#1
|
|||
|
|||
Anybody experienced with TAGES?
I've recently taken an interest in an old game again, Runaway 2 v1.3 English, which seems to be:
[!] Tages v5.5.2 protected ! [i] protection level: Tages BASIC Has anybody been unable to unpack one of these? I'm even unable to point my finger at the OEP... Any knowledge and tips would be welcome, or if somebody is interested, the finished file too. But what I really want is insight on how to do it myself... Last edited by Nitrus; 19-06-2012 at 07:32. |
Sponsored Links |
#2
|
||||
|
||||
post what you've discovered then....
__________________
bleh DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you... |
#3
|
|||
|
|||
Having looked in the other no-cd's (french scene releases, although there are none for the english version), It's probably compiled with c++ 6+, because of the OEP:
Code:
005BA5E0 >/$ 55 PUSH EBP 005BA5E1 |. 8BEC MOV EBP,ESP 005BA5E3 |. 6A FF PUSH -1 etc... Obviously, no text strings are legible, but I've passed a breakpoint to GetDriveTypeA, which probably triggers the CD Check routine (a message box saying: Please insert CD of "Runaway 2"), and I was able to jump past it, but then it triggers another messagebox saying "Please insert original CD of "Runaway 2"", and I'm guessing that's where the TAGES kicks in. I haven't been able to figure out what causes that, I've been running a trace, but it's taking too long to get to where it breaks. Plus on some occasions it even triggers something that restarts the PC altogether. And now, I'm at a loss, and don't know how should I proceed with the unpacking. I could upload the binary somewhere if you or someone else would like to take a look at it? Although you could just download and extract it from the official patch... |
#4
|
||||
|
||||
Have you already decrypted the executable? If so, can you upload it as an attachment? (Not that I can crack these commercial copy protections... )
__________________
Joe Forster/STA For more information, see the FileForums forum rules and the PC Games forum FAQ! Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply! Homepage: http://sta.c64.org, E-mail: [email protected]; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back! |
#5
|
|||
|
|||
No, I'm sorry, I haven't... I suppose I was a bit unclear on that part.
I'll put the original one (English, packed/encrypted), and the French one (unpacked/decrypted), along with the dll's needed to start it (I mean, It won't start without the resources, but it can sometimes bitch about not having BINK in there...). P.S.: Both of the file's names should be Runaway2.exe |
#6
|
||||
|
||||
the check is via deviceiocontrol, through their driver, some parts can also be vm'ed, without sounding insulting i think you may be out of your depth
__________________
bleh DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you... |
#7
|
|||
|
|||
No no, I don't find that insulting, I respect constructive criticism more than anything. I think that's a really good way to improve on one's methods.
I actually suspected DeviceIOControl before GetDriveTypeA, but since it's directly underneath DeviceIOControl I guessed that an I/O (a CD drive in this case) must be initialized first, before continuing to the check, so I wrote that off... A mistake on my part. You could check the CMP at 620222, and jump past the CloseHandle part that comes after it (after the RETN, I think it was 62026E), and it would pass the CD check (After you click OK at the messagebox), and take you to the additional protection I spoke of earlier. I agree that I'm probably a bit out of my depth, so could you point me in the right direction? I'd appreciate that very much, since I like this game a lot, and TAGES intrigues me to no end... Last edited by Nitrus; 20-06-2012 at 18:10. Reason: Clarification |
#8
|
||||
|
||||
well, the cdcheck is done from timing looking at duplicate sector reads (thats why you can't burn an image), in game there's also checks which read a good sector (cracked will read bad sector), and the game acts on that, theres a bit of difference in the versions too, but all the reads and checks are via deviceiocontrol (possibly 'masked' inside the vm code).. so dumping at the oep isn't the end, rather it might be mid way through.. depending on the protection settings
__________________
bleh DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you... |
#9
|
|||
|
|||
I don't need to create a backup of the disc, I was only interested in the executable. But, duplicate sector reads? I read about that somewhere, and was a bit perplexed. Apparently, I lack sufficient knowledge and probably the ability to properly comprehend this one.
Thank you TippeX. Sadly, I might have to abandon it. Remember that bit about me being out of my depth...? |
Tags |
tages unpack |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Tages Protection in X3 Terran Conflict | blooddog_90 | PC Games | 7 | 09-01-2009 08:32 |
so blonde (version spanish) TAGES | joshicko | PC Games | 3 | 21-11-2008 13:02 |
Tages | manhoos | CD/DVD Copy Protections & Utilities | 13 | 25-12-2002 14:52 |
Moto Racer 3 v1.1 (Tages) nocd patch? | Riot69 | PC Games | 4 | 05-07-2002 00:56 |
Moto Racer 3 - Tages | dr evil | PC Games | 12 | 11-05-2002 15:13 |