CSGO

Lately I have been playing games after work and on my days off to pass the time. Most of the time its CSGO.

After around 150 hours, started to get better, never going to try competitive though. Still got a long way to go. Its nigh on impossible to play at night, due to medication completely dulling senses and response time. so only chance I can play is at morning and afternoons.

Recordings of other games might go up, depending if they have licensed music of course.

What happened:

  • Played Starcraft for a bit, up to the point of getting into Brood War.

So nice to be able to relax again. Been catching up on CSGO though, haven’t done much new videos.

  • Been working on and off on foo_dsp_effect, gave it its dedicated Git repository this time since I think its big enough for that. Started to add 3 other audio DSPs to the effect array.
  • Finally watched Ghost in the Shell, was a decent enough movie, to me at least.

  • Figured stopping doing Cemu cracking. Would rather do other stuff than constantly cracking the same thing over and over again. People still think I was paid by Exzap a fee to stop doing it, and people will just believe what they want to believe regardless of what was said.
  • That said, made the Cemu hack DLL open source. Figured it might be useful to whoever wants it. It still needs some things like checking memory page permissions as well as optimizations to the pattern search, as well as general additions for patching and inserting code caves.

 

This will be a basic primer in the bypassing of Cemu 1.74x/1.75 DRM. This is subject to change in future versions as Exzap fixes these vulnerabilities.

Tools used:

  • x64dbg with the SwissArmyKnife plugin.
  • MSVC2017 using MinHook (though I tried using libudis86 in the past)

 

1) Start by finding the 64bit hash, you can find it by finding out where the cpuid and harddrive hash meet, as well as the timestamp.

2) Make it always return 0

The function prototype for the hardware hash was found out through basic RE, not using a decompiler.

3) Using hardware breakpoints in the calls that use the 64bit hash method, try to find where the unregistered bytes are flipped and reset them back to known registered state. As in, trace when the 64bit hash fails.

 

4) Kill server calls. Plain killing all network related code is not enough. I found hooking some Wininet calls is enough to do it, though Exzap could detect hooks using some off the shelf protector or some own code.

I found redirecting to localhost is enough for the other network code to succeed.

The full sourcecode for this primer is here: https://github.com/mudlord/cemuhack

No, I wasn’t paid off.

Some of the reasons I stopped developing it are:

  • In my personal life, I recently found things that actually have more meaning than just repeatedly cracking the same thing over and over again. I rather focus on those things. I rather spend the time I have on things now I actually enjoy instead of cracking something I hardly use. Plus, I rather spend time doing things I actually enjoy with the time I have these days, like a normal person would.
  • I cannot fight Exzap, its clear pirating Cemu hardly made a dent in his profit base.
  • I learnt what I wanted to know from Cemu’s DRM system. I learnt a great deal about x64 reversing in the process and worked out some new ways for myself on cracking things.

Just from a traffic report for the month/week.

  • VBA-M is explained due to my avatars.
  • cs.rin.ru is fine, since I know there is a presence of some people who use Cemu there.
  • Yandex is probably some Russian forum, so, again, fine.
  • 4chan is, as expected.

What I don’t expect nor like is the adfly or zytpirwai links. Personally I wish those would go the heck away since I would rather they link to my blog like Reddit and cs.rin does. I wish there was a way to starve adfly links of oxygen.

Get a decent crosshair:

Read this for moar info. Seriously

Turns out it can make a massive difference. I wish I knew crosshairs were as configurable as this in games. Who knew, right?

Sorry for not shit like coding your emulators or libretro frontends, or EXE/DLL packers, or audio DSP plugins.

Well actually, I am not sorry at all. I like having a life outside programming all the time.

Yes, I buy games with the money I make from work. I am a terrible human being for not making Cemu cracks constantly so Exzap can improve his DRM so in turn it helps his money stream.

Heck, I should go back to playing Bulletstorm and CSGO even if they are deemed shit games…I heard Yooka-Laylee sucks too. Even though I bought it at launch and rebought Bulletstorm even though I did my own GFWL emulator DLL just to play the original Bulletstorm…

What happened:

  • Did the 1.7.4 line of Cemu cracks. Turns out they were absolute shitshows. I am disgusted at myself that I let them out in the state they are in.  Turns out I should have been testing games more than I should have since there was some things wrong with them.
  • Turns out Starcraft 1.18 was released in beta and played that. Still playing it.
  • Did some CSGO videos on my youtube channel.
  • Worked sporadically on the libretro loader. Found out why the timing was so busted. Now need to overhaul the retro_run call routine for the DLLs so timing, and hence audio is fixed. Using Windows resamplers this time, pondering switching to Xaudio2 instead of DirectSound.

One thing that annoys me about GitHub is the current theme it uses.

Looked quite garish, and I personally couldn’t stand it at all.

So I did this.

Looks much nicer to me on Windows. YMMV.

If anyone wants it the GreaseMonkey script to do this is here.

Cemu 1.7.4c

Note: I’ll crack it when I feel like it and if I feel like it, if at all. Plus, if I am motivated enough to deal with Exzap’s constant DRM changes each single version, and not feel that cracking each successive version is turning into a mindless boring job.

http://mudlord.info/trashheap/cemu174c.zip

SHA-1 of Cemu.exe:

5a194a0e6a9c216ba43dc23e35581b40e526e82b

Used a more thorough and shotgun approach this time, to make it easier for noobs to deal with.

Seems there was the usual bag of crap. Plus some new stuff. Like….

Protection triggers inside HLE handlers.

I find it odd they didn’t amp it up to eleven, but without saying much, doing more could eat HLE handler performance… Ew.

I did it this way just for mental masturbation, since thats how you get better at RE, by pushing yourself in how you do things and what you do. I have zero interest in Cemu as a emulator, and people I know know how I feel about the Cemu team’s “ethics”.

Apparently someone on Discord tried Zelda and it works? All I did was boot the usual suspect MK8 to see if it runs.

 

EDIT: Updated to 1.7.4.b

EDIT2: Updated to 1.7.4c. You will need to use the files in the zip for this rls, especially settings.bin (but feel free to change your settings), serial.bin and Cemu.exe. They seemed to have upped the security for the DRM it seems.

Credit to AceofZeroz for supplying the original uncracked thing and the idea.

Added a special serial.bin for use for this version:

EDIT3: Had a quick look at 1.7.4d, seems its changed a fair bit, yet again. Instead of triggers in GX2 HLE functions, there was a unknown at this point slowdown whenever a cracked version is used, just like when the interpreter is used. Which I admit is proving a great pain to debug. Exzap is finally doing a good job with the DRM it seems.