The problem here is the greedy people are crying foul of Vernam's claim of cracking the installer. :tease: You greedy people need to get over it and wait for the 27th and buy the game. Otherwise wait for the crack to be released and sto being such a childish greey baby.

Just a thought!! As I am new to this.

The installation throws out the date error for the 27th July only if you are connected to the internet.

So assuming this, it does not check your system date but the date elsewhere such as the blizzard server.

Maybe we need to look at this if it has not been looked at yet. 

 

Guys what are you going to do after you successfully install the game?Use the lazylauncher or try to hack the serial number?

I found a second reference to MPQE, think I found where it does decryption.

Unfortunately I am pretty much in the dark when it comes to this kind of stuff. My only suggestion is that maybe by comparing the instructions in the beta installer to the retail one some clues may be revealed. Obviously some things have to be the same in both so then it will be easier to concentrate only on the differences. Sorry if this sounds silly.

Ok, to the people who are trying to crack Blizzard's SC2 - read the following.


MPQ - MoPaQ file archive format in which the files are compressed to decrease space and enhance ease of use.
MPQE - MoPaQ files first used by Blizzard. These files are encrypted.

After playing around with PeID and several plugins I found MPQE files to be encrypted in two ways. One - is a simple crc & header corruption which is easily reversible.

The other, however is a Salsa20 or ChaCha encryption, BOTH of which are as hard to decrypt as Themida 2.x. This encryption requires a 256-bit key which Blizzard DID NOT RELEASE. It is possible to try to crack the key if you have enough knowledge on the subject, but cracking the key could take months or more.

The Sc2 installer WILL DEPROTECT the files WHEN it has the key. So basically, even if you do modify the program so that it will accept any authorization key, the decryption will still require the 256-bit key that BLIZZARD HAS.

Vernam claims he cracked the program in a maximum of 3 days. He also said that he used an emulator server to help him with the cracking.

Why the hell would you need an emulation server if everything except the encryption-key can be accessed locally?

Finally, Blizzard wouldn't release a game before the actual release date with such weak protection that it can be cracked in less then a week!

Also, Vernam, I have 8 years of experience in C mask and psuedo code, not to mention a doctorate in computer science. I am currently taking classes in electric engineering, so denying my argument by calling me a script kiddie (Which is what you say to all logical arguments) will just make you an idiot.
IN SHORT - SC2 CANNOT BE CRACKED BEFORE THE RELEASE DATE!

Everything can be cracked!
This is the first time i see a guy that have 8 years experience and cannot hack a game calling its protection weak xD

This is where the authentication key is checked, if anyone can do anything with this.

cé


; int __stdcall sub_4447E0(HINSTANCE hInstance, HWND hWndParent, int, char, int, int)
sub_4447E0 proc near

hInstance= dword ptr  4
hWndParent= dword ptr  8
arg_8= dword ptr  0Ch
arg_C= byte ptr  10h
arg_10= dword ptr  14h
arg_14= dword ptr  18h

mov     eax, [esp+arg_8]
mov     edx, [esp+arg_10]
push    ebx
mov     [ecx], eax
mov     al, [esp+4+arg_C]
xor     ebx, ebx
push    ebx             ; dwInitParam
mov     [ecx+26h], al
mov     eax, [esp+8+hWndParent]
push    offset sub_4440A0 ; lpDialogFunc
mov     [ecx+4], edx
mov     edx, [esp+0Ch+arg_14]
push    eax             ; hWndParent
mov     [ecx+24h], bl
mov     [ecx+25h], bl
mov     [ecx+28h], edx
mov     ecx, [esp+10h+hInstance]
push    87h             ; lpTemplateName
push    ecx             ; hInstance
call    ds:DialogBoxParamW
cmp     eax, 1
mov     al, 1
jz      short loc_444828


This is where the authentication key is checked, if anyone can do anything with this.

Code: [Select]

cé


; int __stdcall sub_4447E0(HINSTANCE hInstance, HWND hWndParent, int, char, int, int)
sub_4447E0 proc near

hInstance= dword ptr  4
hWndParent= dword ptr  8
arg_8= dword ptr  0Ch
arg_C= byte ptr  10h
arg_10= dword ptr  14h
arg_14= dword ptr  18h

mov     eax, [esp+arg_8]
mov     edx, [esp+arg_10]
push    ebx
mov     [ecx], eax
mov     al, [esp+4+arg_C]
xor     ebx, ebx
push    ebx             ; dwInitParam
mov     [ecx+26h], al
mov     eax, [esp+8+hWndParent]
push    offset sub_4440A0 ; lpDialogFunc
mov     [ecx+4], edx
mov     edx, [esp+0Ch+arg_14]
push    eax             ; hWndParent
mov     [ecx+24h], bl
mov     [ecx+25h], bl
mov     [ecx+28h], edx
mov     ecx, [esp+10h+hInstance]
push    87h             ; lpTemplateName
push    ecx             ; hInstance
call    ds:DialogBoxParamW
cmp     eax, 1
mov     al, 1
jz      short loc_444828


There is nothing to do here, if the authentication code is a valid format then it moves on and tries to decrypt the files using it. There is only 1 valid code that will decrypt the files, it is only stored on the blizzard servers.