Defeating and Emulating INCA's nProtect GameGuard

Defeating and Emulating
INCA’s nProtect GameGuard

Table Of Contents
1. Introduction
2. Analysis
3. Deobfuscating the Virtual Machine
4. Creating an emulator
5. Conclusion

[Only registered and activated users can see links. Click Here To Register...]

The program used in the pdf is: [Only registered and activated users can see links. Click Here To Register...]

GameGuard use Blowfish algorithms, in this page you can decrypt the Blowfish. the decryption algorithm is identical to the encryption algorithm step by step in the same order, only with the sub-keys applied in the reverse order.

[Only registered and activated users can see links. Click Here To Register...]

Thanks, quite a nice lecture!

handful

ow yea, thanks alot :)

cabal eu ?

Quote:

Originally Posted by sedat3705 cabal eu ?

:rolleyes: it works on all games w/ gameguard

tnx i will try to learn from this ts godbless hope my tiny little brain learn it^_^

how to do it with what program

Quote:

Originally Posted by sedat3705 how to do it with what program

Read the pdf? :rolleyes:

To change the gamemode values ​​which need to program

@baccala: Did you post the pdf here because you think that someone would be able to make a bypass with it? Or did you manage to make it work yourself?

In any case, thanks for sharing! Gonna do some intensive reading tomorrow;D

Quote:

Originally Posted by sedat3705 To change the gamemode values ​​which need to program

:rolleyes: if u want the program changes the codes..
Try ollydbg :D



This topic pwned me :rolleyes:

@TS

Quote:

Originally Posted by bartbilf @baccala: Did you post the pdf here because you think that someone would be able to make a bypass with it? Or did you manage to make it work yourself? In any case, thanks for sharing! Gonna do some intensive reading tomorrow;D

+1 for bartbilf -1 for Thread Starter!

If u search the right things in google about gameguard - u will find more infos about it.
I will spend 10.000€ on the ppl - who make a bypass whit it.
BUT! Only the ppls bevor bartbilf.
Nobody of The ppls who write thanks blablabla cant make a Bypass with it.
If u create a Packet logger u will see what the Server sents to you and what going back.
If u check "Flyff Offizial Source!" - There is the check function too!
So what is in this PDF - a docu about gg ? No rlly - just the function to send the thing back to server what anyone else saw in a source of a Game.
Make a Brainstorm:

GG Hooks all functions on ring0.
U want to emulate GG - Need to create a fake kernel - so GG hooks the fake functions - then u can watch the gg functions.
So what did u need to emulate gg?
Yes - a hooked kernel.
Whats better - Emulate GG or Hooking your own needed function?
Good Luck @all.

Quote:

Originally Posted by K4zuj4b by +1 for bartbilf -1 for Thread Starter! If u search the right things in google about gameguard - u will find more infos about it. I will spend 10.000€ on the ppl - who make a bypass whit it. BUT! Only the ppls bevor bartbilf. Nobody of The ppls who write thanks blablabla cant make a Bypass with it. If u create a Packet logger u will see what the Server sents to you and what going back. If u check "Flyff Offizial Source!" - There is the check function too! So what is in this PDF - a docu about gg ? No rlly - just the function to send the thing back to server what anyone else saw in a source of a Game. Make a Brainstorm: GG Hooks all functions on ring0. U want to emulate GG - Need to create a fake kernel - so GG hooks the fake functions - then u can watch the gg functions. So what did u need to emulate gg? Yes - a hooked kernel. Whats better - Emulate GG or Hooking your own needed function? Good Luck @all.

You're the one who sold the cheats for 500kk eu server?
haha, I'm the one who wanted to sell them, and then I have been deleted from skype.
You do not know anything, put videos on youtube to screw people for money and then come and say what needs to be done?

I just want to help

Do you do a video narration baccala