|Top Previous Next|
The next form of protection that RA uses is a bit different, but it still uses a "Wrapper" technique. The main difference is that instead of extracting a bunch of files and using a separate demo window, the wrapper protection is actually part of the game executable itself.
Before we begin, you will need a Hex editor, I prefer Hedit because it has a shell extension that let's you right-click a file and simply choose "HEDIT" to start hacking away.
Before we get too far, let's take a minute to explain how you will know what games actually have this type of protection.
Think of this type of wrapper as a shell with a game inside of it. If we peel away the shell, then the game is the only thing left. Fortunately for us, this type of protection places the launcher at the very beginning of the game, so all we have to do is find the end of the launcher and delete all of it, thus leaving just the game itself leftover.
Here is how you will find out which games use this method and which ones do not.
When you highlight the game's main executable (the one usually with it's own icon), take a look at your status bar on the bottom of the window.
If it says "Description: Wrapper Application", then this method WILL NOT work!
If it says "Description: RealArcade Game", then this method WILL work!
Here are 2 examples:
This is a Type-2 _r1a game and cannot be cracked using this method.
But, this game can be cracked using this method.
Now that we are familiar with which games we can attack with this method, let's begin!
Install Hedit (or another of your choice) (I will refer to Hedit, since this is what I use)
Right-click on the game's main executable, in this case "wordharmony.exe" and choose HEDIT.
Once opened, you will be greeted with the game in hexidecimal format. DO NOT worry, you don't need to know what any of this means. The only thing you need to know right now is that an EXE header starts with the two letters "MZ" (sometimes "MZP" or similar), and there only needs to be ONE header!
If you were to scroll down and actually read every line, you would discover that there are actually 2 MZ headers in most of these types of games. Why are there two you ask? Well the simplest answer would be the first one is the RealArcade portion that launches before the game, and the second header would be the actual game itself.
So what that means is that if we remove everything before the second MZ header (the game), then the game's EXE header would now be at the top instead of the RealArcade header. Simple huh?
NOTE: Some games you have to look further than the 2nd MZ search to find the second MZ header. It may actually be the 3rd or 4th search down, but still only the second header.
Still Confused? Check out the illustration if you need further help.