23Nov/110

Reverse Engineering

Long since i updated this page, all my spare time have gone into reverse engineering different cryptos and compressions lately. Perhaps it's time to write a beginners tutorial how to reverse PowerPC assembly with aim on the Xbox360 and PS3 architecture.

For all my latest work visit www.360haven.com.

Filed under: Uncategorized No Comments
7Jun/110

DnD Daggerdale Savegame Resigner v1.0

This resigner will resign your modified savegames with the correct checksum again.

Usage:

Usage: dnd_dagger.exe <pc | xb> <savefile>

 

Features:

  • PC Support
  • Xbox360 Support

Enjoy!

Download

No Comments
26May/110

Yohoho! Puzzle Pirates carpentry bot cracked

PuzSol KoW is the only carp bot available as far as i know, and to use it you need to buy yourself a authorization code. Well no more, as i wanted this bot for myself i decided to start some reverse engineering on this piece of software.

As i started to reverse engineer this piece of software, i quickly noticed that this was protected by SmartAssembly (a .NET protector). This includes Strong Name, Anti- Tampering protection and encrypted strings, opcodes. You name it!

After removing the SA protection, there where a couple of custom protection aswell:

1) When you launch the application it will make a HTTP request to "http://www.whatismyip.com/automation/n09230945.asp", this is used to get your IP-address and this will later be sent to the authorization server.

2) When IP-address has been aquired it makes a second HTTP request to "http://www.sheerbilge.tk/carp/auth116.php?a=<ip address>&b=<Windows Identity Name>&c=<Random number>". This is the part where the actual authorization is taking place, the reply from the server is then sent back to the software using TripleDES encryption, more on that later.

3) Next request is to "http://www.sheerbilge.tk/carp/check2.php" where your IP-address is probably checked against the database and also recorded.

4) Now if all this went well there are 2 more custom checks, these are located at the "piece rotate" functionality. This is will make the bot to switch the pieces the wrong way and that way make it "suck".

5) The last thing is that the software makes a HTTP request every 30 minutes to "http://www.sheerbilge.tk/carp/time.php" to check that the session is valid.

These are more or less the checks within this software, and also a creation of a .bat file that will do some evil stuff to your computer.

Progress

Now i'm quite done with my reversing of this software, and this is what i have done:

  • Removed all WWW callbacks.
  • Patched the authentication code check so you can enter any code you like ;) .
  • Removed the "evil" .bat file creation that upon execution can harm your system.
  • Removed / Fixed checks that if the reply from authentication does not match a value the bot will not turn pieces correctly.
  • Removed Application.Exit() when whatismyip.com fails.

While it's almost complete there are some more things to verify before i think the crack is final and is ready for a release.

Encryption

The encryption used with the HTTP requests is TripleDES, and it's only the reply from the server that uses the encryption as the request itself contains no data.

edes = TripleDES.Create();
edes.IV = Encoding.ASCII.GetBytes("passwor1");
edes.Key = Encoding.ASCII.GetBytes("passwordDR0wSS@P6660" + "random number");
edes.Mode = CipherMode.CBC;
edes.Padding = PaddingMode.Zeros;

* Random number is the same number that is sent within the request.

Download

Download here

No Comments
5May/110

Risen

So, i started playing this game a long time ago but as the controls for the Xbox 360 not working as well as it does on the PC i decided to stop playing.

Now i want to continue where i left off, but first i thought i would patch the game to make the controls much better and actually working.

:update:

So now after spending quite a lot of hours in IDA pro, i have started to make changes that will improve the game experience.

  • Fix the annoying controls where you will turn 360 degr. instead of turning 90 degr.
  • Fixed a couple of bugs that where fixed in the PC version but not on the console.
  • Semi- added debug info.
Filed under: Xbox 360 No Comments
21Apr/110

de Blob 2

I spent some time looking into this game, for now this is what i can share.

struct deBlob2 {
unsigned int Magic;
unsigned int fileSize;
unsigned int checksum; // I believe this is the checksum
};
Filed under: Xbox 360 No Comments
19Apr/110

Crysis 2

Crysis 2 (CRYe) encryption has now been fully reversed, i can now decrypt and encrypt any files using this encryption.

Filed under: PS3, Windows, Xbox 360 No Comments
19Apr/110

Welcome

Welcome to my reverse engineering site, i will post updates about my recent projects im working on here.

Filed under: Uncategorized No Comments
   

Pages

Categories

Blogroll

Archive

Meta

Software Piracy is a CRIME! Support the software companies. If you play a game BUY it!
we do NOT promote, condone, or support piracy. We just give you the information "as is".