Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

There was a Swedish children's video game series called Mulle Meck. This series released 5 games but most of the CDs are gone, since this was in the late 90s. Luckily, these games are preserved on archive.org.

There is a problem with one of the games in the series though: DRM. Mounting the disc imagine does absolutely nothing if it is attempted to be mounted. Time to break DRM with modern technology!

The game does not mount because of a copy protection known as SafeDisc2; this was very common for the era. This DRM is easily identified with a magic string inside of the main binary. The DRM itself is loaded via a driver, which was known to be riddled with security vulnerabilities.

The SafeDisc signature is within setup.exe, which boots the game. So, the author had an idea: "If SafeDisc is used on the installer, why don't we just install it ourselves?"

By extracting the game from the CD directly and mimicking the installation process, the game could be loaded without any DRM but comes with a weird error message: The program is not installed correctly. Please run the installer again. This required some digging.

The application took out Ghidra but got lost in the sauce. The executable was not just a game. It was Adobe Shockwave player (Macromedia Projector) with the game data simply added to the end of the file. Instead of going the Shockwave altering route, they decided to use another tool: Procmon.

Procmon logs all of the WinApi calls for the attached to application. After clicking through the tool for a while, they noticed a registry key access to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MulleHus.exe. If this was not found, then the application would crash since it thought that the game was not properly installed.

The final DRM was checking if specific files existed on the system running the game. If these files did not exist, then the game would not run, as it thought this was a bad installation. This was found via the Procmon tool as well.

Most DRM bypasses are about modifying the actual game or breaking cryptography. In this case, the DRM was simply side-stepped by adding in files and skipping the installer.