Starforce 3 - The gravestone?

DeeYeah, if you check the link to the Starforce thread on the official forum, provided by dyn!o you will find links to sources where you can obtain the game/nfo from. Obviously it cannot be divulged here.

Dynio, I have been a member here for a long-time, so very much respect the work you have done for the community, but your original post in this thread almost seemed like an advertising campaign. Perhaps you should get a job doing infomercials

Only japing you though, old chap

It seems the old adages will always apply, 'If it can be run it can be cracked' and 'There is more than one way to skin a cat'. I guess it is just a case of skill and determination.

It is an impressive crack though, but in many respects I'd prefer to use the unpacked version so I don't have to have those unpleasant Starforce drivers on my system, modified or not...

Regards,

Dzg.

[dyn!o]

Danzig: infomercials? Hmm... good idea but I'm already working on similar tasks in my real life . Anyway, thank you for suggestion.

If it comes to the advertisement, then yes - you are right. But history changed, my friend. There were many rumours in the past about strange Starforce cracks working or not working, from demo or beta files, even from leaked unprotected versions. People, like me, wondered if this protection has been really cracked or not.

Discussed relase closes all those wonders because it contains cracked Starforce protection - not only unpacked game files. That makes a slight difference and allow us to believe it's a new cure to similar protections based on virtual machines. Every interested person has the opportunity to verify it.

What other way could I choose to advertise such progress? Probably only by marketing-like post

With respect, guys.

[jonwil]

Does this mean that they actually cracked the generic Starforce engine code and not the game code?

Would it be possible to use the "cracked" engine files from this release with other Starforce games featuring the same origonal engine files as this game?

In short, does this crack make cracking other Starforce games (e.g. Race Driver 2) any easier?

[peleon]

jonwill, I suppose that for the ultima group, they can easily crack other StarForce titles after this crack. I dont say a automatic crack, but they should know how to do it manually and all the steps for that.

If they would share a bit their investigations, that would help us to make faster cracks for SF3

Regards.

[dyn!o]

If someone can crack such complex protections like Xtreme Protector or/and Starforce then he/she can crack probably everything.

Regards.

[peleon]

It should be nice that we could protect our little programs with SF3 like we do with other protectors, so we can investigate more about SF3 I think that SF has the advantadge over other protectors that we cannot use demo version of it...so, people that have the "privilege" of having a SF game/application are not many

About Ultima...I guess they will stay silent about how they did it

Regards

[niom]

Quote:

Originally Posted by dyn!o

I have loaded original Xpand Rally binaries and it still works with the relase because they cracked Starforce engine, not game

the only way to make this possible is to crack the starforce device drivers.

if they did this, can you please send windows\system32\drivers\prodrv06.sys and windows\system32\drivers\prohlp02.sys as an attachment to this thread?

thxalot

[dyn!o]

Peleon: unfortunately we won't. Starforce protection, like all other CD protections, doesn't allow to use it on your own. You have to use server-like wizard and protect your files online. It's a good idea indeed.

Niom: I see you know the structure of Starforce . That's very good, but prodrv06.sys and prohlp02.sys don't count in this game because they stay untouched (in original form). If you know Starforce basis then you should know that it contains other very important file. Tell me which one? .

Regards.

hehe some dll come into my mind

if they have done it that way they really had to spend a lot of time
reversing it and patching it against all this paranoiac checks SF uses...

[niom]

Quote:

Originally Posted by dyn!o

If you know Starforce basis then you should know that it contains other very important file

theres always a protect.dll which contains usermode protection stuff, but you said that you have used original binaries ?!

and you said

Quote:

Originally Posted by dyn!o

it's wiser to find an generic idea like Starforce engine cracking. Then, one crack can work for many StarForce protected games.

thats why i thought the drivers were patched (because they are the only common sf3 component)

or do i miss something?

[dyn!o]

Nice shot.

Every Starforce protected soft contains protect.dll. Last months Starforce freaks are trying to mess a little by changing its name (for instance: protect.dll in Xpand Rally is named xpandrally.bin). I don't know why and I don't know what do they count for.

Niom: Let's see what I wrote:

"...I have loaded original Xpand Rally binaries and it still works..."
I tried to say that the original files (chromeengine2.dll and xpandrally.exe) don't have to be cracked because the modification of xpandrally.bin (protect.dll) was enough.

Drivers are the only common Starforce 3 components? For sure, but don't miss protect.dll.

Regards.

Quote:

Originally Posted by dyn!o

Nice shot.

Every Starforce protected soft contains protect.dll. Last months Starforce freaks are trying to mess a little by changing its name (for instance: protect.dll in Xpand Rally is named xpandrally.bin). I don't know why and I don't know what do they count for.

They've been doing that forever. It's up to the developer to decide what to rename it to. The dll itself still reports itself as 'protect.dll' in its export table.

Quote:

Originally Posted by dyn!o

Niom: Let's see what I wrote:

"...I have loaded original Xpand Rally binaries and it still works..."
I tried to say that the original files (chromeengine2.dll and xpandrally.exe) don't have to be cracked because the modification of xpandrally.bin (protect.dll) was enough.

Drivers are the only common Starforce 3 components? For sure, but don't miss protect.dll.

Regards.

Then the crack is not as interesting (even though it is still impressive) protect.dll changes from game to game - the same effort that was put into this particular game will have to be repeated on others. A driver crack, if it existed, would activate all other games too... which is probably why niom got interested

Quote:

Originally Posted by dyn!o

I have never heard about uncracked software (including game), did you?

Yes, try to find some workaround for game Beyond Divinity (second part of the great game Divine Divinity) and I am not talking about that solutions that you mentioned in your first post like unplugging ide cables of CD-ROM drive...
I have been searching for other solution for some time but without any success..
It would be great of Ultima release some info about their method but I think they won't cause it should help the developers to improve SF3.. and this is probably the reason why were stopped some projects like SafeDisc v1 & v2 generic unpackers..
Regards.

[dyn!o]

"Then the crack is not as interesting (even though it is still impressive) protect.dll changes from game to game - the same effort that was put into this particular game will have to be repeated on others.��

With all respect, Doug:

In some previous post I suggested that maybe we should avoid so brave statements . Let��s assume some ExeTools member, who really want to learn Starforce internals, will read that protect.dll ��changes from game to game�� and it��s not interesting. Let��s try to become himself for a while: I would like to learn how to crack Starforce (this is just an example), I also see some team did it without modifying protected game files. I am pretty interested because if it works then, maybe, I will be able to learn the same trick and gain additional knowledge (invaluable if I want to know how the protections works and how they can be defeated). Unfortunately I read the following sentence: ��the crack is not as interesting�� ��protect.dll changes from game to game�� and think: ��damn, I just thought it could be what I am searching for, but this guy proved it is not��. What��s next? Ehh, you know. Are we here to learn or get discouraged? I will tell you something: when I was beginning my experience with PC software protections, I was totally out of help. I have been trying to contact some teams and even single crackers with the same kind request: ��please help me and tell me where should I begin, what should I read, what should I try to crack at first����. I have sent tens of emails. Guess how many answered? None. That made me wonder if the scene is really worth such an effect-less effort and if crackers do want to help each other, at least a little. I started to learn myself by completely partisan-like way, without knowing even trivial things like executable compressors (I didn��t know they exists and was wondering long weeks why process memory differs from executable content! He he�� good old times).

But let��s go into the details and render some logic estimations.
We have a problem called ��protect.dll��. Also we have a sentence: "A driver crack, if it existed, would activate all other games too...��. I will try to prove it was a too brave statement too . Protect.dll �C you have written that it ��changes from game to game�� - have you wondered why? Tell me. ��A driver crack�� ��would activate all other games���� �C I am sorry to say you are wrong. Have you wondered why Starforce drivers do not have to change on each game? If you don��t know then think about their purposes. Problems? I will help you: tell me which file is the only critical for Starforce security? If you know then tell me if a driver based Starforce crack, in your opinion, really would be able to defeat other games? And now, after those inferences, please tell me if ��the crack is not as interesting��? Really?

"It would be great of Ultima release some info about their method but I think they won't cause it should help the developers to improve SF3��
Well said, but Starforce developers are skilled enough to discover this trick by downloading discussed relase.

Regards.

<sigh>

They did modify the protected files, protect.dll has been patched. Where do you think the cd-check is?

I don't believe in your psychological argument of "getting discouraged" by a post on a forum. If you really want to crack the protection, that's not the kind of thing that you worry about.
Besides, if you really do get discouraged by what I said, then it's probably better this way; you wouldn't have been able to crack it anyway. You don't learn to crack any serious protection overnight.

BTW, e-mailing groups for help is never going to work.. that's like e-mailing Microsoft, asking how they programmed feature X,y,z.. they won't tell you.. Groups are competing (against other groups & protections) and keep the knowledge for themselves.


You did not understand what I said about the drivers. I am well aware of what they are doing, and they are playing an *ESSENTIAL* part in the protection.
For example, they are responsible for (but not limited to):
- heavy anti debugging
- all ring3 and ring0 hooking (ex: S-F virtual file system, anti-emulation)
- ...

*From the assumption that the crack was driver-based*, then all games would be unlocked:
The drivers are generic and backward compatible. Since a driver must work on gameX & gameY without change, cracking the driver for gameX means gameY also works.
That's all I said. You can't just cut what I say in the middle and then draw bogus conclusions.

If you really know how the driver works, then tell me how the ring-0 anti- NTice works.
Start your reasoning from ring-3 protect.dll all the way to the point the ring-0 check occurs.

Btw, Ultima hooked the starforce VM function table.. (largely responsible for the interpreter's behavior) hats off to them for that. They also seem to know pretty damn well the p-code instructions because they know what to do when the script is at particular places...
This is not a new idea, but I haven��t seen anyone use it in a crack, because as soon as you do, you let everyone (including star-force) know how you cracked their protection. As I stated above, generally people want to avoid doing this simply because the protection is going to change now that the information is available.