Since Halo 1 has the flamethrower, stick an 'incinerator' medal, also what about a 'spawnkill' medal which can be either appreciated or frowned upon :P
basically clock it so if a player is killed within 4 seconds after spawn the killer gets a medal.
Printable View
Since Halo 1 has the flamethrower, stick an 'incinerator' medal, also what about a 'spawnkill' medal which can be either appreciated or frowned upon :P
basically clock it so if a player is killed within 4 seconds after spawn the killer gets a medal.
Neither way worked for me...I tried decimal Digital PID hashed then reversed, decimal Digital PID reversed then hashed. I also tried hex Digital PID hashed then reversed and then hex digital PID reversed then hashed.Quote:
Originally Posted by p0lar_bear
When the game loads, it calls a hash to be calculated twice. Here's the deal:
The format of the "CD key hash" is 32 characters, so it MUST ONLY be an MD5.
However, Kornman says that on load, it is SHA-ing part of the DigitalProductID key from the registry.
So.............
on the subject of medals, may i suggest a medal that shows how big of a pistol noob a person is? sorta like a sniper/sword spree, if they get 5 PISTOL kills in a row, i feel that this medal is warranted because 9 times out of 10 i get killed by the compact sniper
@Jcap When the game loads, do you mean when connecting to a server or when Halo itself loads up?
Medal award = 'God' or 'Total Eliteness'Quote:
Originally Posted by sevlag
I'm pretty sure that the hash is calculated at game load, then passed off to a server when you join (in addition to Gamespy's special hash for piracy protection).Quote:
Originally Posted by Limited
It makes sense. The digitalproductid is pulled immediately right before the loading screen hits - right after Halo warns you that your graphics card isn't supported with the dialogue, or the Halo safe-mode dialogue. If you have a pirated version, I think it will tell you that your key is invalid right after those, and before Halo actually loads.
Well yeah here is where it opens the registry key for the PID.
Here is the code for the Digital Product IDCode:004AB970 /$ A0 00436B00 MOV AL,BYTE PTR DS:[6B4300]
004AB975 |. 83EC 08 SUB ESP,8
004AB978 |. 84C0 TEST AL,AL
004AB97A |. 75 5E JNZ SHORT haloce.004AB9DA
004AB97C |. 8D0424 LEA EAX,DWORD PTR SS:[ESP]
004AB97F |. 50 PUSH EAX ; /pHandle
004AB980 |. 68 19000200 PUSH 20019 ; |Access = KEY_READ
004AB985 |. 6A 00 PUSH 0 ; |Reserved = 0
004AB987 |. 68 B4A36000 PUSH haloce.0060A3B4 ; |Subkey = "Software\Microsoft\Microsoft Games\Halo CE"
004AB98C |. 68 02000080 PUSH 80000002 ; |hKey = HKEY_LOCAL_MACHINE
004AB991 |. C74424 18 2000>MOV DWORD PTR SS:[ESP+18],20 ; |
004AB999 |. C605 00436B00 >MOV BYTE PTR DS:[6B4300],1 ; |
004AB9A0 |. FF15 34F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey>; \RegOpenKeyExA
004AB9A6 |. 85C0 TEST EAX,EAX
004AB9A8 |. 75 30 JNZ SHORT haloce.004AB9DA
004AB9AA |. 8B1424 MOV EDX,DWORD PTR SS:[ESP]
004AB9AD |. 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4]
004AB9B1 |. 51 PUSH ECX ; /pBufSize
004AB9B2 |. 68 04436B00 PUSH haloce.006B4304 ; |Buffer = haloce.006B4304
004AB9B7 |. 50 PUSH EAX ; |pValueType
004AB9B8 |. 50 PUSH EAX ; |Reserved
004AB9B9 |. 68 B0A36000 PUSH haloce.0060A3B0 ; |ValueName = "PID"
004AB9BE |. 52 PUSH EDX ; |hKey
004AB9BF |. FF15 28F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa>; \RegQueryValueExA
004AB9C5 |. 85C0 TEST EAX,EAX
004AB9C7 |. 74 07 JE SHORT haloce.004AB9D0
004AB9C9 |. C605 04436B00 >MOV BYTE PTR DS:[6B4304],0
004AB9D0 |> 8B0424 MOV EAX,DWORD PTR SS:[ESP]
004AB9D3 |. 50 PUSH EAX ; /hKey
004AB9D4 |. FF15 38F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe>; \RegCloseKey
004AB9DA |> B8 04436B00 MOV EAX,haloce.006B4304
004AB9DF |. 83C4 08 ADD ESP,8
004AB9E2 \. C3 RETN
I'll look into what it does with it :)Code:005830D0 /$ 81EC C8000000 SUB ESP,0C8
005830D6 |. 53 PUSH EBX
005830D7 |. 8D4424 04 LEA EAX,DWORD PTR SS:[ESP+4]
005830DB |. 50 PUSH EAX ; /pHandle
005830DC |. 33DB XOR EBX,EBX ; |
005830DE |. 68 19000200 PUSH 20019 ; |Access = KEY_READ
005830E3 |. 53 PUSH EBX ; |Reserved => 0
005830E4 |. 68 B4A36000 PUSH haloce.0060A3B4 ; |Subkey = "Software\Microsoft\Microsoft Games\Halo CE"
005830E9 |. 68 02000080 PUSH 80000002 ; |hKey = HKEY_LOCAL_MACHINE
005830EE |. 881D E0DD6B00 MOV BYTE PTR DS:[6BDDE0],BL ; |
005830F4 |. C74424 24 0004>MOV DWORD PTR SS:[ESP+24],400 ; |
005830FC |. 895C24 1C MOV DWORD PTR SS:[ESP+1C],EBX ; |
00583100 |. 895C24 20 MOV DWORD PTR SS:[ESP+20],EBX ; |
00583104 |. FF15 34F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey>; \RegOpenKeyExA
0058310A |. 85C0 TEST EAX,EAX
0058310C |. 75 2B JNZ SHORT haloce.00583139
0058310E |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
00583112 |. 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10]
00583116 |. 51 PUSH ECX ; /pBufSize
00583117 |. 8D5424 2C LEA EDX,DWORD PTR SS:[ESP+2C] ; |
0058311B |. 52 PUSH EDX ; |Buffer
0058311C |. 53 PUSH EBX ; |pValueType => NULL
0058311D |. 53 PUSH EBX ; |Reserved => NULL
0058311E |. 68 B4216100 PUSH haloce.006121B4 ; |ValueName = "DigitalProductID"
00583123 |. 50 PUSH EAX ; |hKey
00583124 |. FF15 28F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa>; \RegQueryValueExA
0058312A |. 85C0 TEST EAX,EAX
0058312C |. 74 18 JE SHORT haloce.00583146
0058312E |. 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4]
00583132 |. 51 PUSH ECX ; /hKey
00583133 |. FF15 38F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe>; \RegCloseKey
00583139 |> B8 5C365F00 MOV EAX,haloce.005F365C
0058313E |. 5B POP EBX
0058313F |. 81C4 C8000000 ADD ESP,0C8
00583145 |. C3 RETN
00583146 |> 8B5424 04 MOV EDX,DWORD PTR SS:[ESP+4]
0058314A |. 52 PUSH EDX ; /hKey
And I was just going to suggest we use my trusted-server key authentication method...
Well yeah that would be easier.
One interesting thing, is after it reads the Digital Product ID, it loads the PID into EDI
Later, it uses Crypt API calls.Code:MOV EDI,DWORD PTR SS:[ESP+4C]
Oooh
Hmm tastyCode:00582FA1 |. FF15 10F05D00 CALL DWORD PTR DS:[<&ADVAPI32.CryptCreat>; ADVAPI32.CryptCreateHash