So how can we overpass this limit? Let's try with ollydbg thatI already used here for cracking a software for my company.At this point, I expected the game assembly code to contain something likeif (current_timer_in_game > random_value_or_so) then quit_game()
CRACK ResScan 3.11
I'm actually unsure about who deletes who exactly, but sure thing:this is a crappy useless mess.If you wonder why things are run this way, I can tell you this is a dumb attempt to makethe game "uncrackable". Suppose you have a crack for any of the exes, then, it would be deleted right awayand recreated so, game is not crackable right?
Wrong.It still is, you only need to remove the deletion codes from the three executables.It's very fairly doable but it made me think about one thing: if I crack things this way,not only it's gonna be boring as hell, but it would have to be re-done if a new version comes out(ok, it's an old game, so very few chance a new version would be out, but anyway...plus I was working on the v2.CC version at this time, and saw later on that version v2.Hwas out since a decade or so, hence, there indeed was an update I missed). So I tried another way.
So, the main point here is I don't care about the exes and the complete useless messdevelopers made here. I'm caring about the running game.So I turned to an alternative way of thinking:instead of tampering the saved exes likeI did last time,I will instead tamper the memory of the running game, to make it do what I want.For this, I useCheat Engine,which allows to fairly easily alter running program's memory(often, for cheating, but here, we'll crack game with it instead).Note that this might raise alerts from "anti-cheating" systems like Punkbuster or so,but I don't care since I don't have them. Also, Cheat Engine tampers with other processes dataso your anti-virus might complain about it and requires you to whitelist/allowthis software first (this airgaped offline Windows XP has no anti-virus so this wasn't a problem either)
Last thing to check was if the timer remains at the same place on every game's boot.So, I shut down the game, shut down the computer, even unplugged the power, and rebooted everything up.I then started the game, started cheat engine, opened the game process again,and looked at the 0x4ce3b8 address: the timer was still here! I froze it (to about 50000)and was able to play for more than an hour and finish another game session.Time limit was cracked!
Now, how do I change this constant? I could alter the assembly code, replacing the instructionswith some NOP (no-operation, hence "do nothing" bytes) to bypass the jumps, reassemble the program,and so I'll get the constant cracked. Wait. No. I cannot do that, because exes are deleted all around.So I need to alter this constant while the game is running,using Cheat Engine's memory tampering capacities instead.Well, let's do that: the constant I want to change is a 32 bits integer that resides at 0x46869bso I'll "add address manually" to the table, set its value to (say) 0x7fffffff and we should be good.
This means I hadn't fully cracked the licence, so I still need to tamper the assembly code forunlocking the max points I can have, and to tamper the memory to unlock the game duration:hooking the licence timestamp like I did in this section is not enough to unlock everything.
So, I cracked this game. What now?First, never expect to make a thick client "uncrackable".It will always be. Protect the data instead: if I attempted to play the game online,I must be forbidden to join the online servers, because the servermust hold and check the licence, using some sort of login.If the program requires no online data, then it will be crackable, no matter what,so don't waste time and risk/bring bugs to "avoid" this.
Next steps I could try would be (someday maybe) to find where the licenced name is,so I don't have "Licence granted to [EMPTY STRING HERE]". Or I could try to break the adffile format, and extract the game resources. This file is certainly simply "encrypted" in some way,maybe with a simple XOR or so. In the assembly code and the game's process memory, you'll actuallysee a lot of file names like "tektonfortress.apf" or "sprites/tree.pcx", which makes me thinkthe program access the adf file like it would access a zip.Or, last, I could actually try to crack the three exes for good (you maydownload them here if you want to try)but that sounds uselessly complex.
A lot of scams exists for "cracking" this game, so, if you believe none of my links,you can make the LUA script yourself, it's written below. The Cheat table is also given,so you can grab the addresses by yourself (I've added some interesting addresses too if you're curious).All links above are official links, so no virus and no malware.Note that my airgaped Windows is fully offline, and its current date is often January 2002,so the timestamp values suggested here might have to be increased depending on when you're reading this article.
If your phone display is cracked and you want to access the data, follow the below steps.How to access data if the phone touch is not working on Realme 5s?You can connect your Realme 5s to your PC/Laptop using a USB cable. By doing this, you can easily access all your data.If you have stored your data on a micro SD card, then take it out and insert it again. Check if this fixes the issue.The problem could be the failure of the screen sensor. Check it and take the required action.If you want to use any apps on your phone, then you can use an OTG Cable. Connect wireless Keyboard and Mouse. This way, you can access your phone like a PC.You can try the above steps if your touch functionality is not working.I hope you find the above steps useful and working for you. If not, then make sure to drop a comment below describing your issue. 2ff7e9595c
Comments