Looking for Kamael IG L2Walker 1.89 verify server

Quote:

Originally Posted by Krizza can somone check please if this verify is a backdoor program ? [Only registered and activated users can see links. Click Here To Register...]

I Checked it, I did not run it, but um . . . yea Kaspersky doesn't detect it from a file scan so I cant say its anything . . .(looking through asm machine code)

Um Ok heres the run down of what i got after decompiling it.
It makes a few refferance calls to advapi32.dll
which can be used eather as a malicious dll ( to hide from system process)
or as a networking dll so it may actually be ok!

There is only one refference to keyboard state and tons of refferences to winsock controls ( Server emulation / pinging tools)
so
this might actually be real!
but
It might be BOTH REAL AND A KEYLOGGER!! ;) so only way to tell is to

Run the program on a computer you don't care about and check if it does anything naughty

You can check what other computers/ networks your connected to by using
Start - > RUn - > Cmd -> Netstat
this will list all open connections that you have
Like if you have a browser open on google. . . it will show you google's Ip address etc.. . .

So I would say TEST THIS 1 !


Ps: where did you get this file?


also I think it was coded using Vb6 ;)

This actually looks worth testing

ok i have a question


ok on the old 1 we used to use

i opened a text file

dragged the old emulator into it

and i did control f and to find the keyword key

none found

on this new 1 here i did the same thing

and my search comes to a Activate Keyboard layout

so this doesnt look good already now if we can remove this keylogger then all is good


feedback on this please

oh shit i hope we have something here. sorry guys my help is useless i suck with coding and computer shit.. im willing to learn but i dont know what the fuck we are doing. so GL GL GL GL GL and fuck let this be a walker crack

Ok guys i tried it there is in fact a keylogger

goes to s38.avahost.nett which says congrats on apache


when lineage 2 was run lineage 2 auto detected it and wanted to patch it


i then had to re run the software lineage 2 patch system checker

and when the program was ran it came up with a error stating that a trial program had to be purchaed


this also opens up a port on my local router 192.168.1.101:port 1011

so this program has a big fat rat in it

can we give the big fat rat "rat poison"? and just have the crack? or is there no crack in it.. :(

Hmm maybe someone can explain to me what the other l2asrv did exactly ;) and maybe i can write a winsock tool to do the same thing for a new ver.? I know how to make simple stuff like this but I dont know exactly what the program itself is looking for so that I can feed it to l2 walker.
ie

L2 walker sends what information and requests what information? On what Ip Address ? What is it looking for on the server? What packets does it want this shit is not hard to code but you have to know what l2walker is requesting in terms of information. . . :cool: is it possible to talk to the old coder of the old l2asrv ? Who did the previous ones i heard he is retired etc but did he leave any source code behind?

1) yes there is source code for the old l2asrv around (search on this forum)
2) the problem is not really "what does walker want" but "with which encryption+which encryption key does the auth server/client encrypt the data"


I'm currently playing around with oog 10.9.0 where i have disabled the encryption&decryption subroutines... i think i will have some more information the next days.

seems reasonable . . .

Some1 posted this on blah, no virus, no keyloger, but still for me works only with OOG, cant launch with IG, maybe some1 can fix this isue.

Just copy file where walker exe is: [Only registered and activated users can see links. Click Here To Register...]

NO VIRUS/KEYLOGER!

I got IG walker working what more do I need ;)

Quote:

Originally Posted by xenosaga21 I got IG walker working what more do I need ;)

HolyFather's verify is don't working. Whast should I do? My os is vista.

what did you do? Say it pls

Share please, do you have a bypass for 1.92?
before new years i could use !.91 but my bypass doesnt work anymore, can some one help me please?

Its so easy ;P works on OFF also . . .
You have to setup
Loop back adapter
192.168.1.12
Host File
#192.168.1.12 L2authd.Lineage2.com
Run Walker 1.92 Verify = ok!

I Even made a 15 picture walk through guide for my friends lol . . .

;)
ITs all on that chinese forum ounce you get passed the gibberish when translated.
Heres a small guide. . . its very easy . . . all the files are here on this thread. . .
tcptunnel and walker is kinda all you need.
[Only registered and activated users can see links. Click Here To Register...]


Ps: YOU HAVE TO EDIT THE Forward.bat to match what server you are playing on!
Its in the post where i transalted you can find the Ip under where it says (american Clothing) which is poorly translated chinese (american auth server) thats if you wana play on usa servers . . . / NA . If you want europe etc the others are there. . .
Your .bat file should look like this. . . ( Not private) for Private Server you will have to find the IP.
tcptunnel --local-port=2106 --remote-host=(PUT SERVER AUTH IP HERE)--remote-port=2106 --stay-alive