Go Back   FileForums > CD & DVD > CD/DVD Copy Protections & Utilities

Reply
 
Thread Tools Display Modes
  #1  
Old 04-07-2002, 00:14
DarkSoul's Avatar
DarkSoul DarkSoul is offline
Registered User
 
Join Date: Feb 2002
Location: bavaria/germany
Posts: 97
Thanks: 0
Thanked 0 Times in 0 Posts
DarkSoul
Search: SecuRom new tutorial

Hi there!

Ok, VLuka is not willing to send me an answer so I try it here:

UnSecurom should be known... but it will not work with newer SecuRom versions. I have found (a long time ago) some tutorials (e. g. from Pedro) but they don't work with the new SecuRom versions, too. I should patch the first 3 WriteProcessMemory calls what I successfully did. But the game always crashes (yes, I set the length for WPM to zero and patched the file right, this is not the problem). Does anybody knows where I can get updated infos or tutorials about SecuRom new?

Greetings,
DarkSoul
__________________
My key is your key and your key is mine!

Last edited by DarkSoul; 04-07-2002 at 03:53.
Reply With Quote
Sponsored Links
  #2  
Old 04-07-2002, 17:55
podunkviller podunkviller is offline
Die Hard Member
 
Join Date: Jan 2002
Location: temporary home of chicago bears
Posts: 1,169
Thanks: 0
Thanked 0 Times in 0 Posts
podunkviller
maybe consider examining some fixed exe's at gamecopyworld? *spelling edit*
__________________
I live in a corn field. However, I have the internet, so STOP LOOKING DOWN ON ME ALREADY.
Reply With Quote
  #3  
Old 05-07-2002, 00:56
DarkSoul's Avatar
DarkSoul DarkSoul is offline
Registered User
 
Join Date: Feb 2002
Location: bavaria/germany
Posts: 97
Thanks: 0
Thanked 0 Times in 0 Posts
DarkSoul
Quote:
Originally posted by VLuka
a) I don't crack games - I don't have time for that
Oh dear! Sorry man! I must apologize!

Quote:
Originally posted by VLuka
b) there is no tutorials dealing with SecuROM *new*
Yes, I thats right :-(
Damn... I want to crack the german NWN (because I hate it to put my orginial CDs into my drive) but I can't manage it. Exploring fixed Securom *new* executables will not end in a clear result. I'm not a beginner in cracking but I don't want to waste me time, too. It gets from day to day harder to crack games. :-(

Thanks and bye,
DarkSoul
__________________
My key is your key and your key is mine!
Reply With Quote
  #4  
Old 05-07-2002, 07:11
crispy crispy is offline
Registered User
 
Join Date: Oct 2000
Location: Quavers test laboratory
Posts: 455
Thanks: 0
Thanked 0 Times in 0 Posts
crispy
hi mate.

Firstly, your goal should be to check if your game executable is packed/compressed with something. (use something PEiD)
Once unpacked.....

1. You need a good memory dump of the .code section (beware, some later versions screwed with the vsize of some sections so to give massive dumps like 100-150Mb!)
2. Most of R!SC's tut stands except for some of the api decryptor code/routines
3.The program uses one call for all imports, so you've to program some code by your own which "gets" the imported function's addresses out of the call and replaces the addresses in the dumped ".code" section with the right calls.

It is easy if you have a working cd as you can let the program do the hard work for you.

Hope this helps
__________________
Munch......munch.....munch
Reply With Quote
  #5  
Old 08-07-2002, 00:31
DarkSoul's Avatar
DarkSoul DarkSoul is offline
Registered User
 
Join Date: Feb 2002
Location: bavaria/germany
Posts: 97
Thanks: 0
Thanked 0 Times in 0 Posts
DarkSoul
@Crispy:

I already know how to use dumpers and other tools (for softice). But there is now newer tutorial about SecuRom new v2. And yes, I have already cracked successfully older SecuRom new games, but the procedure does not work with newer ones.

BTW: I have always working cds... I never use illegal copies of games! I do always buy the games. But I wanna get rid of the silly "insert cd" messages due the fact the game doesn't need the cd really (only for the copy protection).

I will figure it out by myself. Thanks!

Greetings,
DarkSoul
__________________
My key is your key and your key is mine!
Reply With Quote
  #6  
Old 08-07-2002, 05:20
crispy crispy is offline
Registered User
 
Join Date: Oct 2000
Location: Quavers test laboratory
Posts: 455
Thanks: 0
Thanked 0 Times in 0 Posts
crispy
hi mate.

firstly, you misunderstand. I was not implying that you produce copies, but merely stated that with a "working" cd (be that an original or good working copy with sub-channel data intact) could be used to overcome the hard part of cracking securom v2.
Namely that unless you are a genius with advanced encryption techniques, then you are better to let the program decrypt itself in memory after it has accessed the cd.
You can then dump the FULL loader program, disassemble it so you can remove the "silly insert cd message". The trick is then rebuilding the IAT and correctly re-directing API calls away from the securom code.

And if you have successfully cracked other securom games then you should understand what I posted before. They are fairly similar to R!SC's tuts, except for some of the api decryptor coding and routines and a small trick to fool memory dumpers to give overly large dumps.

Good luck anyway
__________________
Munch......munch.....munch
Reply With Quote
  #7  
Old 09-07-2002, 06:21
DarkSoul's Avatar
DarkSoul DarkSoul is offline
Registered User
 
Join Date: Feb 2002
Location: bavaria/germany
Posts: 97
Thanks: 0
Thanked 0 Times in 0 Posts
DarkSoul
@crispy:

No, I guess you misunderstood me... I said I own the original game CD so my crack should work with it, too. And no, I'm not a genius and I let the programm itself decrpyt the first 3 parts... and there is the problem: It will not run with the decrypted parts. It seems that it decrpyts the data based on the original executable AND the CD... and no, its not so easy to dump only the (loader ?) programm. You have to change the writeprocessmemory calls (set length to zero) and to replace the entry points (of the API functions). Securom new was never really easy to crack but NWN overblows my mind.

Yes, I have succesfully cracked games before, e. g. Diablo 2. but the tutorials will not work with NWN...

I will try it out by myself... thanks for your help!

Greetings,
DarkSoul
__________________
My key is your key and your key is mine!
Reply With Quote
  #8  
Old 09-07-2002, 09:22
crispy crispy is offline
Registered User
 
Join Date: Oct 2000
Location: Quavers test laboratory
Posts: 455
Thanks: 0
Thanked 0 Times in 0 Posts
crispy
"It will not run with the decrypted parts. It seems that it decrpyts the data based on the original executable AND the CD... "

it's a while since I've "tampered" with securom v2, but in the past the subchannel data is used as the key to decrypt the sections (and certainly earlier versions contained the key somewhere else in case the cdrom couldn't read subchannel?...can't remember where exactly though, sorry....)
The original loader is SMC, like safedisc etc, but with less anti-SI baggage. Has this changed? Surely your dumped sections won't run because of misdirected calls and screwed import table (as most api's are re-directed thru securom code)? As I mentioned earlier, some home cooked code redirecting those calls should do it. It's time consuming but possible.

Isn't "change the writeprocessmemory calls (set length to zero) " mentioned in pedro's and/or R!SC's tuts as applied to the original securom, as this too used SMC. i.e. it used writeprocessmemory to alter the code at specific mem locations as it decrypted?

I'm intrigued mate, so post back.
__________________
Munch......munch.....munch
Reply With Quote
  #9  
Old 10-07-2002, 03:25
DarkSoul's Avatar
DarkSoul DarkSoul is offline
Registered User
 
Join Date: Feb 2002
Location: bavaria/germany
Posts: 97
Thanks: 0
Thanked 0 Times in 0 Posts
DarkSoul
Exclamation

Why the hell do you call me mate? Have we ever played together?

My DVD drive is 100% compatible with SecuRom new so it can read at least 94 bytes of the subchannel data. As far I understand Pedro's tutorial the exe file sould still run if I only ptch the first WriteProcessMemory call. But It doesn't run. Maybe the old code is needed and the new decrypted code will not contain the right pointers? It should have nothing todo with the ITA. I have configured my system perfectly so nearly no programm is able to detect my running SoftIce and I never use BPXs on critical points I use instead the BPM X command.

And what the hell means SMC? I never have heard of it.

BTW: My english is not the best and I have really problems to tell you exactly what I mean!

Greetings,
DarkSoul
__________________
My key is your key and your key is mine!
Reply With Quote
  #10  
Old 10-07-2002, 05:47
crispy crispy is offline
Registered User
 
Join Date: Oct 2000
Location: Quavers test laboratory
Posts: 455
Thanks: 0
Thanked 0 Times in 0 Posts
crispy
No we haven't "played" together as you put it, the term mate is intended to keep things friendly and good humoured.

SMC - self modifying code. i.e. the apps code changes in memory during run-time as it is decrypted.

The IAT is important otherwise any reconstructed dump will not run as no import table is available for your imports. PE format needs to be right for your dumped code.

It certainly sounds like you haven't sorted all the redirected calls to the securom code. Your dump is already initialised to this set-up and this is deliberate to stop simple memory dumping.

I understand if english is not your first language....it seems good enough though.


No matter, as it sounds like you'll sort it out yourself one day
__________________
Munch......munch.....munch
Reply With Quote
  #11  
Old 11-07-2002, 04:12
DarkSoul's Avatar
DarkSoul DarkSoul is offline
Registered User
 
Join Date: Feb 2002
Location: bavaria/germany
Posts: 97
Thanks: 0
Thanked 0 Times in 0 Posts
DarkSoul
Quote:
Originally posted by crispy
SMC - self modifying code. i.e. the apps code changes in memory during run-time as it is decrypted.
Oh, that is so simple... why didn't I find this out by myself?

Quote:
Originally posted by crispy
The IAT is important otherwise any reconstructed dump will not run as no import table is available for your imports. PE format needs to be right for your dumped code.
Yes, i already know that... but the first WriteProcessMemory call should not change the IAT so the programm should run if I patch it. This way worked with Diablo 2 and Diablo 2 LoD... but not with NWN. I guess I have to spend more time for this problem...

Quote:
Originally posted by crispy
It certainly sounds like you haven't sorted all the redirected calls to the securom code. Your dump is already initialised to this set-up and this is deliberate to stop simple memory dumping.
Yes, I didn't change any redirected calls... why should I? I am far away of this point... this should come later, or not?

Quote:
Originally posted by crispy
I understand if english is not your first language....it seems good enough though.
German is my native language... but for my job I need english, too.

Quote:
Originally posted by crispy
No matter, as it sounds like you'll sort it out yourself one day
Yes, it could last a while... and my readme for this no-cd crack will begin with "Once upon a time there was a cracker called DarkSoul..." ;-)

Greetings,
DarkSoul
__________________
My key is your key and your key is mine!
Reply With Quote
  #12  
Old 29-08-2002, 15:00
themis_t's Avatar
themis_t themis_t is offline
Die Hard Member
 
Join Date: Nov 2001
Location: Greece!Athens....(You know the place with the Parthenon,don't you?)
Posts: 1,493
Thanks: 0
Thanked 0 Times in 0 Posts
themis_t
so,did you finally found a way of doing this?
__________________
You don't believe it?it's Magic!

Oloi oi ellines [URL=http://www.forums.gr/forumdisplay.php?s=&forumid=63]edo[/URL]!!!
Reply With Quote
  #13  
Old 11-06-2012, 07:59
vjthepilot vjthepilot is offline
Registered User
 
Join Date: Jun 2012
Location: India
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
vjthepilot is on a distinguished road
Red face help

hi guys i'm vijay i'm a trainee pilot i own 23 cds of oxford atpl cbts but i hate to find the right cbt at time for reference i have lots of notes books cds some time i misplace the cd in some other case and will be searching for the whole day can any one teach he step by step how to bypass this cd and put an end to my misery please..................................thx a lot in advance.....plz consider my obligation and help me
Reply With Quote
  #14  
Old 11-06-2012, 08:16
TippeX's Avatar
TippeX TippeX is offline
zeroes and ones.....
 
Join Date: Jan 2003
Posts: 3,842
Thanks: 2
Thanked 32 Times in 22 Posts
TippeX is on a distinguished road
i could teach you, but how much will you pay me?
__________________
bleh
DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -7. The time now is 05:53.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright 2000-2020, FileForums @ https://fileforums.com