Jump to content

TTMagic | TTGames Universal Anti-Anti-DAT Check Patch


Masquerade
 Share

Recommended Posts

TTGames developers decided that they did not like modding and implemented a function in their game code which checks if the game is running in an unpacked state and if it is, then a FatalExit function is triggered (game crash). The developer m0xf first figured out how to patch around this check.

 

This byte change is significant because EB is hexadecimal for JMP opcode (unconditional jump), while 74 is hexadecimal for JE opcode (jump if equal).

So, it can be determined that at some point in the game code, it will jump if something is equal to something else and allow the game to run, but if the game is unpacked and no DAT archives are present, it will not jump and the FatalExit will be triggered. Now, by switching this to an unconditional jump, the game will always jump at this specific point and will always run.

What exactly the game is checking for here is unknown, which is why that above paragraph is ever so slightly vague.

 

The developers used the same function in all of the games that require an EXE patch, as can be seen by the below screenshot:

ex-x64dbg.jpg

 

Because of this, we can construct a pattern.

 

ALL of the TTGames that have this DAT check will have the same pattern at some point in the EXE file visible in HxD:

 

74 ?? B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? CC

 

The "??" bytes are different across each executable, but the B9, E8 and CC bytes are always in the same position after the 74.

 

This makes it rather easy to determine whereabouts your game executable needs patching!

 

However, an even better solution has emerged thanks to acidicoala - Koalyptus framework.

 

Composed of two binaries, Koalyptus is a framework that can be used to dynamically patch executables in memory. Such runtime patches have the advantage of keeping executables unmodified. The first binary is Koaloader, which hooks into the game process, and Lyptus binary is responsible for patching the executable at runtime.

 

Project pages:
https://github.com/acidicoala/Koaloader
https://github.com/acidicoala/Lyptus

 

All of the games load xinput9_1_0.dll, so we'll use this build of Koaloader as our proxy library. This means that all functions that the game would need from the actual xinput9_1_0.dll will still work since Koaloader can pass them to the actual DLL inside System32.

 

Next, we need to configure Koaloader to load Lyptus64.dll, so we paste this config into Koaloader.json:

 

{
  "logging": false,
  "modules": [
    {
      "path": "Lyptus64.dll"
    }
  ]
}

 

Next, we configure Lyptus64.dll library with the following patch information:

 

{
  "logging": false,
  "patches": [
    {
      "name": "TTMagic",
      "pattern": "74 ?? B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? CC",
      "offset": 0,
      "replacement": "EB"
    }
  ]
}

 

This instructs Lyptus to find that specific pattern and swap the 74 byte for an EB, which will allow our game to run.

Now, you should have four files:

 

  • xinput9_1_0.dll
  • Koaloader.json
  • Lyptus64.dll
  • Lyptus.json
     

And these four files go into your unpacked LEGO game folder. Run the DX11 executable and be amazed that the game now loads just fine!

Link to comment
Share on other sites

Cirevam

Thank you, modding isn't really my thing, but I wanted you guys to see what myself and acidicoala have been working on since this forum seems to be the only one dedicated to the masterpieces that are LEGO games.

 

Please note that all credits for the above investigation go to acidicoala, I helped by providing games for testing.

Link to comment
Share on other sites

29 minutes ago, aidenpons said:

Oh wow! Does this mean Lego Worlds modding is back on the table? I don't understand any of this, but this is very neat!

Modding for all DX11 games is back on the table, since now all of them can run unpacked by applying the Koalyptus framework + TTMagic patch.

Link to comment
Share on other sites

  • 2 months later...
Legorapture

Does this work with the new lego Star Wars Skywalker Saga game? I'm trying to play the game unpacked but was not able to

 

 

 Do you have any of these files patched and available for download so we can run our games unpacked?

  • xinput9_1_0.dll
  • Koaloader.json
  • Lyptus64.dll
  • Lyptus.json
Link to comment
Share on other sites

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.