Poradniki

[Tutorial] How to get Allegro passwords

  1. Get some game on Allegro engine
  2. Check with Grabber tool if archives are password protected.
  3. Check on the xentax wiki if the password was already cracked by someone else https://wiki.xentax.com/index.php/Allegro_DAT
  4. If the password is still unknown, then open IDA Pro
  5. Search for string „packfile_password” in the assembler code.
  6. Go to address where you have instruction like „call ds:packfile_password”.
  7. Password for DAT archive will be above that instruction

8. Now check the password in Grabber tool if it works

9. If you can see some assets in the preview, then your password is correct.
10. That’s all. Happy modding. 🙂

Notes:
1. Sometimes password won’t be in plain text. In this case you have to set a breakpoint on „call ds:packfile_password” and see what password is passed to the function.
2. You can also use sysinternal’s string tool to export all strings from EXE and look for password there.

UPDATE – 21.07.2024
I have created new frida script today that will make getting Allegro password much easier.
It’s available on my github here:
https://github.com/bartlomiejduda/Tools/blob/master/NEW%20Tools/Allegro/allegro_DAT_frida_hook.js

You have to install frida first:

pip install frida

Then script can be used like this:

frida.exe -f <game_exe> -l <script_name>

For example:

frida.exe -f HoH.exe -l allegro_DAT_frida_hook.js

Example result below:

4 komentarze do “[Tutorial] How to get Allegro passwords

  • „Sometimes password won’t be in plain text. In this case you have to set a breakpoint on „call ds:packfile_password” and see what password is passed to the function.”

    Could you please clarify what you mean by „see what password is passed to the function”?

    Odpowiedz
    • Sure. I’ll explain. In some games (like „Alex the Allegator 4” if I remember correctly) you have to debug game’s code to find a valid password. You can use programs like „IDA PRO”, „Ghidra” or „x32dbg” to set a breakpoint at a specific line of code and then you have to follow this code to some other function that should be responsible for generating a password from the code. When you’ll find it, you just have to watch registers or memory to see the plain text password in the debugger.

      Odpowiedz

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany. Wymagane pola są oznaczone *

× 9 = nine