Blizzard is allowing the full client to be downloaded before release!

steve30x · July 19, 2010, 02:27:48 AM

The problem here is the greedy people are crying foul of Vernam's claim of cracking the installer. :tease: You greedy people need to get over it and wait for the 27th and buy the game. Otherwise wait for the crack to be released and sto being such a childish greey baby.

HolyPants · July 19, 2010, 03:27:31 AM

Quote from: steve30x on July 19, 2010, 02:27:48 AM
The problem here is the greedy people are crying foul of Vernam's claim of cracking the installer. :tease: You greedy people need to get over it and wait for the 27th and buy the game. Otherwise wait for the crack to be released and sto being such a childish greey baby.

I did too.

I gave the same amount of evidence.

TWNuke · July 19, 2010, 03:39:57 AM

Just a thought!! As I am new to this.

The installation throws out the date error for the 27th July only if you are connected to the internet.

So assuming this, it does not check your system date but the date elsewhere such as the blizzard server.

Maybe we need to look at this if it has not been looked at yet.

tomsons26 · July 19, 2010, 03:51:30 AM

Read the previous posts and the E to MPQE stands for encypted and bizz is giving the key to decrypt them only on 27

Cybertox · July 19, 2010, 04:13:22 AM

Guys what are you going to do after you successfully install the game?Use the lazylauncher or try to hack the serial number?

darkrei9n · July 19, 2010, 09:36:11 AM

Update. After some careful hex editing we have no bypassed the first error achieved, FAILURE TO OPEN <EULA>, it now opens the eula window properly and goes onto install WITHOUT any XML editing. We need to get it to decrypt however still.

darkrei9n · July 19, 2010, 11:28:54 AM

I found a second reference to MPQE, think I found where it does decryption.

Kernel64 · July 19, 2010, 11:29:44 AM

Nice.

Do you think the WoW MPQE can be examined for the process of decryption? If I remember correctly there was this thing about MPQE and WoW.

Maybe there is a way to directly manipulate the MPQE file without going through the install process.

White · July 19, 2010, 12:45:02 PM

Unfortunately I am pretty much in the dark when it comes to this kind of stuff. My only suggestion is that maybe by comparing the instructions in the beta installer to the retail one some clues may be revealed. Obviously some things have to be the same in both so then it will be easier to concentrate only on the differences. Sorry if this sounds silly.

obliviron · July 19, 2010, 01:11:05 PM

Ok, to the people who are trying to crack Blizzard's SC2 - read the following.

MPQ - MoPaQ file archive format in which the files are compressed to decrease space and enhance ease of use.
MPQE - MoPaQ files first used by Blizzard. These files are encrypted.

After playing around with PeID and several plugins I found MPQE files to be encrypted in two ways. One - is a simple crc & header corruption which is easily reversible.

The other, however is a Salsa20 or ChaCha encryption, BOTH of which are as hard to decrypt as Themida 2.x. This encryption requires a 256-bit key which Blizzard DID NOT RELEASE. It is possible to try to crack the key if you have enough knowledge on the subject, but cracking the key could take months or more.

The Sc2 installer WILL DEPROTECT the files WHEN it has the key. So basically, even if you do modify the program so that it will accept any authorization key, the decryption will still require the 256-bit key that BLIZZARD HAS.

Vernam claims he cracked the program in a maximum of 3 days. He also said that he used an emulator server to help him with the cracking.

Why the hell would you need an emulation server if everything except the encryption-key can be accessed locally?

Finally, Blizzard wouldn't release a game before the actual release date with such weak protection that it can be cracked in less then a week!

Also, Vernam, I have 8 years of experience in C mask and psuedo code, not to mention a doctorate in computer science. I am currently taking classes in electric engineering, so denying my argument by calling me a script kiddie (Which is what you say to all logical arguments) will just make you an idiot.
IN SHORT - SC2 CANNOT BE CRACKED BEFORE THE RELEASE DATE!

Cybertox · July 19, 2010, 01:17:21 PM

Quote from: obliviron on July 19, 2010, 01:11:05 PM

Ok, to the people who are trying to crack Blizzard's SC2 - read the following.

MPQ - MoPaQ file archive format in which the files are compressed to decrease space and enhance ease of use.
MPQE - MoPaQ files first used by Blizzard. These files are encrypted.

After playing around with PeID and several plugins I found MPQE files to be encrypted in two ways. One - is a simple crc & header corruption which is easily reversible.

The other, however is a Salsa20 or ChaCha encryption, BOTH of which are as hard to decrypt as Themida 2.x. This encryption requires a 256-bit key which Blizzard DID NOT RELEASE. It is possible to try to crack the key if you have enough knowledge on the subject, but cracking the key could take months or more.

The Sc2 installer WILL DEPROTECT the files WHEN it has the key. So basically, even if you do modify the program so that it will accept any authorization key, the decryption will still require the 256-bit key that BLIZZARD HAS.

Vernam claims he cracked the program in a maximum of 3 days. He also said that he used an emulator server to help him with the cracking.

Why the hell would you need an emulation server if everything except the encryption-key can be accessed locally?

Finally, Blizzard wouldn't release a game before the actual release date with such weak protection that it can be cracked in less then a week!

Also, Vernam, I have 8 years of experience in C mask and psuedo code, not to mention a doctorate in computer science. I am currently taking classes in electric engineering, so denying my argument by calling me a script kiddie (Which is what you say to all logical arguments) will just make you an idiot.
IN SHORT - SC2 CANNOT BE CRACKED BEFORE THE RELEASE DATE!

Everything can be cracked!
This is the first time i see a guy that have 8 years experience and cannot hack a game calling its protection weak xD

7H3LaughingMan · July 19, 2010, 01:49:09 PM

Quote from: Cybertox on July 19, 2010, 01:17:21 PM
Quote from: obliviron on July 19, 2010, 01:11:05 PM

Ok, to the people who are trying to crack Blizzard's SC2 - read the following.

MPQ - MoPaQ file archive format in which the files are compressed to decrease space and enhance ease of use.
MPQE - MoPaQ files first used by Blizzard. These files are encrypted.

After playing around with PeID and several plugins I found MPQE files to be encrypted in two ways. One - is a simple crc & header corruption which is easily reversible.

The other, however is a Salsa20 or ChaCha encryption, BOTH of which are as hard to decrypt as Themida 2.x. This encryption requires a 256-bit key which Blizzard DID NOT RELEASE. It is possible to try to crack the key if you have enough knowledge on the subject, but cracking the key could take months or more.

The Sc2 installer WILL DEPROTECT the files WHEN it has the key. So basically, even if you do modify the program so that it will accept any authorization key, the decryption will still require the 256-bit key that BLIZZARD HAS.

Vernam claims he cracked the program in a maximum of 3 days. He also said that he used an emulator server to help him with the cracking.

Why the hell would you need an emulation server if everything except the encryption-key can be accessed locally?

Finally, Blizzard wouldn't release a game before the actual release date with such weak protection that it can be cracked in less then a week!

Also, Vernam, I have 8 years of experience in C mask and psuedo code, not to mention a doctorate in computer science. I am currently taking classes in electric engineering, so denying my argument by calling me a script kiddie (Which is what you say to all logical arguments) will just make you an idiot.
IN SHORT - SC2 CANNOT BE CRACKED BEFORE THE RELEASE DATE!
Everything can be cracked!
This is the first time i see a guy that have 8 years experience and cannot hack a game calling its protection weak xD

He never said that the protection was weak, he said Blizzard would never release a game before release with weak protection. He is indeed saying the opposite and that the protection is great.

Yes, everything can be cracked if you had time. But trying to brute force a key in less than a week is pure impossible.

darkrei9n · July 19, 2010, 02:04:22 PM

This is where the authentication key is checked, if anyone can do anything with this.

Code Select

cé


; int __stdcall sub_4447E0(HINSTANCE hInstance, HWND hWndParent, int, char, int, int)
sub_4447E0 proc near

hInstance= dword ptr  4
hWndParent= dword ptr  8
arg_8= dword ptr  0Ch
arg_C= byte ptr  10h
arg_10= dword ptr  14h
arg_14= dword ptr  18h

mov     eax, [esp+arg_8]
mov     edx, [esp+arg_10]
push    ebx
mov     [ecx], eax
mov     al, [esp+4+arg_C]
xor     ebx, ebx
push    ebx             ; dwInitParam
mov     [ecx+26h], al
mov     eax, [esp+8+hWndParent]
push    offset sub_4440A0 ; lpDialogFunc
mov     [ecx+4], edx
mov     edx, [esp+0Ch+arg_14]
push    eax             ; hWndParent
mov     [ecx+24h], bl
mov     [ecx+25h], bl
mov     [ecx+28h], edx
mov     ecx, [esp+10h+hInstance]
push    87h             ; lpTemplateName
push    ecx             ; hInstance
call    ds:DialogBoxParamW
cmp     eax, 1
mov     al, 1
jz      short loc_444828

Cybertox · July 19, 2010, 02:18:11 PM

I want to play this game so badly.It is horrible thinking that Vernam is now playing the game and wont share his crack.
Im sorry that i dont understood about the protection next time will read carefully.

7H3LaughingMan · July 19, 2010, 02:29:43 PM

Quote from: darkrei9n on July 19, 2010, 02:04:22 PM
This is where the authentication key is checked, if anyone can do anything with this.

Code Select Expand
cé ; int __stdcall sub_4447E0(HINSTANCE hInstance, HWND hWndParent, int, char, int, int) sub_4447E0 proc near hInstance= dword ptr 4 hWndParent= dword ptr 8 arg_8= dword ptr 0Ch arg_C= byte ptr 10h arg_10= dword ptr 14h arg_14= dword ptr 18h mov eax, [esp+arg_8] mov edx, [esp+arg_10] push ebx mov [ecx], eax mov al, [esp+4+arg_C] xor ebx, ebx push ebx ; dwInitParam mov [ecx+26h], al mov eax, [esp+8+hWndParent] push offset sub_4440A0 ; lpDialogFunc mov [ecx+4], edx mov edx, [esp+0Ch+arg_14] push eax ; hWndParent mov [ecx+24h], bl mov [ecx+25h], bl mov [ecx+28h], edx mov ecx, [esp+10h+hInstance] push 87h ; lpTemplateName push ecx ; hInstance call ds:DialogBoxParamW cmp eax, 1 mov al, 1 jz short loc_444828

There is nothing to do here, if the authentication code is a valid format then it moves on and tries to decrypt the files using it. There is only 1 valid code that will decrypt the files, it is only stored on the blizzard servers.