#1
|
||||
|
||||
SecuRom v7.35.0007 protected game dump
Greetings,
Few days ago I got into reverse engineering out of boredom (wasn't really new to this to be honest, but still I'm no pro). First interesting thing to do, which came on my mind, was to patch some old game, some Disney Princess game from 2007 to be exact. I started by downloading the game, so now I've got two images, .mdf and the .mds one. Then I proceeded to download DaemonTools 10 lite and SPTD driver. I emulated .mds image on a physical drive, with SCSI bus type. Hurray, I can run the game, securom doesn't recognize the disc is being emulated. Not good enough, I want it to not require anything like this at all. So I downloaded the ProtectionID (by the almighty Tippex), today newest v0.6.9.0 and proceed to scan the executable. Tells me it's SecuRom v7.35.0007, well shit I've only got tutorials from ARTeam on 7.30.0014, still the information in them proved valuable to my cause. Launched x32dbg with the disc emulated in the background, now it should just run no? No. Security module couldn't get activated, fine. Downloaded newest Scylla-hide and configured it as so: Reloaded the executable, ran trough all the exceptions (lots of them and some UD2 breakpoits), the game started, great! So I bypassed the anti-debbuging of this SecuRom. Now I can find the OEP. So, I noticed that after running trough some exceptions the securom checks for the disk and changes mouse coursor to a spinning CD icon, then it lands on UD2 breakpoint. I counted on how many more UD2s it lands just before the last run that really runs the game. Third one after that CD icon UD2 encounter. Okay this is as close I can get to the OEP call, now it is decrypted. I placed a memory breakpoint (on access) on .text region of the executable module. Ran and I hit it. From log I see it broke on this address: I did a hardware on execute breakpoint on it and ran. Now I am (or at least I think ) on the OEP. Okay so now to the issue, the dumping. I fire up Scylla, did memory PE dump of the executable module. Got it. Now I click on IAT autosearch (I've got Scylla to use the advanced IAT search). It found the other values. So now I clicked on import, few invalid Thunks and some suspects, I cut them all from it. Fix the dump. Okay so I've got my dump, loaded it up into x32dbg, ran it and found out it crashes because of inaccasseble address, from original executable I found out it's from the .securom region. So I've only managed to get to the dump part of this cracking process. My question is why wasn't the .securom region dumped too? Rights in memory map seems okay. And also the other regions as ars, est, artem, celare. And many other address ranges (without any region name) to which these .securom code splicing procedures call. I can manually dump these regions in x32dbg memory map and later add them to the dump with CFF Explorer, but that's just too much fuc*ing work. Does anyone have a answer to this, why don't those regions dump with Scylla like everything else? Thank you.
__________________
Bored out of my mind Last edited by emeykey; 11-12-2020 at 15:34. |
Sponsored Links |
#2
|
||||
|
||||
You could start by uploading the mini-image to GameCopyWorld via http://ul.gamecopyworld.com.
__________________
Joe Forster/STA For more information, see the FileForums forum rules and the PC Games forum FAQ! Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply! Homepage: http://sta.c64.org, E-mail: [email protected]; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back! |
#3
|
||||
|
||||
Quote:
__________________
Bored out of my mind |
#4
|
||||
|
||||
The .mdf + .mds files. (You didn't download the whole game, I guess. You might want to read the forum rules.)
__________________
Joe Forster/STA For more information, see the FileForums forum rules and the PC Games forum FAQ! Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply! Homepage: http://sta.c64.org, E-mail: [email protected]; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back! |
#5
|
||||
|
||||
Nope, impossible to upload it there. That site is buggy af. Even tho I split the archive into 6 parts of 80MB each..
I uploaded it on here if you want to take a look.
__________________
Bored out of my mind |
#6
|
||||
|
||||
No, the mini-image is usually the first few megabytes of the full image that is sufficient enough to fool the copy protection.
__________________
Joe Forster/STA For more information, see the FileForums forum rules and the PC Games forum FAQ! Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply! Homepage: http://sta.c64.org, E-mail: [email protected]; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back! |
#7
|
||||
|
||||
Quote:
Anyways I recorded a video documenting my process of reaching OEP, I emulated mdf and mds with DaemonTools in the background + when I say that the cursor changes to CD icon it didn't show itself in the video. Still if you are interested, maybe tell me if I did something wrong. Youtube (v=Sv4kZRMr8wk) (The article I loosly followed https://lostfilearchives.github.io/08/28/Dissection/)
__________________
Bored out of my mind Last edited by emeykey; 27-08-2022 at 07:31. |
#8
|
||||
|
||||
lol i think i got it, will update
__________________
Bored out of my mind |
#9
|
||||
|
||||
Okay, so I got a little further, but not far enough, there's a little update video on that documenting what I did. Any suggestions would be much appreciated.
https://www.******************?v=hpg5YAk1Pm0 (v=hpg5YAk1Pm0)
__________________
Bored out of my mind |
#10
|
||||
|
||||
Little easteregg found in SecuRom
__________________
Bored out of my mind |
#11
|
||||
|
||||
Sorry, I can't give you more help: SecuROM is beyond my knowledge.
__________________
Joe Forster/STA For more information, see the FileForums forum rules and the PC Games forum FAQ! Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply! Homepage: http://sta.c64.org, E-mail: [email protected]; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back! |
Tags |
securom crack dump debug |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Gamedevelopers visiting GCW/Fileforums | Karthik 2.0 | Chit Chat | 0 | 04-12-2008 21:20 |
i need help with copying a securom 5.03.06.0002 game | howz_dis | CD/DVD Copy Protections & Utilities | 0 | 19-11-2004 06:36 |
[Help! - Removing the Securom protection...] | XICO2KX | CD/DVD Copy Protections & Utilities | 1 | 19-12-2001 19:16 |
How to unsecurom ?? I need a cracked exe for a *new* securom protected game. Can neone help please ? | erwindebie | CD/DVD Copy Protections & Utilities | 5 | 07-12-2001 06:54 |
How to copy CD Cops 1.80 Protected Game? PLEASE HELP! | MXLPT | CD/DVD Copy Protections & Utilities | 5 | 16-12-2000 10:00 |