JOURNAL.md 1.1 KB
Journal for 1.1.0
Service
The mhyprot2.sys service is started in UnityPlayer.dll, and hash-checked against modifications when entering the door.
Checksum = Error 31
UnityPlayer checks the following files:
- All
*.exe,*.dll,*.sysfiles (recursively)
What does it do?
- You click the door after logging in
- UserAssembly jumps -> UnityPlayer
- For each file:
- call
CryptQueryObject - what does it to?
- call
- Returns to -> UserAssembly
- Probably sends it over the network
Network
Detailed information: network.md
- A large majority of packets has the same length when comparing Windows and Linux.
- Game data is transferred using UDP, security stuff seems to be done using TLSv1.2.
- The Linux client begins loading the game data over UDP, but opens a connection to the logging server to report the error.
Note: All error messages are reported to them. I blocked the logging servers for now, just to be safe.
Error messages also contain a stack backtrace, see UserAssembly.