Since Halo 1 has the flamethrower, stick an 'incinerator' medal, also what about a 'spawnkill' medal which can be either appreciated or frowned upon :P
basically clock it so if a player is killed within 4 seconds after spawn the killer gets a medal.
Since Halo 1 has the flamethrower, stick an 'incinerator' medal, also what about a 'spawnkill' medal which can be either appreciated or frowned upon :P
basically clock it so if a player is killed within 4 seconds after spawn the killer gets a medal.
Neither way worked for me...I tried decimal Digital PID hashed then reversed, decimal Digital PID reversed then hashed. I also tried hex Digital PID hashed then reversed and then hex digital PID reversed then hashed.Originally Posted by p0lar_bear
Last edited by Limited; June 30th, 2009 at 08:51 AM.
When the game loads, it calls a hash to be calculated twice. Here's the deal:
The format of the "CD key hash" is 32 characters, so it MUST ONLY be an MD5.
However, Kornman says that on load, it is SHA-ing part of the DigitalProductID key from the registry.
So.............
on the subject of medals, may i suggest a medal that shows how big of a pistol noob a person is? sorta like a sniper/sword spree, if they get 5 PISTOL kills in a row, i feel that this medal is warranted because 9 times out of 10 i get killed by the compact sniper
@Jcap When the game loads, do you mean when connecting to a server or when Halo itself loads up?
Last edited by Limited; June 30th, 2009 at 10:24 AM.
Medal award = 'God' or 'Total Eliteness'
I'm pretty sure that the hash is calculated at game load, then passed off to a server when you join (in addition to Gamespy's special hash for piracy protection).
It makes sense. The digitalproductid is pulled immediately right before the loading screen hits - right after Halo warns you that your graphics card isn't supported with the dialogue, or the Halo safe-mode dialogue. If you have a pirated version, I think it will tell you that your key is invalid right after those, and before Halo actually loads.
Well yeah here is where it opens the registry key for the PID.
Here is the code for the Digital Product IDCode:004AB970 /$ A0 00436B00 MOV AL,BYTE PTR DS:[6B4300] 004AB975 |. 83EC 08 SUB ESP,8 004AB978 |. 84C0 TEST AL,AL 004AB97A |. 75 5E JNZ SHORT haloce.004AB9DA 004AB97C |. 8D0424 LEA EAX,DWORD PTR SS:[ESP] 004AB97F |. 50 PUSH EAX ; /pHandle 004AB980 |. 68 19000200 PUSH 20019 ; |Access = KEY_READ 004AB985 |. 6A 00 PUSH 0 ; |Reserved = 0 004AB987 |. 68 B4A36000 PUSH haloce.0060A3B4 ; |Subkey = "Software\Microsoft\Microsoft Games\Halo CE" 004AB98C |. 68 02000080 PUSH 80000002 ; |hKey = HKEY_LOCAL_MACHINE 004AB991 |. C74424 18 2000>MOV DWORD PTR SS:[ESP+18],20 ; | 004AB999 |. C605 00436B00 >MOV BYTE PTR DS:[6B4300],1 ; | 004AB9A0 |. FF15 34F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey>; \RegOpenKeyExA 004AB9A6 |. 85C0 TEST EAX,EAX 004AB9A8 |. 75 30 JNZ SHORT haloce.004AB9DA 004AB9AA |. 8B1424 MOV EDX,DWORD PTR SS:[ESP] 004AB9AD |. 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4] 004AB9B1 |. 51 PUSH ECX ; /pBufSize 004AB9B2 |. 68 04436B00 PUSH haloce.006B4304 ; |Buffer = haloce.006B4304 004AB9B7 |. 50 PUSH EAX ; |pValueType 004AB9B8 |. 50 PUSH EAX ; |Reserved 004AB9B9 |. 68 B0A36000 PUSH haloce.0060A3B0 ; |ValueName = "PID" 004AB9BE |. 52 PUSH EDX ; |hKey 004AB9BF |. FF15 28F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa>; \RegQueryValueExA 004AB9C5 |. 85C0 TEST EAX,EAX 004AB9C7 |. 74 07 JE SHORT haloce.004AB9D0 004AB9C9 |. C605 04436B00 >MOV BYTE PTR DS:[6B4304],0 004AB9D0 |> 8B0424 MOV EAX,DWORD PTR SS:[ESP] 004AB9D3 |. 50 PUSH EAX ; /hKey 004AB9D4 |. FF15 38F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe>; \RegCloseKey 004AB9DA |> B8 04436B00 MOV EAX,haloce.006B4304 004AB9DF |. 83C4 08 ADD ESP,8 004AB9E2 \. C3 RETN
I'll look into what it does with itCode:005830D0 /$ 81EC C8000000 SUB ESP,0C8 005830D6 |. 53 PUSH EBX 005830D7 |. 8D4424 04 LEA EAX,DWORD PTR SS:[ESP+4] 005830DB |. 50 PUSH EAX ; /pHandle 005830DC |. 33DB XOR EBX,EBX ; | 005830DE |. 68 19000200 PUSH 20019 ; |Access = KEY_READ 005830E3 |. 53 PUSH EBX ; |Reserved => 0 005830E4 |. 68 B4A36000 PUSH haloce.0060A3B4 ; |Subkey = "Software\Microsoft\Microsoft Games\Halo CE" 005830E9 |. 68 02000080 PUSH 80000002 ; |hKey = HKEY_LOCAL_MACHINE 005830EE |. 881D E0DD6B00 MOV BYTE PTR DS:[6BDDE0],BL ; | 005830F4 |. C74424 24 0004>MOV DWORD PTR SS:[ESP+24],400 ; | 005830FC |. 895C24 1C MOV DWORD PTR SS:[ESP+1C],EBX ; | 00583100 |. 895C24 20 MOV DWORD PTR SS:[ESP+20],EBX ; | 00583104 |. FF15 34F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegOpenKey>; \RegOpenKeyExA 0058310A |. 85C0 TEST EAX,EAX 0058310C |. 75 2B JNZ SHORT haloce.00583139 0058310E |. 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4] 00583112 |. 8D4C24 10 LEA ECX,DWORD PTR SS:[ESP+10] 00583116 |. 51 PUSH ECX ; /pBufSize 00583117 |. 8D5424 2C LEA EDX,DWORD PTR SS:[ESP+2C] ; | 0058311B |. 52 PUSH EDX ; |Buffer 0058311C |. 53 PUSH EBX ; |pValueType => NULL 0058311D |. 53 PUSH EBX ; |Reserved => NULL 0058311E |. 68 B4216100 PUSH haloce.006121B4 ; |ValueName = "DigitalProductID" 00583123 |. 50 PUSH EAX ; |hKey 00583124 |. FF15 28F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegQueryVa>; \RegQueryValueExA 0058312A |. 85C0 TEST EAX,EAX 0058312C |. 74 18 JE SHORT haloce.00583146 0058312E |. 8B4C24 04 MOV ECX,DWORD PTR SS:[ESP+4] 00583132 |. 51 PUSH ECX ; /hKey 00583133 |. FF15 38F05D00 CALL DWORD PTR DS:[<&ADVAPI32.RegCloseKe>; \RegCloseKey 00583139 |> B8 5C365F00 MOV EAX,haloce.005F365C 0058313E |. 5B POP EBX 0058313F |. 81C4 C8000000 ADD ESP,0C8 00583145 |. C3 RETN 00583146 |> 8B5424 04 MOV EDX,DWORD PTR SS:[ESP+4] 0058314A |. 52 PUSH EDX ; /hKey
And I was just going to suggest we use my trusted-server key authentication method...
Well yeah that would be easier.
One interesting thing, is after it reads the Digital Product ID, it loads the PID into EDI
Later, it uses Crypt API calls.Code:MOV EDI,DWORD PTR SS:[ESP+4C]
Oooh
Hmm tastyCode:00582FA1 |. FF15 10F05D00 CALL DWORD PTR DS:[<&ADVAPI32.CryptCreat>; ADVAPI32.CryptCreateHash
There are currently 4 users browsing this thread. (0 members and 4 guests)
Posting Permissions
Bookmarks