using OllyDBG 2.01 (from
http://www.ollydbg.de/odbg201.zip )
instructions for 0.2.6:
video here:
https://www.youtube.com/watch?v=9AKNnJxchuo
find the string "vdpin/disarmed.png", search for references to it, there should only be one, looking like:
Code:
test esi,esi
jne short Onlink-x86.00B35C5C
push offset "vdpin/disarmed.png"
then simply replace the `jne` instruction with nop nop, and voila, VSEC will be disarmed instantly upon clicking on any square in VSEC
--------------------------------------------------------------------------------------
instructions for 0.2.5:
Go to -> Expression "VsecScreenInterface::attempts" -> Follow Expression
search for references to this address
its written to from many places, but only read in 1 place, with a
Code:
mov ecx, dword ptr ds:[Onlink-x86.VsecScreenInterface::attempts]
now shortly after that, its increased by 1 with "inc ecx" - replace that with "nop" - and you'll (probably?) have unlimited attempts, as it should no longer count the number of times you've clicked.
a little further down there, you'll find some variation of this code, repeated over and over and over (probably 8 times, but i didn't count):
Code:
cmp dword ptr ds:[edi*4+Onlink-x86.VsecScreenInterface::LightsStats],eax
sete al
mov dword ptr ds:[edi*4+Onlink-x86.VsecScreenInterface::LightsStats],eax
xor eax,eax
cmp edx,3
jge short Onlink-x86.001E58E1
this is part of the algorithm that determines which button should lit or not when clicking. the "sete al" instruction, specifically, makes the switches light up. replace all the "sete al" instructions with
Code:
mov al,0
nop
- and all buttons around the button you clicked, should only ever turn off, which makes solving the VSECs as easy as clicking on all the lit buttons (or just click on any of the buttons near the lit button, really)
(i've been doing some version of this for several years, forgetting how i did it last time, and sometimes messing up and making the program crash on vsecs instead. - i should have kept notes of this - and now i have)