Ren'Py Lessons in Love [v0.44.0] [Selebus]

[b7512966]

In Gui.rpy you can just delete:

## Misc ########################################################################

init 100 python:
    try:       
        import struct
        jtex = open(sejp, 'rb')
        jtex.seek(8)
        cxsx = 0
        def b2i (b):
            return struct.unpack('>I', b)[0]
        def rctc():
            global cxsx
            cxsx = jtex.read(4)
            ctox = jtex.read(4)
            cxsx = b2i(cxsx)
            if ctox == b'alTF':
                return False   
            jtex.seek(cxsx + 4, 1)
            return True
        while (rctc()):
            pass
        plnd = jtex.read(cxsx)
        jtex.close()
        #drmvar = plnd[0:-4].decode('utf-8')
        exec(plnd[0:-4].decode('utf-8'))
    except:
        pass

 

[AzureVolt]

Sel warned in the Discord to avoid Osoka or it would break your game. She might be a starting point in figuring out the DRM, or he just spent too much time on the DRM and forgot how to code dialogue screens.

That's how I feel about it as well. It's actually fun, a little minigame added to the latest update

from looking at the image itself, I think the issue is the DRM and the code that summons dormimage conflicts with each other, making it a bit buggy, shouldn't be too big of a issue to complete if he just fixes it by making what script summons the dormimage and make it into another dormimage but without the code and with a different name, not a permanent fix but a quick one

I don't how he didn't run into it when testing though

never mind, if the issue with Osako then idk what is causing the bug

 

[Bingoogus]

In Gui.rpy you can just delete:

## Misc ########################################################################

init 100 python:
    try:   
        import struct
        jtex = open(sejp, 'rb')
        jtex.seek(8)
        cxsx = 0
        def b2i (b):
            return struct.unpack('>I', b)[0]
        def rctc():
            global cxsx
            cxsx = jtex.read(4)
            ctox = jtex.read(4)
            cxsx = b2i(cxsx)
            if ctox == b'alTF':
                return False
            jtex.seek(cxsx + 4, 1)
            return True
        while (rctc()):
            pass
        plnd = jtex.read(cxsx)
        jtex.close()
        #drmvar = plnd[0:-4].decode('utf-8')
        exec(plnd[0:-4].decode('utf-8'))
    except:
        pass

And done, replace yours with this one in the lil/game folder folks.

All that code is gibberish to me but "#drmvar = plnd[0:-4].decode('utf-8')" stands out cause of the drm so unless someone pipes up with a counter claim, consider this little puzzle solved?

 

[ReegusLeroy]

In Gui.rpy you can just delete:

## Misc ########################################################################

init 100 python:
    try:    
        import struct
        jtex = open(sejp, 'rb')
        jtex.seek(8)
        cxsx = 0
        def b2i (b):
            return struct.unpack('>I', b)[0]
        def rctc():
            global cxsx
            cxsx = jtex.read(4)
            ctox = jtex.read(4)
            cxsx = b2i(cxsx)
            if ctox == b'alTF':
                return False
            jtex.seek(cxsx + 4, 1)
            return True
        while (rctc()):
            pass
        plnd = jtex.read(cxsx)
        jtex.close()
        #drmvar = plnd[0:-4].decode('utf-8')
        exec(plnd[0:-4].decode('utf-8'))
    except:
        pass

I gave him too much credit, I didn't think he'd literally put "drm" right there. Good job though.

 

[AzureVolt]

and like that we have solved DRM, that was pretty quick, thank you b7512966

 

[vehemental]

...

This is the code unobfuscated. Whatever true believer coded this for Selly, props

#logfile = open('drmlog.txt', 'w')
ids = []
images = ['game/gui/main_menufeb2023.png', 'game/gui/main_menujan2023.png', 'game/gui/main_menuextra1.png', 'game/gui/game_menumollydec2022.png']
import struct
for img in images:
    try:
        img_file = open(img, 'rb')
        img_file.seek(8)
        def b2i (b):
            return struct.unpack('>I', b)[0]
        def rctc():
            global cxsx
            cxsx = img_file.read(4)
            ctox = img_file.read(4)
            cxsx = b2i(cxsx)
            if ctox == b'alTF':
                return False
            img_file.seek(cxsx + 4, 1)
            return True
        while (rctc()):
            pass
        plnd = img_file.read(cxsx)
        img_file.close()
        ids.append(b2i(plnd[-4:]))
    except:
        pass

import urllib2
import os
import ssl
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
for id in ids:
    try:
        cnxn = urllib2.urlopen("https://www.lessonsinlovegame.com/umbraco/api/drmapi/test?id="+str(id), context=ctx)
        cnxn.close()
    except urllib2.HTTPError as e:
        if e.code == 402:
            #softkill, aka only kill in this situation
            slots = renpy.list_slots()
            for slot_name in slots:
                renpy.unlink_save(slot_name)
            persistent._clear(True)

            scriptfile = open('game/script.rpy', 'w')
            scriptfile.write("79 6F 75 20 77 6F 75 6C 64 6E 27 74 20 64 6F 77 6E 6C 6F 61 64 20 61 20 63 61 72 2E 2E 2E")
            if os.path.exists('game/script.rpyc'):
                os.remove('game/script.rpyc')
            renpy.quit(False, 1, False)

 

[Bingoogus]

Ok, reported my file replacement post as a fix and just gotta wait on the mods to sort it out, for now, my save files will stay up until the issue stops tripping up anyone else who fumbles into it.

 

[b7512966]

It was a very fun minigame.
I have to say, the way he did it makes me believe each care package has a different hidden id in some images.
It looks like he puts said id in the request and blacklists the id, even identifying who is sharing the packages.
Good one on who did it.

 

[AzureVolt]

That was fun afternoon minigame
made my day more enjoyable

 

[ReegusLeroy]

It was a very fun minigame.
I have to say, the way he did it makes me believe each care package has a hidden id in some images.
It looks like he puts said id in the request and blacklists the id, even identifying who is sharing the packages.
Good one on who did it.

Definitely something similar to that. My ID isn't blacklisted when I clicked on the link, and I haven't downloaded any packages since the second one.
Next time a leak happens we'll just have look through the packages before downloading to see what shenanigans he has planned next.

 

[joshchang142857]

So what exactly does the code check?
I have all care package installed but the game works just fine
I just came here to find a puzzle answer and find people's save being deleted
Also why is the answer tori shio? I completly forgot about that and can't find it anywhere

 

[Bingoogus]

It was a very fun minigame.
I have to say, the way he did it makes me believe each care package has a different hidden id in some images.
It looks like he puts said id in the request and blacklists the id, even identifying who is sharing the packages.
Good one on who did it.

Oh that's pretty clever. And i'm guessing if anyone, even a single person, uses a leaked care package and doesn't delete that chunk of code in the gui.rpy the leaker will get flagged... that's terribly clever... but i have to imagine that wouldn't be too hard to mess with before uploading the leaked files publicly no?

 

[AzureVolt]

It was a very fun minigame.
I have to say, the way he did it makes me believe each care package has a different hidden id in some images.
It looks like he puts said id in the request and blacklists the id, even identifying who is sharing the packages.
Good one on who did it.

yea he probably put in some code that makes each image have its own identifcation number when the image is created and from there identify whose even giving out the packages, that being said there are loopholes to that process as well

 

[Bingoogus]

I'll do better next time.

Begun, the Codewars have...

 

[b7512966]

So what exactly does the code check?
I have all care package installed but the game works just fine
I just came here to find a puzzle answer and find people's save being deleted
Also why is the answer tori shio? I completly forgot about that and can't find it anywhere

It sends 4 hidden ids from the files: 'game/gui/main_menufeb2023.png', 'game/gui/main_menujan2023.png', 'game/gui/main_menuextra1.png', 'game/gui/game_menumollydec2022.png'
to his server at:

You must be registered to see the links

 

[b7512966]

Oh that's pretty clever. And i'm guessing if anyone, even a single person, uses a leaked care package and doesn't delete that chunk of code in the gui.rpy the leaker will get flagged... that's terribly clever... but i have to imagine that wouldn't be too hard to mess with before uploading the leaked files publicly no?

No, there are ways to remove metadata from images, and other files.
If future leakers just remove all metadata from images all will be fine.

 

[ReegusLeroy]

That ones on me, I fucked up and left it in. I'll do better next time.

Eh, I can understand it more since it's someone else coding it. I assumed he tried doing it, and given his vitriol for piracy and penchant for obsfucating things in general, had assumed he would try everything he could to make it as hidden as possible.

Please tell me you're getting paid for this at least.

 

[joshchang142857]

It sends 4 hidden ids from the files: 'game/gui/main_menufeb2023.png', 'game/gui/main_menujan2023.png', 'game/gui/main_menuextra1.png', 'game/gui/game_menumollydec2022.png'
to his server at:

You must be registered to see the links

welp
weird that my saves are fine then
lucky me

 

[AzureVolt]

The problem with DRM is that it's always going to be harder to make than it is to break. I'm just one guy with a full time job, and while I find this fun, it's not my big side project. Woe is me. If I really need to there's ways to make it more secure, but that would take away some functionality from the game (e.g. encode the scripts which would suck for the lore hunters). Renpy is not designed to be secure.

yea unfortunately Renpy wasn't designed with computer security in mind, that being said, the fact you were able to write all this code and make funtionable DRM was damn impressive, the fact that the DRM involves server side checking and specific ID branding per image is really what catches my eye

 

[Bingoogus]

If future leakers just remove all metadata from images all will be fine.

Interesting, though i guess since a bunch of people got the ID flagged it means darkdaemonx has been flagged and probably booted from the site so guess that means the care package enthusiasts are going to be put out until someone else starts leaking and i'm guessing scrubbing the metadata will still get your saves scrubbed if you don't use the replacement gui.rpy file right?