#1
|
||||
|
||||
Search: SecuRom new tutorial
Hi there!
Ok, VLuka is not willing to send me an answer so I try it here: UnSecurom should be known... but it will not work with newer SecuRom versions. I have found (a long time ago) some tutorials (e. g. from Pedro) but they don't work with the new SecuRom versions, too. I should patch the first 3 WriteProcessMemory calls what I successfully did. But the game always crashes (yes, I set the length for WPM to zero and patched the file right, this is not the problem). Does anybody knows where I can get updated infos or tutorials about SecuRom new? Greetings, DarkSoul
__________________
My key is your key and your key is mine! Last edited by DarkSoul; 04-07-2002 at 04:53. |
Sponsored Links |
#2
|
|||
|
|||
maybe consider examining some fixed exe's at gamecopyworld? *spelling edit*
__________________
I live in a corn field. However, I have the internet, so STOP LOOKING DOWN ON ME ALREADY. |
#3
|
||||
|
||||
Quote:
Quote:
Damn... I want to crack the german NWN (because I hate it to put my orginial CDs into my drive) but I can't manage it. Exploring fixed Securom *new* executables will not end in a clear result. I'm not a beginner in cracking but I don't want to waste me time, too. It gets from day to day harder to crack games. :-( Thanks and bye, DarkSoul
__________________
My key is your key and your key is mine! |
#4
|
|||
|
|||
hi mate.
Firstly, your goal should be to check if your game executable is packed/compressed with something. (use something PEiD) Once unpacked..... 1. You need a good memory dump of the .code section (beware, some later versions screwed with the vsize of some sections so to give massive dumps like 100-150Mb!) 2. Most of R!SC's tut stands except for some of the api decryptor code/routines 3.The program uses one call for all imports, so you've to program some code by your own which "gets" the imported function's addresses out of the call and replaces the addresses in the dumped ".code" section with the right calls. It is easy if you have a working cd as you can let the program do the hard work for you. Hope this helps
__________________
Munch......munch.....munch |
#5
|
||||
|
||||
@Crispy:
I already know how to use dumpers and other tools (for softice). But there is now newer tutorial about SecuRom new v2. And yes, I have already cracked successfully older SecuRom new games, but the procedure does not work with newer ones. BTW: I have always working cds... I never use illegal copies of games! I do always buy the games. But I wanna get rid of the silly "insert cd" messages due the fact the game doesn't need the cd really (only for the copy protection). I will figure it out by myself. Thanks! Greetings, DarkSoul
__________________
My key is your key and your key is mine! |
#6
|
|||
|
|||
hi mate.
firstly, you misunderstand. I was not implying that you produce copies, but merely stated that with a "working" cd (be that an original or good working copy with sub-channel data intact) could be used to overcome the hard part of cracking securom v2. Namely that unless you are a genius with advanced encryption techniques, then you are better to let the program decrypt itself in memory after it has accessed the cd. You can then dump the FULL loader program, disassemble it so you can remove the "silly insert cd message". The trick is then rebuilding the IAT and correctly re-directing API calls away from the securom code. And if you have successfully cracked other securom games then you should understand what I posted before. They are fairly similar to R!SC's tuts, except for some of the api decryptor coding and routines and a small trick to fool memory dumpers to give overly large dumps. Good luck anyway
__________________
Munch......munch.....munch |
#7
|
||||
|
||||
@crispy:
No, I guess you misunderstood me... I said I own the original game CD so my crack should work with it, too. And no, I'm not a genius and I let the programm itself decrpyt the first 3 parts... and there is the problem: It will not run with the decrypted parts. It seems that it decrpyts the data based on the original executable AND the CD... and no, its not so easy to dump only the (loader ?) programm. You have to change the writeprocessmemory calls (set length to zero) and to replace the entry points (of the API functions). Securom new was never really easy to crack but NWN overblows my mind. Yes, I have succesfully cracked games before, e. g. Diablo 2. but the tutorials will not work with NWN... I will try it out by myself... thanks for your help! Greetings, DarkSoul
__________________
My key is your key and your key is mine! |
#8
|
|||
|
|||
"It will not run with the decrypted parts. It seems that it decrpyts the data based on the original executable AND the CD... "
it's a while since I've "tampered" with securom v2, but in the past the subchannel data is used as the key to decrypt the sections (and certainly earlier versions contained the key somewhere else in case the cdrom couldn't read subchannel?...can't remember where exactly though, sorry....) The original loader is SMC, like safedisc etc, but with less anti-SI baggage. Has this changed? Surely your dumped sections won't run because of misdirected calls and screwed import table (as most api's are re-directed thru securom code)? As I mentioned earlier, some home cooked code redirecting those calls should do it. It's time consuming but possible. Isn't "change the writeprocessmemory calls (set length to zero) " mentioned in pedro's and/or R!SC's tuts as applied to the original securom, as this too used SMC. i.e. it used writeprocessmemory to alter the code at specific mem locations as it decrypted? I'm intrigued mate, so post back.
__________________
Munch......munch.....munch |
#9
|
||||
|
||||
Why the hell do you call me mate? Have we ever played together?
My DVD drive is 100% compatible with SecuRom new so it can read at least 94 bytes of the subchannel data. As far I understand Pedro's tutorial the exe file sould still run if I only ptch the first WriteProcessMemory call. But It doesn't run. Maybe the old code is needed and the new decrypted code will not contain the right pointers? It should have nothing todo with the ITA. I have configured my system perfectly so nearly no programm is able to detect my running SoftIce and I never use BPXs on critical points I use instead the BPM X command. And what the hell means SMC? I never have heard of it. BTW: My english is not the best and I have really problems to tell you exactly what I mean! Greetings, DarkSoul
__________________
My key is your key and your key is mine! |
#10
|
|||
|
|||
No we haven't "played" together as you put it, the term mate is intended to keep things friendly and good humoured.
SMC - self modifying code. i.e. the apps code changes in memory during run-time as it is decrypted. The IAT is important otherwise any reconstructed dump will not run as no import table is available for your imports. PE format needs to be right for your dumped code. It certainly sounds like you haven't sorted all the redirected calls to the securom code. Your dump is already initialised to this set-up and this is deliberate to stop simple memory dumping. I understand if english is not your first language....it seems good enough though. No matter, as it sounds like you'll sort it out yourself one day
__________________
Munch......munch.....munch |
#11
|
|||||
|
|||||
Quote:
Quote:
Quote:
Quote:
Quote:
Greetings, DarkSoul
__________________
My key is your key and your key is mine! |
#12
|
||||
|
||||
so,did you finally found a way of doing this?
__________________
You don't believe it?it's Magic! Oloi oi ellines [URL=http://www.forums.gr/forumdisplay.php?s=&forumid=63]edo[/URL]!!! |
#13
|
|||
|
|||
help
hi guys i'm vijay i'm a trainee pilot i own 23 cds of oxford atpl cbts but i hate to find the right cbt at time for reference i have lots of notes books cds some time i misplace the cd in some other case and will be searching for the whole day can any one teach he step by step how to bypass this cd and put an end to my misery please..................................thx a lot in advance.....plz consider my obligation and help me
|
#14
|
||||
|
||||
i could teach you, but how much will you pay me?
__________________
bleh DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you... |
Thread Tools | |
Display Modes | |
|
|