From 724d1b6d24622b24d6df8f95de0fdcb35bc818aa Mon Sep 17 00:00:00 2001 From: Axel <58704636+Suwup@users.noreply.github.com> Date: Tue, 14 Sep 2021 11:27:38 +0200 Subject: [PATCH 1/6] Updated fortnite decryption for version 18.00-CL-17468642 (#40) --- Dumper/engine.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dumper/engine.cpp b/Dumper/engine.cpp index 0688859..1931f02 100644 --- a/Dumper/engine.cpp +++ b/Dumper/engine.cpp @@ -290,12 +290,12 @@ struct { mov [rsp +8], rbx push rdi sub rsp, 0x20 - mov ebx, edx - mov rdi, rcx + mov edi, edx + mov rbx, rcx mov rax, 0xDEADBEEFDEADBEEF jmp rax */ - uint8 trampoline[] = { 0x48, 0x89, 0x5C, 0x24, 0x08, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0xD3, 0x48, 0x89, 0xCF, 0x48, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xE0 }; + uint8 trampoline[] = { 0x48, 0x89, 0x5C, 0x24, 0x08, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0xD7, 0x48, 0x89, 0xCB, 0x48, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xE0 }; *(uint64*)(trampoline + 17) = (uint64)((uint8*)decryptAnsi + 0x4A); // https://i.imgur.com/zWtMDar.png Decrypt_ANSI = (ansi_fn)VirtualAlloc(0, sizeof(trampoline), MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (Decrypt_ANSI) { From 885c8178a916463bd5c0b5a2bc8403b46aede945 Mon Sep 17 00:00:00 2001 From: Axel <58704636+Suwup@users.noreply.github.com> Date: Sat, 18 Sep 2021 13:06:15 +0200 Subject: [PATCH 2/6] Updated fortnite decryption for version 18.00-CL-17468642 (#41) * Updated fortnite decryption for version 18.00-CL-17468642 * Updated fortnite decryption for version 18.00-CL-17519952 --- Dumper/engine.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dumper/engine.cpp b/Dumper/engine.cpp index 1931f02..65a8db5 100644 --- a/Dumper/engine.cpp +++ b/Dumper/engine.cpp @@ -296,7 +296,7 @@ struct { jmp rax */ uint8 trampoline[] = { 0x48, 0x89, 0x5C, 0x24, 0x08, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0xD7, 0x48, 0x89, 0xCB, 0x48, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xE0 }; - *(uint64*)(trampoline + 17) = (uint64)((uint8*)decryptAnsi + 0x4A); // https://i.imgur.com/zWtMDar.png + *(uint64*)(trampoline + 17) = (uint64)((uint8*)decryptAnsi + 0x2A); // https://i.imgur.com/zWtMDar.png Decrypt_ANSI = (ansi_fn)VirtualAlloc(0, sizeof(trampoline), MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (Decrypt_ANSI) { memcpy(Decrypt_ANSI, trampoline, sizeof(trampoline)); From 366e0bf77375a036992679b4cf41d23aa734330e Mon Sep 17 00:00:00 2001 From: Axel <58704636+Suwup@users.noreply.github.com> Date: Sat, 9 Oct 2021 05:58:16 +0200 Subject: [PATCH 3/6] Updated fortnite decryption for version 18.10-CL-17661844 (#42) --- Dumper/engine.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dumper/engine.cpp b/Dumper/engine.cpp index 65a8db5..37c5fc1 100644 --- a/Dumper/engine.cpp +++ b/Dumper/engine.cpp @@ -290,12 +290,12 @@ struct { mov [rsp +8], rbx push rdi sub rsp, 0x20 - mov edi, edx - mov rbx, rcx + mov ebx, edx + mov rdi, rcx mov rax, 0xDEADBEEFDEADBEEF jmp rax */ - uint8 trampoline[] = { 0x48, 0x89, 0x5C, 0x24, 0x08, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0xD7, 0x48, 0x89, 0xCB, 0x48, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xE0 }; + uint8 trampoline[] = { 0x48, 0x89, 0x5C, 0x24, 0x08, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0xD3, 0x48, 0x89, 0xCF, 0x48, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xE0 }; *(uint64*)(trampoline + 17) = (uint64)((uint8*)decryptAnsi + 0x2A); // https://i.imgur.com/zWtMDar.png Decrypt_ANSI = (ansi_fn)VirtualAlloc(0, sizeof(trampoline), MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (Decrypt_ANSI) { From e4c16792af8b6b262d5c9ee1e7d21c93b8cc9644 Mon Sep 17 00:00:00 2001 From: Milxnor <84999745+Milxnor@users.noreply.github.com> Date: Fri, 15 Oct 2021 02:34:16 -0400 Subject: [PATCH 4/6] Updated Fortnite decryption for version 18.20-CL-17792290 (#43) --- Dumper/engine.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dumper/engine.cpp b/Dumper/engine.cpp index 37c5fc1..1931f02 100644 --- a/Dumper/engine.cpp +++ b/Dumper/engine.cpp @@ -290,13 +290,13 @@ struct { mov [rsp +8], rbx push rdi sub rsp, 0x20 - mov ebx, edx - mov rdi, rcx + mov edi, edx + mov rbx, rcx mov rax, 0xDEADBEEFDEADBEEF jmp rax */ - uint8 trampoline[] = { 0x48, 0x89, 0x5C, 0x24, 0x08, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0xD3, 0x48, 0x89, 0xCF, 0x48, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xE0 }; - *(uint64*)(trampoline + 17) = (uint64)((uint8*)decryptAnsi + 0x2A); // https://i.imgur.com/zWtMDar.png + uint8 trampoline[] = { 0x48, 0x89, 0x5C, 0x24, 0x08, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0xD7, 0x48, 0x89, 0xCB, 0x48, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xE0 }; + *(uint64*)(trampoline + 17) = (uint64)((uint8*)decryptAnsi + 0x4A); // https://i.imgur.com/zWtMDar.png Decrypt_ANSI = (ansi_fn)VirtualAlloc(0, sizeof(trampoline), MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (Decrypt_ANSI) { memcpy(Decrypt_ANSI, trampoline, sizeof(trampoline)); From 8df29338a67508c3ea205fcc0a837ca53fbc3e69 Mon Sep 17 00:00:00 2001 From: GoLang <87151713+GoLang1337@users.noreply.github.com> Date: Wed, 20 Oct 2021 18:43:32 +0200 Subject: [PATCH 5/6] Added BloodHunt (#44) --- Dumper/engine.cpp | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Dumper/engine.cpp b/Dumper/engine.cpp index 1931f02..d178fd3 100644 --- a/Dumper/engine.cpp +++ b/Dumper/engine.cpp @@ -318,7 +318,13 @@ struct { {"\x48\x8D\x0D\x00\x00\x00\x00\xE8\x00\x00\x00\x00\xC6\x05\x00\x00\x00\x00\x01\x0F\x10\x03\x4C\x8D\x44\x24\x20\x48\x8B\xC8", 30}, {"\x48\x8B\x05\x00\x00\x00\x00\x48\x8B\x0C\xC8\x48\x8D\x1C\xD1\xEB\x03\x49\x8B\xDD", 20}, nullptr - } + }, + { // Tiger-Win64-Shipping.exe + &Default, + {"\x48\x8D\x35\x00\x00\x00\x00\xEB\x16", 9}, + {"\x48\x8d\x1d\x00\x00\x00\x00\x39\x44\x24\x68", 11}, + nullptr + }, }; std::unordered_map games = { @@ -332,7 +338,8 @@ std::unordered_map games = { {"POLYGON-Win64-Shipping", &engines[4]}, {"FortniteClient-Win64-Shipping", &engines[5]}, {"TheIsleClient-Win64-Shipping", &engines[6]}, - {"PortalWars-Win64-Shipping", &engines[7]} + {"PortalWars-Win64-Shipping", &engines[7]}, + {"Tiger-Win64-Shipping", &engines[0]} }; STATUS EngineInit(std::string game, void* image) { From 5c99e6e58b20dd05226cb05678f2d4e8643a4355 Mon Sep 17 00:00:00 2001 From: lanylow <31806776+lanylow@users.noreply.github.com> Date: Sat, 13 Nov 2021 18:02:28 +0100 Subject: [PATCH 6/6] Updated fortnite decryption for 18.30-CL-17882303 (#50) --- Dumper/engine.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dumper/engine.cpp b/Dumper/engine.cpp index d178fd3..8b642b1 100644 --- a/Dumper/engine.cpp +++ b/Dumper/engine.cpp @@ -290,12 +290,12 @@ struct { mov [rsp +8], rbx push rdi sub rsp, 0x20 - mov edi, edx - mov rbx, rcx + mov ebx, edx + mov rdi, rcx mov rax, 0xDEADBEEFDEADBEEF jmp rax */ - uint8 trampoline[] = { 0x48, 0x89, 0x5C, 0x24, 0x08, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0xD7, 0x48, 0x89, 0xCB, 0x48, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xE0 }; + uint8 trampoline[] = { 0x48, 0x89, 0x5C, 0x24, 0x08, 0x57, 0x48, 0x83, 0xEC, 0x20, 0x89, 0xD3, 0x48, 0x89, 0xCF, 0x48, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xE0 }; *(uint64*)(trampoline + 17) = (uint64)((uint8*)decryptAnsi + 0x4A); // https://i.imgur.com/zWtMDar.png Decrypt_ANSI = (ansi_fn)VirtualAlloc(0, sizeof(trampoline), MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (Decrypt_ANSI) {