Hacking One nop to rule them all...

W

WiiPower

Well-Known Member
OP
Member
Level 3
Joined
Oct 17, 2008
Messages
8,165
Trophies
0
XP
345
Country
Gambia, The
Credit for finding this goes to Oggzee and airline38. Oggzee created lots of test versions of CFG, and airline tried about 20 test versions.

The game We Dare uses some good protection that works against all current loaders. But it is defeated by a single nop...

All loaders that support the "new" Ocarina code handler include the following source code:
Code: 
ÂÂÂÂÂÂÂÂ__asm__(
ÂÂÂÂÂÂÂÂÂÂÂÂ"lis %r3, appentrypoint@h\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"ori %r3, %r3, appentrypoint@l\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"lwz %r3, 0(%r3)\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"mtlr %r3\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"lis %r3, 0x8000\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"ori %r3, %r3, 0x18A8\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"mtctr %r3\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"bctr\n"
ÂÂÂÂÂÂÂÂ);

and adding one nop makes it:
Code: 
ÂÂÂÂÂÂÂÂ__asm__(
ÂÂÂÂÂÂÂÂÂÂÂÂ"lis %r3, appentrypoint@h\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"ori %r3, %r3, appentrypoint@l\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"lwz %r3, 0(%r3)\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"mtlr %r3\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"lis %r3, 0x8000\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"ori %r3, %r3, 0x18A8\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"nop\n"ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ
ÂÂÂÂÂÂÂÂÂÂÂÂ"mtctr %r3\n"
ÂÂÂÂÂÂÂÂÂÂÂÂ"bctr\n"
ÂÂÂÂÂÂÂÂ);

Which is the required change to get the game working. Apparently the game looks for the byte pattern:
3C608000 606318A8 7C6903A6
and it doesn't find it when it looks like this:
3C608000 606318A8 60000000 7C6903A6

It doesn't matter if the code is executed or just part of the code somewhere. The actual pattern might be bigger, but only with the code after it, adding a nop before the code in question still triggers the protection. It's quite a good idea, as it blocks all recent loaders, including Gecko OS, but as it wasn't combined with some other protection, so it was not good enough. A mixed protection would have required to disassemble the game, not just some simple testing.
 
FAST6191

FAST6191

Techromancer
Editorial Team
Level 33
Joined
Nov 21, 2005
Messages
36,798
Trophies
3
XP
28,348
Country
United Kingdom
How amusing, thanks for the news/work all concerned.

I would say I am shocked how simple it was but I guess a 10 minute job worked well enough.
 
W

WiiPower

Well-Known Member
OP
Member
Level 3
Joined
Oct 17, 2008
Messages
8,165
Trophies
0
XP
345
Country
Gambia, The
Can somebody please confirm if the game has a protection against main.dol patches?

Just enable the video mode patching, "All+sneek" or how it is named in CFG should be good enough as test. And one test please with hook set to VI and Ocarina enabled.

Thanks.
 
W

WiiPower

Well-Known Member
OP
Member
Level 3
Joined
Oct 17, 2008
Messages
8,165
Trophies
0
XP
345
Country
Gambia, The
SifJar said:
I'm curious: What made you try this? You say you didn't disassemble it, so did you just make some random guesses and one worked out?
Click to expand...

Like i said, Oggzee did this. Somebody found out that CFGv53 could start the game, and CFGv54 could not. After trying all changes that made sense somehow, he eventually noticed that the asm code block triggered the protecion. I thought it was related to the way the game is booted or having such an asm code block changes some compiler stuff or whatever. But it became clear what was going on after putting the asm code behing the code to jump to the entrypoint.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Emulation  Snes9x unacceptable input latency

Hacking Tutorial Project  Wiiflow lite 5.5.4 , 10 themes in one pack 2024 - with extras

Hacking  Bricked Wii Family Edition

64DD on Wii?

Astebros doesn't work on GenPlusGx

All Channels Discussion

Feedback  Hacking The Internet Channel. "Internet Channel Deluxe" ? [WIP]

Hacking  Animal Crossing City Folk not working on any USBLoader

General chit-chat
Help Users
  • Veho @ Veho:
    Nah, a hit gives them mad meth powers, but makes them more difficult to control.
     +1
  • Veho @ Veho:
    Before a hit they're like zombies, persistent but slow.
     +1
  • Veho @ Veho:
    It's a tradeoff.
     +1
  • The Real Jdbye @ The Real Jdbye:
    no i mean, before a hit is after the previous hit
     +1
  • The Real Jdbye @ The Real Jdbye:
    if you keep them well enough fed, it's the same thing
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    By the power of Florida Man, I have the power!!! *Lifts up meth pipe* Meth Man!!! lol
  • BakerMan @ BakerMan:
    Guys, I just learned my little brother is in the hospital because he had a seizure last night.
  • cearp @ cearp:
    Sorry to hear that BakerMan
     +2
  • Veho @ Veho:
    :(
     +2
  • BakerMan @ BakerMan:
    Just found out he's doing alright, doing a lot of complaining too, rightfully so. Who wouldn't complain after having a seizure and being hospitalized?
     +1
  • Psionic Roshambo @ Psionic Roshambo:
    Glad he is OK and complaining is cool :)
     +1
  • K3Nv2 @ K3Nv2:
    Yeah been there had that no fun
     +1
  • K3Nv2 @ K3Nv2:
    They'll give him sleep studies eegs and possibly one week hospital stay
     +1
  • BakerMan @ BakerMan:
    I hope it's not a week.
  • K3Nv2 @ K3Nv2:
    It's standard so doctors can get a idea about what's going on
  • BakerMan @ BakerMan:
    understood
  • K3Nv2 @ K3Nv2:
    https://youtu.be/emo8DHPdRBM?si=D6KWrknGxUxcZNtm
  • BakerMan @ BakerMan:
    well, i'm glad he seems to be doing fine, and ig i'm going to start spewing goofy shit again
  • BakerMan @ BakerMan:
    Update: Turns out he's epileptic
  • K3Nv2 @ K3Nv2:
    Get a 2nd opinion run mris etc they told me that also
  • Psionic Roshambo @ Psionic Roshambo:
    Also a food allergy study would be a good idea
  • K3Nv2 @ K3Nv2:
    Turns out you can't sprinkle methamphetamine on McDonald's French fries
  • ZeroT21 @ ZeroT21:
    they wouldn't be called french fries at that point
  • ZeroT21 @ ZeroT21:
    Probably just meth fries
  • K3Nv2 @ K3Nv2:
    White fries hold up
    K3Nv2 @ K3Nv2: White fries hold up