Exetools

Exetools (https://forum.exetools.com/index.php)
-   Source Code (https://forum.exetools.com/forumdisplay.php?f=46)
-   -   [C++] Steamless - SteamStub DRM Remover (https://forum.exetools.com/showthread.php?t=16557)

atom0s 02-14-2015 06:50

[C++] Steamless - SteamStub DRM Remover
 
What is Steamless
Steamless is a DRM remover of the SteamStub variants.

The goal of Steamless is to make a single solution for unpacking all Steam DRM packed files. Steamless aims to support as many games as possible.
However, due to personal limited funds, I cannot test every game myself.
  • Project Home: http://atom0s.com/forums/viewforum.php?f=25
  • Source Code: https://github.com/atom0s/Steamless
  • Bug Reports: https://github.com/atom0s/Steamless/issues
  • Pull Requests: https://github.com/atom0s/Steamless/pulls
  • Latest Release: https://github.com/atom0s/Steamless/releases/latest

Supported Versions
Steamless currently supports the following SteamStub DRM variants:
  • SteamStub Variant 1
    • There is currently no support for this version of the protection.
  • SteamStub Variant 2
    • 32bit version of this variant is supported.
  • SteamStub Variant 3.0.0
    • 32bit version of this variant is supported.
    • 64bit version of this variant is supported.
  • SteamStub Variant 3.0.1
    • 32bit version of this variant is supported.
    • 64bit version of this variant is supported.

Please note; these version numbers are superficial. They are an assumed version based on major changes to the DRM over its lifespan.

What is SteamDRM / SteamStub
Quote:

DRM

Steamworks Digital Rights Management wraps your game's compiled executable and checks to make sure that it is running under an authenticated instance of Steam. This DRM solution is the same as the one used to protect games like Half-Life 2 and Counter-Strike: Source. Steamworks DRM has been heavily road-tested and is customer-friendly.

In addition to DRM solutions, Steamworks also offers protection for game through day one release by shipping encrypted media to stores worldwide. There's no worry that your game will leak early from the manufacturing path, because your game stays encrypted until the moment you decide to release it. This protection can be added to your game simply by handing us finished bits or a gold master.

ref: https://partner.steamgames.com/documentation/api
Legal
Steamless is released under the following license:
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International

Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the Licensed Material
as-is and as-available, and makes no representations or warranties of any kind concerning the Licensed Material, whether
express, implied, statutory, or other. This includes, without limitation, warranties of title, merchantability, fitness
for a particular purpose, non-infringement, absence of latent or other defects, accuracy, or the presence or absence of
errors, whether or not known or discoverable. Where disclaimers of warranties are not allowed in full or in part, this
disclaimer may not apply to You.

Steamless is not intended for malicious use or for the use of obtaining or playing games illegally.
Steamless should only be used on games that you legally purchased and own.

Steamless is not associated with Steam or any of its partners / affiliates.
No code used within Steamless is taken from Valve or any of its partners / affiliates.

Steamless is released for educational purposes in the hopes to learn and understand DRM technologies.

Use Steamless at your own risk. I, atom0s, am not responsible for what happens while using Steamless. You take full reponsibility for any outcome that happens to you while using this application. Do not distribute unpacked files.

Thanks
Thanks to Cyanic (aka Golem_x86) for his notes and help with parts of the stub headers and such. You can find his information here: http://pcgamingwiki.com/wiki/User:Cyanic/Steam_DRM

Compiling Notes
The newest version of Steamless is written in C# to make it more community friendly. Not many people code in C/C++ so I opt'd to go with C# since more of the hacking/cracking scene seems to like using .NET languages.

Steamless can be compiled using Visual Studio 2015. Community Edition should work fine for those that do not own a paid version or do not wish to pirate it. No special features are required from any of the paid versions of VS. By default, Steamless is compiled against the .NET Framework v4.5.2. This means that the compiled binary WILL NOT work on Windows XP.

emo 02-14-2015 23:51

drm removed play csgo online with steam?

atom0s 02-15-2015 02:32

Quote:

Originally Posted by emo (Post 97681)
drm removed play csgo online with steam?

No, you will have to have a legit copy of the game to play it online as it makes use of Steams validation system / session system.

evlncrn8 02-15-2015 16:44

it only works on exe's with a .bind section?

atom0s 02-16-2015 04:31

Quote:

Originally Posted by evlncrn8 (Post 97691)
it only works on exe's with a .bind section?

I have not personally see any Steam DRM protected files that do not have this section. So yes it is one of the things it looks for specifically. If you know of any files protected with the DRM that do not have this section, feel free to upload the exe and I can check it out.

Right now I have put this project on the side due to some real life issues but in my spare time I do tinker with it still.

leetone 02-16-2015 08:08

Of course you need a legit copy to play online. This we will never crack, you can connect to non-VAC servers but that's it.....Can't change how computers work.

I am honestly shocked that I'm explaining this to an XDA member....this isn't cs.rin.ru!!!!

AMAZING code OP.

n00b 02-16-2015 16:36

https://github.com/w4kfu/hacnpx/tree/master/SteamStub

Amazing how similar this code in Python is to yours, atom0s...?

evlncrn8 02-16-2015 20:39

i have quite a few steam exe's without a bind section - want some?

atom0s 02-17-2015 01:19

Quote:

Originally Posted by evlncrn8 (Post 97722)
i have quite a few steam exe's without a bind section - want some?

Yes please if you want to share them.

Quote:

Originally Posted by n00b (Post 97716)
https://github.com/w4kfu/hacnpx/tree/master/SteamStub

Amazing how similar this code in Python is to yours, atom0s...?

My information and notes are based on this:
Code:

http://pcgamingwiki.com/wiki/User:Cyanic/Steam_DRM
If you wish to contact Cyanic to confirm it, feel free. I have been in discussions with him for the last 2 or so weeks about it.

cracker[PYG] 02-17-2015 08:50

This is a great tool, is in need of my research study. Thank you

n00b 02-17-2015 20:29

Naw, don't worry mate - I just found it to be very similar to one and another, despite being two very different programming languages.

Anywho, good work mate ;)

atom0s 08-21-2015 14:03

Some updates on this project. I have opt'd to move the code over to C# since more developers are familiar with that over C/C++.
(I'd rather stick with C/C++ but in the same sense I do want this to have some community contribution to it as well.)

SteamStub v3
As the Github page states, I have this version working 100% for 32bit files. At this time, 64bit is still not supported yet since I have not really focused on them. I don't have many games that are 64bit either to work with. There are some things that may/may not work properly though that I never mentioned before. The DRM has various flags that can be used and one of them prevents the .text section from being encrypted. At this time Steamless does not check for that. (I have not seen a game use this yet so I am waiting til I find an exe to test against etc.)

SteamStub v2
The last update on this was that I was around 75% with getting this to work. I'm now up to 100%, but again, with the same stipulations as v3. Some things may not work properly based on the flags used against the file. I have tested my unpacker for v2 against several files and all of them have worked fine.

SteamStub v1 / v1.5
This is still at 0% done as I do not have any games that use it. However I am still talking with Cyanic whom does have an assortment of collected exe's and hopefully I can get some from him and continue working on v1 as well.


Again a big thanks to Cyanic for his assistance with some parts of the DRM that I got stuck on. While his work is private for the DRM he has shared some things with me to help push me in the right direction without just giving me the answer etc. :) Hopefully Steamless will be able to handle all 3 versions of the DRM (and possibly future versions as they come) soon.

For those interested, feel free to fork the repo and help out too. Or if you need to pm me here or on my personal forum and we can discuss this more if need be. I'm open to suggestions and feedback as well for anyone that has it.

PS: To those that would rather use a C/C++ version of Steamless, once I get things cleaned up and settled in the C# version I will continue to update and maintain the C/C++ version as well.

mr.exodia 08-28-2015 20:14

Hm, C# is a nice language but I wouldn't prefer it over C++ for this kind of applications.

atom0s 08-29-2015 00:33

Quote:

Originally Posted by mr.exodia (Post 101318)
Hm, C# is a nice language but I wouldn't prefer it over C++ for this kind of applications.

I don't either but based on how many open source tools in the RE community there are that are C# now a days, I figured I'd remake it in a language more of the community seems to be using. I plan to keep the C++ version going as well since I prefer it as well.

atom0s 08-29-2015 00:56

This post is no longer relavent as the main project has moved to a different repo. Please check the main post.

atom0s 08-29-2015 02:07

This post is no longer relevant as the repo has moved. Please see the main post for updated information.

mudlord 08-31-2015 12:37

Just wondering, this RE all done from scratch?

Just wondering since I thought w4kfu's research would help, or so it seems with Variant 1 of SteamDRM. And if its all done from scratch, then I can fully understand not looking at stuff like w4kfu's work for guidance :)

atom0s 09-01-2015 18:38

Yes, it is from scratch with some assistance from Golem_x86's wiki post about some information on the various versions of the DRM. I focused on variant 3 to start while working on a few projects (Grim Dawn and some other games) which I needed to unpack to debug and such. So I took the time to reverse the flow and such.

I found Golem's wiki entry on things a little after I started working on it. His post helped with a few things I got stuck on and I landed up getting in touch with him through my personal site. After a bit of chit-chat back and forth he helped with some variant 2 stuff as well.

atom0s 09-04-2015 15:43

Steamless.NET v1.0.0.2
  • Adjusted the program to output when a file is failed to be processed.
  • SteamStubVar2: Added some minor output when a step in processing a file fails.
  • SteamStubVar2: Adjusted the handling of .text section decryption to not rely on static named sections. (Instead uses the information from the stub itself.)

atom0s 09-10-2015 14:14

Steamless.NET v1.0.0.3
  • SteamStubVariant3: Added a handling of older/newer files using a different size stub header.
  • SteamStubVariant3: Adjusted .text section unpacking to not rely on the section name and instead uses the stub header data to obtain the proper section now.
  • SteamStubVariant3: Adjusted the padding mode of the AES decryption.

giv 12-02-2015 00:55

Great project. Keep it going.

jonwil 01-09-2016 06:19

Any plans to support 64-bit games? I want to remove the DRM/encryption from Fallout 4. I own the game, paid for it legitimately and dont intend to pirate. I want to remove the encryption so I can get Fallout 4 into IDA and debugger and reverse engineer things in the game.

atom0s 01-09-2016 06:25

Quote:

Originally Posted by jonwil (Post 103738)
Any plans to support 64-bit games? I want to remove the DRM/encryption from Fallout 4. I own the game, paid for it legitimately and dont intend to pirate. I want to remove the encryption so I can get Fallout 4 into IDA and debugger and reverse engineer things in the game.

Right now I put this on the backburner as some other stuff for work came up that is eating my free time. I believe someone forked it on Github and made 64bit support for one of the stub versions though if you wanted to look.

jonwil 01-09-2016 07:29

Thanks, it did exactly what I wanted, fallout 4 is now disassembling properly in IDA :)

atom0s 01-18-2016 18:38

Steamless Project Update

Hello everyone, here is some information on my Steamless project.

I have decided to discontinue the C/C++ version of the tool. I do not have the time to port the .NET version updates over to it and overall it is just easier to get things done in C# at this point. So for the time being I'm marking the C/C++ version dead.

That said I have made a new branch on the Steamless Github named 'dotnet' and have made that the master branch. I am going to be using the main Steamless project repo as the overall repo from now on for Steamless instead of having two separate repositories. It is easier on me to just maintain one for both.

You can find the project here:
Code:

https://gitlab.com/atom0s/Steamless
Steamless v2

I have renamed Steamless.NET to just Steamless and have released v2 on the above repo. This version, at this time, only has support for the latest v3 DRM version.

Steam has just (in the last week or so) released a new SteamStub variant v3 version that has changed a few things. The latest Steamless source code handles this new version. It has been tested and proven working on Grim Dawn which makes use of the new DRM version.

That aside, the current dotnet branch does not include the old v2 and v3 unpackers. I need to rewrite them to adjust for some bugs that they had. I will hopefully have this new branch up to date soon. But I did want to get the latest v3 unpacker I wrote up tonight released as soon as possible for anyone needing it.

You can find all the info here:
  • Project Home: https://gitlab.com/atom0s/Steamless
  • Bug Reports: https://gitlab.com/atom0s/Steamless/issues
  • Pull Requests: https://gitlab.com/atom0s/Steamless/merge_requests

atom0s 01-20-2016 18:08

Steamless v2 Update
- Removed unneeded comment information.
- Added rescanning for stub headers that flip instructions in variant 3.
- Added support for variant 3 v3.0.0 again. (Rewritten partially to account for some old bugs.)
- Fixed unpacking issue in v3.1 when a code section is not encrypted.

mm10121991 01-28-2016 06:27

Thank you for sharing.

mr.exodia 01-29-2016 18:42

Aren't you getting takedown notices?

atom0s 01-30-2016 02:28

Quote:

Originally Posted by mr.exodia (Post 104098)
Aren't you getting takedown notices?

Me? No. I don't distribute binaries just the source code as an educational purpose.

Haven't gotten anything from Steam or any game company. Only game company that has had a problem was Crate Entertainment that banned me from their forums for releasing how to make their game run unpacked.

mr.exodia 01-30-2016 05:32

Quote:

Originally Posted by atom0s (Post 104107)
Me? No. I don't distribute binaries just the source code as an educational purpose.

Haven't gotten anything from Steam or any game company. Only game company that has had a problem was Crate Entertainment that banned me from their forums for releasing how to make their game run unpacked.

Try EA with an Origin unwrapped, my guess is you'd get hell from their lawyers :D

atom0s 01-30-2016 13:52

Quote:

Originally Posted by mr.exodia (Post 104111)
Try EA with an Origin unwrapped, my guess is you'd get hell from their lawyers :D

I think its a matter of how you approach the target and release your work. If your release is with the intent to promote piracy and destroy their brand, then yea they are going to definitely want to go after you.

In my case with Steamless, the intent of the project is a 'for-fun' educational project. The source is released with no intent to promote piracy but rather to run games DRM free on your own system, along with being able to debug the game easier.

With that, I don't release any binaries or assist with compiling them. I also do not assist with any form of removing the 2nd layer of the DRM (steam_api.dll) which requires an active Steam session to play the given game. (Which prevents piracy another step.)

I don't think Steam cares about my project though either way since its not doing any harm, I don't profit on it, and its not released in a binary form.

bigboss-62 02-13-2016 20:21

May be off-topic, but just for information for all exetools members, "Steamless" and "Steamless.NET" projects were now on gitlab and no more on github...

Here is the new link:
https://gitlab.com/atom0s/Steamless

atom0s 02-14-2016 04:10

Thanks bigboss-62, hadn't had a chance to post here.

GitHub has lost its meaning/vision to coorperate greed and I do not support that. (The CEO has changed the entire framework of the GitHub company because he took money over morals.) Because of that I do not want any of my stuff on GitHub supporting people that would take money over their coworkers.

All my stuff is moved over to GitLab now instead.

For this project, you can find the links here:
https://gitlab.com/atom0s/Steamless
https://gitlab.com/atom0s/Steamless.NET

(Keep in mind the Steamless.NET project is outdated and not supported anymore. Use the main Steamless project.)

atom0s 02-27-2016 02:02

I have updated various posts in this thread as I can now edit my posts. (Thanks admins!)
Main post is now updated to point to the proper location.

atom0s 09-07-2016 10:09

Steamless v3
http://i.imgur.com/wztFv5r.png

Info
I decided to rewrite Steamless with a UI since I had a lot of emails / private messages from people asking me how to use the old version etc. Along with that, the older version was not extendable or friendly to others developing unpackers. This new version is now fully done via plugins (Example plugin source code is included in the release) allowing others to easily create their own unpackers.

Download / Information
http://atom0s.com/forums/viewtopic.php?f=25&t=146

atom0s 01-23-2017 18:46

Steamless v3.0.0.4 - 64bit Support!

Been a while since I updated the thread here about my Steamless project. Since moving to Steamless v3 and releasing its source code, I have moved it back to Github (Gitlab saw little to no community input so I moved back to a more used network as much as I dislike Github..) and done some more changes.

Here is a quick review of the recent changes:
Code:

v3.0.0.1
 - PeFile32 - Added support for reading the ImageTlsDirectory section.
 - SteamStub Variant 3.1 (x86) - Adjusted the unpacker to attempt to use the Tls callback as the real OEP if general unpacking fails.

v3.0.0.2
 - Adjusted Steamless to use older Aero presentation library for Windows 7 support.

v3.0.0.3
 - Fixed issue with variant 2.0 (x86) unpacker failing to unpack files with non-encrypted code sections.

v3.0.0.4 - 64bit Support!
 - Steamless.Unpacker.Variant30.x86
    - Fixed issue with header size not unpacking properly for certain files.
    - Fixed issue with TLS callbacks not being unpacked properly when present.
 - Steamless.Unpacker.Variant30.x64
    - Added support for 64bit version of SteamStub Variant 3.0.
 - Steamless.Unpacker.Variant31.x64
    - Added support for 64bit version of SteamStub Variant 3.1

The biggest change with 3.0.0.4 is that I have now added support for 64bit games that use the 3.0.0 and 3.0.1 variants of SteamStub. These are not very well tested as I have only gotten a few files from various people to test with. I have confirmed things work with RAGE and Fallout 4 personally as I own both games.

More info about Steamless can be found on my personal site here:
Code:

http://atom0s.com/forums/viewforum.php?f=25

mrfearless 01-24-2017 08:10

I've had a look through my steam library and have sent you a pm with some details that might be useful.

atom0s 01-24-2017 08:54

Quote:

Originally Posted by mrfearless (Post 108268)
I've had a look through my steam library and have sent you a pm with some details that might be useful.

Thanks, the more files to test and validate working the better. I'm also unsure of the 2.0 variant of SteamStub had 64bit support. So far I have not found any games that are 64bit and use it though, so it helps to determine if I missed support for any versions of the DRM yet.

So far every file that I have gotten that is 64bit, Steamless is able to unpack. So things are looking pretty solid for the 64bit support. :)

n00b 01-25-2017 16:39

I have an idea for ya mate - an idea that would actually make Steamless live even more upto its actual name; Steamless!
By all standards, I'd say the title of the tool itself is misleading - I mean, your tool clearly do unwrap the SteamStub, but at the same time it doesn't make any SteamStub protectee's any less reliant on Steam in the end (and emulators does not count).
How about making a few minor adjustments to the unwrapped executables so it doesn't rely on SteamAPI.dll or any equal Steam related DLL's?
Just a suggestion mate, and yes I know it won't work on all....

atom0s 01-25-2017 18:55

Quote:

Originally Posted by n00b (Post 108282)
I have an idea for ya mate - an idea that would actually make Steamless live even more upto its actual name; Steamless!
By all standards, I'd say the title of the tool itself is misleading - I mean, your tool clearly do unwrap the SteamStub, but at the same time it doesn't make any SteamStub protectee's any less reliant on Steam in the end (and emulators does not count).
How about making a few minor adjustments to the unwrapped executables so it doesn't rely on SteamAPI.dll or any equal Steam related DLL's?
Just a suggestion mate, and yes I know it won't work on all....

Removing the SteamAPI is not as simple as just removing a call and its done. Games that really integrate it for various things such as achievements, cloud storage and so on make use of a lot of calls and interfaces that makes nulling it out basically impossible. Instead, people use emulated versions of the dll's to fake the calls and such to just return null / 0 for the most part as needed to make the game think Steam is running when its not.

Given that this makes the game fully piratable, I opt to not include this in my project. I enjoy not getting sued. This is explained in the readme that people have to remove that last layer themselves if they plan to fully make the game run without Steam if it uses the SteamAPI.


All times are GMT +8. The time now is 11:22.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX