So I've finally looked into how the new JP updater/client works. Let's firstly take a look on the phases:
- Starting game Launcher/Updater
- Launcher/Updater checks its version. If the version is not up to date - it'll start updating itself.
- Launcher/Updater checks loc file version. If the version is not up to date - it'll redownload the loc file. Note: it does not verify the integrity of the loc file, so Auto-Patcher is not required for patching loc file.
- Launcher/Updater checks client version and compares it to the meta version. If the version is not up to date - it'll start downloading all patches starting from current meta+1 up to the latest version and then patch them 1 by 1 in order. Note: once again it does not verify the integrity of any files.
- Starting the game makes Launcher/Updater to quickly recheck version once again, just in case.
- Protection is verified and started. It'll update itself if needed.
- Game's exe file is verified and started.
- Game loads everything it needs to RAM.
- You see the starting screen.
- After you press "Start" button in the game it'll verify the integrity of meta file loaded into the RAM. <- this is the main problem.
All verifications are done using hash stored on the Pearl Abyss' server.
Loc file and Paz files are never being verified in this whole process, so they can be patched freely, but since meta is checked after the game start (from RAM) it complicates things a little bit, as meta contains all pointers to files stored in Paz files, that means that even if technically you can repack Paz file, in order for that to work with unpatched meta - all patched files should be of the same size as originals and patched with InsertPAZ (which by the way I never got around to finishing
) method, otherwise the game will be broken.
As of now only 3 ways of properly patching the game (apart of loc file) come to my mind, and all of them are pretty edgy:
- Spoof the meta hash, by replacing the net packets.
- Patch meta in game's memory.
- Replace meta hash in game's memory? No idea if even possible.
All of that^ should definitely trigger the protection. If you have any other ideas - feel free to suggest them.
P.S. I think that I'll probably go down the 1st route, albeit in a bit different path and will look at where that'll lead me. Basically I want to make game asking Launcher for the hash instead of PA server. When? As always - no idea, depends on my free time