CS.RIN.RU - Steam Underground Community :: View topic - on the verge of cracing at least i hope so

Hey Hellboss have you any experience
with debuggers/disaassemblers ? (cracking etc)
I've been peeking around (mostly steam.dll) for intereesting stuff..
and the code sections responsible for the Blob files & Ticket warnings look interesting

for example this string reference..

Text strings referenced in Steam(or:.text, item 6652
Address=201754E9
Disassembly=PUSH Steam(or.202C6564
Text string=ASCII "Throwing out expired ticket for %s"

or

Text strings referenced in Steam(or:.text, item 6659
Address=201757BF
Disassembly=PUSH Steam(or.202C6744
Text string=ASCII "Clearing content tickets for %s"

and

Text strings referenced in Steam(or:.text, item 6662
Address=20175B56
Disassembly=PUSH Steam(or.202C6764
Text string=ASCII "Clearing TGT and passphrase for %s"

Im trying to see if i can come up with my own ppatcher offsets..
you may be interested in having a look (if you arn't alredy doing so)
Oh and im currently using OllyDbg for inspecting the .dll

Author:	Dreamgun [ Thursday, 20 Jan 2005, 16:41 ]
Post subject:
anti-life wrote: Wow, is this forum over-packed with noobs (sorry for being rude) There is no "Solution" yet... YES is the answer to your question, Only person that has usefull posts is pretty much hellboss.

Author:	SniperSc0pe [ Thursday, 20 Jan 2005, 16:43 ]
Post subject:
lol and dred+ remix... and sum other ppl ^^

Author:	.cue [ Thursday, 20 Jan 2005, 16:49 ]
Post subject:
Hey Hellboss have you any experience with debuggers/disaassemblers ? (cracking etc) I've been peeking around (mostly steam.dll) for intereesting stuff.. and the code sections responsible for the Blob files & Ticket warnings look interesting for example this string reference.. Text strings referenced in Steam(or:.text, item 6652 Address=201754E9 Disassembly=PUSH Steam(or.202C6564 Text string=ASCII "Throwing out expired ticket for %s" or Text strings referenced in Steam(or:.text, item 6659 Address=201757BF Disassembly=PUSH Steam(or.202C6744 Text string=ASCII "Clearing content tickets for %s" and Text strings referenced in Steam(or:.text, item 6662 Address=20175B56 Disassembly=PUSH Steam(or.202C6764 Text string=ASCII "Clearing TGT and passphrase for %s" Im trying to see if i can come up with my own ppatcher offsets.. you may be interested in having a look (if you arn't alredy doing so) Oh and im currently using OllyDbg for inspecting the .dll

Author:	Silent~ [ Thursday, 20 Jan 2005, 17:04 ]
Post subject:
What would happen if you searched for those offsets within steam.dll and either patched the operation or did some nop action!? Steam is filtering accounts that currently have no games on them. I do believe the blob file contains all the directory and file info. Is there any encrypted strings within the file?

Author:	monsterPlanetHL [ Thursday, 20 Jan 2005, 17:59 ]
Post subject:
the blog updates everytime you connect to a server now. good luck.

CS.RIN.RU - Steam Underground Community http://cs.rin.ru/forum/

on the verge of cracing at least i hope so http://cs.rin.ru/forum/viewtopic.php?f=31&t=9953	Page 2 of 3

Author:	ColdFusioN [ Thursday, 20 Jan 2005, 19:41 ]
Post subject:
yes we are n00bs but we have problems too how can u expect us to STFU lol when weve all been n00bs? lol h3lllboss goooo for now im just trying the crack steam exploit with the blob dling my games again..see if it wks btw, why do the source games not wk but hl1 gqames wks?

Author:	d1rekt [ Thursday, 20 Jan 2005, 19:51 ]
Post subject:
monsterPlanetHL wrote: you guys should come chat, and brainstorm live with the reast of us. Wheres chat?

Author:	ryn_101 [ Thursday, 20 Jan 2005, 20:10 ]
Post subject:
in forums....

Author:	Hideko [ Thursday, 20 Jan 2005, 20:37 ]
Post subject:
well no the blob cant have an active directory watch otherwise no one with a cracked game could play...even with a legit account. its got something to do with the account and that time stamp issue looks interesting...im usign my legit account and i can still play cs:s no problem...my fake gets the expiry error...hrm...

Author:	SirArthur [ Thursday, 20 Jan 2005, 22:14 ]
Post subject:
Cue wrote: Hey Hellboss have you any experience with debuggers/disaassemblers ? (cracking etc) I've been peeking around (mostly steam.dll) for intereesting stuff.. and the code sections responsible for the Blob files & Ticket warnings look interesting for example this string reference.. Text strings referenced in Steam(or:.text, item 6652 Address=201754E9 Disassembly=PUSH Steam(or.202C6564 Text string=ASCII "Throwing out expired ticket for %s" or Text strings referenced in Steam(or:.text, item 6659 Address=201757BF Disassembly=PUSH Steam(or.202C6744 Text string=ASCII "Clearing content tickets for %s" and Text strings referenced in Steam(or:.text, item 6662 Address=20175B56 Disassembly=PUSH Steam(or.202C6764 Text string=ASCII "Clearing TGT and passphrase for %s" Im trying to see if i can come up with my own ppatcher offsets.. you may be interested in having a look (if you arn't alredy doing so) Oh and im currently using OllyDbg for inspecting the .dll I'd already change everything to force Steam.dll to get a "Valid Steam ID Ticket" (since Jump if Zero @ offset 0x20179A49 untill the string reference, so there's no way my Steam.dll gets in the "Death Road" to 0x20179B0F), but that didn't make much. Now I don't get Ticket Expired, but just can connect to any server, it keeps retrying and retrying. I use IDA Pro and Hiew.

Author:	Subach [ Thursday, 20 Jan 2005, 22:17 ]
Post subject:
hey sirarthur post ur modified file i give it a try the site is http://s10.yousendit.com/ upload it to that site

Page 2 of 3	All times are UTC + 3 hours
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/

Author:	monsterPlanetHL [ Thursday, 20 Jan 2005, 18:03 ]
Post subject:
food for thought. Run legit cz account and connect to a cz server. (should update blog) disconnect run steamlauncher.exe (hCUPa) and login with a fake account and try and connect to a css server. if that doesnt work repeat steps but before running steamlauncher set the blog to readonly.

Author:	SirArthur [ Thursday, 20 Jan 2005, 22:22 ]
Post subject:
I'll post both ASM files from original DLL and "miss-cracked" DLL for helping "brain storming". It is useless to post the compiled DLL because it doesn't work. IDA Pro is just re-disasm, will take about 15 min to disasm and load all references for both DLL's

Author:	SirArthur [ Thursday, 20 Jan 2005, 22:55 ]
Post subject:
Here's my Steam_MissCracked DLL ASM (Normal DLL is still disassembling) http://s10.yousendit.com/d.aspx?id=12ET ... H6YVRR8IKD Please note, just download it if you know at least a little of ASM. Otherwise it is nothing more than a 50 Mb text file (3 Mb compressed) with unlegible text. Also don't try to open this file under Windows 9x/ME (those Windows can't allocate memory buffers to manage to read such file). If you're just curious about ASM and you want to peek it, it's a little of it: Code: Select all \| Line number On/Off \| Expand/Contract push ebp mov ebp, esp sub esp, 8 mov eax, [ebp+arg_0] mov dword ptr [eax], 0 push 0 ; lpModuleName call ds:GetModuleHandleA mov [ebp+var_8], eax mov ecx, [ebp+var_8] xor edx, edx mov dx, [ecx] cmp edx, 5A4Dh jnz short loc_402B83 mov eax, [ebp+var_8] cmp dword ptr [eax+3Ch], 0 jnz short loc_402B85 Nice, isn't it