Edit (Sep 2022): Update 3.0 has made this post obsolete. This post was written before 3.0 and the proposed solution only works with earlier versions. This post remains available for the sake of preservation and because it’s funny reading the ramblings of an angry person.
I love Anno 2070. The game released in 2011, and I bought the Königsedition, a special deluxe edition containing the base game, the Deep Ocean DLC, a poster and the entire soundtrack on 3 CDs, back in 2013. I played this game to death, it is my most played strategy game and I have often look back at the fun I had while playing. If you never played the game and went on Steam you might notice it has a Mixed rating. This might seem weird considering I just told you how awesome this game is. But the ratings reflect the current state very well: you can’t fucking play the game.
Why the game is unplayable
Did you think Cyberpunk 2077 at launch was bad with all the glitches and bugs? At least you could play that game and somewhat enjoy it. Now look at this 10-year-old game that you can’t even fucking play and Ubisoft completely abandoned it. A studio abandoning their games is nothing new and often not a problem. It might suck that the multiplayer servers of your favorite game go offline, but you could at least continue playing the campaign or the community might start hosting servers.
So what do I mean with “you can’t fucking play the game”? Let’s imagine an obstacle course where the finish is the main menu of the game. To get to the main menu you first have to start the game either through Uplay, Steam or by starting the Anno5.exe
directly. The first obstacle is Uplay itself. I can not count the number of times Uplay had some error or bug that lead to me not playing a game. Back when Assassin’s Creed Unity came out, Uplay thought my saves were ephemeral, and I had to replay the first 5 hours of the game more than 13 times. The launcher is a complete dumpster fire and worse than the League of Legends client.
If you start Anno 2070 then Uplay will also launch and probably kill the process and start the Auto Updater. If that happens you are fucked because now the “Auto Updater” will try to auto update your game, even though it’s already updated. Once it’s done updating it will start the game which will start Uplay which will probably start the updater again. If you bought the game on Steam then you have to flip a coin and if it lands on heads you are fucked and Uplay doesn’t think you own the game. If you somehow did manage to convince Uplay to work for once you are now faced with the login screen.
The login screen: You open a website, click the login button, enter your username + password and log in to your account. But why do you have to log in to your account in Anno 2070? Some time around 2013 Ubisoft had the genius idea of switching up their entire account system. Anno 2070 was caught up in the transition and somehow came out as an abomination where the login is more broken than Fallout 76 on release. So what username + password do you use in Anno 2070? If you think you have to use your Uplay account then you’re wrong. If you choose your Steam credentials then you are also wrong. You have to use the credentials of the account you used to register the game. In my case it’s not my main Uplay account because it didn’t even exist back then. Now here is the fun part: I still own the game on Uplay. It is in my library, but I can’t use my account because the key is not linked to my actual Uplay account. I put emphasis on key because that is our next hurdle. Even if you manage to log in you will probably be asked about the key however your key might be linked to another account even though that account doesn’t have the game in their Uplay library. I don’t even know how this exactly works with Steam users, but I can imagine it doesn’t.
I hope you come to understand how utterly broken the start procedure of Anno 2070 is. Back in the day when Ubisoft used something called SolidShield the process was even more fucked. Your key was not only tied to some random account but also to your hardware directly meaning if you upgraded your GTX 580 to a GTX 590 your key would not work. If you somehow think this is just the rambling of an insane person then you are correct, but I would also like you to check out the Steam reviews and this great post on reddit “Ubisoft’s Anno 2070 Unplayable Due to DRM” for more salt.
Fixing the game
Edit (Dec 2021): Before we dive into this I want to tell you that there are other potential fixes to this problem. Some people messaged me and asks why I didn’t do X or Y and my answer was always “It didn’t work”. If you have a similar problem with Anno 2070 then there are other solutions you can try. The fix I will propose is guaranteed to work but should be a last resort.
Now that I cooled off and finished my rant it’s time to talk about how we can fix everything. If you want to follow along you need to get the latest version from Uplay or Steam. It has the version number 2.0.7792.0
and the SHA256 hash of Anno5.exe
is C76D42E71AF6A7D1786C6846091A5FBDDB13E3A88A72E469F36F9F365645D58A
. If you don’t want an explanation of how I got here you can skip to the TL;DR but if you want to hear the explanation then knowing assembly and basic programming is recommended.
The goal is to force the game into offline mode. Simply changing your firewall settings to block all connections from the executable is not the solution because, as explained earlier, we also need to deal with Uplay. There is actually a single function responsible for launching Uplay. The standard solution would be to either replace the function with NOP
instructions or replace the CALL
instruction with NOP
. This would probably work, however I found something better. This InitializeUplay
function gets called only once: during a pre-init function of the game inside a condition. There is actually a JNZ
instruction which will skip the function call entirely.
The comparison at 004b05bf
(80 7e 50 00 bb 10 00 00 00
) compares whatever is at ESI+50
with 0
meaning that the JNZ
jump at 004b05c8
will be taken if ESI+50
is not 0
. This is never the case and I don’t really understand what the condition actually represents, but we can exploit this and make sure the jump is always taken. Since ESI+50
is always 0
we can just change the comparison to compare ESI+50
with 1
: 80 7e 50 01
. With this you can launch the game and Uplay will never start.
Next up is the login screen. This took me the longest to figure out. I found the Uplay initialization within a few hours, but this took me an entire day. We can’t really skip the login screen, trust me I tried that, but instead we just have to trick the game that we are offline and want to play in offline mode. I used to play a lot in offline and back in the day you still had to put your username + password and click login at which point the game will see you are offline and then loads your offline profile. So now it’s time to find the callback function of the login button. I did manage to find the callback function and noticed a little function that returns a WebAdapter
based on the argument. Let’s name this function CreateWebAdapter(int x)
with x = 0
returning an offline web adapter and x = 1
the normal one.
My spidey senses were tingling, and I knew this was related to the solution. The login button callback function however will always call CreateWebAdapter(1)
. You could change the 1
to a 0
, but I noticed something different. You see, the login frame is created programmatically, and you can clearly see where the username text box, password text box, remember user ID checkbox, register account button and login button get added to the frame. In order to figure out which button has what callback I put a breakpoint on every callback function and clicked every button. However, there was 1 unused button. I’m not sure if it’s unused or only conditionally used but guess what function the callback calls: CreateWebAdapter(0)
. This possibly unused callback function was very similar to the login button callback, but it will always use the offline web adapter. I was very excited when I found out about this and immediately changed the callback function of the login button to use the callback function of the unused button by changing the PUSH
instruction at 0068a57b
from 68 90 9c 68 00
to 68 d0 8f 68 00
, and it fucking worked. You can now log in and start in offline mode.
TL;DR if you don’t want an explanation
- Change the
CMP
instruction at004b05bf
(80 7e 50 00 bb 10 00 00 00
) from80 7e 50 00
to80 7e 50 01
- Change the
PUSH
instruction at0068a57b
from68 90 9c 68 00
to68 d0 8f 68 00
If you did everything right the SHA256 hash of the modified Anno5.exe
file should be 01E123A72C3DCB4FB1E018A685692F57B9586FF4F187BB23B09D8B93D754C268
. If that is not the case you did something wrong and your game is probably broken so load your backup and try again.
Anno 2070 setting tips
In case you want to play Anno 2070 after reading this post here are some changes you might want to make in your settings file. The file is located in %appdata%/Ubisoft/Anno 2070/Config/Engine.ini
- change language by editing
<LanguageTAG>ger</LanguageTAG>
- skip the intro with
<SkipIntro>1</SkipIntro>
Afterword
This project has been a lot of fun and ended rather suddenly. I initially allotted 3 full days to this endeavor, but I kept finding new leads and getting new ideas, so I ended up only spending around 12.5 hours (I love how x32dbg will tell you how much time you have wasted debugging). The solution is also very simple, and I made it the title of this post. Just 3 bytes to fix the entire start of the game. I thought I would have to modify a lot of functions or write some DLL I’d have to inject but no, you just change 3 bytes and be happy :)
I hope you found this post somewhat interesting, and maybe you can finally play Anno 2070. If this works for you please do tell me below.