Recently, many people have been asking me on how to get started with their reverse engineering journey.
So I will try to share my path and what helped me on the way 🧵
We have received a Cease & Desist letter on behalf of Activision Publishing in relation to the X Labs project. Because of that, we are also going to shut down BOIII. Thank you all for your support.
I spent the last 5 months reverse engineering Denuvo's protection in Hogwarts Legacy and finally managed to bypass it using more than 2000 hooks 😂
One of the toughest challenges of my life.
Here's my blog post about it:
I finally reversed and bypassed Call of Duty: Black Ops 3's DRM. The game has more than 400 integrity checks that seem to self-adjust to reduce performance imapct. Quite impressive piece of DRM, I gotta admit.
I can interact with Witcher 3's script VM from C++ 🥳
Not sure if this has ever been done, but it's honestly really easy. The game is very pleasant to mod 😃
That's the last piece of the puzzle I needed to implement basic multiplayer functionality :D
Testing of BOIII is going great.
A lot of issues have been fixed and more performance improvements have been added.
The integrated launcher now supports proper updating.
If you want to take part in the testing, feel free to sponsor the project:
I've been reverse engineering the windows lockscreen in order to have animated lockscreens backgrounds.
Tbh digging into windows internals is super fascinating 😃
My past COD projects made me learn so much about programming and reverse engineering.
I have to admit Call of Duty really made me become the person I am today.
Because of that, I'm thinking of framing the 4 C&Ds I received from Activision😂
BOIII is making great progress, but there was not much to tweet about. Mainly bug fixing was done.
However some notable things have been added:
Ranking up with mods and custom maps on dedicated servers now works.
The lagometer can be enabled to see connection issues:
My Black Ops 3 client BOIII needs testers. Patreon and GitHub sponsors will get early access to the testing today. If you want to try it out, feel free to become a sponsor:
I am NOT affiliated with any of these BOIII clones popping up recently.
I am currently aware of at least 5 critical security vulnerabilities that are unpatched everywhere.
If you care about your security, I can only recommend not to play BO3 at all.
BOIII is really getting into shape.
With 120 servers and about 50 players on average it's getting very playable :D
Big thanks to all the sponsors supporting the project ♥️
It seems that
#Fortnite
now uses the same integrity checks as BO3.
It only has 31 of them instead of 1200.
That means my research on reverse engineering integrity checks in BO3 also applies to Fortnite.
The bypass should also be entirely reusable 😂
BOIII servers now run in Docker 🐳
A documentation on how that can be used will be published soon.
This immensly simplifies deployment and increases security a lot 🥳
Thinking of doing a Black Ops 3 client like X Labs or Plutonium that fixes vulnerabilities (rce, dos, ...), adds ranked dedis and so on to the game. But with ownership check of the original game in place. Would that be something people would play?
The first version of my animated desktop and lockscreen wallpaper app is almost ready.
Only a few minor things are still missing.
It will be named Aura :D
The windows lock screen is a composition of different ui layers, in fact even different applications and processes.
It's quite a challenge to get animated lock screens to work, but I can now also draw behind the clock. Which is nice 😂
I made progress on the animated lockscreens 🥳
There were a few issues as the lockscreen is an immersive app.
But things are getting really stable :D
I hope I can release an alpha version soon :)
I've spent the last days answering countless support questions for BOIII
People have been sharing BOIII files and thus causing this work
There is a reason the client is in testing and only available to sponsors and experienced users
This slows down the development immensly :(
I finally reversed and bypassed Call of Duty: Black Ops 3's DRM. The game has more than 400 integrity checks that seem to self-adjust to reduce performance imapct. Quite impressive piece of DRM, I gotta admit.
I need help for my Witcher 3 multiplayer project.
If you're familiar with creating mods for Witcher and want to contribute to my project, feel free to contact me 😃🙏
Turns out Black Ops 3 lacks a lot of the networking code to host actual matches. It seems that all matches require dedicated servers, unlike previous titles. Simply connecting to one another won't work :(
BOIII is working on the Steam Deck now 🥳
We'll try to maintain support for it :D
Big thanks to
@vos6434
for helping to get it to work and recording the video ❤️
I've been working on a customizable wallpaper engine.
It allows rendering websites as desktop background.
Should I continue working on that? Would that be something people need?
@charlieINTEL
The article also talks about my project, BOIII, that tries to revive the game and fix all security issues without the help of Activision.
Testing of BOIII is going great.
A lot of issues have been fixed and more performance improvements have been added.
The integrated launcher now supports proper updating.
If you want to take part in the testing, feel free to sponsor the project:
I have finally finished a little side project: winescape 🥳
It manages to 'escape' wine and allows loading linux shared objects and calling symbols from an all native windows library
Thinking about picking up my old Witcher 3 mupltiplayer project again 🤔
Current status was that I can spawn 'other players' and make them move to a specific point.
Nothing too spectacular tho 😂
NEW: Hackers are infecting players of "Call of Duty: Modern Warfare 2" with a self-spreading malware worm.
It appears the worm is spreading inside game lobbies where there's at least a player whose computer is already infected with the malware.
I continued working on my animated wallpaper app.
I finally managed to add Windows 10 support for animated lockscreens :D
It took me hours of debugging and reversing, but I got it to work :D However, the technique is a bit more invasive than Windows 11 :(
Please be aware there are scammers going around impersonating me. I suppose they are tricking you into donating them. The account shown below has now be removed, but please be careful and double check everything :)
Thanks to
@lorenzofb
and
@TechCrunch
for interviewing me and
@shiversoftdev
about the BOIII client and the current situation in BO3. I hope we can succeed with our mission to create a safer environment for the players ❤️
NEW: Hackers are targeting Activision's first person shooter Black Ops III exploiting significant vulnerabilities.
These two gamers are fighting back pathing the bugs on their own to protect other players.
BO3 exe is updated, ZBR, the compiler, and the patch will now no longer work.
I will audit the changes and report back with the status of the 4 RCE exploits.
I know just from attempting to load ZBR that custom maps/mods with DLLs have not been affected.
I'm sorry, there was an issue with our invites to the BOIII Discord :(
In case you sponsored on GitHub, you should have received an E-Mail with new instructions.
If you're a Patron, our Patreon post was updated and everything should be good again.
Sorry for the inconvenience :(
I thought about making YouTube videos about DRM. Similar to the videos by
@LiveOverflow
or
@ghidraninja
, but less focused on security/hacking and more on DRM and the analysis of copy protections, like anti debugging, obfuscation and so on. Does this sound like a good idea? 🤔
For those wondering, they did not work because large parts of the netcode and the backend connection were removed (for security reasons).
Therefore, emblems and calling cards had to be reimplemented.
Big big thank you to every one sponsoring and supporting me. I will try to honor all of you by either adding you to the launcher or through other means. However, main goal at the moment is to get to the initial release of BOIII 😊
We are happy to announce that we are sponsoring
@momo5502
in support of his boiii project!
Momo is picking up ATVI’s slack and bringing the dream of a safe and secure Black Ops 3 PC client to life.
Read more about his project and sponsor him here:
The patterns are identical to BO3 in Fortnite. Probably there are other things one has to patch in their DRM to make it work. But integrity checks are definitely just like BO3:
@MrTLexify
This is completely misleading. Depot updates occur regularly, look at the update history, about once a month. The hash of the binary also has not changed. So nothing has been updated.
@TGDefinition
Working as a security engineer, I can say the entire situation is super hard to handle. We took shortcuts in our projects. We cut off entire parts of the games. No lobbies, no voice, no backend. That allowed reducing the overall attack surface and thus securing the games.
If you see my name in any of those clones, it means they have copied my work including the git history.
Have a look at the commits and you'll see my last commit will be from before the C&D.
@archer_uwu
Shipping an x86 application is not that unreasonable. It provides better compatibility with legacy systems. The only benefit you get on x64 is access to more memiry, which is something discord should never need 💀
This post is totally clickbaity 😂
@konstantinos96b
You are totally right. The main reason I started doing it was actually as a side project to get into using
@vector35
's BinaryNinja a bit more. At some point the was just no going back 😂
@reallyluckyy
Ah lul, didn't notice. The post is from yesterday tho if you check the date. I only found the time to publish it today with all the family gatherings. I can assure you it's not an april fools. I wasted too much time for it to be 😂
I've been using IDA Pro my entire life.
I was never able to become friends with Ghidra.
However, I started using Binary Ninja's free version recently and the more I use it, the more I like it.
Honestly, great job
@vector35
👏
I'm definitely going to buy it sooner or later. 😃
@thatkidpolito
Well, it means that I personally consider the DRM to be quite good. But bypassing it allows to modify the game, modify the memory, apply hooks and patches. This can be used to patch security vulnerabilities that are unpatched or extend the game with new features
The first version of my animated desktop and lockscreen wallpaper app is almost ready.
Only a few minor things are still missing.
It will be named Aura :D
Going to start my first stream now :D
I will try to reverse engineer why Witcher 3 pauses when the window loses focus 😂
Might not be successful tho, we'll see 😃
My latest commit in the LLVM project causes build issues 💀
While I feel kinda stressed about it, this also feels like an achievement.
At least a little bit... 😂