31 comments on “Reversing Cemu.

          • “I do wonder why you lurk here now though.”

            I don’t really know how to respond to that. This specific blog post was posted to r/Emulation. I was the one who approved the post; didn’t know this blog existed prior to that. So, not really lurking. Wandered back here again now to pull up the link on your info on JohnGBA to let someone on the Nvidia Shield forums know they’re better off not using it and remembered I commented here.

        • You do know it’s coming out for free right? There is a difference between pirating stuff because you would not be able to afford stuff, and pirating because you did not want to pay. I suspect you are the former

  1. Any chance you could upload the modified exe or is this strictly educational? This is a really well done article/tutorial, but even with the screenshots I was lost haha. I’m sure I could follow if I knew jack shit about using x64dbg or coding in general. Hopefully in the future.

  2. I’d say not encrypting the executable or at least a vital part of it is a huge mistake on their part (though the executable might get detected as malicious obviously). Simple code encryption with a hardware-bound key (so you need the licensee hardware data as well to decrypt) sent by a server is usually enough for niche software like this that doesn’t have some huge userbase or dedicated crackers, just be careful and don’t encrypt stuff that can be copypasted from previous builds. With current protection, the executable can be shared with a cracker by anyone who happened to “purchase” it, if it were encrypted it would at least require the cracker to purchase it or to cooperate with the license holder who would need to either intercept the key, dump decrypted code or provide the hardware data.

    • Which is what I suggested. Obfuscation of any kind using a protection system will be a massive help. Many DRMs in the shareware world bind encryption to serial numbers, so its not hard at all. Though this has flaws, like Armadillo’s “secured sections” method, which wasn’t secure at all as proven by the likes of Mr eXodia/TPoRT and Fungus/SnD. (read: decryption without even a valid serial key)

    • Literally they’re not considering that CEmu’s Devs always release the free version of the patreon builds, 1 week after those. In any case, Mudlord’s suggestions would strongly improve the trend that you seem to hate/dislike anyways.

  3. Thank you for this wonderful article, so so interesting. Is there any chance you could circle exactly which code you are talking about in each screenshot?
    I wish to understand this much better

  4. Pretty cool!

    I noticed they use HTTPS on the URLs. For the user’s (and their pocket’s) sake, they should really use HTTPS and really check if the cert is OK.

      • I wonder if it’s because the Cemu team’s focus is on developing the emulator and they are just trying to apply cursory protection against someone who might abuse the early Patreon releases. As was mentioned earlier, they release the same build into the wild only one week later, so I wonder if they just “threw some DRM in” to protect the Patreon value and called it good.

        Of course, I don’t know much about DRM implementation. Employing a more robust system may be very simple. (Your conclusions lead to believe that they might be easier to apply than I originally thought.) I’m just glad that they don’t spend TOO much time on that portion.

        An excellently written article and a fascinating exercise. Thank you for walking is through the logic and tools you use while reverse engineering.

  5. This article is awesome! Does anyone know where I can find similar articles for other x86 software? I’ve done reversing for Android apps but would love to learn more about PC software 🙂

    • Assuming I don’t get into trouble with my webhost for hosting such tutorials, maybe I should continue looking at other payware emulator stuff to see where their implementations can be improved. Or other stuff in general.

      I am not sure where to find stuff these days. Usually places like Exetools and other places in the P2P scene would have stuff like this.

  6. Thanks for the patch! Now I can run the 1.7.0 I found a download link for at full speed without paying. :o)

    • I am not allowed to have an opinion on what you said, lest the reddit community bring out torch and pitchforks. So I am going to remain silent.

      Right now they are more busily debating morality instead of the objective, technical aspects of the article. Which I guess is to be expected, especially from reddit’s emulation “community”. Only a tiny minority have read it it seems, and the rest seem to be based on morality.

      Shame that reddit does not allow practical discussion of reverse engineering, for reasons that stifle freedom of information.

      • There’s /r/ReverseEngineering, I’m not sure if your post would be allowed there but an article on cracking Sublime Text was submitted both there and /r/programming recently and it stayed just fine.

  7. Do know anything about removing UPlay or Steam DRM so can run games without having their client running in the background wasting RAM causing problems etc.
    One of the main problems with uPlay games i’m having is I can’t inject d3d9.dll wrappers for things like hialgo SWITCH or custom textures / texture or model ripping.

    • Some uPlay games iirc are protected with VMProtect or Denuvo which are designed to be very hard to circumvent.. It depends on the game, but I seen FarCry 4 using VMProtect to obfuscate things. The Orbit (uPlay) API itself is fairly simple to bypass, just needs a proxy DLL.

Leave a Reply

Your email address will not be published. Required fields are marked *