EA Won’t Sell This Game - So I Hacked It
Вставка
- Опубліковано 11 лют 2025
- Let's hack The Sims 2
*************************
If you actually want to play The Sims 2 here are some community projects:
github.com/voi...
modthesims.info/
Discord - modthesims.inf...
*************************
Become a member to get early access to videos - / @nathanbaggs
☕ - I also have coffee | 0xcoffee.com - ☕
Tools:
🐉 - Ghidra - github.com/Nat...
🐛 - x64dbg - github.com/x64...
💭 All views are my own 💭
My guy created a Sims 2 keygen in the year 2024. That’s awesome.
Knowing EA, same things should be used in another games
Unlike the obfuscation algorithm
Sounds pretty damn easy if you know what you're doing and rooted your way around past devices.
Did he release it to the public?
@@hectormanuel8360no, as that would violate copyright law
I cannot stress enough how incredible it is to see what would be a completely impenetrable defence for most people being chipped away piece by piece, with excellent explanations and absolutely no filler or nonsense. Awesome stuff.
Thanks!
Yeah... I fixed this problem by opening install.exe from control panel with open as administrator. Annoying but not that complicated. If it were this complex I never would've been able to install it myself.
No stupid intro, no background music, no potates nor salad, just pure meat. You don't see much of content like this nowadays. Appreciated.
Thanks!
@@nathanbaggs I find the yank channels are the worst for that.
Hey wait a minute, what's wrong with potato salad? X)
But I like potato salad
@@nathanbaggs I almost agree, though ngl, a little bit of quiet non distracting background music would honestly make it a bit more enjoyable as it would fill a couple gaps between sentences and would allow for sequences without words to focus on what's happening on the screen without them just being a queit screenshot for a couple seconds would also be great as non stop speaking then hard cut to a 1 or 2 second screenshot can be a bit overwhelming at points
Most definitely the most impressive show of skill yet. Extremely interesting to see all the anti re techniques used!
Thanks for the kind words (:
Very impressive
Really need more people like Nathan. There are so many games & softwares that otherwise would get lost to time.
@@FR4M3Sharma like tears in the rain.
Was he talking about you or the engineers for Sims 2 ;) looks like the succeeded.
I love watching someone do something that they're really good at while absolutely not understanding any of it
i love how in the command line you blurred out the beginning of the key and in the activation dialog you blurred out the other side of the key 😂😂
I've been waiting six days for someone to notice that (:
@@nathanbaggs 😘
@@nathanbaggs man i had to do a double take on that the moment i saw it and it made me lol hahaha
Not supposed to share keys 😏
I saw it the first time xD Thanks, could get handy sometime in the future ;)
Funfact: when you have Need for Speed Most Wanted 2005, you can copy the contents of the disc into a folder, then open the ini file and set the demo value to true. That just removes the cdkey question from the installer, because it thinks it's just a demo.
? really?
@@vasopel i mean they said it was a fact. they wouldn't lie about something like that. no one would :)
@@dumaass I asked because I can't find anything about it on the internet. do you know if it is true or not?
@@vasopel nah, I have no idea. OH SHIT actually I have a friend who might have the og disc. I can go check sometime in the near future :D!!
@@dumaass ;-)
the disc check works by verifying various weak encoded sectors exist and then builds a decryption key, but their exist a couple of 4kb backup keys in memory which can be reinjected, these are then used to form the final 32bit TEA decryption key for decrypting the game code. it was common for people to create loaders that hooked the disc check and injected these keys into memory to create a simple bypass
I was hoping someone would come along and fill in the blanks, thanks!
@@nathanbaggs Will you now continue with that new knowledge?
What is weak encoded?
@@test-rj2vl in CD sectors, 8bits of data are encoded into 14bit streams, know as EFM, eight to fourteen moduluation, this is done to space out the physical pits for readability.
a form of copyprotection that safedisc uses is to press discs with a certain data pattern in the sectors that causes issues for CD burners to duplicate this exact pattern 100% but however have the original sectors read ok.
so trying to read and write these specially crafted sectors gives drive some issues so they are referred to as weak-sectors :)
there are many other kinds of signatures that other copyprotections used but safedisc is know for using this EFM manipulation trick (-: /R.
@nathanbaggs Part 2 please
Watching you debug at such a low level puts me in a calm meditative state.
I thoroughly enjoy your practical application of decompiling and debugging to old Windows games. It provides for great storytelling. Many thanks.
Thanks!
@@nathanbaggs It gave me stress not calm state haha. Maybe because I actually try to follow him
I predict that in the future we'll have software archeologists whose sole job is to get old stuff working again. It's crazy how much source code gets lost over time, or how stuff just gets abandoned and you can't use it anymore without some obnoxious requirements (such as having the original 20+ year old CD). Nothing pisses me off more though than companies sitting on source code for ancient games for decades and not doing anything with it because MUH IP.
Agree. I still play Sims 2 nowadays for nostalgic reasons, but with each year the sims 2 community gets increasingly pissed off with EA. The game appears to have tremendous problems on newer systems/OS that render it almost unplayable and no one really knows why. We're at a point now where people are switching to linux just to they can keep playing this game (for some reason none of the problems we see on windows are reproduceable on linux). And EA just does nothing about it, probably because they want us to buy Sims 4. No one is even asking them to spend resources on fixing it, after two decades they could just release the code and let the community handle it themselves.
There are cracks for pretty much every game out there. The only real problem are the always-online games, like DarkSpore.
@@evest7829 While I advocate for the release of the sources as well, I think they can't do it. With games as large as this, companies often outsource parts of development to many different companies and the final binary is full of code from different sources which can only be sold under the original contract they issued but isn't solely owned (in source form) by EA. So releasing the source code would violate those contracts and open them up to lawsuits. This has been the problem with most of the proprietary software since before the beginning of the millennia.
This is somewhat unavoidable as well if you want to release your game for platforms other than PC (like Sims 2 was), for instance No Man's Sky uses a proprietary PSArc format for storing game assets (which is simply an extended ZIP format), but they'd have to redesign large parts of the game to work without it (and probably other stuff as well) if they ever wanted to release it in source form.
So sadly it turns out to be cheaper to fix issues with newer Windows builds than replace large chunks of the original game to release its sources.
@@evest7829 Linux is better than windows 10 and especially 11 for old pc gaming in general because proton is just so damn good.
@@ytivarg5371 wine has the advantage of being able to implement old buggy syscall implementations without having to care about how doing so would damage modern/future windows systems. Early on Microsoft made backwards compatibility a central tenet which is why despite 2000 having greatly improved encryption of the SAM password file, it would fall back on NT's trivially crackable format for inter-compatibility. The thing is their early APIs were often buggy and could be used beyond the documented specs, game devs would take advantage of this for performance reasons but if MS fixed the bugs it'd break software.
Yes you can emulate older windows versions in a VM but the beauty of wine is that its not an emulator. Not only can they deliberately implement the original buggy functions but they can also improve them, sometimes increasing performance by orders of magnitude. That even extends to program specific fixes that remove some games' horribly inefficient bottlenecks.
I don’t know 80% of what you are doing but I like the logical approach you take to solve the issue.
The devs were serious on protecting the game. This was an amazing effort by you, I can only imagine how many hours you must have spent debugging this. Fantastic work!
I know the feeling of spending a lot of time on a project but still not reaching the intended happy end. It can definitely be tough releasing a video covering such a result so I want to thank you for releasing this video anyway.
Thanks for the kind words. It’s tough not being able to finish something but I hope my videos are more about the journey than the destination
I think it's great that you decided to share this journey in spite of not having reached the end goal of reversing all aspects of the copy protection measures.
There's a lot of very interesting and useful information in this video!
Thank you
Ah, that reminds me of when I was removing the SafeDisk protection from EA's Battle for Middle-Earth 1. There it also starts with creating two temp files, which attach to the main process and start debugging it. In the case of BfME1 there were 4 layers of protection:
1. Nanomites (opcodes replaced with 0xcc that trip the SafeDisk debugger and prompt it it to fill them in with the correct opcodes);
2. Scrambled import table (calls to some imports go to one of the two temps, which directs them to to their actual intended destinations);
3. Some opcodes are also replaced with arbitrary calls to the debugger, and when such a spot is hit, SafeDisk replaces them with valid opcodes (stolen bytes);
4. The most grinding part is the final layer. The way it works is that an occasional calculation is made not in the game's process but using special data tables in the SafeDisk protector instead (apparently this one is called SDAPI2). This is a more recent one and might be missing on Sims. But even if it is there, apparently in some games (not the case with BfME1 though) SDAPI2's code is left right in the game's exe from the debug handler, so there it's just about getting those tables and patching the exe to use the code.
Correct me if I'm wrong, but aren't 1 and 3 the same thing?
0xCC is the byte value of the instruction INT 3, which is what's used to break into the debugger. The debugger responds to the interrupt by providing the correct opcode to execute.
I remember playing bfme on multiplayer and game deciding after few minutes to loose the whole game. Is the last part the reason for it?
Interesting insight thanks! I definitely saw the first layer you mentioned during this (although I didn’t know they were called nanomites)
@@Acorn_Anomaly, not exactly: in 3 bytes are replaced not with 0xCC but with jumps and calls to the protector - that is, triggering there proceeds not through the debugger mechanism. In fact, I think, 3 was introduced somewhat before 1.
@@damianabregba7476, ah yes, the mass suicide! That's a little trick from inside the game itself. That little 200kb file lotrbfme.exe you start the game with does effectively 2 things:
1. It calls the actual (packed) binary kept in game.dat;
2. It creates a mutex with a particular Id, and the game itself later tries to do the same - if it succeeds, that indicates that the mutex hasn't been created and the protection is hacked or absent. This is recorded, and then in the game the suicide timer is set.
You have a great combination of charisma, eloquence and mad skills dude! That was really enjoyable to watch
I miss this era, where you had all sorts of clever obfuscation tricks, oftentimes hand rolled for the specific product. Nowaday those kind of things seem harder to pull off by a single person in a non-unreasonable amount of time, however skilled they might be and however deep into madness they are willing to descend
The Sims 2 was notorious for having other DRM checks throughout the game. If I remember correctly, the base game had a DRM check that blocked build mode and saving. Later expansions had things like students coming back from college classes as zombies (that ended up not being issues, because other cracks caught it before release). Getting the game to launch successfully will not be the "final boss" haha. They switched from SafeDisc to SecuROM with later packs.
The Sims 2 Ultimate Collection and The Sims 2 Store Edition supposedly removed SecuROM and replaced it with an Origin DRM, which may actually be easier to patch. The Store Edition had 2 unique builds from Origin acting as different expansion pack numbers, and later "Collection" discs (University Life Collection, Best of Business Collection, and Fun with Pets Collection) included the Store Edition as well but I haven't checked my discs to confirm if they include SecuROM or use the Origin DRM (I would suspect the former).
You would have been a menace back in the early 2000s. I really love these videos not only from an engineering and hacking standpoint, but it's really encouraging to see that with enough knowledge and dedication, game preservation is technically accessible to anyone who's willing to put in the time and effort.
Normal human: * finding a key in internet *
Programmer:
what a banger of a video, I really hope you keep going as reverse engineering old school DRM mechanism is something I dream of being able to do - the only reverse engineering I can do is pull apart private REST APIs...
Thanks for the support
I rarely leave comments nowadays - but your process was utterly mesmerising, fantastically edited and funny to boot. I hope one day to have this level of capability. Incredible
this is suuuuper interesting as i love ts2 and basically learned how to do some reverse engineering and dll hooking through it!
i believe the game might have some more anti-tampering beyond all the cd checks and obfuscation. iirc when the game was new a lot of ppl with cracked copies were reporting not being able to build walls and such, but that was never properly documented.
Also pirates released unofficial patches, for example v1.1 or v1.5 which fixed the above mentioned problems. You can read about it on old Russian forums in old threads that are dedicated to solving problems with the game from the time of its release, FAQ, for example, Playground ru or 3DNews.
Also pirates released unofficial patches, for example v1.1 or v1.5 which fixed the above mentioned problems. You can read about it on old Russian forums in old threads that are dedicated to solving problems with the game from the time of its release, FAQ, for example, Playground ru or 3DNews.
Also pirates released unofficial patches, for example v1.1 or v1.5 which fixed the above mentioned problems. You can read about it on old Russian forums in old threads that are dedicated to solving problems with the game from the time of its release, FAQ.
I knew I'd be seeing you in the comment section of this video xD
I think I’ve seen you on the Classic Offensive Discord, awesome you got into programming through TS2
It’s such an EA move to slip hidden code just to mess with ppl pirating the game.
2 minutes in. Nate picks option 4! I was hoping for a keygen, and you deliver! You are doing a great job with your videos brother!!!
4:40 I love how he tried to censor the key but ended up censoring the two different parts individually so you can see the full key anyway
He totally didn't do it on purpose
To be honest I don't think you really wanted to play sims2. I think you just enjoy circumventing security measures.
😮💨
*EA the next day*: we have put 3 supreme court suits on you, and don't even think of finding a lawyer, we've taken care of them all.
I do a bit of assembly debugging at work, but your videos are so next level. Great to see you attack an actual keygen and copy protection. Godlike.
Nathan, never stop these brilliant videos. I mainly program in Java and JS, so it's just great to see all this low-level C++, reverse engineering, tweaking executables etc. Fascinating seeing how these devs built these executables and then how you get around them.
I have been running the same version of windows since 2015. I have sims3 with all expansions installed (even the katy perry one). I have all Unreal Tournament games installed, all age of empires games, both black and white games, etc. It's like a dream PC and I never want it to die.
This is going to sound stupid, but you might want to back those up somewhere now that the Internet Archive is out of whack for the time being. Some of us would love to play a good old Sim2's game.
How to avoid piracy: Actually sell the software to those who are interested in it.
That just limits it.
@@CrAzYpotpie It gives players a legal way of obtaining it
@@harasen_haras5 Yes, which doesn't avoid piracy, it just limits it. If you are still confused, I am not sure how to explain it better. Good luck.
@@CrAzYpotpie It's true that piracy would still happen between those who aren't up for paying for the product. I more so meant that it gives a way to obtain it without having to proceed to illegal tactics. I know my words weren't exactly precise. It was just meant to be a short way of saying it.
@@harasen_haras5 It's no problem, I apologize for my confusion, I assumed you merely didn't understand. I agree that it would be wise for EA to provide a way to still purchase these games, but they are probably not too invested in having to hire a team to bring it up to date with more modern systems for it to be worth it for them in the end, financially. It also just adds more competition with their latest Sims, which I assure you they have no interest in doing.
Long live piracy for keeping the game alive.
I’ve always wondered how this was done. I’ve only begun to see this sort of stuff near the end of my degree with a class in Malware reverse engineering. It’s interesting that DRM seems to share a lot similarities to malware in terms of the anti-debug and obfuscation present. Very cool to see an actual context demonstrating how, where, and what the output of these tools is used towards a specific purpose. Extremely cool, thank you!
Would love to see you delve deeper and finish this, I've been cooking up Securom recently myself in the name of patching a broken graphics function in a newer game, and let's just say that SecuROM does one hell of a circus act in it's pre-denuvo days.
EA always cooked up weird stuff, so I'm not surprised at all to see how convoluted this is. Kudos to you!
Guys... there has already been an installer that does all this and you've been able to download it for like, 3 years or more. I was so confused when I saw this cuz I was like "didnt we already do this?". If you search around you can find it, it also has a few necessary mods included.
This either aged like fine cheese or EA was using this as a tutorial on how to rerelease the games
I’m just doing my bit for the sims community
Your ability to succinctly relay a lot of information, at a fast pace, is impressive. A lot of this I don't fully understand, but I found it easy to watch the whole video, and kind of keep up with it.
11:29 did you try saying sudo before trying to insert the disc?
You are completely crazy! All the work you gone through makes one think about those who did all this back in the day to release cracks that more or less all the population on earth downloaded. Really fun to watch, I really enjoyed it! ❤
This is good content. These skills are on increasing demand when it comes to game preservation as there's ever growing number of old games you can no longer play either due to servers being shut down or because they require some patches to work on modern systems etc.
Just discovered your channel man and i'm in love, time to binge the whole lot! Who knew that wry, incessant debugging and reverse engineering are what i needed this close to christmas!
It's so nice to see someone breaking through these measurements.
Brazilian websites have pirating the sims 2 ever since 2007/8, dude
Some call it pirating, I call it game preservation.
incredible work -- I love your levels of deep and reasoning on how you're figuring things out. Really impressive
For sure the running another process that attaches itself as a debugger was a common tool in the 90s and 2000s PC game developer toolkit. Worked at a couple studios where people mentioned doing that.
Interesting, thanks!
trying to make entertainment content from boring codes is absurd. but i just love his commitment and passion to play the sims 2
a true simmer indeed!
I think you should do a series of videos (maybe a different channel if you want to focus on this style here) of the tools you use and how you set everything up.
This has gotten me rather interesting in RE but I haven't yet found much for getting started.
I’ve toyed with the idea of a second channel but I’ll probably do something like this on livestream and cut it up into a video after
This was brilliant, well done!
These videos are basically everything I was trying to figure out as a teenager but with 100x the skill I had! Loving these.
Your coffee advert was also great 😁
Ox and Dunder sounds like some TV show from the 70s.
If people are unsure of trying to get Sims 2 to work - I actually found it really easy to get an iso, key, and then find the QoL mods needed to run this on modern hardware, This is definitely a cool project though. I actually tried asking for a copy direct from EA in 2021 and they refused to provide it, though many people were successful with that method surprisingly.
You can easily download the game, install and play. There is a lot of torrent files on the internet.
2:44 whenever seeing something like this, you just have to remember compilers are crazy, and the decompiler could be slightly wrong. It could even be an inlined implementation of a version of memcpy.
I like your words magic man, I don't understand them but your voice is nice to listen to
For anyone wondering what the music at 15:14 is, it's "First Volley" from the Sims 2 OST
You have a crazy amount of patience man, i start pulling hair out just trying to get sims 2 uc to run on newer windows
Hey man, really great video.
Not many UA-camrs doing this level of RE. You got this - you have the skills and the insanity factor to see it through.
You must be slightly insane to be a good RE/VR person
Some note about these off-brand DVD drives like the one shown on 11:35 for example, these are known to not be as good or reliable compared to the name brand USB drives like Samsung and LG. These "new" drives according to reviews are actually old, salvaged drives. They may be OK for the purposes in the video, but anyone who wants to work with discs should get a name brand DVD or Blu-ray drive such as ASUS, Samsung, and LG to avoid issues especially if ripping discs or burning ISOs. Also, if the disc drive somehow quit working, games that would check the disc would become unplayable without bypassing the disc check.
I guess the pre-SecuROM versions of The Sims 2 (before Deluxe and Bon Voyage) and possibly The Sims Life Stories don't run on Windows 11 or 10 due to SafeDisc? It's different from The Sims and SimCity 4 where an error message shows up if you try to run it (these two games use SafeDisc) which could also be used for Windows Vista, 7, or 8 to tell if you have KB3086255 installed. If the game shows an error message or nothing happens instead of just launching normally, you have the update installed.
sims 2 works fine on windows 11 with the magicpack no disk fix just move it in the folder and it will bypass safe disk
You have singlehandedly forced EA to publish Sims 1 and 2 in store 🤣
I think that's incredible & you're awesome! I could stare at that stuff for years & never figure it out.
The only thing I hate about this channel... is that there aren't more of your videos!
It's so fascinating how many games that I adored from way back when being combined with the stuff I love now, too. A win-win really, but not enough of it!
Love your channel and love reversing! It's such an amazing puzzle to solve that involves entering the mind of the puzzle creator to be able to finish it :D
I have an AMD card and there was a bug in the driver that made the game run at like 2 FPS on Windows 10 and it was never fixed. But It runs great through Lutris/Wine on Linux. And you get the benefit of being able to zip up the entire prefix after you installed all the expansions and never have to go through the long setup process for all of them again! Just unzip your copy of the prefix and go!
Wait so you lost? Noooo finish this. I want to see victory royal.
I don't think I've ever seen him finish a project in these vids. It's odd.
This game has a pretty huge fanbase and a large number of active players. It's still playable and there are other people attempting to solve these problems.
Afaik the game has never been unplayable. I feel zero guilt for downloading patches that fix a game like this after it stops being sold.
Unlike every later title from EA it doesn't have any online DRM so it works just fine with a regular crack. Cracks have been freely shared since the game was new.
I bought Sims 2 and most of the DLC on CD but it was generally easier and more stable to use a pirate's installer because it saved you having to swap discs 35 times whenever you needed to reinstall.
@@SineN0mine3 okay?
3 months later, who'd have known a new version would come out supporting newer versions of Windows.
the only thing this codebase is missing is one of obfuscators that generates a massive hedgemaze of meaningless comparisons, jumps, and dead ends that you have to step through manually in a debugger, and the last thing it does is overwrite its own function address to bypass the hedgemaze on subsequent calls
It did have something like that but it didn’t really add much to the video (other than being annoying)
Denuvo (custom vmprotect) takes this to the next level with a custom emulator
That sounds remarkably like how IFUNC functions work in glibc (the GNU C runtime library used on Linux), except that the hedgemaze is a collection of checks for various hardware, and when it overwrites its own function pointer it chooses an appropriate hardware-optimized version of the function to overwrite it with.
And I just realized that, since the mechanism for writing IFUNC functions lets you specify whatever algorithm you want for picking the replacement function pointer, most of the hard parts of writing this sort of obfuscator (on Linux, anyway) are actually pretty much built into GCC!
100% never seen your content before. I don't code, not even a little. Ok maybe "Hello world". But 10/10 loved the dry humor. It was well timed to. I choked on my tea when you slammed the CD against the tower. Good work
How much time do you actually take to understand everything and reverse it successfully? Amazing skill and video!
I don't keep track but I think this was probably in the ball park of 100 hours for the technical content. Plus then script writing, filming, editing and thumbnail design
@@nathanbaggs having put that effort in across many games now, are you able to reuse the tricks and techniques you've learnt to speed up the process? Or is each game so different you feel like it is starting from scratch? Obviously SafeDisc v2 was a completely unknown entity but when you made the only viable choice and wrote a keygen I figured it'd be much easier having done so before.
Insightful and entertaining as always Baggs. Please post more!
Maybe a no cd patch that were available some games in the past? Wonder if you can reverse those if existed and see what would be the difference in that syscall you mentioned for the disc reader
Gained a subscriber today, with so many channels to keep up with there are only so many channels I want to be subscribed to, and so I base them on how seamlessly they integrate and transition to their sponsorships and this one was great!
15:20 you forgot to set the kitchen on fire
That’s next video
Sims 2 works flawlessly on Mac with the App Store….. until iCloud archive a random core file to the cloud, corrupting the entire game and all your saves. Because the App Store isn’t Steam, there’s no standardized save file backup system.
Did you hear about GOG trying to preserve old game and hacking it to work on modern systems?
2:02 when you said that, keygen music started playing in my mind
That QR code was real slick buddy
Really cool video! I never had the patience to sit and learn how to properly reverse engineer, but you are explaining things clearly enough that I'm able to understand what you are explaining, it's also fun and surprising seeing that maxis/ea code was actually pretty good!
A bit disappointed that you ended up buying the game, I'd have loved seeing you accomplish this without that help, still very impressive!
Ha! An EA game.. i knew it because of the temporary binary file. 🤪
Just found your Channel today and I love it. I see how hard you work and I bow down I could never do what you do. Just a suggestion I think you could get a bigger sub count by making part 2s.
Will say that when they were delisting it they actually upgraded everyone who owned at least the base version of The Sims 2 to the Ultimate Version with all the DLC and did the same thing for anyone who had the game physically and had a CD Key for it (it's how I got The Sims 2 on Origin.). So that was actually pretty cool of EA.
Almost as cool as supporting their games long term and not replacing them with cash grab sequels.
There's still some debate about whether Sims 2 or Sims 3 is the best title in the series (it's Sims 2) but literally everybody knows that it's not 4.
I get genuinely mad every time they announce another broken DLC for Sims 4 knowing that 1. It will over promise and under deliver 2. It WILL break the existing game functions and 3. People will buy it anyway.
The nodding community for Sims 2 was delivering more custom content than EA could ever dream of making themselves and they did that for free. EA couldn't stand the idea of people adding to their own games and now you can buy a fake furniture set for your fake house for a fraction of the price of the real thing ... EA sucks.
@@SineN0mine3bro they literally gave everyone the game. stop being salty you weren't there at the time.
@@polocatfanthen they blocked people from buying the game? Not exactly the greatest thing to do
@@everythingiseconomics9742 just pirate it? they clearly don't care lol
Back in the day i used dos debug to defeat a couple of games copy protection and dabbled around with softice for a bit, but this is next level. Well done, and i hope you continue the fight.
Downloaded this video in case it gets removed by YT. It's very educational.
Great video, loved the deep dive 👍
there is already an installer tool called sims 2 starter pack which includes all of the fixes for modern hardware and windows which an original install won't have and will likely corrupt very quickly
I'm interested in one thing: from my very limited experience, I know that "patches", cracks and other such tools can trigger anti-virus software because they mess with the original binaries, inject their own data into memory, etc. How come this original executable doesn't bother antivirus? From my perspective, all this obfuscation and shifting code in the libraries looks very much like the code usually found in patches.
Anti-virus is probably more interested in signatures in the actual exe files. So they might not pick up on runtime functionality
AV signature likely contains some whitelist, for safe but obusecated code
Coming from a cybersec background, behaviors like the ones employed here (dropping PE files, cross-process debugger attachment with an unexpected parent-child process relation, writing to executable memory regions, packed code) would definitely trip up a modern day EDR that is inspecting behavioral patterns. You'd be surprised as to how many modern DRM/anti-piracy/anti-cheat mechanisms employ behavioral patterns that resemble malware (or vice-versa) and are typically whitelisted (usually by the vendor) in EDRs/AVs through file hash or certificates.
Indeed - The most common cause of a "false positive" is from various patchers that affect memory of other applications (which is something nasty tools can do, but obviously also entirely necessary for the ones that you DO want to do such)
@@nathanbaggswindows defender at least includes a lot of well known freeware and pirated software in islts blacklist. It knows exactly what they are, ut just doesn't want you to have them.
This was so much fun to watch. Would love to see a "dev reaction" from the original game devs around the obfuscation decisions etc. Thanks for the great vid.
Abandonware has no digital rights
This is why I hang out at the cemetery
"Abandonware," a term with such broad meaning to every individual person that it has no real use at all. It definitely isn't recognized in any US law in any positive way for those who want that to mean anything is a-okay to do with the material. I've seen people say that the instant Nintendo removes the ability to purchase one of their old games, that it becomes abandonware, even if Nintendo plans to make it purchasable the following week on a new storefront. Greedy entitled people with no brain ruining words, as usual.
@@CrAzYpotpiein this particular case EA has released the binaries publicly, It's extremely unlikely that they'd be able to commence legal action considering the actions they've taken, inlcuding press statements encouraging players to try it for free, releasing the game files as downloadables and discontinuing support.
There's no legal precedence to say that abandon ware is a real thing, but a company has to show that they intended to sell and profit from their IP if they want to pursue pirates wuth legal action.
I think it's pretty safe to say that if this particular flavour of game piracy were going to be illegal that at least one publisher would have tried to sue by now.
In general these big companies do very well from copyright disputes, even when they wouldn't win in court they often get their way due to settlement agreements.
My expectation is that EA's lawyers have assessed the situation and decided there wasn't a chance in hell that a reasonable jury would take their side on this matter and so have tried to gain positive publicity by "allowing" piracy.
FYI, if you ever purchased this game in the past, you're entitled to maintain backup copies for personal use. Provided you aren't sharing your copies, you can continue to make copies to replace your backup indefinitely.
That might not be true for all software, but the license on this and most games from the era are lifetime and you're only expected to pay once.
@@drecognis Yes, and it's a term that the majority of people think holds legal value, as in abandonware is okay to do anything with (download freely, upload freely, modify freely,) and I am pointing out how US law doesn't recognize it as such. If you still don't understand, you must further educate yourself.
@@drecognis It isn't a legal concept in any positive way for the end-user in any country that I have heard of. You are free to research it. I understand that will take effort, but I ensure you, knowledge will help you in life.
The 0xcoffee placement must be the best placement i've ever seen. Love your content btw
I've been doing some firmware reversing with Ghidra lately and I just wanted to say how vindicated I feel watching these videos. That moment when you open a subroutine and it's like 500 lines of loop unrolled compiler optimized garbage (or in this case hand obfuscated garbage) 😂🔫 cheers though great video
Good luck!
Super knowledgeable video and at the perfect pace where it's not too slow that I'm falling asleep or too fast that I have no clue what's going on.
Entertaining & educational, love it. Subbed.
Thank you Mr. Baggs
You’re welcome
Could you have mounted the ISO in your hypervisor? That should present it as a physical CD I believe. Great video!
thought sim 2 was crack open like 20 year ago lol
This just reminded me of an insane childhood memory I have, of when I was able to get my first Sims 3 expansion (outdoor living stuff pack). I played on Mac as a kid, and I remember at the install screen, being flabbergasted that all I needed to do was enter one (1) letter into the activation key box and the installer accepted it. To this day I still don't know why 😂
Congrats, you almost recreated what RELOADED did in 2006 ( ͡° ͜ʖ ͡°) Maybe you'll try the second part? It would be faster to compare the patched binary with your "findings" ;) It's not a big deal for a big boy like you, right?
I try to avoid looking at prior art as it’s more fun for me to see what I can figure out by myself
Honestly you are quite good and it’s fun listening to what your doing (even if I have no clue what your talking about most the time) lol. A game you should honestly try and fix that honestly if you did fix it I’d totally use your fix is space empires 5 its a really good 4 x type game but due to its age even a super i9 or ryzen 9 with a 4090 gets like 10 fps in most screens
10:06 Foreshadowing: a literary device in which a writer gives an advance hint of what is to come later in the story
hacked ❌ cracked ✅
¿Por qué no los dos?
@@WillowTitov cracked means making the app free to use by removing the paywall/subscriptions and hacking is just to get database and other things from the app itself by exploiting it
I don't work on low level stuff so if I wanted to fully understand what's going on I would have to pause every 3 seconds... but that's what actually awesome about your presentation: you are able to completely narrate what you are doing and don't dismiss any step with some magic handwaving. If I had seen this video 20 years ago it might've driven me more into the cracking scene just for shits n giggles. Your videos are a beautiful amalgam of tutorial and storytelling. Thank you.
That’s the style I’m going for, glad it comes across!
Classic AAA game dev - the most insane DRM measures in place which ultimately lead to the game being unplayable when this same insanity stops being supported by the OS
Im so jealous of your knowledge. I took C++ in college and that was about the max level my brain could handle for coding. You are on a completely different plane of knowledge
Process Monitor itself has the 64bit version inside it. If you run the 32bit and it sees you're on 64bit, it unpacks that and runs it.
And here's me dreaming of being able to code my own cracks. Looking at this, jesus! That would never happen.
Once you're done, watch the AV software come along and delete your exe as malware as they do with most cracks and keygens even when they have no infections.
Yes Windows Defender did delete a few of my patched exe files...
You're doing great work for games preservation, and I applaud how much effort you've poured into this.