ez2on find out how to start the game

Results 1 to 6 of 6
  1. #1
    Member Nothilvien is offline
    MemberRank
    Nov 2007 Join Date
    35Posts

    ez2on find out how to start the game


    RaGEZONE Recommends

    RaGEZONE Recommends

    Hello,

    Im currently working on ez2on. I have a old game client and a server that can get the client into channel selection (https://github.com/Arrowgene/Arrowgene.Ez2Off).

    Recently I was lucky enough to obtain the latest game files before the server closed. As I rather want to develop agains the latest files instead of the outdated ones I require some help.

    The problem is that I don't know what parameters to pass to lunch the game.
    The old client could be started with simple parameters:
    EZ2ON_EMU.exe 127.0.0.1 username password 1

    But the current client always gives a message box, where the title reads "Run the game after logging in from the web" and the content is simply "-". Please find a picture of the message box in the attachment. (The title will look gibberish if you don't have Korean set as a language)

    The aim is to bypass this message by patching the exe, or investigate the exe and find out how it needs to be launched (maybe it checks the parent process is a browser?, or it requires certain parameters) Any of those two ways that leads to launching the game would be a success.

    So if you manage to get this exe to spit out a different message or launch the game, that would be great! If it's a different message please let me know how to reproduce it and I can translate the message to see whats going on.

    The executable was protected by VMProtect 2.07 but I managed to unpack it with the help of a script (https://tuts4you.com/download.php?view.3432) So the executable has no anti-debugging mechanics anymore and should be easy to load in olly/ida/debugger of choice.

    There is also an anti cheat mechanic that will probably hinder further starting, but that can be dealt with when we actually figure out how to start this exe properly.

    The binaries can be obtained from here:
    https://mega.nz/#!OgcmzagY!srLTDB1aFxUEIjLz-2Pa9acRd8s0_H0ZBA7R_5XvfDM

    Note I did not include the game artworks and song data, as this would blow up the download and is not necessary to overcome this message box. If you still want to obtain the full client please drop me a message and I will provide you the link

    Any help is greatly appreciated, thank you for reading and hope you check this out, as my skills are limited in this area.
    Attached Images Attached Images


  2. #2
    Registered stealthguard is online now
    MemberRank
    Sep 2017 Join Date
    somewhereLocation
    7Posts

    Re: ez2on find out how to start the game

    It should be in their initialization routine. Find the WinMain and theres a parameter lpCmdLine or see if they call GetCommandLineA/W.
    i think as long as you start the game inside something like ollydbg and you break on program's entry point, you should be able to get it.

  3. #3
    Member Nothilvien is offline
    MemberRank
    Nov 2007 Join Date
    35Posts

    Re: ez2on find out how to start the game

    Hey,

    thanks for the tips, but unfortunate the problem is I don't know what parameters to pass or how to find out where the clients dismisses the parameter as correct/false to analyse what it expects. I can see in ollyDbg the parameters I pass, but I fail to set a breakpoint on memory access to reading those parameters or understand how these parameters are interpreted.

    I don't know what parameters have been used, nor do I have the original launcher that passed the 'correct' parameters, I'm not even sure if its a parameters issue, might be another reason why it tells me to use a 'web launcher' for all I know is the previous version allowed this kind of parameters. So im kinda stuck :(

    Appreciate your help very much, maybe you have another Idea how to tackle this issue?

  4. #4
    Registered stealthguard is online now
    MemberRank
    Sep 2017 Join Date
    somewhereLocation
    7Posts

    Re: ez2on find out how to start the game

    if you are able to get the original client to run, then you can try to inject a dll and call GetCommandLineA/W to see what the accepted commandline is . but since you cant,

    you will need to figure out based on how the client determine if the command line is valid or not. so in this case, you need to get past your breakpoint problem. use some ollydbg plugins like Phant0m.
    you can also try breakpoint on MessageBoxTimeoutA/W . this can trace messagebox calls. readup on how the function is used if u need to

    bp on getcommandline -> trace forward
    bp on messageboxtimeout -> trace backwards

    anyway, you need to solve the problem of your breakpoints, as long as you get some plugins it shouldnt be hard.

  5. #5
    Member Nothilvien is offline
    MemberRank
    Nov 2007 Join Date
    35Posts

    Re: ez2on find out how to start the game

    Hey,

    I don't have a problem with setting breakpoints, and Phant0m isn't needed as there are no anti debug mechanics.
    My problem is more about my own skills and understanding of the instructions. I can do basic stepping and understand some jumps, but I cant wrap my head around how to analyse the code to detect the correct starting conditions.

    I used the TraceLog and then the run TraceInto method from olly and it will run from start to the message box, I then can investigate each step individually that leads to the message box. I can find the spot where it starts to prepare the message box (pushing title and label to memory) but I have difficulties understanding how this condition arised in the first place. I can set breakpoints at interesting positions from my Run Trace Log and analyse by stepping through it again while observing the memory, but I feel a bit lost in all those instructions :/

    I think your tips are already very good and specific to my problem, but it seems not enough yet to get me further. I will keep trying but it might take me alot of time to catch up for me, that is why I was hoping if someone could also take a look at it who is more advanced and has a better understanding of how things come together.

    Again Thank you!

  6. #6
    Registered stealthguard is online now
    MemberRank
    Sep 2017 Join Date
    somewhereLocation
    7Posts

    Re: ez2on find out how to start the game

    Quote Originally Posted by Nothilvien View Post
    Hey,

    I don't have a problem with setting breakpoints, and Phant0m isn't needed as there are no anti debug mechanics.
    My problem is more about my own skills and understanding of the instructions. I can do basic stepping and understand some jumps, but I cant wrap my head around how to analyse the code to detect the correct starting conditions.

    I used the TraceLog and then the run TraceInto method from olly and it will run from start to the message box, I then can investigate each step individually that leads to the message box. I can find the spot where it starts to prepare the message box (pushing title and label to memory) but I have difficulties understanding how this condition arised in the first place. I can set breakpoints at interesting positions from my Run Trace Log and analyse by stepping through it again while observing the memory, but I feel a bit lost in all those instructions :/

    I think your tips are already very good and specific to my problem, but it seems not enough yet to get me further. I will keep trying but it might take me alot of time to catch up for me, that is why I was hoping if someone could also take a look at it who is more advanced and has a better understanding of how things come together.

    Again Thank you!
    yeah if its your own skills then it might be a rough one.
    anyway since you figured our where the messagebox call is , then it should be very near to that. look for conditional jumps.
    if a condition is true/false -> messagebox is called.

    i dont really have the time to look at it for you, currently working on other projects. all the best to you, and your welcome.




Advertisement