What are the "NoKey" and "ReKey" images floating around? #1
Comments
|
On RingEdge SSD there are 7 partitions: partitions 4 (update) and 7 (game) are encrypted with TrueCrypt 4.3a. For this, you need to dump the password inside the keychip. To do this, boot the SSD with the password removed from SystemUser. After that, another normal Windows screen, but no mouse. You should only need a keyboard for this though. Disable the Enhanced Write Filter with this command: To dump the keychip: Now there will be a new drive mounted, S:\ Inside is a file called mxmaster.exe. Start mxmaster.exe and during booting the RingEdge security you can press the Windows key until you see a 16 byte long file, Now you have successfully dumped the keychip. With this file you can now unlock partitions 4 and 7. That is all I was able to get from the blog post. |
|
Example of a known NO Key setup: "I've got a RINGEDGE cabient and game is OPERATION GHOST but it seems be a Chinese bootleg don't need the key chip and make me awesome." https://assemblergames.com/threads/ringedge-gbdriver-rs3-decryption.58937/ |
|
Example of a known Any Key setup: "you need to have an original keychip on the RingEdge (any one, like MJ5 is ok)." https://assemblergames.com/threads/is-it-possible-to-get-ringedge-to-run-ringwide-games.60346/#post-866358 Mj5 is SBVF a VERY easy to obtain KeyChip... wonder why all shared images are keyed to it? ;) |
|
"SegaBoot generates the KeyFile for the TC container of the game on the fly, using the KeyChip, the process is really complex, but it generates a file on c:\windows\temp with the keyfile, then mounts the TC container and after the TC Container is successfully mounted deletes the Keyfile from C:\windows\temp, is just 2 minutes to pach that, is only a matter to remove the DeleteFile function from SegaBoot with simple NOPs and let SegaBoot to mount the game, then the Keyfile will be there on c:\windows\temp" https://assemblergames.com/threads/sega-ringedge-motherboard-inside-pictures.46424/page-3#post-681518 |
|
I have made universal keychip emulator. It needs just 16 bytes key from your original dongle, it replaces original keychip driver and reports keychip is there, deliveres correct unlock sequence, etc. Works for both red and black keys, including APM2. |
|
I was just wondering - with the Lindbergh Game dumps lots of them actually have the keychip checks patched out. Would this same technique not also be appropriate for Ring* systems? I've had a little look through with a dissassembler but don't fully understand how it all works - but if all games use the same library to communicate with the driver, wouldn't it be pretty simple to patch out the keychip check function on all games? |
You need to know TrueCrypt container encryption key. Once you know - it is easier to feed it using a mock KC driver, then to patch out all the chip communications and then somehow inject the required 128bit key |
"SegaBoot generates the KeyFile for the TC container of the game on the fly, using the KeyChip, the process is really complex, but it generates a file on c:\windows\temp with the keyfile, then mounts the TC container and after the TC Container is successfully mounted deletes the Keyfile from C:\windows\temp, is just 2 minutes to pach that, is only a matter to remove the DeleteFile function from SegaBoot with simple NOPs and let SegaBoot to mount the game, then the Keyfile will be there on c:\windows\temp"
https://web.archive.org/web/20170630214524/https://assemblergames.com/threads/sega-ringedge-motherboard-inside-pictures.46424/page-3
Think about this process... someone has done two things.
a) Made images in which TrueCryptKey files for the WRONG Sega Keys work with arbitrary games.
b) Made images in which No keychip is needed, an force the image to use an archived Key file that was copied from c:\windows\temp
The text was updated successfully, but these errors were encountered: