Go Back   FileForums > CD & DVD > CD/DVD Copy Protections & Utilities

Reply
 
Thread Tools Display Modes
  #1  
Old 11-12-2020, 15:29
emeykey's Avatar
emeykey emeykey is offline
Registered User
 
Join Date: Dec 2020
Location: Czech Republic
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
emeykey is on a distinguished road
Post SecuRom v7.35.0007 protected game dump

Greetings,

Few days ago I got into reverse engineering out of boredom (wasn't really new to this to be honest, but still I'm no pro). First interesting thing to do, which came on my mind, was to patch some old game, some Disney Princess game from 2007 to be exact.

I started by downloading the game, so now I've got two images, .mdf and the .mds one. Then I proceeded to download DaemonTools 10 lite and SPTD driver. I emulated .mds image on a physical drive, with SCSI bus type. Hurray, I can run the game, securom doesn't recognize the disc is being emulated. Not good enough, I want it to not require anything like this at all.

So I downloaded the ProtectionID (by the almighty Tippex), today newest v0.6.9.0 and proceed to scan the executable. Tells me it's SecuRom v7.35.0007, well shit I've only got tutorials from ARTeam on 7.30.0014, still the information in them proved valuable to my cause.

Launched x32dbg with the disc emulated in the background, now it should just run no? No. Security module couldn't get activated, fine. Downloaded newest Scylla-hide and configured it as so:


Reloaded the executable, ran trough all the exceptions (lots of them and some UD2 breakpoits), the game started, great! So I bypassed the anti-debbuging of this SecuRom. Now I can find the OEP.

So, I noticed that after running trough some exceptions the securom checks for the disk and changes mouse coursor to a spinning CD icon, then it lands on UD2 breakpoint. I counted on how many more UD2s it lands just before the last run that really runs the game. Third one after that CD icon UD2 encounter. Okay this is as close I can get to the OEP call, now it is decrypted. I placed a memory breakpoint (on access) on .text region of the executable module. Ran and I hit it. From log I see it broke on this address:

I did a hardware on execute breakpoint on it and ran. Now I am (or at least I think ) on the OEP.

Okay so now to the issue, the dumping. I fire up Scylla, did memory PE dump of the executable module. Got it. Now I click on IAT autosearch (I've got Scylla to use the advanced IAT search). It found the other values. So now I clicked on import, few invalid Thunks and some suspects, I cut them all from it. Fix the dump. Okay so I've got my dump, loaded it up into x32dbg, ran it and found out it crashes because of inaccasseble address, from original executable I found out it's from the .securom region.


So I've only managed to get to the dump part of this cracking process. My question is why wasn't the .securom region dumped too? Rights in memory map seems okay. And also the other regions as ars, est, artem, celare. And many other address ranges (without any region name) to which these .securom code splicing procedures call.
I can manually dump these regions in x32dbg memory map and later add them to the dump with CFF Explorer, but that's just too much fuc*ing work.
Does anyone have a answer to this, why don't those regions dump with Scylla like everything else?

Thank you.
Attached Images
File Type: png Scylla-securom7-3-hide.png (33.9 KB, 114 views)
File Type: png oep.png (338.8 KB, 101 views)
File Type: png inaccessible-address.png (16.5 KB, 119 views)
__________________
Bored out of my mind

Last edited by emeykey; 11-12-2020 at 15:34.
Reply With Quote
Sponsored Links
  #2  
Old 12-12-2020, 01:46
Joe Forster/STA's Avatar
Joe Forster/STA Joe Forster/STA is offline
Senior forum member
 
Join Date: Nov 2000
Location: Hungary
Posts: 9,789
Thanks: 16
Thanked 327 Times in 212 Posts
Joe Forster/STA is on a distinguished road
You could start by uploading the mini-image to GameCopyWorld via http://ul.gamecopyworld.com.
__________________
Joe Forster/STA
For more information, see the FileForums forum rules and the PC Games forum FAQ!
Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply!
Homepage: http://sta.c64.org, E-mail: [email protected]; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back!
Reply With Quote
  #3  
Old 13-12-2020, 04:06
emeykey's Avatar
emeykey emeykey is offline
Registered User
 
Join Date: Dec 2020
Location: Czech Republic
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
emeykey is on a distinguished road
Quote:
Originally Posted by Joe Forster/STA View Post
You could start by uploading the mini-image to GameCopyWorld via http://ul.gamecopyworld.com.
Sorry, my terminology in this field isn't the greatest. Could you tell me what do you mean by mini-image?
__________________
Bored out of my mind
Reply With Quote
  #4  
Old 14-12-2020, 11:21
Joe Forster/STA's Avatar
Joe Forster/STA Joe Forster/STA is offline
Senior forum member
 
Join Date: Nov 2000
Location: Hungary
Posts: 9,789
Thanks: 16
Thanked 327 Times in 212 Posts
Joe Forster/STA is on a distinguished road
Quote:
Originally Posted by emeykey View Post
Sorry, my terminology in this field isn't the greatest. Could you tell me what do you mean by mini-image?
The .mdf + .mds files. (You didn't download the whole game, I guess. You might want to read the forum rules.)
__________________
Joe Forster/STA
For more information, see the FileForums forum rules and the PC Games forum FAQ!
Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply!
Homepage: http://sta.c64.org, E-mail: [email protected]; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back!
Reply With Quote
  #5  
Old 27-08-2022, 06:14
emeykey's Avatar
emeykey emeykey is offline
Registered User
 
Join Date: Dec 2020
Location: Czech Republic
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
emeykey is on a distinguished road
Unhappy

Nope, impossible to upload it there. That site is buggy af. Even tho I split the archive into 6 parts of 80MB each..

I uploaded it on here if you want to take a look.

Quote:
Originally Posted by Joe Forster/STA View Post
The .mdf + .mds files. (You didn't download the whole game, I guess. You might want to read the forum rules.)
Attached Images
File Type: png gamecopy-ffs.png (24.4 KB, 73 views)
__________________
Bored out of my mind
Reply With Quote
  #6  
Old 27-08-2022, 06:37
Joe Forster/STA's Avatar
Joe Forster/STA Joe Forster/STA is offline
Senior forum member
 
Join Date: Nov 2000
Location: Hungary
Posts: 9,789
Thanks: 16
Thanked 327 Times in 212 Posts
Joe Forster/STA is on a distinguished road
No, the mini-image is usually the first few megabytes of the full image that is sufficient enough to fool the copy protection.
__________________
Joe Forster/STA
For more information, see the FileForums forum rules and the PC Games forum FAQ!
Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply!
Homepage: http://sta.c64.org, E-mail: [email protected]; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back!
Reply With Quote
  #7  
Old 27-08-2022, 07:28
emeykey's Avatar
emeykey emeykey is offline
Registered User
 
Join Date: Dec 2020
Location: Czech Republic
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
emeykey is on a distinguished road
Post

Quote:
Originally Posted by Joe Forster/STA View Post
No, the mini-image is usually the first few megabytes of the full image that is sufficient enough to fool the copy protection.
I would be happy to upload that, but that MiR tool from that site you metioned just says "Something hasn't work".

Anyways I recorded a video documenting my process of reaching OEP, I emulated mdf and mds with DaemonTools in the background + when I say that the cursor changes to CD icon it didn't show itself in the video. Still if you are interested, maybe tell me if I did something wrong.

Youtube (v=Sv4kZRMr8wk)

(The article I loosly followed https://lostfilearchives.github.io/08/28/Dissection/)
__________________
Bored out of my mind

Last edited by emeykey; 27-08-2022 at 07:31.
Reply With Quote
  #8  
Old 27-08-2022, 08:41
emeykey's Avatar
emeykey emeykey is offline
Registered User
 
Join Date: Dec 2020
Location: Czech Republic
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
emeykey is on a distinguished road
lol i think i got it, will update
__________________
Bored out of my mind
Reply With Quote
  #9  
Old 27-08-2022, 11:34
emeykey's Avatar
emeykey emeykey is offline
Registered User
 
Join Date: Dec 2020
Location: Czech Republic
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
emeykey is on a distinguished road
Okay, so I got a little further, but not far enough, there's a little update video on that documenting what I did. Any suggestions would be much appreciated.

https://www.******************?v=hpg5YAk1Pm0 (v=hpg5YAk1Pm0)
__________________
Bored out of my mind
Reply With Quote
  #10  
Old 28-08-2022, 08:08
emeykey's Avatar
emeykey emeykey is offline
Registered User
 
Join Date: Dec 2020
Location: Czech Republic
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
emeykey is on a distinguished road
Talking

Little easteregg found in SecuRom

Attached Images
File Type: png securom-secret.png (42.6 KB, 65 views)
__________________
Bored out of my mind
Reply With Quote
  #11  
Old 30-08-2022, 09:22
Joe Forster/STA's Avatar
Joe Forster/STA Joe Forster/STA is offline
Senior forum member
 
Join Date: Nov 2000
Location: Hungary
Posts: 9,789
Thanks: 16
Thanked 327 Times in 212 Posts
Joe Forster/STA is on a distinguished road
Sorry, I can't give you more help: SecuROM is beyond my knowledge.
__________________
Joe Forster/STA
For more information, see the FileForums forum rules and the PC Games forum FAQ!
Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply!
Homepage: http://sta.c64.org, E-mail: [email protected]; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back!
Reply With Quote
Reply

Tags
securom crack dump debug

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Gamedevelopers visiting GCW/Fileforums Karthik 2.0 Chit Chat 0 04-12-2008 21:20
i need help with copying a securom 5.03.06.0002 game howz_dis CD/DVD Copy Protections & Utilities 0 19-11-2004 06:36
[Help! - Removing the Securom protection...] XICO2KX CD/DVD Copy Protections & Utilities 1 19-12-2001 19:16
How to unsecurom ?? I need a cracked exe for a *new* securom protected game. Can neone help please ? erwindebie CD/DVD Copy Protections & Utilities 5 07-12-2001 06:54
How to copy CD Cops 1.80 Protected Game? PLEASE HELP! MXLPT CD/DVD Copy Protections & Utilities 5 16-12-2000 10:00



All times are GMT -7. The time now is 15:03.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright 2000-2020, FileForums @ https://fileforums.com