Who Has Missing Security Keys?

We all know that game publishers don't want alpha games to fall into the public's hands, so sometimes they require a security key to run prerelease games. Unfortunately sometimes the original disks get seporated from their security keys and the game is lost forever. I have a couple of protos that won't boot, and i don't have the keys. Anyone else in the same boat?

I was just writing an article for my website about the canceled version of the punisher that the ESRB gave an AO rating to when i realized i don't have the key to run it. Sucks to be me... Well, sucks to be everybody as no one can see the screenshots now.

 

Are you talking about memory card dongles?

http://www.paradogs.com/months/pdx_cr02.htm

CF

 

Is it literally a password kind of thing? If so we could probably brute force it. And if it is some sort of signature in the code, there has to be some way to replicate it right?

 

It's not a password per se. Usually the game is looking for a memory card formatted in a certain way. The only way I can see to bypass the protection is to attach a debugger to the process, disassemble the xbe, patch it in assembly, then recompile, then reauthor the disk. Hmm, i don't know the memory card access routine off the top of my head, but i'll at least give it a try.

EDIT: Alright, i've found the routine. Anyone recomend a good xbox disassembler? (I could have sworn there was one in the xdk, but now i can't find it. I don't seem to be able to get visual studio to actually disasemble the xbe, just debug it).

 

IDA

http://www.datarescue.com/idabase/gallery/pc_xbox_xbe.htm

CF

 

While that's a really cool peice of software, it's a bit steep at $439 usd. Especally considering i only need to patch a single assembly call to a "nop". Thanks tho, i'll have to see if i can get a copy of that in the future.

 

Expensive software. I'm sure we can find something for free somewhere.

 

Hey Ace, PM me for an xmas present :thumbsup:

 

Its waitin for ya Ace...

 

Just to confirm:

- XBOX title?
- Code/dongle or both?
- Do you have a xbox setup for debugging?

 

Yeh, I'd be interested to know what your specifically looking for

 

Well, the original question i was wondering about is who else has disks they can't play because of the security keys. But i guess it's turned into me hacking the security out.

I guess i should give a bit of my background. When i was younger i used to crack software. I cracked a lot of it, and i'm not proud of this. I actually learned assembly language from decompiling programs to take out serial checks, media checks, etc. If you look out there hard enough, you'll still see warez downloads signed by "ProgrammingAce". As a side note, i landed my first "real" job because of my reverse engineering abilities.

Anyway, here's where i'm at with the punisher: I've found the memory card check routine and it's simple to bypass. I've gotten ahold of IDA (*thx) and decompiled the xbe. I'm running the disk on my debugger and attached to the process remotely (it was really easy to find the memory card check, because the game throws itself into an infinate loop looking for the memory card). Unfortunately IDA kinda sucks at disassembling xbe's and the addresses don't line up. At all. They're not even close. I can't get the disassembled code to match the debugger at all. I'm not sure how much time i'm really going to throw at getting this program working. Sure, it'd be cool to see the ultra violent version of the punisher... on the other hand... i don't like the punisher...

 

wouldn't it be possible to just patch it with a hex editor? I mean if you know where to do it already..

 

I'd think mangled assembly would be easier to read than hex, but my knowledge on the subject is quite low . He's disassembling it to attempt to find the area where he needs to insert a nop command (or whatever the term is).

While I'm thinking about it, would nop work? I know PC game companies wised up to that sort of thing years ago, and I guess Microsoft figures that most people won't be attempting such a thing on the Xbox.

Please tell me if I sound stupid and need to shut up . I used to read a ton of assembly tutorials, but I didn't get much out of them.

 

Hey, if you want to get into assembly I suggest you hunt down Jeff Duntemann's Assembly Language Step-by-Step ( Amazon link), it's very old but definitely a good base. There's also a newer version which includes Linux assembly, but it's a lot more expensive.

 

Hmm as i heard some N64 protos have such protections

 

Ker-Crack!!!! Bump from beyond the grave!!!

I had to brag a bit, so i thought i would post here.

I just cracked the security lock on the stress test on one of my prototype xboxes. The program used to be locked to the 3910 kernel, now it'll run on anything (except unmodded retail, of course). Before anyone asks, no i can't give out copies, the program is over 1.5 gig.

If anyone needs some help with some games they can't play, lmk. Strict confidentiality kept, i don't keep a copy of the game. I do this for the fun of it...

I have the hardware to crack Xbox, PC, Saturn, PSX...

I'm still trying to buy a TOOL so i can crack PS2 games, but no one seems to want to sell me one... = (

 

....in the test chambeeerr. :lol:

Good stuff ace, Nice to know someone is helpful for free :nod:

 

Does this mean we'll get some screenies of the proto Punisher Ace?