Steamless - The Beginning
- Steamless was created after I was beginning to see a huge increase in the games I had on Steam using a custom packer. Given that I am a game hacker at heart, my first instincts when getting a new game is to almost immediately check out the files. The intent is not always to hack the game immediately, but more or less my curiosity getting the best of me and wondering about the files. Things such as what they are written in, what they are packed with (if anything), what they are obfuscated with (if anything) and so on. It's just more or less me being interested in how something was made.
More and more I started seeing files with some similar characteristics and annoying things to deal with such as anti-debugging techniques and static file analysis prevention due to packed sections. So I set out to learn more about the protection and possibly ways to remove it if something already existed. Through searching, I found some vague articles discussing the protection (mostly on crack forums/sites). But I couldn't find any solid information on unpacking the protections or any automated tools for the process.
Because of this, I set out and began working on Steamless as a handful of games I was interested in hacking basically needed it. I spent about a week or so working on the unpacking analysis, jotting down information that I learned from how the file(s) worked for the few games I tested with from the start. After learning some key points of the protection I had a better understanding of what to look for online in terms of potential tools and dumps of similar information. This is when I stumbled upon Golem's wiki page found here: http://pcgamingwiki.com/wiki/User:Cyanic/Steam_DRM
His wiki article at the time covered some basic information about the protection and a great database of games protected with the DRM. This was a helping push in the right direction on some of the parts of the DRM I was still working on reversing.
- The first iteration of Steamless was a simple console window that only supported SteamStub v3.0 (as I have dubbed it). It was very 'static' in terms of how it was implemented and it worked on a handful of games only. It had issues with certain situations and was more or less just a start of the project. This version was coded in C/C++ and was not really well designed or optimized for how the DRM was designed. Given that I had only really tackled the 32bit version of the 3.0 DRM, the project was lacking in features and support.
During this time I had talked with Golem directly about his work with the packer, got some insight on the earlier versions of the DRM and begun reworking some of the internals of Steamless. Him and I exchanged some of our personal progress and overall was a great push to keep the project going and begin working on supporting other versions of the DRM.
Steamless v2 / Steamless.NET
- At this point of the project, I had begun rewriting Steamless to be more scalable towards supporting other versions of the DRM. The C/C++ version was rewritten to include support for both SteamStub v2 and SteamStub v3. (As well as detection for v1 but no support.) My work on the SteamStub v2 variant was still really fresh and rough. The variant required using some disassembling to pull the required data which included the usage of the BEA disassembly engine for the C/C++ version of the project. It was a rough start to supporting the 32bit variant but was a fun time reversing and learning more about the older versions of the DRM.
This was also the time I felt the project was getting some reputation but not much contributions back. Mainly because most of the people commenting on it and discussing it were not developers that used the C/C++ languages. From my experience with various reversing forums and peers, I felt it was best to move the project to C# as .NET is a fairly popular language in the reversing scene for making tools and such. I ported the current code base of Steamless to C# and dubbed the project Steamless.NET. When I did this, the idea was to maintain two projects for Steamless. The original C/C++ version and the new C# version, however that was fairly short lived after taking a step back and realizing that any contributions to one or the other would have to be ported to the other to keep both projects on the same level. I felt this was going to cause the project to become stagnant over time and one or the other would becoming the dominating project either way.
Because of this, I decided it was best to just drop the C/C++ version and stick to the .NET (C#) version instead.
- While Steamless v2 was working great for many games, I was not happy with the code base. It was fairly rough to add support for other versions of the DRM and was not really friendly in terms of having more developers contribute to the project. I also was not happy with the license choice was it felt it didn't serve the project well. I also had failed to bring the full v2 support to the public version that was released due to a lack of free time. Another issue I was having was a large influx of help/support requests on how to use it as many people were not really familiar with using a command line tool.
I felt it was a good time to really revamp the project by doing a few major changes to it:
- A full overhaul of the code, making it much cleaner and modular for others to create their own packers in the form of a plugin.
- Make Steamless have a UI instead of being a command line tool to help with those that were struggling to use it.
- Add support for the v2 packer in the public release.
- Add support for the new v3.1 variant of the DRM that was introduced recently.
- Prep the code base to be able to support 64bit versions of the DRM.
- Change the projects license to something more suitable for its nature.
Steamless v3 introduced a module setup for the unpackers of each variant version which makes updating things as well as adding support for other versions of the DRM a breeze.
The UI was designed to be simple, to the point, and easy to use for anyone.
I decided on the 'Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License' licensing system as well as the new license of the source code for the project as I felt the Creative Commons licenses better suited the project than the GNU GPL. The idea behind Steamless was more or less an educational project for myself, and I wanted to share that knowledge and information about DRM to others.
- During the Steamless project, I had moved from Github to Gitlab due to how Github's internal workings was happening. Employees were treated horribly and a full overhaul of the companies original motto and purpose was done. The CEO had become more or less a puppet to his investors and was more interested in money than his family he had created. I really disliked this and opt'd to move all my projects to Gitlab, a fully open source project similar to Github. While I still use Gitlab as my main repository site of choice for off-site hosting, Steamless felt like it was being neglected for not being on the 'mainstream' platform of choice by most developers. (You can read more about Githubs corruption here: http://www.businessinsider.com/github-t ... ory-2016-2)
When I released Steamless v3's source code this past week, I felt it was in the best interest of the project to move it back to Github. Not because I like using Github or have changed my opinion about their company, but simply because Steamless was not getting the same level of attention it was before I moved it to Gitlab.
- From here forward, I would personally like to get Steamless to a point where it can support most, if not all, of the Steam DRM protected games. Along with that, I want to be able to have support for 32bit as well as 64bit in a single project. (Given that loading the file is not required, a single 32bit version of Steamless can cover both 32bit and 64bit unpacking.) However, my free time (or lack thereof) really prevents me from handling most of this. Which is why I opt'd to make Steamless an open source project from the start.
I would love to see others interested in the topic of DRM as well as how packers work. While SteamStub DRM is not anything super amazing, it is a great DRM for beginners to get their feet wet in understanding and reversing. (The way I would describe it to people would be is that it is a glorified version of UPX with some customizations and anti-debugging protections.)
My wishlist for Steamless going forward would be the following:
- Support for SteamStub variant 1.
- 32bit support for all variants.
- 64bit support for all variants.
- Proper support for TLS callbacks and options to handle those files as desired. (My newest commits to variant 3.1 demonstrate what I mean here.)
- Some cleanup to the UI, nothing major as I made it basic to begin with.