Jump to content

A Simple NO-CD Cracking Tutorial [Learning Purposes]


mg13gr
 Share

Recommended Posts

Use this tute only for cracking the EXEs of the CDs that you own...

This tutorial is for Educational purpose only.

 

Author: Creativity

Target Program: Ballance 2.0.0.1 (But the splash page displays v1.13)

Application type: Microsoft Visual C++ application (Use PEiD to find it out)

 

Tools required:

W32Dasm 8.93 or above.

Olly Debugger 1.10 (Debugging + Patching the game)

PEiD / ClonyXXL / ProtectionID

 

How to crack:

This is my first cracking tutorial... so please report me or forgive me for my mistakes that I made, I'm a newbie in cracking...

 

CLONY XXL STEPS:

Step 01: Insert the disc into the drive then click Scan in clony XXL.

Oh great the game doesnot contain any CD protection.

 

PEiD STEPS:

Step 01: Click on "..." and open the target "Player.exe" in the bin folder in the game's installation directory.

Step 02: Oh cool the game doesn't contain any protection like Securom, safeDisc etc and it is not protected with any Exe protectors. We are lucky... and our cracking burden is reduced.

 

W32DASM STEPS:

Step 01: Start the game without the CD... oh no... a window with title "Attention" and It says "Place the CD-ROM into the Drive and Start the Game again"

Step 02: Load up W32Dasm and disassemble the file "Player.exe" in the Bin folder...

Step 03: Since the error message "Place the CD-ROM into the drive and start the game again" loads up in the runtime, so it is not possible to search with the string.

Step 04: In W32Dasm click on "String Data references" button in the toolbar. Search for "Attention" thats the title of error message window.An alternate method is by using the menu "Search->Find Text" then type your text,"Attention" in the text box. Click on "Find next".

Step 05: It will take us to the line that displays the following

 

* Possible StringData Ref from Data Obj ->"Attention"

 

Step 06: Scroll a little below and you can find these lines.

 

* Referenced by a (U)nconditional or ©onditional Jump at Address:

|:0040121B©

 

It says that the jump to this error message is from the address 0040121B and it also indicates what type of jump it is.

©-Conditional Jump (JNE's and JE's) and

(U)-Unconditional Jump (JMP)

 

So our jump is a conditional jump... (ie) it is checked for specific condition and then jumped.okay now that we've got the address where the game checks,Note it down in a piece of paper... Next is to Patch it out... close W32Dasm.

 

Note: There are two dialog with title "Attention", If you are not sure of which one is the dialog that points to CD-Check then run the target in a debugger to find out the correct Error string.

 

OLLY DEBUGGER STEPS:

i've added a screen shot of Olly and with the three important windows marked...

 

ollyinterface7qp.jpg

 

My interface and yours might differ because I've added new plugins and changed the color of the interface.

 

Step 01: Open the target file "Player.exe" in OllyDebugger

Step 02: Ollydebugger has many windows, we have to open the CPU window to debug the process. Click on the "C" icon in the toolbar... It will display the decompiled code. Maximize the window.

Step 03: Now Right click in the window and Select "Goto->Expression" and enter the address that you noted in W32Dasm... In this case it is 0040121B and then Click "OK"

Step 04: Ok now we have successfully landed in our checking area 0040121B. We need to bypass the check so that we can run the game without the CD and with the CD. This is really important, because the game must be able to run with a CD and without a CD, in that way we must crack it.

 

Original code:

00401219 . 84C0 TEST AL,AL

0040121B 75 46 JNZ SHORT Player.00401263

 

What does this code do ?

To know what it does follow the steps, Select the line 00401219 and then right click Select "Breakpoint->Run to selection" Now look at the information window, the sliced one that is just below the code window slice. We'll find that registerAL=00 if the CD is not inserted and AL=01 when the CD is inserted. so the next line is JNZ(Jump if Not Zero) if the AL value is 0 it will not jump, So it'll jump only when the CD is inserted (ie.)when AL becomes 01, so this is a conditional Jump. We have to change it to unconditional jump, It must jump always. So we have to modify it. So follow the steps below.

 

Step 05: Double Click on the line 0040121B or Click on the line and press Spacebar a window with title "Assemble at 0040121B" will pop up, now change "JNZ SHORT 00401263-->JMP SHORT 00401263", I've only changed the first three characters in the line.

Step 06: So we have patched the game in the memory, to patch the executable, Right click in the code window and select "Copy to executable-> All modifications" and click "Copy All", Now a dump window(D in the title) will popup displaying all the modifications that we made. Now Right click in the Dump window and select "Save file" then save the file with some other name, example Player_cracked.exe...

 

Patched code:

00401219 . 84C0 TEST AL,AL

0040121B EB 46 JMP SHORT Player.00401263

 

Final Notes:

So we've successfully cracked the game Ballance 2.0.0.1 (V1.13 according to the splash page), Now the game will run when the CD is inserted and also when the CD is not in the drive. There are manys ways to crack this... one method is this one. Every program has its own weakness. Finding the weakness is the solution.

 

Greets:

To all NO-CD crackers in the world.

 

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share



  • Posts

    • Hello MxC! I am trying to adapt a event that every day will spawn a npc with the outfit of the top player. I managed to add the patch that i found but on aCis 401 that im using a lot of things are changes. I dont have any error but the npc doesn't appear as it has. here is the patch for what i did. https://pastebin.com/nnpTSaJ9  I think the problem is on this lines +    public void setPolymorphInfo(CharSelectInfoPackage polymorphInfo) +    { +        _polymorphInfo = polymorphInfo; +         +        for (L2Object object : getKnownList().getKnownObjects()) +        { +            if (object instanceof L2PcInstance) +            { +                sendInfo(object.getActingPlayer()); +            } +        } +    } this is from an older acis pack.   I did it like this:     public void setPolymorphInfo(CharSelectSlot polymorphInfo)     {         _polymorphInfo = polymorphInfo;                  for (Object object : getKnownTypeInRadius(Player.class, 2000))         {             if (object instanceof Player)             {                 sendInfo(((Player) object).getActingPlayer());             }         }     } if anyone can help i will apreciate it
    • Went ahead and made some small emitters  they look clunky but on UnrealED, but they're way better ingame. Just add the files to your System, after that you can use L2Tool to edit NPCLogoTex.u and change these textures: then, to use them, you just need to open npcgrp.dat and change the npc's class i.e.: 30359    LineageNPC.a_patriarch_MDarkElf    LineageNPCs.a_patriarch_MDarkElf_m00 to 30359    NPCLogo.NPCLogoA    LineageNPCs.a_patriarch_MDarkElf_m00   I added 10 effects, so you can use them from the letter A to the letter J   download compiled .u download .u source scripts (in case you wanna try to recompile them)  
    • u need copy it from Classic to Classic ? or Classic to IL ? easy copy problem its only with NPC set when can use it... try write to @NevesOma he can make this effect 😉
    • Hello everyone, I would like to welcome you to our private server L2 Red Sun - High Five. After the successful launch of the server in 2017, we are coming again with a new season. What can you look forward to? All High Five Features, PvP, lots of fun, Anti-Bot system, Active GMs, lots of events. The official launch of the server is planned for 2022-12-17. Follow our website https://l2rs.com/   L2 Red Sun – Lineage 2 High Five Grand Opening: 2022-12-17 – watch our website Website: https://l2rs.com/ Discord: https://discord.gg/8XS2aNpmDA Mid Rate server 20x All High Five features Play to win – No Pay to win! Mass PvP, a lot events and much more! Experiance (EXP)  - 20x     Skill Points (SP) - 5x      Adena  - 5x      Drop Items - 5x     Spoil - 10x     Max Enchant - + 25   Enchant chance - 53 %   Attribute Stone / Crystal chance - 30 / 25 % Buff slots - 28 + 12 (buffs + dance) ✅   Buffs, Dances, Songs Durations - 2 hours ✅   Subclass max. level - 85 ✅   Subclass count - 4 ✅   Anti-bot (captcha) - command .testbot ✅   Anti-bot client and server side (Strix-Guard) ✅ Full GM LOG in real time on Website (no more corrupt GMs) ✅   Geodata ✅   Offline shop ✅   Olympiad for 14 days ✅   Anti-DDOS protection ✅ Active GMs ✅   Scheme buffer ✅   Shop to S grade ✅   Olympiad for 14 days (1. and 15. in month) ✅   Donate only for Premium account (no-items) ✅   All Instance / Grand Boss Working fine ✅  website: www.l2rs.com Forum: www.forum.l2rs.com We look forward to you GMs L2 Red Sun
    • You need to recompile effects and NPC scripts, it isn't hard to do, do you have any experience with that whatsoever? lemme know and i might be able to give you a hand through here
  • Topics

×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock