Unity FurryVNE [2024-11-09] [FurryVNE Team]

3.90 star(s) 9 Votes
Discussion Reviews (9)
npomme

npomme

Member
Nov 20, 2020
396
609
40C72 said:
Anyway, I found some more time to look at it. Content is encrypted on-disk and gets decrypted through a field from the Patreon request. Essentially, you can't just patch the program to say blindly say "oh okay this unregistered user does have access," you'll need to figure out the encryption scheme and incorporate a keygen. Alternatively, a paid user could theoretically just dump the encrypted files from memory and then the crack would be distributed with those now-decrypted files
Click to expand...
the program fallback to login screen if decryption fail and throw lorem ipsum errors and array out of bound error too and i find really weird the fact that they use so much array inside this decryption code
 
Last edited:
haste

haste

Newbie
Jul 27, 2018
30
26
npomme said:
I'm using ida pro and debuger work but you need to consider that :

1707947275799.png
Click to expand...
I actually am working on AMD64 cpu but doing the actual patch is still far away from my grasp currently anyway, I need to level up my skill first.
As others suggested, the way I was thinking of potentially going about this was to just make a MelonLoader plugin to execute the code inside the game, instead of messing with the executable itself.

It looks like I'm going to stay with Ghidra + x64dbg and see what I need for making the actual hack when I have clearer picture of what the hell I am even doing. Ghidra did it's decompiling job so far.

Thank you for the warning though. Worse case scenario I will have to patch the assembly by hand (if I even get to that point). At least it will be an interesting experience :HideThePain:

npomme said:
Dynamic analysis can be tricky with all the padding and crap added by beebyte i find the code jumping all other the place really confusing
Click to expand...
Yeah, I expected this. With my skill and knowledge, I am already facing an impossible task. I don't think it can get any harder for me lmao.
 
G_777888999000

G_777888999000

Newbie
Mar 1, 2020
88
82
The game was blocked using an obfuscator, one bastard laughs that he bought the game and others can't (now his message has been deleted), and I made 5 characters in the build 2023-11-06 and redesigned them.

1.png 2.png 3.png 4.png 5.png
 
G_777888999000

G_777888999000

Newbie
Mar 1, 2020
88
82
npomme said:
the program fallback to login screen if decryption fail and throw lorem ipsum errors and array out of bound error too and i find really weird the fact that they use so much array inside this decryption code
Click to expand...
Hello npomme how are you doing with hacking?
 
npomme

npomme

Member
Nov 20, 2020
396
609
G_777888999000 said:
Hello npomme how are you doing with hacking?
Click to expand...
I'm stuck as i said earlier i dont think i can crack this without an account i give it a try each day but it's hard without even knowing what to expect from the backend

Maybe someone here can get fiddler and dump the request to yl2Cloud/verify with an pledged account it can help to see what the backend really do as i can forge fake request and see were the game jmp with these fake request

If you do so give me the request in private i dont know about the dev policy but they can ban you from requesting the backend as they generate an hardwareUID and they get data from the patreon to fill the other field so better safe than sorry!
 
npomme

npomme

Member
Nov 20, 2020
396
609
I maybe found something but i'm no familiar with the thing i was messing a bit with the fuction looking what they can use to encrypt or at least pack the data and i found this
1708032500837.png

and i checked if this is used in the other version that have no login and the answer is no

This take us to the question you guy are familiar with brotli and if yes as i dont want to read the full documentation is the function used here can be used for encrypting content?
 
D

Drae

New Member
Nov 2, 2017
10
24
Brotli is but a lossless compression algorithm. Generally used for compressing websites but can be used for some microcontroller bullshit, but that's unrelated. Never heard of someone using it for encryption tbh.
 
  • Like
Reactions: npomme
Windfaker

Windfaker

Member
Dec 11, 2017
360
635
  • Haha
  • Like
Reactions: ssbbssc and LeFisheAuChocolat
npomme

npomme

Member
Nov 20, 2020
396
609
haste said:
I actually am working on AMD64 cpu but doing the actual patch is still far away from my grasp currently anyway, I need to level up my skill first.
As others suggested, the way I was thinking of potentially going about this was to just make a MelonLoader plugin to execute the code inside the game, instead of messing with the executable itself.

It looks like I'm going to stay with Ghidra + x64dbg and see what I need for making the actual hack when I have clearer picture of what the hell I am even doing. Ghidra did it's decompiling job so far.

Thank you for the warning though. Worse case scenario I will have to patch the assembly by hand (if I even get to that point). At least it will be an interesting experience :HideThePain:


Yeah, I expected this. With my skill and knowledge, I am already facing an impossible task. I don't think it can get any harder for me lmao.
Click to expand...
For some reason i cant get Melon loader running on my pc without bluecreening and it seem you are familliar with it

I want to test something but i need to give to my code the sceneBuildIndex i think there a way to get them in unity in the code it seem there a line of code that return an array that give all the scene index so if you can give me these data that would be usefull
 
You must log in or register to reply here.
Top Bottom
3.90 star(s) 9 Votes