Quoted from AMSNL:
Bump. We are trying.... we are now in a fase to alter some small assets (image only at this point) .. a (programmer I know who works on cars) found out you need to change things in the install file combine the 4/5 SDA flies as an image and then unpack them and replace things with the exact same name . When you do an install it will write things to the new image
The key also holds the hex to tell the HDD what type of game you have. If you install a CE machine and change the dongle from an LE it will load the LE assets from the game
Only thing that the key does is before the loading screen it does a handschake to check for the dongle then the hdd gets onlocked and the assets are loaded.
Maybe we need to hot swap the hdd when the dongle kicked in but my friend who works on this is busy with work now . So I hope some other people can dig in to this!
We are working on it . Any other hackers here that can do better?
I have a small video clip how the install now starts with altered pic also on the boot of the game will upload later
I've checked it out too, and few things to know :
- gamecode is striped (normal) and seems to be protected in some way to decompilation. Thus, modifying the game to do something like "I have a PNG/FLV header in the file => read it directly else use the dongle" doesn't seem to be possible.
- gamecode is tied to the sentinel dongle LDK and look for debuggers. If you run the gamecode with a debugger, you'll be blocked.
One of my concern about this kind of protection regarding JJP, is that "what if the usb dongle die or the usb port dies ?". You'll get a bricked game... You can't play at all. That's a hell of an issue to me about all theses protection. I don't know if JJP is willing to send another USB key, furthermore if in 10 years, they don't exists anymore.
It's possible to emulate such LDK dongle (using a dump of a real one) and start the dongle as a service, but I don't currently have a POTC in my hand so... Can't do But that what i'll do as soon as I get one : dump the key.
At last but not least, maybe we should consider doing what your friend is saying : modify the asset AFTER the unlock. But one thing I didn't managed to understand : is the dongle key decrypt on the fly or is the dongle key decrypt once for all, and if so in memory ?