An alternative to dump game key. #15
Comments
|
Excellent! Great work. Feel free to upload, I am all about various permutations to enable the community. |
|
Is your .exe a compiled AutoIT script? or an actual C program you wrote? either way the source code to it may be useful for others to build off of. |
|
It's a Cpp program that I wrote. Not being familiar with windows, I had to dig a bit to find the right "library" (Winxp is quite old) but at the end I was able to compile it using MSVC 2017. Adding registry changes would be easy (I did not need any). For now I am the only tester, feedback about your testing would be great. Next steps (when I have time), check the game partition and see the changes to make them work in the Multi RE. Also, I wounder about the ATA key for the SSD, I think they are "generated" from the Disk information, I mean the BIOS expect a value according to the disk specifications, I am not sure though. |
|
thx you very much francky06l i have some games to work on i will test when i will have time thx you very much for your help and share !!!! |
|
Is this intended to work on RingWide? Gave it a shot, but eventually final screen only says ">>> Nocandidate key found !!" |
|
Confirmed working for me! |
|
Glad it has been helping someone ! I am not specialist of all this, it was a fun work. Concerning RingWide, I do not know, I had only a friend RingEdge. Actually I do not have any Ring* stuff myself. |
Being very new in the Ringedge "world", a friend let me play with an RE2 UC (just the UC, no JVS board etc.) originally just to copy games drive.
I found the excellent "sister writeup" https://github.com/ArcadeHustle/RingEdge_SSD_Softmod, and I was able to copy game's SSD.
Then, being curious, I was searching a way to dump the game key.
This excellent repository is full of hints and very educative !!
The problem I had was, mainly, I have only a laptop with an US / ATA adapter and thus, hot swapping drive was not possible. Also the fact that I am a Linux user, having windows in a VM only was also a problem. Whatever game I plug into the RE2 end up in error because of the JVS, but the game is loaded so the key has been generated.
At the end, I tried to "compile" all the knowledge and make it a single step to extract the game key. Note that I did not invent or found something not known, it's more a sequential set of commands to automate.
Checking the registry, we know that the WinLogon is actually replaced by mxprestartup, a bit of disassembly show that mxprestartup starts the mxstartup using the SystemUser with it's password.
The password can be found in
and it's <6/=U=#tpe!$*3!5
The mxstartup does mount the TrueCrypt System Container (using the SystemKey and other partitions) then starts the mxmaster.exe that will extract the KeyChip.
I made a simple exe that can log the SystemUser and starts the mxstartup, but at the end I found logical to replace the mxstartup itself by a version that would:
This is what I did and it does work.
The step to get the game key are quite simple (I worked on a copy of a game, if ever you work on an original drive, backup the C:\ drive - the /dev/sdX1 partition) :
Note that, to verify the key, I copied the TrueCrypt keydump binary - modified them to store the keys/password on C: rather than D: - and the key found are of course the same.
This solution does not need a TrueCrypt patched version, but it does not hurt !
I haven't uploaded the mxstartup.exe yet, I rather wait for the OP opinion/authorization, I realized that this is quite close to this https://github.com/ArcadeHustle/RingEdge_NoKey_softmod/issues/2
F.
Update:
I made a second version, that just print the 16 Bytes in Hex on a console screen. The first version, by disabling EWF, was leaving many files on the C: drive (check System/Execute or temp). Actually the process is the same, except EWF is not disabled, the key is just displayed on the screen. You have to write it down or make a picture.
I'll upload this version in a moment on archive.org
The text was updated successfully, but these errors were encountered: