Reverse Engenering The Protections From WestWood
by zoltan
(24 September 1999)

project4
CD-ROM faking
Courtesy of fravia's pages of reverse engineering ~ slightly edited by fravia+ 
Reverse Engenering The Protections From WestWood

 (As example: DUNE 2000)

Another Aproach On The CD Check Protection, using ripped version from 
CLASS and the update from WESTWOOD (do FTPSEARCH).

Author   : zoltan
______________________________________________________
Tools Needed :
              Hackers View (HIEW)
              SoftIce
              W32Dasm
Target:
              The patch for DUNE2000
              http://ftpsearch.lycos.com/?form=medium
              and search for d2k106uk.zip

Visit the tools section of our web page: http://protools.cjb.net a nice tool site...

______________________________________________________
This game was/is (being) played alot in the world, and no wonder because this game is from one of the best game companys in the whole world, WESTWOOD. Yeah that's right, the same company that made the smash hit's back in 94-95 if i remember right, Command & Conquer and Command & Conquer 2: RED ALERT. DUNE 2000 was released to the public long ago and has of course been availible for download on the inet since then.

I did some job for you and discovered that Dune2000 isnt the main exe but Dune2000.dat however is the real one, so we start off by running the game, run (dune2000.exe). What happens? A messagebox pops up telling ous to insert the CD. Arg!, let's fix this obvious bug, so we can run it without the CD in.
I personaly dont like this cinda protections, mainly because you cant play over network with your friends (with one cd) and you cant listen to music (if possible) when you play either.
Alright load up the (.dat) in W32dasm, now look at the API imports and se if you can se any CD-Check releated API's like GetDriveTypeA, GetVolumeInformationA, yeah you found getdrivetypea...
I have cracked this before so i will be blind tracing and showing you stuff from W32Dasm, but you can follow in SoftIce if youd like that
Double click on it once/or break on it in SoftIce and we should be landing somewhere around here : 
* Reference To: KERNEL32.GetDriveTypeA, Ord:00DFh       "Dune2000CDLabel"  
Ok we made it on the cd-check routine with the lame label check ...lets try 
and make the changes permanent with
hackersview and run the game. What happends? yes a gay messagebox poping 
up telling us "Oh No! Cant open movies
it cant find the movies. Al right, run it again but this time 
put a break on MessageBoxA, when it breaks you 
just backtrace the call and simply nop it, coz you are inside of the movie 
playing routine. So now it wont even
look for the movie's it will just go pass the whole crap. ;) Also i must admit that I 
dont know if there where any
more protections in the original game exe, coz you know this 
is the patch im working on, but i dont think so.



The Movie Routine Call (read the text below before trying to understand it):

:0048D92C C605B878510001          mov byte ptr [005178B8], 01
:0048D933 E8285BF7FF              call 00403460                 

Special greets to: BMonkey, Carphatia, Fravia+, Neural_Noise ...







red

You'r deep inside fravia's pages of reverse engineering, choose your way out!










 











red


redhomepage red
links 
red
anonymity 
red+ORC 

redstudents' essays 

redacademy database 

redbots wars



redantismut 

redtools 

redcocktails 

redjavascript wars 

redsearch_forms 

redmail_fravia 



redIs reverse engineering illegal?