Blizzard is allowing the full client to be downloaded before release!

Doomer3001 · July 18, 2010, 01:26:53 AM

I found a forum about mpqe files and a way of opening them;
http://www.mmowned.com/forums/world-of-warcraft/emulator-servers/84020-dbc-files-mpqe-vista.html
I think this is worth checking out

EDIT; Sorry, it's about the MPQEditor...

Blackcode · July 18, 2010, 01:40:46 AM

Quote from: Doomer3001 on July 18, 2010, 01:26:53 AM
I found a forum about mpqe files and a way of opening them;
http://www.mmowned.com/forums/world-of-warcraft/emulator-servers/84020-dbc-files-mpqe-vista.html
I think this is worth checking out

EDIT; Sorry, it's about the MPQEditor...

Dude the mpqE there is the MPQEditor file... not the mpqe file.... sc2 is the first game from blizz using this type of file.... I asume E is from encrypted

Doomer3001 · July 18, 2010, 01:44:29 AM

Maybe I found that out myself, and that's why I edited it...

Blackcode · July 18, 2010, 02:11:03 AM

very interesting reading
http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://3dmgame.chnren.com/bbs/showtopic.aspx%3Ftopicid%3D1364288%26page%3Dend&ei=MqJCTOX0M4WF4Qa437yjDg&sa=X&oi=translate&ct=result&resnum=7&ved=0CD4Q7gEwBg&prev=/search%3Fq%3Dmpqe%26hl%3Den%26sa%3DX%26tbo%3D1%26tbs%3Dqdr:d

one of the latest posts.....

tomsons26 · July 18, 2010, 03:41:17 AM

Quote from: HolyPants on July 17, 2010, 09:17:14 PM

Well first of all people are trying to get around the authentication when that is not really the issue. The installer can't even open the .MPQE files. The focus should be on figuring out how to open those, which would allow people to make a regular .MPQ file with the same data and successfully install, and you would at least be able to see the unavailable assets and other data.

Thats what im tryng to say and to bypass the alth run installer click install go to temp folder make copy of InstallerInfo.xml delete NotReleased.xml and rename the InstallerInfo.xml to NotReleased.xml
So if MPQE are decrypted then clicking install will install the game and wont show errors because the UI 2.MPQE and Installer Tome 1.MPQE are readable now

And about the new installer it downloads an new UI 1.MPQ why am i saying this because the Installer UI 1.MPQ contains the ReadMe.htm but it says This will be the StarCraft 2 ReadMe

Blackcode · July 18, 2010, 04:36:20 AM

GUYS stop searching where u do not have... take a fucking debbuger and start there... the whole key is stating at 0044CD52

this is the part of code where we are interested in....

0044CD52 |. 68 8A046000 PUSH Installe.0060048A ; SE handler installation
0044CD57 |. 64:A1 00000000 MOV EAX,DWORD PTR FS:[0]
0044CD5D |. 50 PUSH EAX
0044CD5E |. 64:8925 000000>MOV DWORD PTR FS:[0],ESP
0044CD65 |. 81EC D0000000 SUB ESP,0D0
0044CD6B |. 53 PUSH EBX
0044CD6C |. 55 PUSH EBP
0044CD6D |. 56 PUSH ESI
0044CD6E |. 57 PUSH EDI
0044CD6F |. 68 98496100 PUSH Installe.00614998 ; /Arg2 = 00614998 ASCII "{Win32_InstallerData}"
0044CD74 |. 8D8424 C800000>LEA EAX,DWORD PTR SS:[ESP+C8] ; |
0044CD7B |. 8BF1 MOV ESI,ECX ; |
0044CD7D |. 50 PUSH EAX ; |Arg1
0044CD7E |. B9 98216B00 MOV ECX,Installe.006B2198 ; |
0044CD83 |. E8 58B30000 CALL Installe.004580E0 ; \Installe.004580E0
0044CD88 |. 8B8424 C800000>MOV EAX,DWORD PTR SS:[ESP+C8]
0044CD8F |. 33DB XOR EBX,EBX
0044CD91 |. BD 10000000 MOV EBP,10
0044CD96 |. 39AC24 DC00000>CMP DWORD PTR SS:[ESP+DC],EBP
0044CD9D |. 899C24 E800000>MOV DWORD PTR SS:[ESP+E8],EBX
0044CDA4 |. 73 07 JNB SHORT Installe.0044CDAD
0044CDA6 |. 8D8424 C800000>LEA EAX,DWORD PTR SS:[ESP+C8]
0044CDAD |> 68 90496100 PUSH Installe.00614990 ; ASCII "MPQE"
0044CDB2 |. 50 PUSH EAX
0044CDB3 |. E8 B8D60F00 CALL Installe.0054A470
0044CDB8 |. 83C4 04 ADD ESP,4
0044CDBB |. 50 PUSH EAX
0044CDBC |. E8 4FD20F00 CALL Installe.0054A010
0044CDC1 |. 83C4 08 ADD ESP,8
0044CDC4 |. 85C0 TEST EAX,EAX
0044CDC6 |. 75 27 JNZ SHORT Installe.0044CDEF
0044CDC8 |. 391D 34266B00 CMP DWORD PTR DS:[6B2634],EBX
0044CDCE |. 75 1F JNZ SHORT Installe.0044CDEF
0044CDD0 |. 68 20B24400 PUSH Installe.0044B220
0044CDD5 |. 68 802E4700 PUSH Installe.00472E80
0044CDDA |. 53 PUSH EBX
0044CDDB |. 6A 20 PUSH 20
0044CDDD |. E8 AE30FEFF CALL Installe.0042FE90
0044CDE2 |. 83C4 10 ADD ESP,10
0044CDE5 |. BF 0F000000 MOV EDI,0F
0044CDEA |. E9 48020000 JMP Installe.0044D037
0044CDEF |> 6A 01 PUSH 1
0044CDF1 |. 68 F4516100 PUSH Installe.006151F4 ; ASCII "hasValidDecryptionKey"
0044CDF6 |. B9 70206B00 MOV ECX,Installe.006B2070
0044CDFB |. E8 20CFFFFF CALL Installe.00449D20
0044CE00 |. 8D8C24 8800000>LEA ECX,DWORD PTR SS:[ESP+88]
0044CE07 |. 51 PUSH ECX
0044CE08 |. 8BCE MOV ECX,ESI
0044CE0A |. E8 31DCFFFF CALL Installe.0044AA40
0044CE0F |. 83BC24 8800000>CMP DWORD PTR SS:[ESP+88],3
0044CE17 |. C68424 E800000>MOV BYTE PTR SS:[ESP+E8],1
0044CE1F |. 0F8C ED010000 JL Installe.0044D012
0044CE25 |. 6A 02 PUSH 2 ; /Arg1 = 00000002
0044CE27 |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14] ; |
0044CE2B |. E8 707CFEFF CALL Installe.00434AA0 ; \Installe.00434AA0
0044CE30 |. 68 EC536100 PUSH Installe.006153EC ; ASCII "<EULA>"
0044CE35 |. 68 D4536100 PUSH Installe.006153D4 ; ASCII "{CouldntCreateFolder%s}"
0044CE3A |. 8D7424 74 LEA ESI,DWORD PTR SS:[ESP+74]
0044CE3E |. C68424 F000000>MOV BYTE PTR SS:[ESP+F0],2
0044CE46 |. E8 F54CFFFF CALL Installe.00441B40
0044CE4B |. 50 PUSH EAX
0044CE4C |. 8D5424 3C LEA EDX,DWORD PTR SS:[ESP+3C]
0044CE50 |. 52 PUSH EDX
0044CE51 |. C68424 F800000>MOV BYTE PTR SS:[ESP+F8],3
0044CE59 |. E8 7265FEFF CALL Installe.004333D0
0044CE5E |. 83C4 10 ADD ESP,10
0044CE61 |. 8BF0 MOV ESI,EAX
0044CE63 |. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
0044CE67 |. 3BC3 CMP EAX,EBX
0044CE69 |. C68424 E800000>MOV BYTE PTR SS:[ESP+E8],4
0044CE71 |. 74 0B JE SHORT Installe.0044CE7E
0044CE73 |. 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18]
0044CE77 |. 2BC8 SUB ECX,EAX
0044CE79 |. C1F9 05 SAR ECX,5
0044CE7C |. 75 09 JNZ SHORT Installe.0044CE87
0044CE7E |> E8 88A60B00 CALL Installe.0050750B
0044CE83 |. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
0044CE87 |> 8B16 MOV EDX,DWORD PTR DS:[ESI]
0044CE89 |. 6A FF PUSH -1
0044CE8B |. 53 PUSH EBX
0044CE8C |. 83C6 04 ADD ESI,4
0044CE8F |. 56 PUSH ESI
0044CE90 |. 8D48 04 LEA ECX,DWORD PTR DS:[EAX+4]
0044CE93 |. 8910 MOV DWORD PTR DS:[EAX],EDX
0044CE95 |. E8 C646FBFF CALL Installe.00401560
0044CE9A |. 396C24 4C CMP DWORD PTR SS:[ESP+4C],EBP
0044CE9E |. 72 0D JB SHORT Installe.0044CEAD
0044CEA0 |. 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38]
0044CEA4 |. 50 PUSH EAX
0044CEA5 |. E8 36A7FEFF CALL Installe.004375E0
0044CEAA |. 83C4 04 ADD ESP,4
0044CEAD |> 39AC24 8400000>CMP DWORD PTR SS:[ESP+84],EBP
0044CEB4 |. C74424 4C 0F00>MOV DWORD PTR SS:[ESP+4C],0F
0044CEBC |. 895C24 48 MOV DWORD PTR SS:[ESP+48],EBX
0044CEC0 |. 885C24 38 MOV BYTE PTR SS:[ESP+38],BL
0044CEC4 |. C68424 E800000>MOV BYTE PTR SS:[ESP+E8],2
0044CECC |. 72 0D JB SHORT Installe.0044CEDB
0044CECE |. 8B4C24 70 MOV ECX,DWORD PTR SS:[ESP+70]
0044CED2 |. 51 PUSH ECX
0044CED3 |. E8 08A7FEFF CALL Installe.004375E0
0044CED8 |. 83C4 04 ADD ESP,4
0044CEDB |> 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
0044CEDF |. 3BCB CMP ECX,EBX
0044CEE1 |. 74 0E JE SHORT Installe.0044CEF1
0044CEE3 |. 8B4424 18 MOV EAX,DWORD PTR SS:[ESP+18]
0044CEE7 |. 2BC1 SUB EAX,ECX
0044CEE9 |. C1F8 05 SAR EAX,5
0044CEEC |. 83F8 01 CMP EAX,1
0044CEEF |. 77 09 JA SHORT Installe.0044CEFA
0044CEF1 |> E8 15A60B00 CALL Installe.0050750B
0044CEF6 |. 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
0044CEFA |> 8B9424 8800000>MOV EDX,DWORD PTR SS:[ESP+88]
0044CF01 |. 8D41 20 LEA EAX,DWORD PTR DS:[ECX+20]
0044CF04 |. 6A FF PUSH -1
0044CF06 |. 53 PUSH EBX
0044CF07 |. 8D8C24 9400000>LEA ECX,DWORD PTR SS:[ESP+94]
0044CF0E |. 51 PUSH ECX
0044CF0F |. 8D48 04 LEA ECX,DWORD PTR DS:[EAX+4]
0044CF12 |. 8910 MOV DWORD PTR DS:[EAX],EDX
0044CF14 |. E8 4746FBFF CALL Installe.00401560
0044CF19 |. 6A 28 PUSH 28
0044CF1B |. 53 PUSH EBX
0044CF1C |. 8D5424 38 LEA EDX,DWORD PTR SS:[ESP+38]
0044CF20 |. 68 BC536100 PUSH Installe.006153BC ; ASCII "Audio\InstallFailed.wav"
0044CF25 |. 52 PUSH EDX
0044CF26 |. E8 A5270100 CALL Installe.0045F6D0
0044CF2B |. 83C4 10 ADD ESP,10
0044CF2E |. 396C24 4C CMP DWORD PTR SS:[ESP+4C],EBP
0044CF32 |. 72 0D JB SHORT Installe.0044CF41
0044CF34 |. 8B4424 38 MOV EAX,DWORD PTR SS:[ESP+38]
0044CF38 |. 50 PUSH EAX
0044CF39 |. E8 A2A6FEFF CALL Installe.004375E0
0044CF3E |. 83C4 04 ADD ESP,4
0044CF41 |> 68 18446100 PUSH Installe.00614418 ; ASCII "{OK}"
0044CF46 |. 8D7424 70 LEA ESI,DWORD PTR SS:[ESP+70]
0044CF4A |. E8 F14BFFFF CALL Installe.00441B40
0044CF4F |. 8BF8 MOV EDI,EAX
0044CF51 |. 68 54466100 PUSH Installe.00614654 ; ASCII "{UnableToLoadData}"
0044CF56 |. 8D7424 58 LEA ESI,DWORD PTR SS:[ESP+58]
0044CF5A |. C68424 F000000>MOV BYTE PTR SS:[ESP+F0],5
0044CF62 |. E8 D94BFFFF CALL Installe.00441B40
0044CF67 |. 83C4 08 ADD ESP,8
0044CF6A |. 396F 18 CMP DWORD PTR DS:[EDI+18],EBP
0044CF6D |. C68424 E800000>MOV BYTE PTR SS:[ESP+E8],6
0044CF75 |. 72 05 JB SHORT Installe.0044CF7C
0044CF77 |. 8B7F 04 MOV EDI,DWORD PTR DS:[EDI+4]
0044CF7A |. EB 03 JMP SHORT Installe.0044CF7F
0044CF7C |> 83C7 04 ADD EDI,4
0044CF7F |> 3968 18 CMP DWORD PTR DS:[EAX+18],EBP
0044CF82 |. 72 05 JB SHORT Installe.0044CF89
0044CF84 |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
0044CF87 |. EB 03 JMP SHORT Installe.0044CF8C
0044CF89 |> 83C0 04 ADD EAX,4
0044CF8C |> 53 PUSH EBX
0044CF8D |. 6A 01 PUSH 1
0044CF8F |. 53 PUSH EBX
0044CF90 |. 57 PUSH EDI
0044CF91 |. 50 PUSH EAX
0044CF92 |. 8D4C24 24 LEA ECX,DWORD PTR SS:[ESP+24]
0044CF96 |. 51 PUSH ECX
0044CF97 |. E8 C4FB0100 CALL Installe.0046CB60
0044CF9C |. 83C4 18 ADD ESP,18
0044CF9F |. 396C24 68 CMP DWORD PTR SS:[ESP+68],EBP
0044CFA3 |. 72 0D JB SHORT Installe.0044CFB2
0044CFA5 |. 8B5424 54 MOV EDX,DWORD PTR SS:[ESP+54]
0044CFA9 |. 52 PUSH EDX
0044CFAA |. E8 31A6FEFF CALL Installe.004375E0
0044CFAF |. 83C4 04 ADD ESP,4
0044CFB2 |> 39AC24 8400000>CMP DWORD PTR SS:[ESP+84],EBP
0044CFB9 |. BF 0F000000 MOV EDI,0F
0044CFBE |. 897C24 68 MOV DWORD PTR SS:[ESP+68],EDI
0044CFC2 |. 895C24 64 MOV DWORD PTR SS:[ESP+64],EBX
0044CFC6 |. 885C24 54 MOV BYTE PTR SS:[ESP+54],BL
0044CFCA |. C68424 E800000>MOV BYTE PTR SS:[ESP+E8],2
0044CFD2 |. 72 0D JB SHORT Installe.0044CFE1
0044CFD4 |. 8B4424 70 MOV EAX,DWORD PTR SS:[ESP+70]
0044CFD8 |. 50 PUSH EAX
0044CFD9 |. E8 02A6FEFF CALL Installe.004375E0
0044CFDE |. 83C4 04 ADD ESP,4
0044CFE1 |> E8 FA2BFEFF CALL Installe.0042FBE0
0044CFE6 |. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
0044CFEA |. 3BC3 CMP EAX,EBX
0044CFEC |. 74 29 JE SHORT Installe.0044D017
0044CFEE |. 8B4C24 2C MOV ECX,DWORD PTR SS:[ESP+2C]
0044CFF2 |. 51 PUSH ECX
0044CFF3 |. 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+1C]
0044CFF7 |. 8D5424 14 LEA EDX,DWORD PTR SS:[ESP+14]
0044CFFB |. 52 PUSH EDX
0044CFFC |. 51 PUSH ECX
0044CFFD |. 50 PUSH EAX
0044CFFE |. E8 8D62FEFF CALL Installe.00433290
0044D003 |. 8B5424 24 MOV EDX,DWORD PTR SS:[ESP+24]
0044D007 |. 52 PUSH EDX
0044D008 |. E8 D3A5FEFF CALL Installe.004375E0
0044D00D |. 83C4 14 ADD ESP,14
0044D010 |. EB 05 JMP SHORT Installe.0044D017
0044D012 |> BF 0F000000 MOV EDI,0F
0044D017 |> 39AC24 A400000>CMP DWORD PTR SS:[ESP+A4],EBP
0044D01E |. 889C24 E800000>MOV BYTE PTR SS:[ESP+E8],BL
0044D025 |. 72 10 JB SHORT Installe.0044D037
0044D027 |. 8B8424 9000000>MOV EAX,DWORD PTR SS:[ESP+90]
0044D02E |. 50 PUSH EAX
0044D02F |. E8 ACA5FEFF CALL Installe.004375E0
0044D034 |. 83C4 04 ADD ESP,4
0044D037 |> 68 F4516100 PUSH Installe.006151F4 ; /Arg1 = 006151F4 ASCII "hasValidDecryptionKey"
0044D03C |. B9 70206B00 MOV ECX,Installe.006B2070 ; |
0044D041 |. E8 BAC0FFFF CALL Installe.00449100 ; \Installe.00449100
0044D046 |. 84C0 TEST AL,AL
0044D048 |. 0F84 24020000 JE Installe.0044D272
0044D04E |. E8 3DE80000 CALL Installe.0045B890
0044D053 |. E8 A8E80000 CALL Installe.0045B900
0044D058 |. 53 PUSH EBX
0044D059 |. 68 80A74400 PUSH Installe.0044A780
0044D05E |. E8 4D2CFEFF CALL Installe.0042FCB0
0044D063 |. 897C24 54 MOV DWORD PTR SS:[ESP+54],EDI
0044D067 |. 895C24 50 MOV DWORD PTR SS:[ESP+50],EBX
0044D06B |. 885C24 40 MOV BYTE PTR SS:[ESP+40],BL
0044D06F |. 895C24 38 MOV DWORD PTR SS:[ESP+38],EBX
0044D073 |. 6A 01 PUSH 1
0044D075 |. 8D4C24 3C LEA ECX,DWORD PTR SS:[ESP+3C]
0044D079 |. 51 PUSH ECX
0044D07A |. 8D5424 60 LEA EDX,DWORD PTR SS:[ESP+60]
0044D07E |. 68 B0536100 PUSH Installe.006153B0 ; ASCII "EULA.html"
0044D083 |. 52 PUSH EDX
0044D084 |. C68424 0001000>MOV BYTE PTR SS:[ESP+100],7
0044D08C |. E8 9FD20000 CALL Installe.0045A330
0044D091 |. 83C4 18 ADD ESP,18
0044D094 |. 3968 18 CMP DWORD PTR DS:[EAX+18],EBP
0044D097 |. C68424 E800000>MOV BYTE PTR SS:[ESP+E8],8
0044D09F |. 72 05 JB SHORT Installe.0044D0A6
0044D0A1 |. 8B50 04 MOV EDX,DWORD PTR DS:[EAX+4]
0044D0A4 |. EB 03 JMP SHORT Installe.0044D0A9
0044D0A6 |> 8D50 04 LEA EDX,DWORD PTR DS:[EAX+4]
0044D0A9 |> 8BC2 MOV EAX,EDX
0044D0AB |. 897C24 28 MOV DWORD PTR SS:[ESP+28],EDI
0044D0AF |. 895C24 24 MOV DWORD PTR SS:[ESP+24],EBX
0044D0B3 |. 885C24 14 MOV BYTE PTR SS:[ESP+14],BL
0044D0B7 |. 8D70 01 LEA ESI,DWORD PTR DS:[EAX+1]
0044D0BA |. 8D9B 00000000 LEA EBX,DWORD PTR DS:[EBX]
0044D0C0 |> 8A08 /MOV CL,BYTE PTR DS:[EAX]
0044D0C2 |. 83C0 01 |ADD EAX,1
0044D0C5 |. 3ACB |CMP CL,BL
0044D0C7 |.^75 F7 \JNZ SHORT Installe.0044D0C0
0044D0C9 |. 2BC6 SUB EAX,ESI
0044D0CB |. 50 PUSH EAX
0044D0CC |. 52 PUSH EDX
0044D0CD |. 8D4C24 18 LEA ECX,DWORD PTR SS:[ESP+18]
0044D0D1 |. E8 6A45FBFF CALL Installe.00401640
0044D0D6 |. 396C24 68 CMP DWORD PTR SS:[ESP+68],EBP
0044D0DA |. C68424 E800000>MOV BYTE PTR SS:[ESP+E8],0A
0044D0E2 |. 72 0D JB SHORT Installe.0044D0F1
0044D0E4 |. 8B4424 54 MOV EAX,DWORD PTR SS:[ESP+54]
0044D0E8 |. 50 PUSH EAX
0044D0E9 |. E8 F2A4FEFF CALL Installe.004375E0
0044D0EE |. 83C4 04 ADD ESP,4
0044D0F1 |> 68 A4536100 PUSH Installe.006153A4 ; ASCII "{Disagree}"
0044D0F6 |. 8DB424 8C00000>LEA ESI,DWORD PTR SS:[ESP+8C]
0044D0FD |. 897C24 6C MOV DWORD PTR SS:[ESP+6C],EDI
0044D101 |. 895C24 68 MOV DWORD PTR SS:[ESP+68],EBX
0044D105 |. 885C24 58 MOV BYTE PTR SS:[ESP+58],BL
0044D109 |. E8 324AFFFF CALL Installe.00441B40
0044D10E |. 8BF8 MOV EDI,EAX
0044D110 |. 68 9C536100 PUSH Installe.0061539C ; ASCII "{Agree}"
0044D115 |. 8D7424 74 LEA ESI,DWORD PTR SS:[ESP+74]
0044D119 |. C68424 F000000>MOV BYTE PTR SS:[ESP+F0],0B
0044D121 |. E8 1A4AFFFF CALL Installe.00441B40
0044D126 |. 8BE8 MOV EBP,EAX
0044D128 |. 68 80536100 PUSH Installe.00615380 ; ASCII "{EndUserLicenseAgreement}"
0044D12D |. 8DB424 B400000>LEA ESI,DWORD PTR SS:[ESP+B4]
0044D134 |. C68424 F400000>MOV BYTE PTR SS:[ESP+F4],0C
0044D13C |. E8 FF49FFFF CALL Installe.00441B40
0044D141 |. 83C4 0C ADD ESP,0C
0044D144 |. BE 10000000 MOV ESI,10
0044D149 |. 3977 18 CMP DWORD PTR DS:[EDI+18],ESI
0044D14C |. C68424 E800000>MOV BYTE PTR SS:[ESP+E8],0D
0044D154 |. 72 05 JB SHORT Installe.0044D15B
0044D156 |. 8B7F 04 MOV EDI,DWORD PTR DS:[EDI+4]
0044D159 |. EB 03 JMP SHORT Installe.0044D15E
0044D15B |> 83C7 04 ADD EDI,4
0044D15E |> 3975 18 CMP DWORD PTR SS:[EBP+18],ESI
0044D161 |. 72 05 JB SHORT Installe.0044D168
0044D163 |. 8B6D 04 MOV EBP,DWORD PTR SS:[EBP+4]
0044D166 |. EB 03 JMP SHORT Installe.0044D16B
0044D168 |> 83C5 04 ADD EBP,4
0044D16B |> 3970 18 CMP DWORD PTR DS:[EAX+18],ESI
0044D16E |. 72 05 JB SHORT Installe.0044D175
0044D170 |. 8B40 04 MOV EAX,DWORD PTR DS:[EAX+4]
0044D173 |. EB 03 JMP SHORT Installe.0044D178
0044D175 |> 83C0 04 ADD EAX,4
0044D178 |> 397424 28 CMP DWORD PTR SS:[ESP+28],ESI
0044D17C |. 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
0044D180 |. 73 04 JNB SHORT Installe.0044D186
0044D182 |. 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
0044D186 |> 53 PUSH EBX
0044D187 |. 68 D0C74400 PUSH Installe.0044C7D0
0044D18C |. 57 PUSH EDI
0044D18D |. 55 PUSH EBP
0044D18E |. 50 PUSH EAX
0044D18F |. 51 PUSH ECX
0044D190 |. E8 6B2AFEFF CALL Installe.0042FC00
0044D195 |. 83C4 18 ADD ESP,18
0044D198 |. 39B424 C000000>CMP DWORD PTR SS:[ESP+C0],ESI
0044D19F |. 72 10 JB SHORT Installe.0044D1B1
0044D1A1 |. 8B8C24 AC00000>MOV ECX,DWORD PTR SS:[ESP+AC]
0044D1A8 |. 51 PUSH ECX
0044D1A9 |. E8 32A4FEFF CALL Installe.004375E0
0044D1AE |. 83C4 04 ADD ESP,4
0044D1B1 |> 39B424 8400000>CMP DWORD PTR SS:[ESP+84],ESI
0044D1B8 |. BF 0F000000 MOV EDI,0F
0044D1BD |. 89BC24 C000000>MOV DWORD PTR SS:[ESP+C0],EDI
0044D1C4 |. 899C24 BC00000>MOV DWORD PTR SS:[ESP+BC],EBX
0044D1CB |. 889C24 AC00000>MOV BYTE PTR SS:[ESP+AC],BL
0044D1D2 |. 72 0D JB SHORT Installe.0044D1E1
0044D1D4 |. 8B5424 70 MOV EDX,DWORD PTR SS:[ESP+70]
0044D1D8 |. 52 PUSH EDX
0044D1D9 |. E8 02A4FEFF CALL Installe.004375E0
0044D1DE |. 83C4 04 ADD ESP,4
0044D1E1 |> 39B424 A000000>CMP DWORD PTR SS:[ESP+A0],ESI
0044D1E8 |. 89BC24 8400000>MOV DWORD PTR SS:[ESP+84],EDI
0044D1EF |. 899C24 8000000>MOV DWORD PTR SS:[ESP+80],EBX
0044D1F6 |. 885C24 70 MOV BYTE PTR SS:[ESP+70],BL
0044D1FA |. 72 10 JB SHORT Installe.0044D20C
0044D1FC |. 8B8424 8C00000>MOV EAX,DWORD PTR SS:[ESP+8C]
0044D203 |. 50 PUSH EAX
0044D204 |. E8 D7A3FEFF CALL Installe.004375E0
0044D209 |. 83C4 04 ADD ESP,4
0044D20C |> 397424 28 CMP DWORD PTR SS:[ESP+28],ESI
0044D210 |. 72 0D JB SHORT Installe.0044D21F
0044D212 |. 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
0044D216 |. 51 PUSH ECX
0044D217 |. E8 C4A3FEFF CALL Installe.004375E0
0044D21C |. 83C4 04 ADD ESP,4
0044D21F |> 397424 4C CMP DWORD PTR SS:[ESP+4C],ESI
0044D223 |. 897C24 28 MOV DWORD PTR SS:[ESP+28],EDI
0044D227 |. 895C24 24 MOV DWORD PTR SS:[ESP+24],EBX
0044D22B |. 885C24 14 MOV BYTE PTR SS:[ESP+14],BL
0044D22F |. 72 0D JB SHORT Installe.0044D23E
0044D231 |. 8B5424 38 MOV EDX,DWORD PTR SS:[ESP+38]
0044D235 |. 52 PUSH EDX
0044D236 |. E8 A5A3FEFF CALL Installe.004375E0
0044D23B |. 83C4 04 ADD ESP,4
0044D23E |> 8BEE MOV EBP,ESI
0044D240 |> 39AC24 DC00000>CMP DWORD PTR SS:[ESP+DC],EBP
0044D247 |. 5F POP EDI
0044D248 |. 5E POP ESI
0044D249 |. 5D POP EBP
0044D24A |. 5B POP EBX
0044D24B |. 72 10 JB SHORT Installe.0044D25D
0044D24D |. 8B8424 B800000>MOV EAX,DWORD PTR SS:[ESP+B8]
0044D254 |. 50 PUSH EAX
0044D255 |. E8 86A3FEFF CALL Installe.004375E0
0044D25A |. 83C4 04 ADD ESP,4
0044D25D |> 8B8C24 D000000>MOV ECX,DWORD PTR SS:[ESP+D0]
0044D264 |. 64:890D 000000>MOV DWORD PTR FS:[0],ECX
0044D26B |. 81C4 DC000000 ADD ESP,0DC
0044D271 |. C3 RETN
0044D272 |> B9 D0166B00 MOV ECX,Installe.006B16D0
0044D277 |. E8 34AAFEFF CALL Installe.00437CB0
0044D27C |. 53 PUSH EBX
0044D27D |. E8 FEF0FFFF CALL Installe.0044C380
0044D282 |. 83C4 04 ADD ESP,4
0044D285 \.^EB B9 JMP SHORT Installe.0044D240

Lejeune · July 18, 2010, 07:41:26 AM

http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://3dmgame.chnren.com/bbs/showtopic.aspx%3Ftopicid%3D1364288%26page%3Dend&ei=MqJCTOX0M4WF4Qa437yjDg&sa=X&oi=translate&ct=result&resnum=7&ved=0CD4Q7gEwBg&prev=/search%3Fq%3Dmpqe%26hl%3Den%26sa%3DX%26tbo%3D1%26tbs%3Dqdr:d

Seems like they are making huge progress from the looks of it?!

darkrei9n · July 18, 2010, 07:56:19 AM

Guys. If any of you are using say IDA pro or whatever, if you see jz 006569F8 or that location referenced in any code that is what we are looking for. That goes to CryptCreateHash which I think is what we need.

tomsons26 · July 18, 2010, 07:59:50 AM

is this useful?
00218D7A: extract repack
0021C517: key H5f

SSZ00614990_MPQE
SSZ006151C4_DecryptionKey
SSZ006151B4__DecryptionKey_

Crypto info

Code Select

BASE64 table :: 0021A2B8 :: 0061A2B8
      Referenced at 006112A3
  BASE64 table :: 0021F3E8 :: 0061F3E8
      Referenced at 004C87F1
      Referenced at 004C8802
      Referenced at 004C8825
      Referenced at 004C8840
  BZIP2 [long] :: 00288260 :: 00688260
      Referenced at 005311E1
      Referenced at 0053124E
      Referenced at 005312BB
      Referenced at 00531321
      Referenced at 00531379
      Referenced at 00533B95
      Referenced at 00533DA6
      Referenced at 005361FA
      Referenced at 005362BE
      Referenced at 0053635D
      Referenced at 005363F6
      Referenced at 00536486
  CRC32 :: 0024E110 :: 0064E110
      Referenced at 005C7216
      Referenced at 005C7260
      Referenced at 005C72A0
      Referenced at 005C72DD
      Referenced at 005C7314
      Referenced at 005C734B
      Referenced at 005C737C
      Referenced at 005C73BB
      Referenced at 005C73F2
      Referenced at 005C743F
      Referenced at 005C7471
  CRC32b :: 00251BA8 :: 00651BA8
      Referenced at 005DA044
      Referenced at 005DA071
  CRC32b :: 00287E60 :: 00687E60
      Referenced at 00531162
      Referenced at 00531441
      Referenced at 005314BC
      Referenced at 005316F7
      Referenced at 00536135
      Referenced at 00536502
      Referenced at 00536882
      Referenced at 00536958
  CryptCreateHash [Name] :: 002569F8 :: 006569F8
      Referenced at 005475AA
  CryptHashData [Name] :: 00256A2C :: 00656A2C
      Referenced at 005475D7
  DCL Implode [word] :: 00251848 :: 00651848
      Referenced at 005C7E06
  MD5 :: 00148BC9 :: 00548BC9
      The reference is above.
  SHA1 [Compress] :: 000A6ED3 :: 004A6ED3
      The reference is above.
  SHA1 [Compress] :: 00155BE4 :: 00555BE4
      The reference is above.
  ZLIB deflate [word] :: 002509E8 :: 006509E8
      Referenced at 005C675B

tomsons26 · July 18, 2010, 08:46:44 AM

weird http://download.cnet.com/Deccan-Encryptor-Decryptor/3000-2092_4-10411521.html?tag=mncol
says incorect pasword so that means it can read the cryption of Installer UI 2.MPQE

Blackcode · July 18, 2010, 09:46:30 AM

Quote from: tomsons26 on July 18, 2010, 08:46:44 AM
weird http://download.cnet.com/Deccan-Encryptor-Decryptor/3000-2092_4-10411521.html?tag=mncol
says incorect pasword so that means it can read the cryption of Installer UI 2.MPQE

Dude read some fucking asm manuals, get some basic knowledge before talk without knowing... usually i am a patient guy but i see too many ppl trying to help without having the basic knowledge....

the encryption used by mpqe files is supesed to be salsa20. Bruteforcing that will lead to nowhere seeing the lenght of the key so we are trying to exploit that somehow else.

darkrei9n · July 18, 2010, 11:28:39 AM

Vernam7 should drop us another hint.

Like what tools he used.

Cybertox · July 18, 2010, 11:30:18 AM

Guys just calm down im sure you will be able to crack it.

darkrei9n · July 18, 2010, 11:32:40 AM

Cyber we're relatively calm compared to other places. We're not screaming at Vernam7 like some sites to release the crack or claiming he never did it.

Vernam7 · July 18, 2010, 11:48:40 AM

Quote from: darkrei9n on July 18, 2010, 11:32:40 AM
Cyber we're relatively calm compared to other places. We're not screaming at Vernam7 like some sites to release the crack or claiming he never did it.

tnx dark

i dint use any specialy tool that you allready dont know
simple known tools like
W32DSM (way old i know but does the job)
HHD Hex Editor (its simple and with fast compairing methods i like it)
NO IIS installetion needed (because i had a private server to emulate and test few thinks)

and i Didnt do anything on runtime! not cracking or altering enything at runtime in memmory! i just watched very carefully, extract the second installer from the 1st one as allready told you, hex edit this one to the right addresses (no details as i said) and not replacing or doing renames stuff inside any MPQ file!

you can get the 2nd installer
replace it over the 1st on
just extract what file you need to edit or fake-skip from the mpq and place it to were you base installer.exe is it will read those and NOT the MPQ ones!
so you can do clone files that much the originals but have inside what ever you whant them to have to pass few steps!

no need to go back forward to temp folders and crap like that "copy pasting and self apointed crackers" here and there are saying!

imho the main focus should be to fake the installer that is ok to go on with the dycreption of the files
(look the header of the MPQE files!) calculate the size in HEX dont just copy paste information people say in other china forums without understanding what you read guys!

every region isntaller decrypts slightly different!

hope those are gona save you some more time...

GL!

vernam7 out.