Edit exes

[Tsaar]

I own quite a few games, and I like to use InfraRecorder to rip ISOs of
the discs to my computer.

I have a few games here I just bought with the $15 Amazon sales (COD WAW and ME2), and they have some very ornery disc checking DRM.

I don't trust Gamecopyworld's no-cd exes. So I was wondering how hard
would it be for me to edit the exes and remove the hooks that check for
a disc in the drive (I would like to apply this to all my games)?

Basically:

1) Level of difficulty?
2) Time needed?
3) Software needed?
4) Actual process to remove the disc checking hooks?

 

[alkemyst]

Can't ask this here. It falls under circumventing copyright protections and would work whether you owned the discs or not.

 

[Tsaar]

Can't ask this here. It falls under circumventing copyright protections and would work whether you owned the discs or not.

The DMCA was modified this year to make this legal, or I would not have asked. I follow the law and EULAs no matter how anal they are.

 

[Nothinman]

I own quite a few games, and I like to use InfraRecorder to rip ISOs of
the discs to my computer.

I have a few games here I just bought with the $15 Amazon sales (COD WAW and ME2), and they have some very ornery disc checking DRM.

I don't trust Gamecopyworld's no-cd exes. So I was wondering how hard
would it be for me to edit the exes and remove the hooks that check for
a disc in the drive (I would like to apply this to all my games)?

Basically:

1) Level of difficulty?
2) Time needed?
3) Software needed?
4) Actual process to remove the disc checking hooks?

Don't even consider it unless you understand assembly. This is basically one of those areas where if you have to ask, you can't do it.

Can't ask this here. It falls under circumventing copyright protections and would work whether you owned the discs or not.

Unless we're talking about jailbreaking your iPhone or Hackintoshing...

 

[Homerboy]

You're fine using gamecopyworld's .exe If you are paranoid have a decent AV app installed.

You will not be able to edit the .exe's on your own.

 

[Modelworks]

removing even basic securom protection takes more than just a rudimentary understanding. If you don't understand terms like EQU, NOP , then find another method.

 

[Tsaar]

I do understand assembly.

I just have never broken into an already created exe to edit the assembly.

 

[Nothinman]

I do understand assembly.

I just have never broken into an already created exe to edit the assembly.

Grab a disassembler and look for some how-tos, I'm sure there's some out there.

 

[Gamingphreek]

I do understand assembly.

I just have never broken into an already created exe to edit the assembly.

If you had to ask this question, then you don't understand x86 Assembly code near enough. Additionally, your use of the term "breaking into an exe" further demonstrates that.

I don't say that to come off as a jerk in the slightest, merely to save you from wasting time. Some things are simply best left to professionals.

 

[llee]

You need to realize that editing a .exe isn't like changing a few lines of code. That said, go find your research somewhere else. If you're really cool, maybe you could start supporting devs by purchasing games instead of torrenting them. Please, save your excuses.

 

[Tsaar]

You need to realize that editing a .exe isn't like changing a few lines of code. That said, go find your research somewhere else. If you're really cool, maybe you could start supporting devs by purchasing games instead of torrenting them. Please, save your excuses.

STFU. Do you want me to fucking take a picture of all my physical discs?

I am the most anti-pirate guy you will ever find. Why the fuck would I care about DRM if I was a fucking pirate downloading torrents which probably already have cracked EXEs considering they are freely and legally available on the Internet (I just don't trust these EXEs not to be trojans)?

How does keeping a digital library of all my games so my discs stay SAFE and UNSCRATCHED inside a storage box in my closet make me a pirate? GTFO if you want to troll and come back if you have something worthwhile to add to the conversation.

Edit: Also, some of us have actually been productive with our lives and make very comfortable salaries and are happy to invest their money into these corporations. My investing in these companies by purchasing their games helps ensure that more games can be developed by them in the future to provide me with lasting entertainment.

Edit 2: I was really pissed because I don't like my integrity being insulted. These games were still on my desk so I took a pic with my cell phone:

 

[Tsaar]

If you had to ask this question, then you don't understand x86 Assembly code near enough. Additionally, your use of the term "breaking into an exe" further demonstrates that.

I don't say that to come off as a jerk in the slightest, merely to save you from wasting time. Some things are simply best left to professionals.

I am by no means a professional at assembly. I am a hardware level electrical engineer. My Assembly understanding is rudimentary at best.

I am familiar with assembly stepping software like IDA Pro, but not enough to get past the crpyted areas where the lines are actively decrypted for disc checking when the EXE is executed.

 

[Gamingphreek]

I am by no means a professional at assembly. I am a hardware level electrical engineer. My Assembly understanding is rudimentary at best.

I am familiar with assembly stepping software like IDA Pro, but not enough to get past the crpyted areas where the lines are actively decrypted for disc checking when the EXE is executed.

I see.

Well just for your own personal edification:
- IDA Pro is a disassembler. You are referring to its ability to step over and into particular pieces of code when debugging.
- I honestly have no idea what you mean by "crypted areas". If you disassemble a binary executable, you are left with assembly code (x86 in this case). Perhaps you are referring to the occasional String/Debug Symbol that is left behind after compilation to help you find your way, but outside of that I'm not entirely sure what you are referring to.

Dealing with a disassembled executable with no Debug Symbols, with full Optimization enabled (Loop Unrolling, Strength Reduction, etc...), as well as Dynamic Linking will be an absolute NIGHTMARE to attempt to understand. I would stay away from it and leave it to someone who has an extremely intricate knowledge of the program at hand as well as x86 Assembly.

-Kevin

 

[Tsaar]

I see.

Well just for your own personal edification:
- IDA Pro is a disassembler. You are referring to its ability to step over and into particular pieces of code when debugging.
- I honestly have no idea what you mean by "crypted areas". If you disassemble a binary executable, you are left with assembly code (x86 in this case). Perhaps you are referring to the occasional String/Debug Symbol that is left behind after compilation to help you find your way, but outside of that I'm not entirely sure what you are referring to.

Dealing with a disassembled executable with no Debug Symbols, with full Optimization enabled (Loop Unrolling, Strength Reduction, etc...), as well as Dynamic Linking will be an absolute NIGHTMARE to attempt to understand. I would stay away from it and leave it to someone who has an extremely intricate knowledge of the program at hand as well as x86 Assembly.

-Kevin

I agree with you. I was honestly hoping to use something like IDA Pro to step into a simple disc check line and NOP all of the crap (supposedly Securom actually encrypts their parts of the executable so disassemblers cannot read them...these commands are decrypted only when fully executed).

I think I will stick to the areas of technology where electromagnetic principles apply.

 

[Gamingphreek]

I agree with you. I was honestly hoping to use something like IDA Pro to step into a simple disc check line and NOP all of the crap (supposedly Securom actually encrypts their parts of the executable so disassemblers cannot read them...these commands are decrypted only when fully executed).

I think I will stick to the areas of technology where electromagnetic principles apply.

I'll take your word for it, but from a programming perspective I have absolutely no idea how you would encrypt part of a binary file and dynamically decrypt it. Perhaps you misunderstood...

For instance, if that were the case, people writing viruses could simply encrypt their executables in this manner which would prevent A/V software from identifying malicious code. Additionally software vendors would use it all the time to prevent people from reverse engineering products.

At any rate, assuming this is the case, you wouldn't simply find the area in question. I'm sure you know this, but it isn't like it is marked "this is securom area". You would simply see some various things pushed and popped off the stack. If you inspected the registers and memory locations in question, you might be able to figure out that it is calling securom then. Even finding that segment of code would be tough though...

Programming is fun ... come on, you know you would rather program as opposed to solder things!

 

[llee]

I sent you a PM. There's no need to start flaming your own thread.

STFU. Do you want me to fucking take a picture of all my physical discs?

I am the most anti-pirate guy you will ever find. Why the fuck would I care about DRM if I was a fucking pirate downloading torrents which probably already have cracked EXEs considering they are freely and legally available on the Internet (I just don't trust these EXEs not to be trojans)?

How does keeping a digital library of all my games so my discs stay SAFE and UNSCRATCHED inside a storage box in my closet make me a pirate? GTFO if you want to troll and come back if you have something worthwhile to add to the conversation.

Edit: Also, some of us have actually been productive with our lives and make very comfortable salaries and are happy to invest their money into these corporations. My investing in these companies by purchasing their games helps ensure that more games can be developed by them in the future to provide me with lasting entertainment.

Edit 2: I was really pissed because I don't like my integrity being insulted. These games were still on my desk so I took a pic with my cell phone:

 

[Ken g6]

I'll take your word for it, but from a programming perspective I have absolutely no idea how you would encrypt part of a binary file and dynamically decrypt it. Perhaps you misunderstood...

I imagine it would be similar to UPX. If UPX didn't have a separate decompresser, that alone could be effective.

It is also, occasionally, possible to edit an exe with a text editor, find raw strings embedded in the binary data, and edit them without changing their length. I tried this once with a program I wrote, but which someone else compiled for a different platform that I didn't have access to.

 

[VirtualLarry]

OP, if you really want to learn, I would spend time on warez bbses looking for hacking/cracking tuts. I recommend the ones by Buckaroo Banzai or ORC+.

I used to crack games back in the day, when they had magic code charts or wheels you would have to use, back in the 5.25" floppy days and DOS.

Things have gotten quite a bit more complicated since those DOS days, however, and I haven't kept up. Haven't done much ASM coding since the original Pentium was released.

http://www.defacto2.net/magazines.cfm?mode=detail&title=Cracking%20101
http://www.textfiles.com/piracy/CRACKING/

Btw, cracking games that YOU OWN, as long as you don't distribute them, is legal. Which is what I did for my own use.

 

[Modelworks]

One of the problems with using something like Ida pro for removing protections is that Ida was not designed with that intent. Most of the software protection systems are aware that people will use Ida or other popular programs and will check to see if Ida is being used either attached to the process or in disassembly and you have to know how to handle that. Otherwise ida will generate junk or freeze, or the application will freeze.

Really what you need to do is start with something simple like securom 1.0 and work your way up through the changes to the current version.

Another tip is to use winxp 32 bit for the cracking. Win vista/7 make it more cumbersome to access what you need to access. Virtual machines can be helpful but a lot of protection systems will detect those as well.


One of the best places to learn is the tuts 4 you forums. But be careful of anything you download from members , there is a lot of dangerous programs circulated on there, malware that is very very hard to get rid of etc.
http://forum.tuts4you.com/

 

[Emulex]

ida pro
xvi32
few decompressors/debuggers
all good.

you ever hack your car ecu? that's pretty fun!

 

[Teknic]

I started a thread about avoiding DRM and it got shut down as piracy. I would just download a fixed .exe...gamefix is another place that writes fixed .exes if you don't want to use gamecopyworld.

 

[Gamingphreek]

I started a thread about avoiding DRM and it got shut down as piracy. I would just download a fixed .exe...gamefix is another place that writes fixed .exes if you don't want to use gamecopyworld.

Avoiding DRM is completely different than circumventing SecuROM. Avoiding DRM can be expanded to pirating media and what not. All circumventing SecuROM will do is allow a CD-Less runtime - you still have to have a valid CD-Key to use the software.

-Kevin

 

[tynopik]

what happened to using daemon tools or alcohol 120% or the like?