[Request] How to patch conquer.exe to bybass Password encryption ?

_DreadNought_ · 06/23/2012, 15:33

I'll throw my few words and confirm, The password is never stored at a static address nor in plain text.

You can however mod the conquer.exe to store the plaintext in a static addr.

ahmed104 · 06/23/2012, 17:13

in latest patch
there is no more Rc5
old Password Cryptography is using for hidden the place of password in HexDump but it decrypt after you login ... old Password Cryptography now isn't useful in last patch

CptSky · 06/23/2012, 18:31

Quote:

Originally Posted by _DreadNought_

I'll throw my few words and confirm, The password is never stored at a static address nor in plain text.

You can however mod the conquer.exe to store the plaintext in a static addr.

On older client, the password was stored as plaintext in the memory and was sent as plaintext in the MsgRegister packet. It was easy to get the password of players

Zeroxelli · 06/23/2012, 19:40

Quote:

Originally Posted by CptSky

On older client, the password was stored as plaintext in the memory and was sent as plaintext in the MsgRegister packet. It was easy to get the password of players

Exactly. You could even run wireshark on a public network and get the password of players by watching the packets carefully.

Quote:

Originally Posted by ahmed104

in latest patch
there is no more Rc5
old Password Cryptography is using for hidden the place of password in HexDump but it decrypt after you login ... old Password Cryptography now isn't useful in last patch

That.. makes no sense. There's no reason the password would be stored after login, and especially not decrypted. As far as I know, the variable the password is stored in is nulled after you're forwarded to the game server..

Quote:

Originally Posted by _DreadNought_

I'll throw my few words and confirm, The password is never stored at a static address nor in plain text.

You can however mod the conquer.exe to store the plaintext in a static addr.

Well if you understand how to modify the structure of the machine code (not sure if you can do that with Olly, actually) you can just throw in a MOV or etc, or even push it into the free store, can't you?

Quote:

Originally Posted by { Angelius }

I believe that nothing is irreversible/impossible we just have to know how.

And yes the password is never stored as a plain text in the exe at least not in the current patch client's and the screen shoots you saw are not for the last patch.. i can tell by looking at the addresses in the cpu window.

I agree, those addresses are way off, and there's nothing like that anywhere around that range either. That's either a modified client, or extremely old client.

romeoromeo · 06/24/2012, 00:16

Quote:

Originally Posted by { Angelius }

And most of you will be able to find where the password is stored in the exe, and once a smart ass finds it he'll be surprised that its already encrypted and that its useless unless he has the balls locate where the password is being encrypted, and the balls to reverse the encrypting process, and when you finally figure all this shit out you will notes that every time you enter a new digit into the password field the *Already encrypted password* will be re encrypted again and the digit that you just entered is no longer available because its been replaced with a Star* and Zeroxelli answers are no where near any of this stuff.

However... the best way to do it is by capturing and recording each digit that's being entered in the password field ignoring the whole password encryption and when the client login you encrypt that password the way you want and send it to the server.

So yeah man up and have some balls.. and maybe you will get somewhere on your own because that's what i did after i asked 3 members on this forum who claims to know everything about it and most of them gave me a bunch of bullshit answers that proves they are full of shit and they know nothing about it...

if most can find where is the password stored then why will be surprised that its already encrypted ? !! was it encrypted by Logic ? or magic ?
means was there was call for a encryption function or dll or whatever . ... OR was it just - VOwala - password encryptied ??!!
and : the already encrypted password will be Re-encrypted ...
is that means if i have two digits ... the first one will have double encryption ? or you mean it will decryept and re-encrypt both togther ?
and if ur answer is double encrypted . is that means i will have to rotate the encryption like
digit 1 ( rotate password.length) , digit 2( rotate password length-1 ) ??? or the encryption is diff each time .

Zeroxelli · 06/24/2012, 00:28

Quote:

Originally Posted by romeoromeo

if most can find where is the password stored then why will be surprised that its already encrypted ? !! was it encrypted by Logic ? or magic ?
means was there was call for a encryption function or dll or whatever . ... OR was it just - VOwala - password encryptied ??!!
and : the already encrypted password will be Re-encrypted ...
is that means if i have two digits ... the first one will have double encryption ? or you mean it will decryept and re-encrypt both togther ?
and if ur answer is double encrypted . is that means i will have to rotate the encryption like
digit 1 ( rotate password.length) , digit 2( rotate password length-1 ) ??? or the encryption is diff each time .

No, he's saying that the new plain-text value will be encrypted. i.e. you had the encrypted version of 65 the first time, and then you type in 66. You now have the encrypted value of 6566

romeoromeo · 06/24/2012, 02:18

i use OllyDBG V2.0 and doesnt work for me on the last Conquer.exe ... process is always terminate ,and status msg is "process terminated exit code 0" . all i do is open conquer.exe and start debug ... something missed ?

ahmed104 · 06/24/2012, 05:01

@Zeroxelli the password is encrypted if you type password in textbox because there are check in conquer.exe after you login its decrypt it and encrypt it in new cryptography

Zeroxelli · 06/24/2012, 05:39

Quote:

Originally Posted by ahmed104

@Zeroxelli the password is encrypted if you type password in textbox because there are check in conquer.exe after you login its decrypt it and encrypt it in new cryptography

Actually, it's decrypted using the plain-text from the password field itself. There's no decryption in the cycle at all (or there shouldn't be, last I checked.) But regardless, it is not saved after you login, especially in decrypted form. You must be using a modified client and/or an older client.

Quote:

Originally Posted by littlechris95

Ops... double post.

No need to post about it.

ahmed104 · 06/24/2012, 22:11

Quote:

Originally Posted by Zeroxelli

Actually, it's decrypted using the plain-text from the password field itself. There's no decryption in the cycle at all (or there shouldn't be, last I checked.) But regardless, it is not saved after you login, especially in decrypted form. You must be using a modified client and/or an older client.

No need to post about it.

i'll make video to you see it .. im correct

Zeroxelli · 06/24/2012, 22:12

Quote:

Originally Posted by ahmed104

i'll make video to you see it .. im correct

Ok sure, I'll be waiting to see it then.

ahmed104 · 06/25/2012, 09:44

that's it , Zeroxelli

Zeroxelli · 06/25/2012, 10:33

You're tracking the content of the window (Yes, TQ uses a window and not a textbox), but still, it doesn't look right to me.

ahmed104 · 06/25/2012, 16:29

Quote:

Originally Posted by Zeroxelli

You're tracking the content of the window (Yes, TQ uses a window and not a textbox), but still, it doesn't look right to me.

ok ... i dont care

if you want show it in TeamViewer ... ok .. send your Email address in private Message

romeoromeo · 06/25/2012, 16:43

Sorry to post this again .
i use OllyDBG V2.0 and doesnt work for me on the last Conquer.exe ... process is always terminate ,and status msg is "process terminated exit code 0" . all i do is open conquer.exe and start debug ... something missed ?