Two years ago I’ve tried my hand at cracking something, it’s quite an unknown game, Arena Wars was the name. I always found it fun to take it for a spin, try out a match or two, then forget about it for a couple months.
Until inevitably, the reason for this project came up. See the game originally came in a disk, and it worked fine at the time, as time moved on however, disk drives ceased to be a thing, now only emulating drives, or plugging drives via USB was possible. Guess what, the game’s builtin DRM did not recognize either of them and now I had a game that I owned but could not play. Only way to get it back is by cracking it, it’s abandonware too, so its not like anyone gives a damn.
My first try wasn’t very successful, x64dbg is a very complicated tool and to anyone who isn’t used to reverse-engineering, it’s a brutal way to start. Hence giving up, a few months ago I tried with a new technique.
The game, albeit very old, was one of the first to be built in .NET, the same framework which powers Unity games. This meant that there were decompilers (like dnSpy) which could decompile the code and make it easily editable.
Unfortunately there were two problems with this approach:
- Arena Wars is so old that modern decompilers only support decompiling the code, but not recompiling changes directly, those changes needed to be done manually in the IL code. If you don’t know what that is, it’s basically working in Assembly, one step above writing in bits and bytes.
- The code was obfuscated, meaning I had no idea what any of it did, only how it’s structured. Making matters worse was that the game had multiple languages, meaning that I couldn’t even directly search for text to find what i needed.
So despite being able to see the code, I had my work cut out for me. What followed was a whole trial and error. If the game thought it wasn’t legit, it launched in Demo mode, I had to figure out where it got the check for the CD from and flip it so it thought it was legit. Because that I was writing tweaks in IL code, given my skill level, the most I could do is change a + to a - for example, or a < to a >. If I wrote new code or added complex functions, it would change the size of a class and crash the game.
Eventually though I got to where the changes were affecting how the game responded. I discovered the game had an alternate Multiplayer Demo mode, (basically the same thing), as well as a fake real mode. Where it says its legit, but nothing works. While I did this, I took various notes, learning what each function most likely did, steadily building my knowledge of how the game worked, until I discovered where it checked the CDs.
Soon enough, I got lucky and the Demo was no more. I intercepted the response code from the CD check and mangled it quite a bit, now it thinks its legit. Dunno how or why, but now it does. Anyways, soon after cracking it, I ended up cleaning the crack, figuring out exactly which change did it the trick in the executable and boiled down the entire crack to a single changed byte.
Overall, it was quite like a brainteaser, fun to solve, and my reward was getting my game back!
Not saying that anything like SECUROM or DENUVO are next, but for those that like this kind of thing, I imagine they’d start small and slowly get to that level. At the end of the day, it’s only a puzzle.
Extras:
Thank you for reading about my journey. Have a day full of wonder!
Edit: If you can’t see the images clearly, that’s probably because you’re seeing them in Imgur’s mobile site. When in a phone it automatically redirects you there with a garbage version. To see them clearly, switch on desktop view. >:(
Yes, cracking .NET app with dnSpy is way easier than raw x86 Assembly. I cracked some bought software we use at work, because the stupid DRM made my job harder. Lucky for me because they were written in .NET. I also bypassed some limits set by the app. I tried IDA pro but the gui is already complex. You also need to know how .exe file works and how it gets loaded in memory with the libraries.