We all know that game publishers don't want alpha games to fall into the public's hands, so sometimes they require a security key to run prerelease games. Unfortunately sometimes the original disks get seporated from their security keys and the game is lost forever. I have a couple of protos that won't boot, and i don't have the keys. Anyone else in the same boat?

I was just writing an article for my website about the canceled version of the punisher that the ESRB gave an AO rating to when i realized i don't have the key to run it. Sucks to be me... Well, sucks to be everybody as no one can see the screenshots now.

Are you talking about memory card dongles?

http://www.paradogs.com/months/pdx_cr02.htm

CF

Indeed he is.

Is it literally a password kind of thing? If so we could probably brute force it. And if it is some sort of signature in the code, there has to be some way to replicate it right?

Is it literally a password kind of thing? If so we could probably brute force it. And if it is some sort of signature in the code, there has to be some way to replicate it right?

It's not a password per se. Usually the game is looking for a memory card formatted in a certain way. The only way I can see to bypass the protection is to attach a debugger to the process, disassemble the xbe, patch it in assembly, then recompile, then reauthor the disk. Hmm, i don't know the memory card access routine off the top of my head, but i'll at least give it a try.

EDIT: Alright, i've found the routine. Anyone recomend a good xbox disassembler? (I could have sworn there was one in the xdk, but now i can't find it. I don't seem to be able to get visual studio to actually disasemble the xbe, just debug it).

IDA

http://www.datarescue.com/idabase/gallery/pc_xbox_xbe.htm

CF

IDA

http://www.datarescue.com/idabase/gallery/pc_xbox_xbe.htm

CF

While that's a really cool peice of software, it's a bit steep at $439 usd. Especally considering i only need to patch a single assembly call to a "nop". Thanks tho, i'll have to see if i can get a copy of that in the future.

While that's a really cool peice of software, it's a bit steep at $439 usd. Especally considering i only need to patch a single assembly call to a "nop". Thanks tho, i'll have to see if i can get a copy of that in the future.

Expensive software. I'm sure we can find something for free somewhere.

Hey Ace, PM me for an xmas present :thumbsup:

Its waitin for ya Ace...

Just to confirm:

- XBOX title?
- Code/dongle or both?
- Do you have a xbox setup for debugging?

Just to confirm:

- XBOX title?
- Code/dongle or both?
- Do you have a xbox setup for debugging?



Yeh, I'd be interested to know what your specifically looking for

Yeh, I'd be interested to know what your specifically looking for

Well, the original question i was wondering about is who else has disks they can't play because of the security keys. But i guess it's turned into me hacking the security out.

I guess i should give a bit of my background. When i was younger i used to crack software. I cracked a lot of it, and i'm not proud of this. I actually learned assembly language from decompiling programs to take out serial checks, media checks, etc. If you look out there hard enough, you'll still see warez downloads signed by "ProgrammingAce". As a side note, i landed my first "real" job because of my reverse engineering abilities.

Anyway, here's where i'm at with the punisher: I've found the memory card check routine and it's simple to bypass. I've gotten ahold of IDA (*thx) and decompiled the xbe. I'm running the disk on my debugger and attached to the process remotely (it was really easy to find the memory card check, because the game throws itself into an infinate loop looking for the memory card). Unfortunately IDA kinda sucks at disassembling xbe's and the addresses don't line up. At all. They're not even close. I can't get the disassembled code to match the debugger at all. I'm not sure how much time i'm really going to throw at getting this program working. Sure, it'd be cool to see the ultra violent version of the punisher... on the other hand... i don't like the punisher...

wouldn't it be possible to just patch it with a hex editor? I mean if you know where to do it already..

wouldn't it be possible to just patch it with a hex editor? I mean if you know where to do it already..

I'd think mangled assembly would be easier to read than hex, but my knowledge on the subject is quite low http://www.assemblergames.com/forums/images/smilies/icon_biggrin.gif. He's disassembling it to attempt to find the area where he needs to insert a nop command (or whatever the term is).

While I'm thinking about it, would nop work? I know PC game companies wised up to that sort of thing years ago, and I guess Microsoft figures that most people won't be attempting such a thing on the Xbox.

Please tell me if I sound stupid and need to shut up http://www.assemblergames.com/forums/images/smilies/icon_biggrin.gif. I used to read a ton of assembly tutorials, but I didn't get much out of them.

Please tell me if I sound stupid and need to shut up http://www.assemblergames.com/forums/images/smilies/icon_biggrin.gif. I used to read a ton of assembly tutorials, but I didn't get much out of them.

Hey, if you want to get into assembly I suggest you hunt down Jeff Duntemann's Assembly Language Step-by-Step ( Amazon link (http://www.amazon.com/gp/product/0471578142/qid=1135785255/sr=8-7/ref=sr_8_xs_ap_i7_xgl14/104-0948609-8992701?n=507846&s=books&v=glance)), it's very old but definitely a good base. There's also a newer version which includes Linux assembly, but it's a lot more expensive.

Hmm as i heard some N64 protos have such protections :(

Ker-Crack!!!! Bump from beyond the grave!!!

I had to brag a bit, so i thought i would post here.

I just cracked the security lock on the stress test on one of my prototype xboxes. The program used to be locked to the 3910 kernel, now it'll run on anything (except unmodded retail, of course). Before anyone asks, no i can't give out copies, the program is over 1.5 gig.

If anyone needs some help with some games they can't play, lmk. Strict confidentiality kept, i don't keep a copy of the game. I do this for the fun of it...

I have the hardware to crack Xbox, PC, Saturn, PSX...

I'm still trying to buy a TOOL so i can crack PS2 games, but no one seems to want to sell me one... = (

Its waitin for ya Ace...

....in the test chambeeerr. :lol:

Good stuff ace, Nice to know someone is helpful for free :nod:

Does this mean we'll get some screenies of the proto Punisher Ace?

Does this mean we'll get some screenies of the proto Punisher Ace?

You read my mind. We want pics :drool:

Funny thing about the punisher... the reason it won't boot now is because the disc is damaged. It looks as if someone tried cleaning it with a rough cloth, a couple of files are damaged (it was like this when i got it). I've been debating weather or not to run a disc doctor on it to try to recover the data... i haven't made up my mind yet. When i get it working, you all will be the first to know.

Funny thing about the punisher... the reason it won't boot now is because the disc is damaged. It looks as if someone tried cleaning it with a rough cloth, a couple of files are damaged (it was like this when i got it). I've been debating weather or not to run a disc doctor on it to try to recover the data... i haven't made up my mind yet. When i get it working, you all will be the first to know.

May I recommend you to use the discdoctor ? even though I don´t know what it is :)

And well I would say your past isn´t the worst to have, heck I don´t know why, but I just get so proud of people who really can do some serious stuff, in RE or something else in programming ways.
To me I think it awesome in some strange way, I can´t explain it more exact, heck maybe XerdoPwerko could do some more UK English than me. But I just get proud of knowing people, who have done some "serious" stuff. In many ways, and it is not always the cracking scene of things, but many things :)

Funny thing about the punisher... the reason it won't boot now is because the disc is damaged. It looks as if someone tried cleaning it with a rough cloth, a couple of files are damaged (it was like this when i got it). I've been debating weather or not to run a disc doctor on it to try to recover the data... i haven't made up my mind yet. When i get it working, you all will be the first to know.

I have never, ever seen a Disc Doctor recover data on a game disc. They've always made it worse for me. If you can, I'd suggest trying to get it resurfaced professionally. Some flea markets have people that will do that or you can make friends at Blockbuster and use theirs.

Have you tried backing it up first through you PC? Its worth a shot before you attempt to resurface it.

as for disc doctors, do NOT use them, as someone else recommended, get it professionally resurfaced, my local (non chain) game store does it for $2 a disc, saved several discs that a disc doctor screwed up

That's great news that you cracked the key. I recommend you look for someone with a nice resurfacing machine. I've had good luck with my "GameDoctor", but it's not something I'd use on a prototype.