Archives

All posts for the month May, 2017

A while back I did some work with GlideN64 to perform noise emulation entirely on the GPU.

I stopped working on it. As usual, certain groups of people said this is due to “people being mean”.

So, today, figured I relook at it and see if I could improve on the implementation as last time and see if I can optimize the current implementation.

The implementation this time around is rather simple:

  • Use one line of GLSL for the actual noise generation
  • Scale the coordinates used for the noise seeding according to N64 resolution *properly*
  • Use prime numbers to seed the PRNG more.

This results in *8* lines of GLSL compared to *183* lines of C++.

The shader is as follows:

 

CSGO

Lately I have been playing games after work and on my days off to pass the time. Most of the time its CSGO.

After around 150 hours, started to get better, never going to try competitive though. Still got a long way to go. Its nigh on impossible to play at night, due to medication completely dulling senses and response time. so only chance I can play is at morning and afternoons.

Recordings of other games might go up, depending if they have licensed music of course.

What happened:

  • Played Starcraft for a bit, up to the point of getting into Brood War.

So nice to be able to relax again. Been catching up on CSGO though, haven’t done much new videos.

  • Been working on and off on foo_dsp_effect, gave it its dedicated Git repository this time since I think its big enough for that. Started to add 3 other audio DSPs to the effect array.
  • Finally watched Ghost in the Shell, was a decent enough movie, to me at least.

  • Figured stopping doing Cemu cracking. Would rather do other stuff than constantly cracking the same thing over and over again. People still think I was paid by Exzap a fee to stop doing it, and people will just believe what they want to believe regardless of what was said.
  • That said, made the Cemu hack DLL open source. Figured it might be useful to whoever wants it. It still needs some things like checking memory page permissions as well as optimizations to the pattern search, as well as general additions for patching and inserting code caves.

 

This will be a basic primer in the bypassing of Cemu 1.74x/1.75 DRM. This is subject to change in future versions as Exzap fixes these vulnerabilities.

Tools used:

  • x64dbg with the SwissArmyKnife plugin.
  • MSVC2017 using MinHook (though I tried using libudis86 in the past)

 

1) Start by finding the 64bit hash, you can find it by finding out where the cpuid and harddrive hash meet, as well as the timestamp.

2) Make it always return 0

The function prototype for the hardware hash was found out through basic RE, not using a decompiler.

3) Using hardware breakpoints in the calls that use the 64bit hash method, try to find where the unregistered bytes are flipped and reset them back to known registered state. As in, trace when the 64bit hash fails.

 

4) Kill server calls. Plain killing all network related code is not enough. I found hooking some Wininet calls is enough to do it, though Exzap could detect hooks using some off the shelf protector or some own code.

I found redirecting to localhost is enough for the other network code to succeed.

The full sourcecode for this primer is here: https://github.com/mudlord/cemuhack