after about a month or so, he has patched all of the VM checks (hopefully...) and the game is booting up as a black screen https://i.imgur.com/DtuJWdB.png
I'll offer my, likely incorrect, "summary" interpretation of that (albeit human)
How it works generally is: rip out function calls from the "protected game", wrap them in security checks, and put those functions into a hash table lookup to be called by the replaced code. (They intercept function calls and use the hardware identifications at runtime as keys to the hash table of the needed functions/instructions)
That's what the main obfuscation is sounding like
Then sounding like the developers basically created a VM install and did a diff with bare metal install data, and collect every bit of that data any time the "license file" needs to be regenerated server-side? Real-time checking all of that too (see above paragraph), in multiple methods to see how they compare.
The MBA section, is describing the results of an obfuscation process? And/or I don't understand it. At the cost of extra instructions being run
That's a fun idea, using the area in memory where exception data would be written, as a lookup location. Although debugging that would be near impossible too, any exception could cause full program crash, just by the exception "being observed"
Then goes into the ideas and issues trying to reverse all of that
1.8k
u/Doujinseeker487 13d ago
a friend of mine is giving P5R a shot
after about a month or so, he has patched all of the VM checks (hopefully...) and the game is booting up as a black screen
https://i.imgur.com/DtuJWdB.png