this post was submitted on 25 Jun 2023
288 points (99.3% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54411 readers
155 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
288
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

Two years ago I've tried my hand at cracking something, it's quite an unknown game, Arena Wars was the name. I always found it fun to take it for a spin, try out a match or two, then forget about it for a couple months.

Until inevitably, the reason for this project came up. See the game originally came in a disk, and it worked fine at the time, as time moved on however, disk drives ceased to be a thing, now only emulating drives, or plugging drives via USB was possible. Guess what, the game's builtin DRM did not recognize either of them and now I had a game that I owned but could not play. Only way to get it back is by cracking it, it's abandonware too, so its not like anyone gives a damn.

My first try wasn't very successful, x64dbg is a very complicated tool and to anyone who isn't used to reverse-engineering, it's a brutal way to start. Hence giving up, a few months ago I tried with a new technique.

The game, albeit very old, was one of the first to be built in .NET, the same framework which powers Unity games. This meant that there were decompilers (like dnSpy) which could decompile the code and make it easily editable.

Unfortunately there were two problems with this approach:

  • Arena Wars is so old that modern decompilers only support decompiling the code, but not recompiling changes directly, those changes needed to be done manually in the IL code. If you don't know what that is, it's basically working in Assembly, one step above writing in bits and bytes.
  • The code was obfuscated, meaning I had no idea what any of it did, only how it's structured. Making matters worse was that the game had multiple languages, meaning that I couldn't even directly search for text to find what i needed.

So despite being able to see the code, I had my work cut out for me. What followed was a whole trial and error. If the game thought it wasn't legit, it launched in Demo mode, I had to figure out where it got the check for the CD from and flip it so it thought it was legit. Because that I was writing tweaks in IL code, given my skill level, the most I could do is change a + to a - for example, or a < to a >. If I wrote new code or added complex functions, it would change the size of a class and crash the game.

Eventually though I got to where the changes were affecting how the game responded. I discovered the game had an alternate Multiplayer Demo mode, (basically the same thing), as well as a fake real mode. Where it says its legit, but nothing works. While I did this, I took various notes, learning what each function most likely did, steadily building my knowledge of how the game worked, until I discovered where it checked the CDs.

Soon enough, I got lucky and the Demo was no more. I intercepted the response code from the CD check and mangled it quite a bit, now it thinks its legit. Dunno how or why, but now it does. Anyways, soon after cracking it, I ended up cleaning the crack, figuring out exactly which change did it the trick in the executable and boiled down the entire crack to a single changed byte.

Overall, it was quite like a brainteaser, fun to solve, and my reward was getting my game back!

Not saying that anything like SECUROM or DENUVO are next, but for those that like this kind of thing, I imagine they'd start small and slowly get to that level. At the end of the day, it's only a puzzle.

Extras:

Thank you for reading about my journey. Have a day full of wonder!

Edit: If you can't see the images clearly, that's probably because you're seeing them in Imgur's mobile site. When in a phone it automatically redirects you there with a garbage version. To see them clearly, switch on desktop view. >:(

top 36 comments
sorted by: hot top controversial new old
[–] [email protected] 84 points 1 year ago* (last edited 1 year ago) (3 children)

You too can be a Cracker

ಠ_ಠ

[–] [email protected] 33 points 1 year ago* (last edited 1 year ago)

I was born a cracker.

[–] [email protected] 22 points 1 year ago (1 children)

Phrasing! Are we still doing "phrasing"?

[–] [email protected] 1 points 1 year ago

said ripley to android bishop

[–] [email protected] 18 points 1 year ago* (last edited 1 year ago) (2 children)

Hey! I thought I couldn't do it until I tried. :3

Sidenote: Background in programming or computer science may be required.

[–] [email protected] 15 points 1 year ago

i cant tell if youre genuinely unaware or joking but either way its hilarious

[–] [email protected] 8 points 1 year ago

if you enjoy this, there are various CTF "crackme" challenges available - the most famous one being the radare2 tutorial crackmes. The have different diffuculties from really easy to mind-bendingly difficult.

[–] [email protected] 50 points 1 year ago
[–] [email protected] 15 points 1 year ago

Maybe I try cracking a game sometime! I used to play MyPlayCity games all the time and i can't even open them because they aren't even on myplaycity website and the ones aren't opening at all and I don't know why. I wish I could just play all the MyPlayCity games without worrying about anything!

[–] [email protected] 10 points 1 year ago

That was a great story. 😉

[–] [email protected] 9 points 1 year ago

This sounds like game genie for gown ups 😅

[–] [email protected] 8 points 1 year ago (3 children)

where do you recommend someone starting from? do you have any resources that can help?

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago)

I may make it sound easy, but when I did this, I already had 8 years worth of C# experience. I definitely recommend that you learn how to program first, then once you know what you're doing. Read up on some tutorials on reverse-engineering. General practices, that sort of thing.

When you're ready, pick the right tool for the job. If you can decompile to get the code out (like dnspy for example in .NET programs), that's much easier, other languages may require other tools, C++ will likely require hardcore programs such as x64dbg, and you don't wanna touch that until you can understand Assembly to at least a passable degree.

TL DR: It's hard, but there is a path there, don't eat more than you can chew.

[–] [email protected] 9 points 1 year ago

Kinda depends on how much you're familiar with low level programming.
For a quick check to see if it's for you start by learning a little about how a processor works here (the first episode can get a bit condescending at times, but it's good info).
Then try diving into a disassembly CTF like MicroCorruption.
If you (somehow) enjoy both those things, consider learning C and specifically how to use it to break things through shellcode.
C Programming: A Modern Approach, and The Shellcoder's Handbook are great resources for that (look here for instructions on obtaining them 😉).

[–] [email protected] 1 points 1 year ago

There are lots of books like beginners.re. Programming and knowledge on how a computer works is required. Then crackmes.one if you want to solve challanges.

[–] [email protected] 7 points 1 year ago (1 children)

That’s awesome, I definitely want to give cracking a go at some point. Been messaging around with memory addresses and shit recently.

[–] [email protected] 3 points 1 year ago

It's a fun challenge for sure. For a first one, try not anything too ambitious, modern DRM is bullshit in its difficulty.

[–] [email protected] 6 points 1 year ago (1 children)

As someone who learned to do the most basic things in assembly on a 6502 and was so broke that I couldn’t afford an assembler so I hand coded to ML with a pencil and legal pad, I salute you and your persistence.

[–] [email protected] 4 points 1 year ago (1 children)

No, I salute you! Assembly is miserable, I count myself lucky that all I needed to do is bust out a sheet with the opcodes to figure out what they did. If I had to actually write Assembly instead of just swapping opcodes, this project would be over in an instant.

[–] [email protected] 1 points 1 year ago

Well, if you did this in assembly, the steps are the same. You still need to bust out a page on x86 instructions on what they do, and change a single byte somewhere. Its just raw bytes instead of IL.

[–] [email protected] 6 points 1 year ago (1 children)

Reverse engineering is honestly great fun. I've been doing it for like 8 years on and off but there is still so much to learn.

I recommend crackmes.one for crackme challanges to sharpen your skills.

[–] [email protected] 5 points 1 year ago

Will they start adding denuvo to the challenges?

/s

[–] [email protected] 5 points 1 year ago

w32dasm

hiew

0x90 0x90 0x90 0x90

Good times

[–] [email protected] 2 points 1 year ago

The whole problem of disk drives not being a thing is exactly why I got the desktop I currently use. I know I'm not smart enough yet to go decompiling old games and tinkering around to crack it, but it's cool to see others get into it.

[–] [email protected] 2 points 1 year ago

Congrats dude

[–] [email protected] 1 points 1 year ago

Your persistence was palpable.

[–] [email protected] 1 points 1 year ago (1 children)

I'm not even sure where I'd start if I needed to do something like this. There's at least one game I'd like to make a nocd crack for at some point, may give that a shot when I've got some free time...

Thanks for sharing the write-up 🏴‍☠️

[–] [email protected] 2 points 1 year ago

There's always a path that leads to where we need to go. For me, I kind of started to get interested when I watched this Excellent video by Exilelord (He did something way harder which was fixing a bug and later adding outright features in a AAA game obfuscated by SECUROM).

My first rodeo was probably cracking the level security of Synthriders, that one wasn't obfuscated and was modern so it took me about 1-2 hours to get it to spit out the password for the level files.

Then... the only logical way up was cracking an actual game.

[–] [email protected] 1 points 1 year ago

Yes, cracking .NET app with dnSpy is way easier than raw x86 Assembly. I cracked some bought software we use at work, because the stupid DRM made my job harder. Lucky for me because they were written in .NET. I also bypassed some limits set by the app. I tried IDA pro but the gui is already complex. You also need to know how .exe file works and how it gets loaded in memory with the libraries.

[–] [email protected] 1 points 1 year ago

@ArkyonVeil
Very interesting read!

[–] [email protected] 0 points 1 year ago (2 children)

those screenshots are so low res tho, why webp?

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

They are not webp, at least not originally. Try opening the images directly, the text should be crisp, crystal clear.

Edit: If you're reading on mobile, blame Imgur. It automatically swaps the original image with a low quality version. To see the original, please check desktop view.

[–] [email protected] -1 points 1 year ago* (last edited 1 year ago) (1 children)

They are kind of low-res for my standards to be honest, but they are legible.

EDIT: thanks, OP, by the way!

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

~~I'm guessing you, and possibly Relected's screens are running high DPI screens. Resulting in more pixel density for the same information.~~

Edit: Cheers

Edit2: If you're reading on mobile, blame Imgur. It automatically swaps the original image with a low quality version. To see the original, please check desktop view.

[–] [email protected] 3 points 1 year ago

its not because of webp, its because imgur uses lossy compression on those images

[–] [email protected] 0 points 1 year ago

Looks like you might have come from behind as the back attacker.

load more comments
view more: next ›