CPhack without unpacthed TS2

Rumil12 · 03/29/2013, 02:09

For those of you who know what function is used in the CP hack, the only thing the patch did was basically add a few checks, which can be noped out or jumped, and the hack will effectively be the same.

I only added this, because if u know a bit of asm, then it is much faster than re-installing TS2 and skipping that patch.

Also this is mostly for aeria, though with a few added changes it can work on probably any version.

TwelveSky2.exe+B05E0 - 55 - push ebp
TwelveSky2.exe+B05E1 - 8B EC - mov ebp,esp
TwelveSky2.exe+B05E3 - 83 EC 78 - sub esp,78
TwelveSky2.exe+B05E6 - A1 3C845900 - mov eax,[TwelveSky2.exe+19843C]
TwelveSky2.exe+B05EB - 33 C5 - xor eax,ebp
TwelveSky2.exe+B05ED - 89 45 FC - mov [ebp-04],eax
TwelveSky2.exe+B05F0 - 89 4D 88 - mov [ebp-78],ecx
TwelveSky2.exe+B05F3 - C7 45 8C EB000000 - mov [ebp-74],000000EB
TwelveSky2.exe+B05FA - 6A 04 - push 04
TwelveSky2.exe+B05FC - 8D 45 08 - lea eax,[ebp+08]
TwelveSky2.exe+B05FF - 50 - push eax
TwelveSky2.exe+B0600 - 8D 4D 90 - lea ecx,[ebp-70]
TwelveSky2.exe+B0603 - 51 - push ecx
TwelveSky2.exe+B0604 - E8 A7000B00 - call TwelveSky2.exe+1606B0
TwelveSky2.exe+B0609 - 83 C4 0C - add esp,0C
TwelveSky2.exe+B060C - 8D 55 90 - lea edx,[ebp-70]
TwelveSky2.exe+B060F - 52 - push edx
TwelveSky2.exe+B0610 - 8B 45 8C - mov eax,[ebp-74]
TwelveSky2.exe+B0613 - 50 - push eax
TwelveSky2.exe+B0614 - B9 A02A5B00 - mov ecx,TwelveSky2.exe+1B2AA0
TwelveSky2.exe+B0619 - E8 2265F7FF - call TwelveSky2.exe+26B40
TwelveSky2.exe+B061E - 8B 4D FC - mov ecx,[ebp-04]
TwelveSky2.exe+B0621 - 33 CD - xor ecx,ebp
TwelveSky2.exe+B0623 - E8 78000B00 - call TwelveSky2.exe+1606A0
TwelveSky2.exe+B0628 - 8B E5 - mov esp,ebp
TwelveSky2.exe+B062A - 5D - pop ebp
TwelveSky2.exe+B062B - C2 0400 - ret 0004

The above is the original and unpatched function. Compare it to the patched one, and you will see how they tried to prevent it. :P

Edit: Sorry forgot to mention that by simply changing some code, i indeed was able to make the CPhack work.

For anyone who has an old or outdated CPhack, what i posted is in not so many words, basically a guide to updating it, given that you can re-find the needed addresses.

Please dont send me PM's asking for it, as i will not spoon feed anyone. If ya want it, then learn to make it. This doesnt mean i am unwilling to help however :P.

Eucata2012 · 03/30/2013, 21:07

i don't understand you .... how to fix buffer overrun detected?

Rumil12 · 03/30/2013, 21:12

You have to update the CPhack...

Things you'll need.

1. Ollydbg (for patching / updating the addresses for the hack)
2. Figure out how to "jump" the patch added to the function I posted above.

This can all be done with Ollydbg.

If this is beyond your current understanding of hacking, then go back to learning CE. The more you know, the easier it becomes.

Edit: This is the function after it has been patched.

TwelveSky2.exe+B05D0 - 55 - push ebp
TwelveSky2.exe+B05D1 - 8B EC - mov ebp,esp
TwelveSky2.exe+B05D3 - 83 EC 78 - sub esp,78
TwelveSky2.exe+B05D6 - A1 3C945900 - mov eax,[TwelveSky2.exe+19943C]
TwelveSky2.exe+B05DB - 33 C5 - xor eax,ebp
TwelveSky2.exe+B05DD - 89 45 FC - mov [ebp-04],eax
TwelveSky2.exe+B05E0 - 89 4D 88 - mov [ebp-78],ecx
TwelveSky2.exe+B05E3 - C7 45 8C E7000000 - mov [ebp-74],000000E7
TwelveSky2.exe+B05EA - 6A 04 - push 04
TwelveSky2.exe+B05EC - 8D 45 08 - lea eax,[ebp+08]
TwelveSky2.exe+B05EF - 50 - push eax
TwelveSky2.exe+B05F0 - 8D 4D 90 - lea ecx,[ebp-70]
TwelveSky2.exe+B05F3 - 51 - push ecx
TwelveSky2.exe+B05F4 - E8 E7080B00 - call TwelveSky2.exe+160EE0
TwelveSky2.exe+B05F9 - 83 C4 0C - add esp,0C
TwelveSky2.exe+B05FC - 6A 04 - push 04
TwelveSky2.exe+B05FE - 8D 55 0C - lea edx,[ebp+0C]
TwelveSky2.exe+B0601 - 52 - push edx
TwelveSky2.exe+B0602 - 8D 45 94 - lea eax,[ebp-6C]
TwelveSky2.exe+B0605 - 50 - push eax
TwelveSky2.exe+B0606 - E8 D5080B00 - call TwelveSky2.exe+160EE0
TwelveSky2.exe+B060B - 83 C4 0C - add esp,0C
TwelveSky2.exe+B060E - 6A 04 - push 04
TwelveSky2.exe+B0610 - 8D 4D 10 - lea ecx,[ebp+10]
TwelveSky2.exe+B0613 - 51 - push ecx
TwelveSky2.exe+B0614 - 8D 55 98 - lea edx,[ebp-68]
TwelveSky2.exe+B0617 - 52 - push edx
TwelveSky2.exe+B0618 - E8 C3080B00 - call TwelveSky2.exe+160EE0
TwelveSky2.exe+B061D - 83 C4 0C - add esp,0C
TwelveSky2.exe+B0620 - 6A 04 - push 04
TwelveSky2.exe+B0622 - 8D 45 14 - lea eax,[ebp+14]
TwelveSky2.exe+B0625 - 50 - push eax
TwelveSky2.exe+B0626 - 8D 4D 9C - lea ecx,[ebp-64]
TwelveSky2.exe+B0629 - 51 - push ecx
TwelveSky2.exe+B062A - E8 B1080B00 - call TwelveSky2.exe+160EE0
TwelveSky2.exe+B062F - 83 C4 0C - add esp,0C
TwelveSky2.exe+B0632 - 6A 04 - push 04
TwelveSky2.exe+B0634 - 8D 55 18 - lea edx,[ebp+18]
TwelveSky2.exe+B0637 - 52 - push edx
TwelveSky2.exe+B0638 - 8D 45 A0 - lea eax,[ebp-60]
TwelveSky2.exe+B063B - 50 - push eax
TwelveSky2.exe+B063C - E8 9F080B00 - call TwelveSky2.exe+160EE0
TwelveSky2.exe+B0641 - 83 C4 0C - add esp,0C
TwelveSky2.exe+B0644 - 6A 04 - push 04
TwelveSky2.exe+B0646 - 8D 4D 1C - lea ecx,[ebp+1C]
TwelveSky2.exe+B0649 - 51 - push ecx
TwelveSky2.exe+B064A - 8D 55 A4 - lea edx,[ebp-5C]
TwelveSky2.exe+B064D - 52 - push edx
TwelveSky2.exe+B064E - E8 8D080B00 - call TwelveSky2.exe+160EE0
TwelveSky2.exe+B0653 - 83 C4 0C - add esp,0C
TwelveSky2.exe+B0656 - 6A 04 - push 04
TwelveSky2.exe+B0658 - 8D 45 20 - lea eax,[ebp+20]
TwelveSky2.exe+B065B - 50 - push eax
TwelveSky2.exe+B065C - 8D 4D A8 - lea ecx,[ebp-58]
TwelveSky2.exe+B065F - 51 - push ecx
TwelveSky2.exe+B0660 - E8 7B080B00 - call TwelveSky2.exe+160EE0
TwelveSky2.exe+B0665 - 83 C4 0C - add esp,0C
TwelveSky2.exe+B0668 - 8D 55 90 - lea edx,[ebp-70]
TwelveSky2.exe+B066B - 52 - push edx
TwelveSky2.exe+B066C - 8B 45 8C - mov eax,[ebp-74]
TwelveSky2.exe+B066F - 50 - push eax
TwelveSky2.exe+B0670 - B9 A03A5B00 - mov ecx,TwelveSky2.exe+1B3AA0
TwelveSky2.exe+B0675 - E8 C664F7FF - call TwelveSky2.exe+26B40
TwelveSky2.exe+B067A - 8B 4D FC - mov ecx,[ebp-04]
TwelveSky2.exe+B067D - 33 CD - xor ecx,ebp
TwelveSky2.exe+B067F - E8 4C080B00 - call TwelveSky2.exe+160ED0
TwelveSky2.exe+B0684 - 8B E5 - mov esp,ebp
TwelveSky2.exe+B0686 - 5D - pop ebp
TwelveSky2.exe+B0687 - C2 1C00 - ret 001C

As you can see by comparing the 2 functions i posted, the patch can be skipped, by adding jmp TwelveSky2.exe+B05F9 just after the first call in the function, the entire patch is skipped.

Doing this, and updating the addresses in the CPhack will give you a working hack.

Eucata2012 · 03/30/2013, 21:13

i have updated cp hack .... but i gain this error...

i tested on friend pc and worked ....

Rumil12 · 03/30/2013, 21:20

Your version of 12sky2 is different than his then. which doesnt matter, if you follow what i posted above.

Eucata2012 · 03/30/2013, 21:27

leave your skype or yahoo in my pm i don't know how to do this...

Rumil12 · 03/30/2013, 21:39

Im releasing it soon anyway, there is no need.

DevilCookies · 03/30/2013, 23:05

More ruining of the game to come, be prepared.

Rumil12 · 03/31/2013, 03:19

aeria is already ruined, so no harm done.

Simonichi · 03/31/2013, 18:38

Rumil what about other thing we talked about? o.o

Rumil12 · 04/01/2013, 01:42

Ill check it out next when I get time!

mhg123 · 04/04/2013, 23:54

when are you releasing this rumil?

iktov2 · 04/05/2013, 00:22

So, what you trying to do? Alert them of this fact so they can make a better patch?

Probably already in the works anyways, but was that your goal?

Anyways nice, obviously if using an unpatched client allowed it to continue working then it was a simple client side fix and didn't fix anything.

Rumil12 · 04/05/2013, 02:02

Quote:

Originally Posted by iktov2

So, what you trying to do? Alert them of this fact so they can make a better patch?

Probably already in the works anyways, but was that your goal?

Anyways nice, obviously if using an unpatched client allowed it to continue working then it was a simple client side fix and didn't fix anything.

Yea this should be patched on the server side. I think mayn might already done that, since they haven't changed the client side function at all, and I cant make it work. So that's a good thing!

iktov2 · 04/05/2013, 02:05

Quote:

Originally Posted by Rumil12

Yea this should be patched on the server side. I think mayn might already done that, since they haven't changed the client side function at all, and I cant make it work. So that's a good thing!

Tell me how it helps the players if the company will just keep doing things like releasing no-cap elixirs to exploit the **** out of their wallets and throw the balance of the game off par anyways?

With something like this hack at least it creates the opportunity for there to be a lot of healthy competition instead of 5 gods with unlimited bank accounts running the game.

No reason at this point to think its a good thing for this hack to get a patched, if it were any other game I would be on board for that, but this game is not salvageable in they're hands.