How to crack paul.dll (BF2, Test Drive Unlimited ...)

Discussion in 'Tutorials' started by {FS}p3ng3l, December 16, 2006.

  1. {FS}p3ng3l

    {FS}p3ng3l New Member

    1- Look for a decompiler such as PE Explore - you will need the full-blown version. The trial version does not allow date stamp removal

    2- Make a backup copy of paul.dll

    3- Decompile paul.dll and run CTRL Y command to get all the values available. You will see “000h6h6h6? - this is normal, don’t panic. Just run the dissassembler in preferred mode and it will do all the work for ya.
    4- Mark every hex ending with 06 as a “tag for later analysis” in group 1. Just conduct a search for them under group 1 and earmark them for later the information is used to detect the absolute offsets to the various content items in the file (for example: mov eax, offset L0041F46A, jmp L004A49FE) - don’t worry about the “49? values, they will never re-appear in the same column. You should end up with 1026 marked entries. If you have more, then this means you also marked the glossary items found in the same target tree. Just delete these extra files. You will end up saving yourself some time. These entries are created to enable SecuROM in dedicated mode. If you disable this feature, you’ll thank me later. If you don’t then that’s OK, because you’ll have to re-enter a second sample of hexes into the decompiler and crash the old values.
    5- Change every earmarked hex (except the ones contained in the 2nd tree ending with hex 0c) to check all the new values. You must first render these values with an hex renderer, such as WEP Key Generator, in order to render the proper values.

    OPEN UP WEP
    SET UP A KEY GENERATION FOR 16 KEYS
    ADD A GENERIC ALGORITHM - SOMETHING LIKE “2X3-4+ all 16/500? THIS WILL SET UP THE NEW KEY GENERATOR AND TELL IT TO GENERATE A KEY FOLLOWING THE ASSIGNED FORMULA.
    ONCE YOU HAVE GENERATED A FEW THOUSAND KEYS - I RECOMMEND SETTING UP AT LEAST 25,000 KEYS, COLLATE THEM WITH THE FORMULA AND EXPORT THEM BACK TO PE Explorer UNDER “NEW KEYS” AND END THE STATEMENT WITH THE ORIGINAL FORMULA. YOU DECIDE ON YOUR OWN FORMULA BUDDY. IT’S YOUR ASS, NOT MINE.
    NOW YOU WILL HAVE TO ENCODE THE ORIGINAL FORMULA. DON’T PANIC!!! JUST USE SOMETHING LIKE A SAT FORMULA MODEL CHECKER
    ENCODE THE FORMULA AND COPY ALL THE RESULTS TO YOUR HEX EDITOR.
    COPY THE HEX VALUES AND IMPORT THEM IN PE Explorer.

    IS EVERYBODY STILL WITH ME SO FAR???

    NOW THE EASY PART!!!

    Note that with some PE files, for example those compressed by a packing utility, the original values of these flags do not survive decompression. This can produce very strange disassembly listings. DON’T PANIC !!! To alleviate this problem use the available resource table - NOT THE VALUE TABULATOR, because this will screw everything up. Once you reach the max byte of generated data, you’ll notice something very exciting indeed: YOUR CODE WILL NOW BE RUN IN EMULATION MODE, THEREFORE, IT WILL BE RESIDENT IN THE ACTUAL CODE. Isn’t this just fabulous??? Just a little trick I learned in school… hehe

    6- Now don’t get too excited yet…Enter the new values by importing them from PCI Hexer - they will collate themselves in a new library under a second family (tree now ending with the new hexes generated)
    7- SecuROM will be automatically disabled at this point - WOOHOO. I always use WS_EX_DLGMODALFRAME command to do this. You decide on your own…
    8- Re-enable the partitioned values located in the source .dll and remove the date stamp with PE Explorer
    9- re-enter the last tree ending with hex c9 and remove the debug info
    10- save the new .dll under paul.dll and overwrite the old file.
    replace the overwrite paul.dll with your new project and you’re ALMOST home buddy!

    Now you are set to strip the new .dll and restamp it
    Restamp the date with PE Explorer
    Reset the debug attributes but DON’T IMPLEMENT THE ORIGINAL DATA!!!. This is very important. If you overwrite the data, you’ll screw everything up.
    Your last eight (*) bytes are now ready - you should see the new header now commencing with c0060 - this is good
    The new class will now be viewable. Delete the original one
    save your project

    START THE GAME
    ENTER THE LAST CODE YOU GENERATED WITH THE WEP KEYGEN

    PLAY THE GAME
     
  2. Defcon

    Defcon New Member

    Hey noob question but what does paul.ddl do ? server auth or something?
     
  3. Script0rz

    Script0rz New Member

    There is no paul.dll in bf2...
     
  4. Thebear

    Thebear Full Member

    Test drive unlimited isn't out yet
     
  5. kch0pa

    kch0pa Full Member

    At least add the credits when you get the tutorial from someone else...
     
  6. mophez

    mophez Full Member

    Yeah I noticed because p3ng3l cant speak English that good..
     
  7. ooo

    ooo New Member

    wow that is confusing......................holy shit......im like totally lost. im NOT with you lol..someone rewrite it and explain wtf he is doing pls
     
  8. DiSTANTX

    DiSTANTX Guest

    if anyone understood this, please upload a patched paul.dll for bf2142 beta
     
  9. battledead

    battledead Full Member

    looks pretty easy, i'll do it if someone can upload a paul.dll for me.
     
  10. DiSTANTX

    DiSTANTX Guest

  11. A_Tiny_Chipmunk

    A_Tiny_Chipmunk New Member

    ok WHAT does this do ? does it let u play BF2 online? with out cdkey?

    thanks
     
  12. DiSTANTX

    DiSTANTX Guest

    omg such a n00b question

    it lets you get in the beta...for LOCAL playing
     
  13. A_Tiny_Chipmunk

    A_Tiny_Chipmunk New Member

    yea ok soz for a noob question i just had realy no idea what u guys were talking about :p
    y would u want it to be beta when u can play local any way ?
     
  14. Sparco

    Sparco New Member

    u got paul.dll in photoshop cs4
     
  15. .ISO

    .ISO FS Member

    They're not the same...
     
  16. hot_wired13

    hot_wired13 FS Member

    so... we can play GTA4 with this? :p
     
  17. idunnoman

    idunnoman New Member

    Can anyone get me a paul.dll for Terminator Salvation? I'm really desperate for it. I have no idea how to crack it and I can't find it on Google. Please... I would really appreciate it if someone could.
     
  18. Jake

    Jake Full Member


    Did you look on the date of the thread?
    And I doubt you can use this tutorial to crack Terminator Salvation since this tutorial was made before Terminator Salvation existed.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice