the disc check works by verifying various weak encoded sectors exist and then builds a decryption key, but their exist a couple of 4kb backup keys in memory which can be reinjected, these are then used to form the final 32bit TEA decryption key for decrypting the game code. it was common for people to create loaders that hooked the disc check and injected these keys into memory to create a simple bypass
@@test-rj2vl in CD sectors, 8bits of data are encoded into 14bit streams, know as EFM, eight to fourteen moduluation, this is done to space out the physical pits for readability. a form of copyprotection that safedisc uses is to press discs with a certain data pattern in the sectors that causes issues for CD burners to duplicate this exact pattern 100% but however have the original sectors read ok. so trying to read and write these specially crafted sectors gives drive some issues so they are referred to as weak-sectors :) there are many other kinds of signatures that other copyprotections used but safedisc is know for using this EFM manipulation trick (-: /R.
Watching you debug at such a low level puts me in a calm meditative state. I thoroughly enjoy your practical application of decompiling and debugging to old Windows games. It provides for great storytelling. Many thanks.
I predict that in the future we'll have software archeologists whose sole job is to get old stuff working again. It's crazy how much source code gets lost over time, or how stuff just gets abandoned and you can't use it anymore without some obnoxious requirements (such as having the original 20+ year old CD). Nothing pisses me off more though than companies sitting on source code for ancient games for decades and not doing anything with it because MUH IP.
Agree. I still play Sims 2 nowadays for nostalgic reasons, but with each year the sims 2 community gets increasingly pissed off with EA. The game appears to have tremendous problems on newer systems/OS that render it almost unplayable and no one really knows why. We're at a point now where people are switching to linux just to they can keep playing this game (for some reason none of the problems we see on windows are reproduceable on linux). And EA just does nothing about it, probably because they want us to buy Sims 4. No one is even asking them to spend resources on fixing it, after two decades they could just release the code and let the community handle it themselves.
Ah, that reminds me of when I was removing the SafeDisk protection from EA's Battle for Middle-Earth 1. There it also starts with creating two temp files, which attach to the main process and start debugging it. In the case of BfME1 there were 4 layers of protection: 1. Nanomites (opcodes replaced with 0xcc that trip the SafeDisk debugger and prompt it it to fill them in with the correct opcodes); 2. Scrambled import table (calls to some imports go to one of the two temps, which directs them to to their actual intended destinations); 3. Some opcodes are also replaced with arbitrary calls to the debugger, and when such a spot is hit, SafeDisk replaces them with valid opcodes (stolen bytes); 4. The most grinding part is the final layer. The way it works is that an occasional calculation is made not in the game's process but using special data tables in the SafeDisk protector instead (apparently this one is called SDAPI2). This is a more recent one and might be missing on Sims. But even if it is there, apparently in some games (not the case with BfME1 though) SDAPI2's code is left right in the game's exe from the debug handler, so there it's just about getting those tables and patching the exe to use the code.
Correct me if I'm wrong, but aren't 1 and 3 the same thing? 0xCC is the byte value of the instruction INT 3, which is what's used to break into the debugger. The debugger responds to the interrupt by providing the correct opcode to execute.
@@Acorn_Anomaly, not exactly: in 3 bytes are replaced not with 0xCC but with jumps and calls to the protector - that is, triggering there proceeds not through the debugger mechanism. In fact, I think, 3 was introduced somewhat before 1.
@@damianabregba7476, ah yes, the mass suicide! That's a little trick from inside the game itself. That little 200kb file lotrbfme.exe you start the game with does effectively 2 things: 1. It calls the actual (packed) binary kept in game.dat; 2. It creates a mutex with a particular Id, and the game itself later tries to do the same - if it succeeds, that indicates that the mutex hasn't been created and the protection is hacked or absent. This is recorded, and then in the game the suicide timer is set.
4 дні тому+21
It's so nice to see someone breaking through these measurements.
this is suuuuper interesting as i love ts2 and basically learned how to do some reverse engineering and dll hooking through it! i believe the game might have some more anti-tampering beyond all the cd checks and obfuscation. iirc when the game was new a lot of ppl with cracked copies were reporting not being able to build walls and such, but that was never properly documented.
Also pirates released unofficial patches, for example v1.1 or v1.5 which fixed the above mentioned problems. You can read about it on old Russian forums in old threads that are dedicated to solving problems with the game from the time of its release, FAQ, for example, Playground ru or 3DNews.
Also pirates released unofficial patches, for example v1.1 or v1.5 which fixed the above mentioned problems. You can read about it on old Russian forums in old threads that are dedicated to solving problems with the game from the time of its release, FAQ, for example, Playground ru or 3DNews.
Also pirates released unofficial patches, for example v1.1 or v1.5 which fixed the above mentioned problems. You can read about it on old Russian forums in old threads that are dedicated to solving problems with the game from the time of its release, FAQ.
I rarely leave comments nowadays - but your process was utterly mesmerising, fantastically edited and funny to boot. I hope one day to have this level of capability. Incredible
I think you should do a series of videos (maybe a different channel if you want to focus on this style here) of the tools you use and how you set everything up. This has gotten me rather interesting in RE but I haven't yet found much for getting started.
Funfact: when you have Need for Speed Most Wanted 2005, you can copy the contents of the disc into a folder, then open the ini file and set the demo value to true. That just removes the cdkey question from the installer, because it thinks it's just a demo.
what a banger of a video, I really hope you keep going as reverse engineering old school DRM mechanism is something I dream of being able to do - the only reverse engineering I can do is pull apart private REST APIs...
Hey man, really great video. Not many UA-camrs doing this level of RE. You got this - you have the skills and the insanity factor to see it through. You must be slightly insane to be a good RE/VR person
This is good content. These skills are on increasing demand when it comes to game preservation as there's ever growing number of old games you can no longer play either due to servers being shut down or because they require some patches to work on modern systems etc.
just think, if they hadn't spent weeks of developer work adding obfuscation algs and copyright checks many people just bypassed anyway, maybe those engineers could have been building cool stuff instead of installers.
Nathan, never stop these brilliant videos. I mainly program in Java and JS, so it's just great to see all this low-level C++, reverse engineering, tweaking executables etc. Fascinating seeing how these devs built these executables and then how you get around them.
I'm interested in one thing: from my very limited experience, I know that "patches", cracks and other such tools can trigger anti-virus software because they mess with the original binaries, inject their own data into memory, etc. How come this original executable doesn't bother antivirus? From my perspective, all this obfuscation and shifting code in the libraries looks very much like the code usually found in patches.
Coming from a cybersec background, behaviors like the ones employed here (dropping PE files, cross-process debugger attachment with an unexpected parent-child process relation, writing to executable memory regions, packed code) would definitely trip up a modern day EDR that is inspecting behavioral patterns. You'd be surprised as to how many modern DRM/anti-piracy/anti-cheat mechanisms employ behavioral patterns that resemble malware (or vice-versa) and are typically whitelisted (usually by the vendor) in EDRs/AVs through file hash or certificates.
Indeed - The most common cause of a "false positive" is from various patchers that affect memory of other applications (which is something nasty tools can do, but obviously also entirely necessary for the ones that you DO want to do such)
Super knowledgeable video and at the perfect pace where it's not too slow that I'm falling asleep or too fast that I have no clue what's going on. Entertaining & educational, love it. Subbed.
Love your channel and love reversing! It's such an amazing puzzle to solve that involves entering the mind of the puzzle creator to be able to finish it :D
I don't keep track but I think this was probably in the ball park of 100 hours for the technical content. Plus then script writing, filming, editing and thumbnail design
the only thing this codebase is missing is one of obfuscators that generates a massive hedgemaze of meaningless comparisons, jumps, and dead ends that you have to step through manually in a debugger, and the last thing it does is overwrite its own function address to bypass the hedgemaze on subsequent calls
You would have been a menace back in the early 2000s. I really love these videos not only from an engineering and hacking standpoint, but it's really encouraging to see that with enough knowledge and dedication, game preservation is technically accessible to anyone who's willing to put in the time and effort.
For sure the running another process that attaches itself as a debugger was a common tool in the 90s and 2000s PC game developer toolkit. Worked at a couple studios where people mentioned doing that.
Maybe a no cd patch that were available some games in the past? Wonder if you can reverse those if existed and see what would be the difference in that syscall you mentioned for the disc reader
I know the feeling of spending a lot of time on a project but still not reaching the intended happy end. It can definitely be tough releasing a video covering such a result so I want to thank you for releasing this video anyway.
I remember those old H20 and AiR releases that said in some cases software performance was increased dramatically when encryption and obscurification was removed. Interesting but kinda sad that they have to build such mechanisms in the first place. It must be a software company’s dream when they only offer a cloud based service.
I don't work on low level stuff so if I wanted to fully understand what's going on I would have to pause every 3 seconds... but that's what actually awesome about your presentation: you are able to completely narrate what you are doing and don't dismiss any step with some magic handwaving. If I had seen this video 20 years ago it might've driven me more into the cracking scene just for shits n giggles. Your videos are a beautiful amalgam of tutorial and storytelling. Thank you.
I thought this was gonna be some regular Sims 2 piracy tutorial video, seriously impressive work. One of the most consequential games of all time doesn't deserve to be lost.
This was brilliant, well done! These videos are basically everything I was trying to figure out as a teenager but with 100x the skill I had! Loving these. Your coffee advert was also great 😁
Oh my god. I love your videos as i am a developer myself, but holy hell i think if i tried to even follow your steps in this video, it would take me like a year to get to the point you got to here :D Awesome to see how you can figure out how the protections work and how to manipulate them. I would be so happy if i could generate keys to some old games with my self-made keygen :D Hope you keep doing these types of videos!
I love your work sir, It's fascinating to see such tools in the hands of a maestro! I've played with Ghidra myself a little, updating some older Cheat engine tables for an older titles that hasn't been updated in a while, definitely cathartic work! Would you say that the Sys Internals monitor is the best tool for seeing what process-external access an exe makes? Or might there be better tools, if one is prepared to take the time? In the long term,. what I would love to have is a sort of modified Windows sandbox, that ostensibly lets me run any old windows app as normal, but with the added bonus of keeping an eye on everything, writes, reads, handles, regkeys etc, calls that a process makes, Especially in the case of using 'no-cd' cracks for titles that I do own, but like you, don't have easy access to any kind of optical drive, I also want as much performance as possible, running the entire game from nvme, which even on a pretty modern machine like mine (12th gen i7, 20 cores, 16gb ram, RTX3070TI, but some games like the older 40k Dawn of Wars, can still hand out a lot of punishment, especially (and the same problem with many older titles) getting the games to run at 4k, its clear that such resolutions were just a dream in those developers eyes, and seemingly have very different optimisation requirements, might even just be down to something as simple as moving reserved memory for off-screen buffering, is quite a lot of RAM for a 4K screen and does indeed require different coding strategy! Any suggestions for tools that would help me would be very kindly received, especially as I am currently covid quarantined and somewhat at my wits end for keeping myself entertained! Thank you so much for your content and the work you put it, one of my absolute favourite channels of this nature - You should write and sell a course, Sir!
The devs were serious on protecting the game. This was an amazing effort by you, I can only imagine how many hours you must have spent debugging this. Fantastic work!
2:44 whenever seeing something like this, you just have to remember compilers are crazy, and the decompiler could be slightly wrong. It could even be an inlined implementation of a version of memcpy.
Will say that when they were delisting it they actually upgraded everyone who owned at least the base version of The Sims 2 to the Ultimate Version with all the DLC and did the same thing for anyone who had the game physically and had a CD Key for it (it's how I got The Sims 2 on Origin.). So that was actually pretty cool of EA.
I've been doing some firmware reversing with Ghidra lately and I just wanted to say how vindicated I feel watching these videos. That moment when you open a subroutine and it's like 500 lines of loop unrolled compiler optimized garbage (or in this case hand obfuscated garbage) 😂🔫 cheers though great video
We’re really blessed with a lot of smart people fixing the game at this point. My only complaint is that the UI just doesn’t fit on anything over 720, and even on a 2k display everything looks like it’s for ants
I was convinced they still had it available as I just downloaded it from EA play last week. Dammit EA, the game is amazing, it deserves to be preserved
Process Monitor itself has the 64bit version inside it. If you run the 32bit and it sees you're on 64bit, it unpacks that and runs it. And here's me dreaming of being able to code my own cracks. Looking at this, jesus! That would never happen. Once you're done, watch the AV software come along and delete your exe as malware as they do with most cracks and keygens even when they have no infections.
Thank you for your work I love your content ! ❤ I'm myself a junior software engineer and I'm really interested in reverse engineering, but I'm not sure how I could acquire such a skill level 😅 Do you have any recommendations for learning RE, like programs, courses or roadmaps etc... ?
11:27 oh i have the same case but mi9ne is without the glass :D i know that fractal has some les expensive case that can have 1 or 2 bays for dvd/cd :D love this kind of videos from you :D i hope you can perhaps make it work on win10/11 some day hehe :D
interesting you tried this with the base game and not literally any of the expansions instead, like apartment life or mansion and garden stuff, which technically isn't an expansion but it functions like one
@@CrAzYpotpie It's true that piracy would still happen between those who aren't up for paying for the product. I more so meant that it gives a way to obtain it without having to proceed to illegal tactics. I know my words weren't exactly precise. It was just meant to be a short way of saying it.
@@harasen_haras5 It's no problem, I apologize for my confusion, I assumed you merely didn't understand. I agree that it would be wise for EA to provide a way to still purchase these games, but they are probably not too invested in having to hire a team to bring it up to date with more modern systems for it to be worth it for them in the end, financially. It also just adds more competition with their latest Sims, which I assure you they have no interest in doing. Long live piracy for keeping the game alive.
"I've attached a debugger and now I get a new message warning me, that I got a debugger attached". Lmao. I love it when coding adventures become slightly convoluted. Though I would admittedly trade it in for a world without any DRM at all.
Actually, EA gives it for free, just contact customer support. They will give you the ultimate collection for free. If you are a Mac user you can buy the Super Collection.
Most definitely the most impressive show of skill yet. Extremely interesting to see all the anti re techniques used!
Thanks for the kind words (:
Very impressive
Really need more people like Nathan. There are so many games & softwares that otherwise would get lost to time.
the disc check works by verifying various weak encoded sectors exist and then builds a decryption key, but their exist a couple of 4kb backup keys in memory which can be reinjected, these are then used to form the final 32bit TEA decryption key for decrypting the game code. it was common for people to create loaders that hooked the disc check and injected these keys into memory to create a simple bypass
I was hoping someone would come along and fill in the blanks, thanks!
@@nathanbaggs Will you now continue with that new knowledge?
What is weak encoded?
@@test-rj2vl in CD sectors, 8bits of data are encoded into 14bit streams, know as EFM, eight to fourteen moduluation, this is done to space out the physical pits for readability.
a form of copyprotection that safedisc uses is to press discs with a certain data pattern in the sectors that causes issues for CD burners to duplicate this exact pattern 100% but however have the original sectors read ok.
so trying to read and write these specially crafted sectors gives drive some issues so they are referred to as weak-sectors :)
there are many other kinds of signatures that other copyprotections used but safedisc is know for using this EFM manipulation trick (-: /R.
@nathanbaggs Part 2 please
Watching you debug at such a low level puts me in a calm meditative state.
I thoroughly enjoy your practical application of decompiling and debugging to old Windows games. It provides for great storytelling. Many thanks.
Thanks!
Best game in the series and they bury it like it never existed.
They released it for free with all dlcs when sims 4 released or sth like that. I can download it from the EA launcher
It being so great makes their lovely Sims 4 look pathetic, so they buried it in their golden era graveyard alongside SimCity 4
It’s also been available on the Mac App Store for an entire decade.
@@SpeeDimIt was a limited time offer. You can't do that anymore. They only did it at all since they went whole hog on the now dead Origin
now we can have it
issa blessing
I predict that in the future we'll have software archeologists whose sole job is to get old stuff working again. It's crazy how much source code gets lost over time, or how stuff just gets abandoned and you can't use it anymore without some obnoxious requirements (such as having the original 20+ year old CD). Nothing pisses me off more though than companies sitting on source code for ancient games for decades and not doing anything with it because MUH IP.
Agree. I still play Sims 2 nowadays for nostalgic reasons, but with each year the sims 2 community gets increasingly pissed off with EA. The game appears to have tremendous problems on newer systems/OS that render it almost unplayable and no one really knows why. We're at a point now where people are switching to linux just to they can keep playing this game (for some reason none of the problems we see on windows are reproduceable on linux). And EA just does nothing about it, probably because they want us to buy Sims 4. No one is even asking them to spend resources on fixing it, after two decades they could just release the code and let the community handle it themselves.
Ah, that reminds me of when I was removing the SafeDisk protection from EA's Battle for Middle-Earth 1. There it also starts with creating two temp files, which attach to the main process and start debugging it. In the case of BfME1 there were 4 layers of protection:
1. Nanomites (opcodes replaced with 0xcc that trip the SafeDisk debugger and prompt it it to fill them in with the correct opcodes);
2. Scrambled import table (calls to some imports go to one of the two temps, which directs them to to their actual intended destinations);
3. Some opcodes are also replaced with arbitrary calls to the debugger, and when such a spot is hit, SafeDisk replaces them with valid opcodes (stolen bytes);
4. The most grinding part is the final layer. The way it works is that an occasional calculation is made not in the game's process but using special data tables in the SafeDisk protector instead (apparently this one is called SDAPI2). This is a more recent one and might be missing on Sims. But even if it is there, apparently in some games (not the case with BfME1 though) SDAPI2's code is left right in the game's exe from the debug handler, so there it's just about getting those tables and patching the exe to use the code.
Correct me if I'm wrong, but aren't 1 and 3 the same thing?
0xCC is the byte value of the instruction INT 3, which is what's used to break into the debugger. The debugger responds to the interrupt by providing the correct opcode to execute.
I remember playing bfme on multiplayer and game deciding after few minutes to loose the whole game. Is the last part the reason for it?
Interesting insight thanks! I definitely saw the first layer you mentioned during this (although I didn’t know they were called nanomites)
@@Acorn_Anomaly, not exactly: in 3 bytes are replaced not with 0xCC but with jumps and calls to the protector - that is, triggering there proceeds not through the debugger mechanism. In fact, I think, 3 was introduced somewhat before 1.
@@damianabregba7476, ah yes, the mass suicide! That's a little trick from inside the game itself. That little 200kb file lotrbfme.exe you start the game with does effectively 2 things:
1. It calls the actual (packed) binary kept in game.dat;
2. It creates a mutex with a particular Id, and the game itself later tries to do the same - if it succeeds, that indicates that the mutex hasn't been created and the protection is hacked or absent. This is recorded, and then in the game the suicide timer is set.
It's so nice to see someone breaking through these measurements.
this is suuuuper interesting as i love ts2 and basically learned how to do some reverse engineering and dll hooking through it!
i believe the game might have some more anti-tampering beyond all the cd checks and obfuscation. iirc when the game was new a lot of ppl with cracked copies were reporting not being able to build walls and such, but that was never properly documented.
Also pirates released unofficial patches, for example v1.1 or v1.5 which fixed the above mentioned problems. You can read about it on old Russian forums in old threads that are dedicated to solving problems with the game from the time of its release, FAQ, for example, Playground ru or 3DNews.
Also pirates released unofficial patches, for example v1.1 or v1.5 which fixed the above mentioned problems. You can read about it on old Russian forums in old threads that are dedicated to solving problems with the game from the time of its release, FAQ, for example, Playground ru or 3DNews.
Also pirates released unofficial patches, for example v1.1 or v1.5 which fixed the above mentioned problems. You can read about it on old Russian forums in old threads that are dedicated to solving problems with the game from the time of its release, FAQ.
I knew I'd be seeing you in the comment section of this video xD
incredible work -- I love your levels of deep and reasoning on how you're figuring things out. Really impressive
I don’t know 80% of what you are doing but I like the logical approach you take to solve the issue.
I rarely leave comments nowadays - but your process was utterly mesmerising, fantastically edited and funny to boot. I hope one day to have this level of capability. Incredible
I think you should do a series of videos (maybe a different channel if you want to focus on this style here) of the tools you use and how you set everything up.
This has gotten me rather interesting in RE but I haven't yet found much for getting started.
I’ve toyed with the idea of a second channel but I’ll probably do something like this on livestream and cut it up into a video after
Funfact: when you have Need for Speed Most Wanted 2005, you can copy the contents of the disc into a folder, then open the ini file and set the demo value to true. That just removes the cdkey question from the installer, because it thinks it's just a demo.
Ha! An EA game.. i knew it because of the temporary binary file. 🤪
what a banger of a video, I really hope you keep going as reverse engineering old school DRM mechanism is something I dream of being able to do - the only reverse engineering I can do is pull apart private REST APIs...
Thanks for the support
Hey man, really great video.
Not many UA-camrs doing this level of RE. You got this - you have the skills and the insanity factor to see it through.
You must be slightly insane to be a good RE/VR person
I do a bit of assembly debugging at work, but your videos are so next level. Great to see you attack an actual keygen and copy protection. Godlike.
2 minutes in. Nate picks option 4! I was hoping for a keygen, and you deliver! You are doing a great job with your videos brother!!!
This is good content. These skills are on increasing demand when it comes to game preservation as there's ever growing number of old games you can no longer play either due to servers being shut down or because they require some patches to work on modern systems etc.
For anyone wondering what the music at 15:14 is, it's "First Volley" from the Sims 2 OST
just think, if they hadn't spent weeks of developer work adding obfuscation algs and copyright checks many people just bypassed anyway, maybe those engineers could have been building cool stuff instead of installers.
Nathan, never stop these brilliant videos. I mainly program in Java and JS, so it's just great to see all this low-level C++, reverse engineering, tweaking executables etc. Fascinating seeing how these devs built these executables and then how you get around them.
That QR code was real slick buddy
I'm interested in one thing: from my very limited experience, I know that "patches", cracks and other such tools can trigger anti-virus software because they mess with the original binaries, inject their own data into memory, etc. How come this original executable doesn't bother antivirus? From my perspective, all this obfuscation and shifting code in the libraries looks very much like the code usually found in patches.
Anti-virus is probably more interested in signatures in the actual exe files. So they might not pick up on runtime functionality
AV signature likely contains some whitelist, for safe but obusecated code
Coming from a cybersec background, behaviors like the ones employed here (dropping PE files, cross-process debugger attachment with an unexpected parent-child process relation, writing to executable memory regions, packed code) would definitely trip up a modern day EDR that is inspecting behavioral patterns. You'd be surprised as to how many modern DRM/anti-piracy/anti-cheat mechanisms employ behavioral patterns that resemble malware (or vice-versa) and are typically whitelisted (usually by the vendor) in EDRs/AVs through file hash or certificates.
Indeed - The most common cause of a "false positive" is from various patchers that affect memory of other applications (which is something nasty tools can do, but obviously also entirely necessary for the ones that you DO want to do such)
Super knowledgeable video and at the perfect pace where it's not too slow that I'm falling asleep or too fast that I have no clue what's going on.
Entertaining & educational, love it. Subbed.
Love your channel and love reversing! It's such an amazing puzzle to solve that involves entering the mind of the puzzle creator to be able to finish it :D
How much time do you actually take to understand everything and reverse it successfully? Amazing skill and video!
I don't keep track but I think this was probably in the ball park of 100 hours for the technical content. Plus then script writing, filming, editing and thumbnail design
Are you EMPRESS? Just kidding... amazing video and very entertaining!
the only thing this codebase is missing is one of obfuscators that generates a massive hedgemaze of meaningless comparisons, jumps, and dead ends that you have to step through manually in a debugger, and the last thing it does is overwrite its own function address to bypass the hedgemaze on subsequent calls
It did have something like that but it didn’t really add much to the video (other than being annoying)
Denuvo (custom vmprotect) takes this to the next level with a custom emulator
You would have been a menace back in the early 2000s. I really love these videos not only from an engineering and hacking standpoint, but it's really encouraging to see that with enough knowledge and dedication, game preservation is technically accessible to anyone who's willing to put in the time and effort.
For sure the running another process that attaches itself as a debugger was a common tool in the 90s and 2000s PC game developer toolkit. Worked at a couple studios where people mentioned doing that.
Interesting, thanks!
Downloaded this video in case it gets removed by YT. It's very educational.
Maybe a no cd patch that were available some games in the past? Wonder if you can reverse those if existed and see what would be the difference in that syscall you mentioned for the disc reader
Ox and Dunder sounds like some TV show from the 70s.
I know the feeling of spending a lot of time on a project but still not reaching the intended happy end. It can definitely be tough releasing a video covering such a result so I want to thank you for releasing this video anyway.
Thanks for the kind words. It’s tough not being able to finish something but I hope my videos are more about the journey than the destination
Love these videos, thanks for going down the rabbit hole!! I'm sure you'll get it in the end.
15:20 you forgot to set the kitchen on fire
That’s next video
I remember those old H20 and AiR releases that said in some cases software performance was increased dramatically when encryption and obscurification was removed. Interesting but kinda sad that they have to build such mechanisms in the first place. It must be a software company’s dream when they only offer a cloud based service.
dude, your videos are awesome, a real gold mine, you keep things simple and deep at the same time.
I don't work on low level stuff so if I wanted to fully understand what's going on I would have to pause every 3 seconds... but that's what actually awesome about your presentation: you are able to completely narrate what you are doing and don't dismiss any step with some magic handwaving. If I had seen this video 20 years ago it might've driven me more into the cracking scene just for shits n giggles. Your videos are a beautiful amalgam of tutorial and storytelling. Thank you.
That’s the style I’m going for, glad it comes across!
Incredible show of skills and knowledge, I don't pretend to understand half of what's going on but my brain likes it and wants more!
Great video, loved the deep dive 👍
15:41 I fully expected that code to take me straight to a Rickroll. Pleasantly surprised; +5 points for subtlety!
Your videos are really helpful and enjoyable even if u are talking about hard "subjects", thankyou for ur hard work.
Wait so you lost? Noooo finish this. I want to see victory royal.
I don't think I've ever seen him finish a project in these vids. It's odd.
Depending on how you look at it, there were plenty of wins in it
I thought this was gonna be some regular Sims 2 piracy tutorial video, seriously impressive work. One of the most consequential games of all time doesn't deserve to be lost.
Thank you Mr. Baggs
You’re welcome
This was brilliant, well done!
These videos are basically everything I was trying to figure out as a teenager but with 100x the skill I had! Loving these.
Your coffee advert was also great 😁
I like seeimg the proces of what it was like to crack a 20 year old game. This is a true nerd channel.
Oh my god. I love your videos as i am a developer myself, but holy hell i think if i tried to even follow your steps in this video, it would take me like a year to get to the point you got to here :D Awesome to see how you can figure out how the protections work and how to manipulate them. I would be so happy if i could generate keys to some old games with my self-made keygen :D Hope you keep doing these types of videos!
I love your work sir, It's fascinating to see such tools in the hands of a maestro! I've played with Ghidra myself a little, updating some older Cheat engine tables for an older titles that hasn't been updated in a while, definitely cathartic work! Would you say that the Sys Internals monitor is the best tool for seeing what process-external access an exe makes? Or might there be better tools, if one is prepared to take the time?
In the long term,. what I would love to have is a sort of modified Windows sandbox, that ostensibly lets me run any old windows app as normal, but with the added bonus of keeping an eye on everything, writes, reads, handles, regkeys etc, calls that a process makes, Especially in the case of using 'no-cd' cracks for titles that I do own, but like you, don't have easy access to any kind of optical drive, I also want as much performance as possible, running the entire game from nvme, which even on a pretty modern machine like mine (12th gen i7, 20 cores, 16gb ram, RTX3070TI, but some games like the older 40k Dawn of Wars, can still hand out a lot of punishment, especially (and the same problem with many older titles) getting the games to run at 4k, its clear that such resolutions were just a dream in those developers eyes, and seemingly have very different optimisation requirements, might even just be down to something as simple as moving reserved memory for off-screen buffering, is quite a lot of RAM for a 4K screen and does indeed require different coding strategy!
Any suggestions for tools that would help me would be very kindly received, especially as I am currently covid quarantined and somewhat at my wits end for keeping myself entertained!
Thank you so much for your content and the work you put it, one of my absolute favourite channels of this nature - You should write and sell a course, Sir!
So obviously we are going for option 4. Of course we are! You are a legend Nathan!
Loved this video! Genius as always
This was brilliant and I think a service to re history preservation. I’d love to see more of these. Cheers! (:
i freaking love your videos, man. And I've learned so much. I'm a fan for life, brother, keep the hits coming!
Wow, never thought there will be THAT much effort trying to prevent hackers from tampering with the game
Insightful and entertaining as always Baggs. Please post more!
The devs were serious on protecting the game. This was an amazing effort by you, I can only imagine how many hours you must have spent debugging this. Fantastic work!
please try again, this is worth it !
You're wild, dude! The most impressive programming channel ever
Haven't watched yet, but immediate thumbs up for Sims 2. Plenty of memories from that one.
Well I don't respect that kind of mindset at all.
@@CrAzYpotpie Okay?
2:44 whenever seeing something like this, you just have to remember compilers are crazy, and the decompiler could be slightly wrong. It could even be an inlined implementation of a version of memcpy.
engagement for the algorithm - you deserve it Mr. Baggs
Will say that when they were delisting it they actually upgraded everyone who owned at least the base version of The Sims 2 to the Ultimate Version with all the DLC and did the same thing for anyone who had the game physically and had a CD Key for it (it's how I got The Sims 2 on Origin.). So that was actually pretty cool of EA.
Very fun exploration, but a missed chance to recommend watchers to just use The Sims 2 Starter Pack 😉
I've been doing some firmware reversing with Ghidra lately and I just wanted to say how vindicated I feel watching these videos. That moment when you open a subroutine and it's like 500 lines of loop unrolled compiler optimized garbage (or in this case hand obfuscated garbage) 😂🔫 cheers though great video
Good luck!
We’re really blessed with a lot of smart people fixing the game at this point. My only complaint is that the UI just doesn’t fit on anything over 720, and even on a 2k display everything looks like it’s for ants
This both shows your insane skills and also the ones from EA
11:29 did you try saying sudo before trying to insert the disc?
I was convinced they still had it available as I just downloaded it from EA play last week.
Dammit EA, the game is amazing, it deserves to be preserved
Amazing, love the content 😊
I get that you would've descended into madness, but I'd love to see you crack it! Pun intended.
I understood nothing, yet still enjoyed watching the effort.
I love this series you've made about reverse engineering retro games. So cool
Process Monitor itself has the 64bit version inside it. If you run the 32bit and it sees you're on 64bit, it unpacks that and runs it.
And here's me dreaming of being able to code my own cracks. Looking at this, jesus! That would never happen.
Once you're done, watch the AV software come along and delete your exe as malware as they do with most cracks and keygens even when they have no infections.
Yes Windows Defender did delete a few of my patched exe files...
I love watching this, keep up the good work!
I have absolutely no idea what's going on here, yet I watched the whole thing 🙏
Thank you for your work I love your content ! ❤
I'm myself a junior software engineer and I'm really interested in reverse engineering, but I'm not sure how I could acquire such a skill level 😅
Do you have any recommendations for learning RE, like programs, courses or roadmaps etc... ?
11:27 oh i have the same case but mi9ne is without the glass :D i know that fractal has some les expensive case that can have 1 or 2 bays for dvd/cd :D love this kind of videos from you :D i hope you can perhaps make it work on win10/11 some day hehe :D
5:25 i have a love for this
like
i want to honor this idea
Option D is why I SUBBED !
This is insane, when is part 2???
French press is such a waste. For the same amount of coffee in a drip brewer you can have 6 cups.
interesting you tried this with the base game and not literally any of the expansions instead, like apartment life or mansion and garden stuff, which technically isn't an expansion but it functions like one
I like option 4.
I'm a little scared to drink my coffee now
How to avoid piracy: Actually sell the software to those who are interested in it.
That just limits it.
@@CrAzYpotpie It gives players a legal way of obtaining it
@@harasen_haras5 Yes, which doesn't avoid piracy, it just limits it. If you are still confused, I am not sure how to explain it better. Good luck.
@@CrAzYpotpie It's true that piracy would still happen between those who aren't up for paying for the product. I more so meant that it gives a way to obtain it without having to proceed to illegal tactics. I know my words weren't exactly precise. It was just meant to be a short way of saying it.
@@harasen_haras5 It's no problem, I apologize for my confusion, I assumed you merely didn't understand. I agree that it would be wise for EA to provide a way to still purchase these games, but they are probably not too invested in having to hire a team to bring it up to date with more modern systems for it to be worth it for them in the end, financially. It also just adds more competition with their latest Sims, which I assure you they have no interest in doing.
Long live piracy for keeping the game alive.
I literally threw out all my sims 2 collection last week too....
I saw Battlefield 1942 😏
As always, amazing video
"I've attached a debugger and now I get a new message warning me, that I got a debugger attached". Lmao. I love it when coding adventures become slightly convoluted. Though I would admittedly trade it in for a world without any DRM at all.
magic and now off to order some coffee
I have the original version from EA App and it requires me to be online to play this game. How can I bypass it?
Awesome work, man!
10:10 I am receiving a message from future Nathan 😂
Hmmm a new coffee to try!
love these videos from you. keep it up !!!
Some call it pirating, I call it game preservation.
Actually, EA gives it for free, just contact customer support. They will give you the ultimate collection for free. If you are a Mac user you can buy the Super Collection.
awesome! I love your work