Go Back   FileForums > CD & DVD > CD/DVD Copy Protections & Utilities

Reply
 
Thread Tools Display Modes
  #1  
Old 11-12-2020, 16:29
emeykey's Avatar
emeykey emeykey is offline
Registered User
 
Join Date: Dec 2020
Location: Czech Republic
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
emeykey is on a distinguished road
Post SecuRom v7.35.0007 protected game dump

Greetings,

Few days ago I got into reverse engineering out of boredom (wasn't really new to this to be honest, but still I'm no pro). First interesting thing to do, which came on my mind, was to patch some old game, some Disney Princess game from 2007 to be exact.

I started by downloading the game, so now I've got two images, .mdf and the .mds one. Then I proceeded to download DaemonTools 10 lite and SPTD driver. I emulated .mds image on a physical drive, with SCSI bus type. Hurray, I can run the game, securom doesn't recognize the disc is being emulated. Not good enough, I want it to not require anything like this at all.

So I downloaded the ProtectionID (by the almighty Tippex), today newest v0.6.9.0 and proceed to scan the executable. Tells me it's SecuRom v7.35.0007, well shit I've only got tutorials from ARTeam on 7.30.0014, still the information in them proved valuable to my cause.

Launched x32dbg with the disc emulated in the background, now it should just run no? No. Security module couldn't get activated, fine. Downloaded newest Scylla-hide and configured it as so:


Reloaded the executable, ran trough all the exceptions (lots of them and some UD2 breakpoits), the game started, great! So I bypassed the anti-debbuging of this SecuRom. Now I can find the OEP.

So, I noticed that after running trough some exceptions the securom checks for the disk and changes mouse coursor to a spinning CD icon, then it lands on UD2 breakpoint. I counted on how many more UD2s it lands just before the last run that really runs the game. Third one after that CD icon UD2 encounter. Okay this is as close I can get to the OEP call, now it is decrypted. I placed a memory breakpoint (on access) on .text region of the executable module. Ran and I hit it. From log I see it broke on this address:

I did a hardware on execute breakpoint on it and ran. Now I am (or at least I think ) on the OEP.

Okay so now to the issue, the dumping. I fire up Scylla, did memory PE dump of the executable module. Got it. Now I click on IAT autosearch (I've got Scylla to use the advanced IAT search). It found the other values. So now I clicked on import, few invalid Thunks and some suspects, I cut them all from it. Fix the dump. Okay so I've got my dump, loaded it up into x32dbg, ran it and found out it crashes because of inaccasseble address, from original executable I found out it's from the .securom region.


So I've only managed to get to the dump part of this cracking process. My question is why wasn't the .securom region dumped too? Rights in memory map seems okay. And also the other regions as ars, est, artem, celare. And many other address ranges (without any region name) to which these .securom code splicing procedures call.
I can manually dump these regions in x32dbg memory map and later add them to the dump with CFF Explorer, but that's just too much fuc*ing work.
Does anyone have a answer to this, why don't those regions dump with Scylla like everything else?

Thank you.
Attached Images
File Type: png Scylla-securom7-3-hide.png (33.9 KB, 40 views)
File Type: png oep.png (338.8 KB, 32 views)
File Type: png inaccessible-address.png (16.5 KB, 40 views)
__________________
I really do love the noob/elitist contrast here.

Last edited by emeykey; 11-12-2020 at 16:34.
Reply With Quote
Sponsored Links
  #2  
Old 12-12-2020, 02:46
Joe Forster/STA's Avatar
Joe Forster/STA Joe Forster/STA is offline
Senior forum member
 
Join Date: Nov 2000
Location: Hungary
Posts: 9,579
Thanks: 6
Thanked 232 Times in 148 Posts
Joe Forster/STA is on a distinguished road
You could start by uploading the mini-image to GameCopyWorld via http://ul.gamecopyworld.com.
__________________
Joe Forster/STA
For more information, see the FileForums forum rules and the PC Games forum FAQ!
Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply!
Homepage: http://sta.c64.org, E-mail: [email protected]; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back!
Reply With Quote
  #3  
Old 13-12-2020, 05:06
emeykey's Avatar
emeykey emeykey is offline
Registered User
 
Join Date: Dec 2020
Location: Czech Republic
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
emeykey is on a distinguished road
Quote:
Originally Posted by Joe Forster/STA View Post
You could start by uploading the mini-image to GameCopyWorld via http://ul.gamecopyworld.com.
Sorry, my terminology in this field isn't the greatest. Could you tell me what do you mean by mini-image?
__________________
I really do love the noob/elitist contrast here.
Reply With Quote
  #4  
Old 14-12-2020, 12:21
Joe Forster/STA's Avatar
Joe Forster/STA Joe Forster/STA is offline
Senior forum member
 
Join Date: Nov 2000
Location: Hungary
Posts: 9,579
Thanks: 6
Thanked 232 Times in 148 Posts
Joe Forster/STA is on a distinguished road
Quote:
Originally Posted by emeykey View Post
Sorry, my terminology in this field isn't the greatest. Could you tell me what do you mean by mini-image?
The .mdf + .mds files. (You didn't download the whole game, I guess. You might want to read the forum rules.)
__________________
Joe Forster/STA
For more information, see the FileForums forum rules and the PC Games forum FAQ!
Don't contact me via E-mail or PM to ask for help with anything other than patches (or software in general) done by me, otherwise your request may be deleted without any reply!
Homepage: http://sta.c64.org, E-mail: [email protected]; for attachments, send compressed (ZIP or RAR) files only, otherwise your E-mail will bounce back!
Reply With Quote
Reply

Tags
securom crack dump debug

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Gamedevelopers visiting GCW/Fileforums Karthik 2.0 Chit Chat 0 04-12-2008 22:20
i need help with copying a securom 5.03.06.0002 game howz_dis CD/DVD Copy Protections & Utilities 0 19-11-2004 07:36
[Help! - Removing the Securom protection...] XICO2KX CD/DVD Copy Protections & Utilities 1 19-12-2001 20:16
How to unsecurom ?? I need a cracked exe for a *new* securom protected game. Can neone help please ? erwindebie CD/DVD Copy Protections & Utilities 5 07-12-2001 07:54
How to copy CD Cops 1.80 Protected Game? PLEASE HELP! MXLPT CD/DVD Copy Protections & Utilities 5 16-12-2000 11:00



All times are GMT -7. The time now is 08:38.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2021, vBulletin Solutions Inc.
Copyright 2000-2020, FileForums @ https://fileforums.com