The mhyprot2.sys
service is started in UnityPlayer.dll
, and hash-checked against modifications when entering the door.
UnityPlayer checks the following files:
- All
*.exe
, *.dll
, *.sys
files (recursively)
What does it do?
- You click the door after logging in
- UserAssembly jumps -> UnityPlayer
- For each file:
- call
CryptQueryObject
- what does it to?
- Returns to -> UserAssembly
- Probably sends it over the network
Detailed information: network.md
- A large majority of packets has the same length when comparing Windows and Linux.
- Game data is transferred using UDP, security stuff seems to be done using TLSv1.2.
- The Linux client begins loading the game data over UDP, but opens a connection to the logging server to report the error.
Note: All error messages are reported to them. I blocked the logging servers for now, just to be safe.
Error messages also contain a stack backtrace, see UserAssembly.