual content of the program (namely meshes and such) isn't loaded, thus, all you get is a map, useless menus and background music. The current consensus of how this protection works is that the authorization function that npomme analyzed, somehow loads the needed content after authenticating patreon user.
Il2CppDumper gave me the function names that you mentioned so I think we can assume that the results of header dumping are consistent.
Also, may I ask you whether you use IDA pro or the free version of IDA?
For the past 3 days I've been trying to learn reverse engineering with Ghidra but this program has been EXTREMELY uncooperative when it comes to debugging features. It cannot attach the debugger to a process that is already running without vomiting java exceptions and starting FurryVNE with a debugger attached at launch makes it crash with the "Failed to load original DLL" just like it sometimes does when you open it normally.
If I have to use an external debugger alongside Ghidra and look up decompiled functions by hand, then I'd rather give up Ghidra and try out IDA since I really want to be able to do proper decompilation debugging like you seem to be doing.
I'm trying to get my setup in working order by testing it on notepad.exe first, but at this point my patience has worn really thin. I already encountered multitude of problems I later found on Ghidra's github forums, many of which seem still unresolved...
That is a valid concern but I don't think it matters, especially at this point because:
1. Fiddling with their protection will always cost time, and at this point it'll probably be a lot of work for very diminished returns.
2. The guys here (or 1 guy mostly, thank you again for your effort npomme) haven't done nowhere near that much progress to justify making all this talk more private, imo.
However if someone here cracked it, then maybe it would be smart to not disclose the most technical details publicly.
so you will need to patch the assembly via hex editor or create fuction inside the empty space that do the patching inside the code and find a way to call it somewhere
Dont use IDA free it pure garbage and if its true it seem that ghidra is better but i always come back to ida because ghidra has so much problem !
Edit:
Dynamic analysis can be tricky with all the padding and crap added by beebyte i find the code jumping all other the place really confusing