Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Latest RS 2014 patch breaks the latest release #4

Open
nsanta opened this issue Nov 3, 2016 · 39 comments
Open

Latest RS 2014 patch breaks the latest release #4

nsanta opened this issue Nov 3, 2016 · 39 comments

Comments

@nsanta
Copy link

nsanta commented Nov 3, 2016

Announcement: https://www.reddit.com/r/rocksmith/comments/5as6gx/patch_notes_rocksmith_2014_edition_remastered/

I tried to run RSInjector and nothing happens. HELP! 😃

Thanks in advance.

@haxnyc
Copy link

haxnyc commented Nov 4, 2016

Same here. Just happened to me today 10.4.16

@danielyoshizawa
Copy link

Same here, RSInjector runs but doesn't open the RS, the script just stop.

@isaacfi
Copy link

isaacfi commented Nov 5, 2016

Is there any workaround?

@Firekorn
Copy link

Firekorn commented Nov 5, 2016

The app changed and the signature isn't correct anymore and none of the dev that worked on it for the remastered update seems to be here so it's a bit more complicated for other user to come in and inspect the code of the new app.

@0x0L or @fabianosan Any help would be appreciated here!

@0x0L
Copy link
Contributor

0x0L commented Nov 5, 2016

I had a quick look unfortunately I don't own any professional tools for code analysis.
It seems they decided to screw us a bit: can't attach a debugger anymore, can't use naive dylib injection, etc...

If anyone has the old binary I would be great to share it somewhere

@Firekorn
Copy link

Firekorn commented Nov 5, 2016

The old binary are available here : https://www.dropbox.com/sh/uvm9ws9x833rj8q/AACFsCC7z8kdZu7tf12TQUP2a?dl=0

@0x0L
Copy link
Contributor

0x0L commented Nov 5, 2016

@Firekorn
Thanks mate

@0x0L
Copy link
Contributor

0x0L commented Nov 5, 2016

They updated lib_steam too

The file is too big for Hopper Disassembler to parse over demo time (half an hour). They did actively seek to prevent us from debugging or injecting code.

I really don't have time to spend on this right now, sorry guys

@haxnyc
Copy link

haxnyc commented Nov 5, 2016

https://thepiratebay.org/search/Hopper%20Disassembler/0/99/0

just sayin'

@0x0L
Copy link
Contributor

0x0L commented Nov 5, 2016

@haxnyc I certainly won't support stealing other's people work

@Firekorn
Copy link

Firekorn commented Nov 5, 2016

@0x0L here's a dump of the memory from the new version of the app if you wanna do your own search and also update the project (i am nowhere near knowing how to manage all of that) https://drive.google.com/file/d/0B1ZKYtpB0vu2bUFOamhDM3FlWXM/view?usp=sharing

@benneh
Copy link

benneh commented Nov 5, 2016

Hopper for what it does seems very reasonably priced, I just bought a copy so like I said I can try and learn a thing or two about reversing OS X apps.

Likewise for Rocksmith, I've already bought tonnes of DLC, but I only discovered CDLC a few weeks ago, only to now find it's possibly no longer a thing. Guess I was late to the party :(

@Firekorn
Copy link

Firekorn commented Nov 5, 2016

@benneh it's far from too late i've shared the dump with someone that worked on the dll for PC and even though he is using a VM to compile the code, a somewhat decent result can be expected sooner rather than later. The more people are knowledgeable of those app the easier it will be to react to any new update.

@Firekorn
Copy link

Firekorn commented Nov 5, 2016

I'm not sure what's going on on my end as i never tried to play Rocksmith with CDLC on my mac but i can't get the RSinjector to launch Rocksmith after compiling the code to bypass what's at the address 0x1ccb85 anyone with actual knowledge of this code could come by and share his light would be greatly appreciated as i'm really not sure what the hell am i doing!

@benneh
Copy link

benneh commented Nov 6, 2016

Likewise, fumbling my way through this :)

Where did you get the address 0x1ccb85?

Looking at the previous version it was overwriting the check by looking for the opcodes: \x84\xdb\x0f\x84\xde\x0a\x00\x00

This can be found at 0x1cbed5 and was the following instructions
001cbed5 test bl, bl
001cbed7 je 0x1cc9bb

This was just replaced with 0x90, (NO OPs) to skip over the code segment.

How we go about locating the same code segment in the new one is where I am struggling?

@Firekorn
Copy link

Firekorn commented Nov 6, 2016

That address was shared by a dev that worked on the dll after he analyzed the dump of the app, i'm not sure how he analyzed it and thought this address was worth testing but apparently it just makes RS crash when the RSinjector is launching the game anyway.

@0x0L
Copy link
Contributor

0x0L commented Nov 6, 2016

@Firekorn dylib injection simply does not work anymore. Even if you comment everything in rsbypass::load the game won't launch

0x1ccb85 is correct though

@Firekorn
Copy link

Firekorn commented Nov 6, 2016

Someone over CF suggested that the app crash because the game was launch via the app directly instead of going through steam which would be the reason of the crash and he also inserted the dylib directly into the app with this project : https://github.com/Tyilo/insert_dylib

I'm gonna investigate a bit more how each suggestion work separately and see if any "simple" workaround can be found.

@0x0L
Copy link
Contributor

0x0L commented Nov 6, 2016

@Firekorn
I hope that works, but the next logical move for Ubi will be to check MachO headers haven't been altered... Encrypting the app and securing the loading of external lib was no accident

@Firekorn
Copy link

Firekorn commented Nov 6, 2016

Indeed but looking at the fact they did no encryption on PC and i have heavy reason to believe they didn't do anything that actively try to break CDLC i have doubt about how far they've gone to "secure" this.

Also so far, i've confirmed that the RS app crash if you just launch it with the app instead of going through steam launch which could easily explain why the game don't work with the actual RSinjector with or without the dylib injection.

@0x0L
Copy link
Contributor

0x0L commented Nov 6, 2016

@Firekorn
Using insert_dylib and the current version of libRSBypass works fine. The simplest way to go would be to package a small shell script with libRSBypass and insert_dylib that user would run once

@Firekorn
Copy link

Firekorn commented Nov 6, 2016

@0x0L
yeah that's what i was going for after i failed miserably on trying to launch RS via the steam://run/221680 inside the RSinjector which just leads to the same error as if i open the RS app directly in the finder (which i find really odd). Note that if you are willing to create an app that will "patch" RS, i'm fine with letting you go for it, i'm not familiar enough with xcode or confident enough with my expertise to get this done in a reasonable amount of time...

@0x0L
Copy link
Contributor

0x0L commented Nov 6, 2016

you don't need to use xcode for that, a bash script is what we need. It will:

  1. copy libRSBypass.dylib into the Contents/MacOS folder of the rocksmith app
  2. run insert_dylib --inplace libRSBypass.dylib Rocksmith2014 in that folder

@Firekorn
Copy link

Firekorn commented Nov 6, 2016

my biggest concern is about how easy it is for any user to make this run without trouble overall and that's why an app seems like a simple suggestion (though it's surely more work).

I don't care how it's done, it's just that i and other mod/admin at CF will have to deal with the user complaining that it don't work so the more "idiot proof" it is (even if it's more work) will make me happier overall :)

(i'm already dealing with user having trouble with the dll for PC and it's impressive how hard it is for some user to get it right)

@0x0L
Copy link
Contributor

0x0L commented Nov 6, 2016

Yeah... that's always the most time consuming part: packaging it so that's it's easy to use... There are always users with non standard install path, etc... I know it's a pain in the a** to deal with.

IMO just make a zip containing the bash script, a compiled rsbypass and insert_dylib. Normal users who just double click on the script and voilà... The path to the rocksmith app would be easily editable in the bash script for users with special needs.

@Firekorn
Copy link

Firekorn commented Nov 6, 2016

well the code in the RSinjector to find the path seems practical enough but i'm not sure how easy it would integrate into a bash script... As i said, my knowledge here is very limited, i jumped on that project without any knowledge about dylib injection or xcode programming and i try to keep up as much as possible but it's not easy for me.

@0x0L
Copy link
Contributor

0x0L commented Nov 6, 2016

Quick and dirty:
https://drive.google.com/file/d/0BxaFLvfGYdQwWF9rOWtId2ZnNTA/view?usp=sharing

It should make a copy before patching, it should also use a version of librsbypass and insert_dylib compiled against an older framework so that people with old osx version be able to use it. it should test the user is not trying to patch the thing twice, etc... A python script might be a better solution actually

Run patch.sh once and then launch rocksmith from steam

@Firekorn
Copy link

Firekorn commented Nov 6, 2016

i've slightly adjusted the script for it work from wherever and changed it in a command file for it to launch directly.

The only thing that i see that could be the more common issue is the RS path and i've also seen some permission denied when sharing with others user but i think i've covered my basis the best i could. Anyway a thank you is worth it 👍

I and a dev at CF are still trying to make something more fool proof that we could also use for the dll (yeah copy and paste is really hard...)

For the others here are the post containing anything that i could think off over CF : http://customsforge.com/topic/33838-rsinjector-not-loading-just-crashes/page-3#entry236219

@0x0L
Copy link
Contributor

0x0L commented Nov 6, 2016

@Firekorn
Thanks for taking the matter into your own hands

@danielyoshizawa
Copy link

@Firekorn and @0x0L thanks for the solution guys, is working fine here, I really appreciate the effort.
OS X 10.10.5 here.

@JustinAiken
Copy link

If someone ones try a beta drag-n-drop, try this wrapper I created with platypus:

It wraps this script:

#!/bin/bash

DEFAULT_PATH="/Users/$USER/Library/Application Support/Steam/steamapps/common/Rocksmith2014/Rocksmith2014.app"

RS_PATH=$1
RS_PATH="${RS_PATH:-DEFAULT_PATH}"
FULL_RS_PATH="$RS_PATH/Contents/MacOS"

chmod +x ./insert_dylib
cp ./libRSBypass.dylib "$FULL_RS_PATH/"
./insert_dylib --inplace "$FULL_RS_PATH/libRSBypass.dylib" "$FULL_RS_PATH/Rocksmith2014"

echo "Successfully patched!"

Just dropping your Rocksmith.app on top of it should do the trick, even if you have it in a weird location

@idoo
Copy link

idoo commented Nov 8, 2016

Can I upload this .app file to dropbox for example? is there some kind of private info?

@JustinAiken
Copy link

Can I upload this .app file to dropbox for example?

Feel free!

is there some kind of private info?

Just the same files from the other patch, packaged up.

Hold up though, I missed a $ sign on DEFAULT_PATH, I need to repackage it... (Dropping should still work, but if you just double click it, it fails to use the default Steam location.

@0x0L @Firekorn - Do you guys know if there's a command that can check if the app is already patched? If so, I'll make the script make sure it doesn't doublepatch

@0x0L
Copy link
Contributor

0x0L commented Nov 8, 2016

@JustinAiken Check the output of otool or just check for the presence the copied bypass lib

@JustinAiken
Copy link

Alright, here's a better script:

#!/bin/bash

DEFAULT_PATH="/Users/$USER/Library/Application Support/Steam/steamapps/common/Rocksmith2014/Rocksmith2014.app"

RS_PATH=$1
RS_PATH="${RS_PATH:-$DEFAULT_PATH}"
FULL_RS_PATH="$RS_PATH/Contents/MacOS"

echo "Looking for RS2014 at: $FULL_RS_PATH"

if [ ! -d "$FULL_RS_PATH" ]
then
  echo "Rocksmith 2014 not found!"
  exit 1
fi

if [ -e "$FULL_RS_PATH/libRSBypass.dylib" ]
then
  echo "Rocksmith is already patched!"
  exit 1
fi

echo "RS2014 found... starting patching..."

chmod +x ./insert_dylib
cp ./libRSBypass.dylib "$FULL_RS_PATH/"
./insert_dylib --inplace "$FULL_RS_PATH/libRSBypass.dylib" "$FULL_RS_PATH/Rocksmith2014"

echo "Successfully patched!"

@DonSchado
Copy link

DonSchado commented Nov 9, 2016

you guys (+ girls) are amazing! :)

@benneh
Copy link

benneh commented Nov 9, 2016

Here is a python script that should handle non default steam library locations. I've run a few tests on default library path, and a custom library path and it worked well. Feel free to incorporate this into the bundle. It should also handle an already patched version gracefully and not attempt to repatch.

import os
import re

def patchRS():
    libfile = os.path.expanduser("~") + '/Library/Application Support/Steam/steamapps/libraryfolders.vdf'
    libregex = re.compile('(^\t"[1-9]").*(".*")')
    libdirs = []
    print 'Attempting to read libraries from %s' % libfile
    with open(libfile) as file:
        for line in file:
            dir = libregex.search(line)
            if dir:
                ndir = os.path.normpath(dir.group(2))
                print 'Library found at custom location %s' % ndir
                libdirs.append(ndir.strip('"'))
        if not libdirs:
            print 'Library found at default location %s' % os.path.expanduser("~") + '/Library/Application Support/Steam'
            defaultDir = os.path.expanduser("~") + '/Library/Application Support/Steam/'
            libdirs.append(defaultDir)

    for dir in libdirs:
        dirpath = os.path.join(dir, 'steamapps')
        print 'dirpath %s' % dirpath
        files = os.listdir(dirpath)
        for file in files:
            if 'appmanifest_221680.acf' in file:
                print 'Found RockSmith acf file %s' % file
                dylib = os.path.join(dirpath, 'common/Rocksmith2014/Rocksmith2014.app/Contents/MacOS/libRSBypass.dylib')
                if os.path.isfile(dylib):
                    print 'Rocksmith is already patched! %s' % dylib
                else:
                    print 'Patching dylib %s' % dylib
                    os.system('chmod +x ./insert_dylib')
                    os.system('cp ./libRSBypass.dylib ' + '"' + os.path.join(dirpath, 'common/Rocksmith2014/Rocksmith2014.app/Contents/MacOS/') + '"')
                    os.system('./insert_dylib --inplace '+ '"' + dylib + '"' + ' ' + '"' +  os.path.join(dirpath, 'common/Rocksmith2014/Rocksmith2014.app/Contents/MacOS/Rocksmith2014')+ '"')

patchRS()

and +1, great work @Firekorn and @0x0L on doing the hard parts here.

@boskiv
Copy link

boskiv commented Sep 14, 2018

Where I can find libRSBypass.dylib, because when I build or archive this project, there is only RSBybass.dylib file, i have tried to rename it, but my Rocksmith still does not see CDLC content.

@Firekorn
Copy link

The content won't show up if you don't own Cherub Rock on steam.

For the full package to get CDLC to work, i suggest to look over our global tutorial on CF : http://customsforge.com/topic/901-how-to-use-custom-dlcs-in-rs2014/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests