Reverse Engenering The Protections From WestWood
by zoltan
(24 September 1999)

project4
CD-ROM faking
Courtesy of fravia's pages of reverse engineering ~ slightly edited by fravia+ 

Reverse Engenering The Protections From WestWood



 (As example: DUNE 2000)



Another Aproach On The CD Check Protection, using ripped version from 

CLASS and the update from WESTWOOD (do FTPSEARCH).



Author   : zoltan

______________________________________________________

Tools Needed :

              Hackers View (HIEW)

              SoftIce

              W32Dasm

Target:

              The patch for DUNE2000

              http://ftpsearch.lycos.com/?form=medium

              and search for d2k106uk.zip



Visit the tools section of our web page: http://protools.cjb.net a nice tool site...



______________________________________________________
This game was/is (being) played alot in the world, and no wonder because this game is from one of the best game companys in the whole world, WESTWOOD. Yeah that's right, the same company that made the smash hit's back in 94-95 if i remember right, Command & Conquer and Command & Conquer 2: RED ALERT. DUNE 2000 was released to the public long ago and has of course been availible for download on the inet since then.

I did some job for you and discovered that Dune2000 isnt the main exe but Dune2000.dat however is the real one, so we start off by running the game, run (dune2000.exe). What happens? A messagebox pops up telling ous to insert the CD. Arg!, let's fix this obvious bug, so we can run it without the CD in.
I personaly dont like this cinda protections, mainly because you cant play over network with your friends (with one cd) and you cant listen to music (if possible) when you play either.
Alright load up the (.dat) in W32dasm, now look at the API imports and se if you can se any CD-Check releated API's like GetDriveTypeA, GetVolumeInformationA, yeah you found getdrivetypea...
I have cracked this before so i will be blind tracing and showing you stuff from W32Dasm, but you can follow in SoftIce if youd like that
Double click on it once/or break on it in SoftIce and we should be landing somewhere around here : 

* Reference To: KERNEL32.GetDriveTypeA, Ord:00DFh       "Dune2000CDLabel"  

Ok we made it on the cd-check routine with the lame label check ...lets try 

and make the changes permanent with

hackersview and run the game. What happends? yes a gay messagebox poping 

up telling us "Oh No! Cant open movies

it cant find the movies. Al right, run it again but this time 

put a break on MessageBoxA, when it breaks you 

just backtrace the call and simply nop it, coz you are inside of the movie 

playing routine. So now it wont even

look for the movie's it will just go pass the whole crap. ;) Also i must admit that I 

dont know if there where any

more protections in the original game exe, coz you know this 

is the patch im working on, but i dont think so.





The Movie Routine Call (read the text below before trying to understand it):



:0048D92C C605B878510001          mov byte ptr [005178B8], 01

:0048D933 E8285BF7FF              call 00403460                 



Special greets to: BMonkey, Carphatia, Fravia+, Neural_Noise ...












red

You'r deep inside fravia's pages of reverse engineering, choose your way out!
















 



















red



redhomepage red

links 

red

anonymity 

red+ORC 



redstudents' essays 



redacademy database 



redbots wars






redantismut 



redtools 



redcocktails 



redjavascript wars 



redsearch_forms 



redmail_fravia 






redIs reverse engineering illegal?