wc3edit.net
https://forum.wc3edit.net/

[Guide] Completely deprotect S/SSProtect
http://forum.wc3edit.net/tutorials-cheatpacks-f80/completely-deprotect-s-ssprotect-t34029.html
Page 1 of 2

Author:  BlacklightsC [ June 19th, 2017, 11:13 pm ]
Post subject:  [Guide] Completely deprotect S/SSProtect

Before Start...

Firstable, my english so poor... Maybe there have some grammar error!

This guide will not use re-package.
You must know how to use hex editor.


About Protection...

Spoiler:
SProtect

Download SProtect (Support drag and drop only)
SProtect, made by T1.
Public released, so you can use to free.
Target of SProtect map is 'Masin2rpgTest0.4.w3x'
i uploaded on google drive.
if you try any map, try it.

SSProtect

Made by SSHacker.
Private released, this was need to don't click me protection tool.
so you can't get this tool on public. (even if it's me)
Target of SSProtect map is 'S R N_RPG 0.6B.w3x'
also uploaded on google drive.



Tool Required

Hex Editor (Important. Recommanded HxD)
MPQ Helper (Important)
Hex Edit Macro (I made it) (Important. If you don't want work manually)
WINMPQ (Important. It will use to compact(or optimize) MPQ)
Ladik's MPQ Editor (Optional. Only need to check completely deprotected)
listfile (Optional. If you want recovery listfile)
Windows Calculator



==================== SProtect ====================

========== Step 1 ==========

Open map to Hex Editor, Find(Ctrl+F) '4D 50 51 1A' by Hex-values. i added tooltip about MPQ Header.
Spoiler:
Image


========== Step 2 ==========

Open dialog 'Select block(Ctrl+E)'.
Select Hash/Block Table.

Calculating Steps is here.
Spoiler:
Open Windows Calculator to Programmer mode.
Change to Hex, DWORD.
Start-offset = Header Pos + Hash/Block Pos
Length = Hash/Block Size * 10

Pos and Size must read little-endian
ex. 92 E9 A7 01 -> 01 A7 E9 92 -> 0x01A7E992

Cut to Hash Table, and save it.
and copy to Block Table, save it too.


========== Step 3 ==========

Code:
MPQ_HASH_FILE_KEY
(hash table) = 7037AFC3
(block table) = A3B383EC

DragDrop Hash/Block table on 'MPQHelper.exe'.
We must decryption Hash/Block Table.
type 'dec', and input MPQ_HASH_FILE_KEY. (Must use correct key)
then, program will create decrypted file.
Spoiler:
Image



========== Step 4 ==========

Open decrypted hash table to Hex Edit Macro.
You must modify 2steps.
Code:
-- Step 1 --
Start = 8
Overwrite Value = 00 00 00 00

-- Step 2 --
Start = F
Overwrite Value = 00

After modify and save, open decrypted hash table to Hex Editor.
Open the Replace(Ctrl+R), and follow the this 2steps. (must replace all!)
Code:
Datatype: Hex-values
Search direction: All
-- Step 1 --
Search for: FF FF FF FF FF FF FF FF 00 00 00 00 FE FF FF 00
Replace with: FF FF FF FF FF FF FF FF FF FF FF FF FE FF FF FF

-- Step 2 --
Search for: EE EE EE EE EE EE EE EE 00 00 00 00 EE EE EE 00
Replace with: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

After finished to replace, save it.


========== Step 5 ==========

Open decrypted block table to Hex Edit Macro.
You must modify only one step.
Code:
Start = 2F
Overwrite Value = 80

After modify and save, open decrypted block table to Hex Editor.
Fill 0x00~0x20 to 00.
Spoiler:
Image

After finished, save it.


========== Step 6 ==========

Code:
MPQ_HASH_FILE_KEY
(hash table) = 7037AFC3
(block table) = A3B383EC

DragDrop modified Hash/Block table on 'MPQHelper.exe'.
We must re-encryption Hash/Block Table.
type 'enc', and input MPQ_HASH_FILE_KEY. (Must use correct key)
then, program will create re-encrypted file.
Spoiler:
Image


========== Step 7 ==========

Open re-encrypted Hash/Block Table to Hex Editor.
Copy to all hex in re-encrypted hash table.
Go to End of map file, and Remember or record somewhere to offset. (1A7EB92)
(I will it call this offset named 'Alter Hash Pos')
Spoiler:
Image

Paste it. (Ctrl+V)

Copy to all hex in re-encrypted block table.
Go to End of map file you modified, and remember again to offset. (1A82B92)
(I will it call this offset named 'Alter Block Pos')
Paste it.


========== Step 8 ==========

Return to map header. (Find a '4D 50 51 1A')
Remark the header like this.
Spoiler:
Image

After finished, save and close the Hex Editor. we are no longer use hex editor.


========== Step 9 ==========

Open map to WINMPQ. (Use to 'All files(*.*)')
Execute compact(Ctrl+P), you should it.

After compact, you can see 'ladik's mpq editor' no longer display [Read-only].
Spoiler:
Image




==================== SSProtect ====================

Many things is same, i will skip same things.
(i will write same things in spoiler.)
Ps. Images are same by SProtect. i apoloze for about that.
========== Step 1 ==========

Same by SProtect. i will skip this part.
Ps. Position of '4D 50 51 1A' is different to map by map(case by case).
Spoiler:
Open map to Hex Editor, Find(Ctrl+F) '4D 50 51 1A' by Hex-values. i added tooltip about MPQ Header.
Image


========== Step 2 ==========

Open dialog 'Select block(Ctrl+E)'.
Select Hash/Block Table.
Ps. SSProtect recorded hash table size + 0x10000000 (like, XX XX XX 10)
please ignore that value. (if, value is 00 08 00 10, then read it to 00 08 00 00)

Calculating Steps is here.
Spoiler:
Open Windows Calculator to Programmer mode.
Change to Hex, DWORD.
Start-offset = Header Pos + Hash/Block Pos
Length = Hash/Block Size * 10

Pos and Size must read little-endian
ex. 14 B4 E3 FF -> FF E3 B4 14 -> 0xFFE3B414

Copy to Hash Table, and save it.
and copy to Block Table, save it too.

========== Step 3 ==========


Code:
MPQ_HASH_FILE_KEY
(hash table) = 7037AFC3
(block table) = A3B383EC

DragDrop Hash table on 'MPQHelper.exe'.
We must decryption Hash Table.
type 'dec', and input MPQ_HASH_FILE_KEY. (Must use correct key)
then, program will create decrypted file.
Ps. SSProtect didn't modified Block Table. So, we don't touch Block Table.
Spoiler:
Image


========== Step 4 ==========

Open decrypted hash table to Hex Edit Macro.
You must modify 2steps.
Code:
-- Step 1 --
Start = 8
Overwrite Value = 00 00 00 00

-- Step 2 --
Start = F
Overwrite Value = 00

After modify and save, open decrypted hash table to Hex Editor.
Open the Replace(Ctrl+R), and follow the this 2steps. (must replace all!)
Code:
Datatype: Hex-values
Search direction: All
-- Step 1 --
Search for: EE EE EE EE EE EE EE EE 00 00 00 00 FE FF FF 00
Replace with: FF FF FF FF FF FF FF FF FF FF FF FF FE FF FF FF

-- Step 2 --
Search for: EE EE EE EE EE EE EE EE 00 00 00 00 EE EE EE 00
Replace with: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

After finished to replace, save it.


========== Step 5 ==========

Code:
MPQ_HASH_FILE_KEY
(hash table) = 7037AFC3
(block table) = A3B383EC

DragDrop modified Hash Table on 'MPQHelper.exe'.
We must re-encryption Hash Table.
type 'enc', and input MPQ_HASH_FILE_KEY. (Must use correct key)
then, program will create re-encrypted file.
Spoiler:
Image


========== Step 6 ==========

Return to map header. (Find a '4D 50 51 1A')
Select 0x00000200 ~ Behind Map Header
Spoiler:
Image

Delete it. You should it.

========== Step 7 ==========

Open re-encrypted Hash Table and Block Table to Hex Editor.
Copy to all hex in re-encrypted hash table.
Go to End of map file, and Remember or record somewhere to offset. (1FC420F)
(I will it call this offset named 'Alter Hash Pos')
Spoiler:
Image

Paste it. (Ctrl+V)

Copy to all hex in block table.
Go to End of map file you modified, and remember again to offset. (1FCC20F)
(I will it call this offset named 'Alter Block Pos')
Paste it.


========== Step 8 ==========

Return to map header. (Find a '4D 50 51 1A')
Remark the header like this.
Spoiler:
Image

After finished, save and close the Hex Editor. we are no longer use hex editor.


========== Step 9 ==========

Open map to WINMPQ. (Use to 'All files(*.*)')
Execute compact(Ctrl+P), you should it.

After compact, you can see 'ladik's mpq editor' no longer display [Read-only].
Spoiler:
Image




If have any question, then reply me.

Author:  XD! [ June 20th, 2017, 8:41 am ]
Post subject:  Re: [Guide] Completely deprotect S/SSProtect

Thanks for sharing.

Author:  Arakunido [ June 20th, 2017, 9:51 am ]
Post subject:  Re: [Guide] Completely deprotect S/SSProtect

Thanks you for sharing, especially for sharing your own tool. Hope it will make our "work" easier in the future, even though we don't like to mess with HEX.

Author:  devoltz [ June 20th, 2017, 6:12 pm ]
Post subject:  Re: [Guide] Completely deprotect S/SSProtect

Very nice guide, this should be fixed since this method you dont have lost files.

Author:  [NtP]NtP [ June 28th, 2017, 5:54 pm ]
Post subject:  Re: [Guide] Completely deprotect S/SSProtect

Very good post the best I've seen until the moment I see that the lost files were solved no longer
Thank you very much !!!
My question is and I know I can be nice to do it but does this method work with any map?

Author:  [NtP]NtP [ June 28th, 2017, 5:56 pm ]
Post subject:  Re: [Guide] Completely deprotect S/SSProtect

If a question that I forgot to say when you say that your English is bad is that by the miracle of God DX speak Spanish? XD?
Another thing when they say it completely unprotected, I hope that the triger of the abilities and everything else of it is not lost and is preserved

Author:  BlacklightsC [ June 29th, 2017, 4:53 pm ]
Post subject:  Re: [Guide] Completely deprotect S/SSProtect

[NtP]NtP wrote:
My question is and I know I can be nice to do it but does this method work with any map?

If you talk about S/SSProtect, yes. it will work on every map.


[NtP]NtP wrote:
Another thing when they say it completely unprotected, I hope that the triger of the abilities and everything else of it is not lost and is preserved

I hope also that the recover trigger and abilities. But, that ways should be. I don't know now that ways. But, some people know how to recover thats.

Author:  arieschan [ July 1st, 2017, 2:17 pm ]
Post subject:  Re: [Guide] Completely deprotect S/SSProtect

thanks it very usefull XD

Author:  dmcdante1990 [ July 17th, 2017, 3:47 am ]
Post subject:  Re: [Guide] Completely deprotect S/SSProtect

Hi I am trying to fallow this guide could anyone please provide a little bit more of a example for step 2 with screen shots or something for the calculating steps I am having issues understanding what I am supposed to be doing in this step, I am trying to deprotect the sprotect. thanks

thank you for this great guide.

Author:  Arakunido [ July 17th, 2017, 12:25 pm ]
Post subject:  Re: [Guide] Completely deprotect S/SSProtect

If you can't find Head Pos, Hash/block Pos, etc. There's screenshot of example in Step 1.
Start-offset = Header Pos + Hash/Block Pos = Header Pos + Hash Pos, then do the same for Block Pos(Header Pos + Block Pos)
And google little-endian, if you don't know what it is, even though there's already example of that.

Page 1 of 2 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/