it will not yet fix the DC flag! u need to search the DC flag then change it!
[Discussion] Removing DC Flag
09/01/2009 09:07
brian86#136
09/01/2009 13:17
cabal4life#137
where to serach the dc flag? in olly?
09/01/2009 16:36
dlnqt#138
use UnExeStealth to unpack the first protection in cabalmain.. you'll get a new .exe which is around 8.5mb for me. The problem is there is another protection, I'll keep you guys updated.
BTW, use DiE (packer identifier). I recommend it.. don't limit yourselves to 1 tool only, try different kinds. You can get a lot of reverse engineering tools over at [Only registered and activated users can see links. Click Here To Register...] (forums). Collaborative tool library here: [Only registered and activated users can see links. Click Here To Register...].
Here are the steps which I think will make dmg hack work again. (Please don't PM me since I haven't succeeded yet in making damage hack work.):
1. Unpack cabalmain.exe
2. Live debug cabal (this means attaching ollydbg while your cabal is running)
3. In order to make live debug work, you need to bypass GG (Cabal Rider ofcourse)
4. Download ollytrace (WSASend WSARecv Send Recv packet catcher)
5. Get yourself dc while equipping earrings/bracelets (damage hack method)
6. Save logs from ollytrace (OllyTrace is like WPE, but better since it is a plugin of OllyDbg.)
7. Equip Earrings/bracelets normally (meaning you can actually wear it without using CE)
8. Save logs from ollytrace
9. Compare the two
10. This is where I stop, you need to set breakpoints when the actual dc happens, so you know where in the ASM is making you disconnected.
11. Trial and error.. traceback few steps just to find where the dc flag is
12. Once you find the asm address, apply it to your unpacked cabalmain.exe
This has been my research so far, I'm lazy to continue as I'm busy with work. Hope you guys make it work :D
PS: I doubt anybody here claiming they got it to work has really made it work, they just want other people who actually made it to work share their method :D Unless they provide you with recent screenshots, that's the time you believe :p People here who I think manage to make damage hack work again is someone122 ofcourse, NovaCygni, punkstyle and chrome :D
BTW, use DiE (packer identifier). I recommend it.. don't limit yourselves to 1 tool only, try different kinds. You can get a lot of reverse engineering tools over at [Only registered and activated users can see links. Click Here To Register...] (forums). Collaborative tool library here: [Only registered and activated users can see links. Click Here To Register...].
Here are the steps which I think will make dmg hack work again. (Please don't PM me since I haven't succeeded yet in making damage hack work.):
1. Unpack cabalmain.exe
2. Live debug cabal (this means attaching ollydbg while your cabal is running)
3. In order to make live debug work, you need to bypass GG (Cabal Rider ofcourse)
4. Download ollytrace (WSASend WSARecv Send Recv packet catcher)
5. Get yourself dc while equipping earrings/bracelets (damage hack method)
6. Save logs from ollytrace (OllyTrace is like WPE, but better since it is a plugin of OllyDbg.)
7. Equip Earrings/bracelets normally (meaning you can actually wear it without using CE)
8. Save logs from ollytrace
9. Compare the two
10. This is where I stop, you need to set breakpoints when the actual dc happens, so you know where in the ASM is making you disconnected.
11. Trial and error.. traceback few steps just to find where the dc flag is
12. Once you find the asm address, apply it to your unpacked cabalmain.exe
This has been my research so far, I'm lazy to continue as I'm busy with work. Hope you guys make it work :D
PS: I doubt anybody here claiming they got it to work has really made it work, they just want other people who actually made it to work share their method :D Unless they provide you with recent screenshots, that's the time you believe :p People here who I think manage to make damage hack work again is someone122 ofcourse, NovaCygni, punkstyle and chrome :D
09/01/2009 17:01
sparrowaie#139
why is gopotato not in the list? don't you think he did?:cool: hehehe...
this is really becoming very educational... people like me who doesn't even have any background on programming tries to have LUCK on this one. hahaha...
still trying to unpack cabalmain.exe. i got stuck here so reading more tutorials from the very basic ones. whew!
@Hackers/Reversers who made this work, please give us more hint/s on unpacking...:handsdown:
another thread have been started solely for unpacking. i know its not bad to share your knowledge on that part. :handsdown:
this is really becoming very educational... people like me who doesn't even have any background on programming tries to have LUCK on this one. hahaha...
still trying to unpack cabalmain.exe. i got stuck here so reading more tutorials from the very basic ones. whew!
@Hackers/Reversers who made this work, please give us more hint/s on unpacking...:handsdown:
another thread have been started solely for unpacking. i know its not bad to share your knowledge on that part. :handsdown:
09/01/2009 18:31
logan432#140
thanks but you dont need the unexestealth. you just need to know how to unpack the asprotect.. thanks again and will update this thread if successfullQuote:
use UnExeStealth to unpack the first protection in cabalmain.. you'll get a new .exe which is around 8.5mb for me. The problem is there is another protection, I'll keep you guys updated.
BTW, use DiE (packer identifier). I recommend it.. don't limit yourselves to 1 tool only, try different kinds. You can get a lot of reverse engineering tools over at [Only registered and activated users can see links. Click Here To Register...] (forums). Collaborative tool library here: [Only registered and activated users can see links. Click Here To Register...].
Here are the steps which I think will make dmg hack work again. (Please don't PM me since I haven't succeeded yet in making damage hack work.):
1. Unpack cabalmain.exe
2. Live debug cabal (this means attaching ollydbg while your cabal is running)
3. In order to make live debug work, you need to bypass GG (Cabal Rider ofcourse)
4. Download ollytrace (WSASend WSARecv Send Recv packet catcher)
5. Get yourself dc while equipping earrings/bracelets (damage hack method)
6. Save logs from ollytrace (OllyTrace is like WPE, but better since it is a plugin of OllyDbg.)
7. Equip Earrings/bracelets normally (meaning you can actually wear it without using CE)
8. Save logs from ollytrace
9. Compare the two
10. This is where I stop, you need to set breakpoints when the actual dc happens, so you know where in the ASM is making you disconnected.
11. Trial and error.. traceback few steps just to find where the dc flag is
12. Once you find the asm address, apply it to your unpacked cabalmain.exe
This has been my research so far, I'm lazy to continue as I'm busy with work. Hope you guys make it work :D
PS: I doubt anybody here claiming they got it to work has really made it work, they just want other people who actually made it to work share their method :D Unless they provide you with recent screenshots, that's the time you believe :p People here who I think manage to make damage hack work again is someone122 ofcourse, NovaCygni, punkstyle and chrome :D
09/01/2009 18:52
dlnqt#141
hmm? I tried unpacking with just asprotect unpacker but I was unsuccessful. unexestealth + RL!dePacker = unpacked cabalmain.exe :D
but maybe there's another way :p
but maybe there's another way :p
09/01/2009 19:12
logan432#142
i did use manual unpacking.. i just tried my oep to ImpRec program and it is correct.. did you see the series of error codes? i.e. ASCII "RPC_E_CONNECTION_TERMINATEDQuote:
but maybe there's another way :p
09/01/2009 19:35
dlnqt#143
series of error codes? in ollydbg? I see a LOT. I see everything cabalmain.exe has. skills boots gloves etc.
09/01/2009 19:36
logan432#144
ASCII "RPC_E_CONNECTION_TERMINATED <--- like thisQuote:
09/02/2009 00:36
168Atomica#145
It is the generic error that a connection was stopped.
RPC_E_CONNECTION_TERMINATED = no more data exchange. As you may know, cabal uses RPC to run processes between client and server. Just before this error code is the condition that makes cabal DC. Oh my oh my... now you are close.
RPC_E_CONNECTION_TERMINATED = no more data exchange. As you may know, cabal uses RPC to run processes between client and server. Just before this error code is the condition that makes cabal DC. Oh my oh my... now you are close.
09/02/2009 01:54
logan432#146
then i am right thanks atomica! now i dont know what to do lol. can i change the binary code of the RPC_E_CONNECTION_TERMINATED or there is a specific command?Quote:
RPC_E_CONNECTION_TERMINATED = no more data exchange. As you may know, cabal uses RPC to run processes between client and server. Just before this error code is the condition that makes cabal DC. Oh my oh my... now you are close.
09/02/2009 06:24
brian86#147
The problem is there is another protection, I'll keep you guys updated.Quote:
BTW, use DiE (packer identifier). I recommend it.. don't limit yourselves to 1 tool only, try different kinds. You can get a lot of reverse engineering tools over at [Only registered and activated users can see links. Click Here To Register...] (forums). Collaborative tool library here: [Only registered and activated users can see links. Click Here To Register...].
Here are the steps which I think will make dmg hack work again. (Please don't PM me since I haven't succeeded yet in making damage hack work.):
1. Unpack cabalmain.exe
2. Live debug cabal (this means attaching ollydbg while your cabal is running)
3. In order to make live debug work, you need to bypass GG (Cabal Rider ofcourse)
4. Download ollytrace (WSASend WSARecv Send Recv packet catcher)
5. Get yourself dc while equipping earrings/bracelets (damage hack method)
6. Save logs from ollytrace (OllyTrace is like WPE, but better since it is a plugin of OllyDbg.)
7. Equip Earrings/bracelets normally (meaning you can actually wear it without using CE)
8. Save logs from ollytrace
9. Compare the two
10. This is where I stop, you need to set breakpoints when the actual dc happens, so you know where in the ASM is making you disconnected.
11. Trial and error.. traceback few steps just to find where the dc flag is
12. Once you find the asm address, apply it to your unpacked cabalmain.exe
another thread have been started solely for unpacking. i know its not bad to share your knowledge on that part. :handsdown:
I was able to unpack the file and have it running through CR . However , if I attempt to attached olly to cabalmain.exe and run debug . It is detected by GameGuard , from this point I no longer know what to do hide olly and phantom don't seem to work . Please advise if there is any software I can use to bypass the 2nd protection . ^>> ^ thanks .. guys
09/02/2009 06:54
HumanaOne#148
i got past the unpacking stage thanks to a Newbie ^_^ loz >> i am currently on the live debugging phase - i see a thread that when i try to suspend, Cabal stops, and when i re-activate, Cabal resumes the process - i think me and Mr Newb are getting closer by the second - it does make it better if you're working with someone who works hard and never complain. :rtfm:
09/02/2009 07:13
dlnqt#149
huh? There is no gameguard running if you use cabal rider..Quote:
I was able to unpack the file and have it running through CR . However , if I attempt to attached olly to cabalmain.exe and run debug . It is detected by GameGuard , from this point I no longer know what to do hide olly and phantom don't seem to work . Please advise if there is any software I can use to bypass the 2nd protection . ^>> ^ thanks .. guys
09/02/2009 07:14
NoobWant2Learn#150
@gopotato Where are you now?? Busy hacking CABAL??? Need help here.. i have lots of unanswered questions hope you can clear my thoughts... GL