Cheat Engine

[Vessrak]

tl;wr: How do I traceback code linked to a particular action within a program?

Essentially, I managed to get a copy of Sound Voltex III Gravity Wars, a rather popular Japanese arcade game, from a friend and I've been trying to get it to "work" for at least 16 hours straight.

Being Japanese, the game is (or was) nearly impossible to run: it requires a card reader, a printer, a keypad and it also requires a computer with a single valid network adapter to not crash instantly on startup. Can you see how br00tal it is? Luckily, a bunch of Koreans managed to emulate the CR, the printer and the KP. As for the network adapter, it's as simple as disabling every network adapters on the PC running the game except for one.

"But wait, there's more!" - Billy Mays

Since this is a modern Konami arcade game, it couldn't possibly not require to be connected to some Konami server 24/7 in order to work. Again, some Korean guys for the solution to this problem by creating a very simple local server which sends and receives just enough information for the game to pass the network check which makes the game somewhat playable, but not really. They also made a more complex version of the server which became known as Programmed World, but has been taken down by Konami a while ago and was virtually impossible to get into because of a so called "Super Sekrit Klub".

Anyway, here I am trying to get around the part where the game can't load any player data from the very simplified local server because it doesn't support any of it. The game can be ran in Guest mode making it playable, but the kicker is that it's impossible to unlock new difficulties for the songs as a result, making it completely worthless without a server connected to some DB. The good news is that the logic is almost all client-side, making it possible to unlock all songs by hex editing the game.

I've tried nearly everything I can personally think of to find a way to bypass the player data check inside of the client using Cheat Engine and Olly Dbg. I'm sure it's as easy as changing a conditional jump for a no operation, but where could it be? What techniques do you guys use to backtrace code responsible for certain actions?

Here's a few things that might help: the game allows you to play 3 songs before it takes 1 credit from your card (not needed as a guest/Free Play, but it still kicks you back to the main menu without saving anything). Once you're done playing the second song, all the difficulties are AVAILABLE on the 3rd round. It means that there's some code in there which unlocks all difficulties, but I can't find shit no matter how hard I try to debug it. Any tips on how I could tackle this problem? I'm very new to assembly itself, but even newer to debugging. I just want to know if there's something I should know about debugging with CE that would make my life easier and help me find this fucking piece of code.

[cooleko]

ultimap would greatly benefit you here
at least narrow your search down to 10s-100s of function calls before you dig deeper.