wanting help to make the crc?

Page 2 of 2

12/23/2008 01:01 GMThunder#16

i agree that number 2 is the option to use at the moment, i have been to busy with work due to xmas coming to actually look at the programing, if someone can post the crc part of the new dekaron.exe 4.6.2 we can go throught it together, i will try find and earlier copy to compare it to, actually if we look at what nebular done to say the 4.1.0 dekaron.exe to make it work (compare it to the 4.1.10 nocrc.exe) we might have more of an idea.

i read somewhere a post about the crc cal being changed and a screen shot of part of the exe file, i think its in 4.6.0 crc bypass work thread, this may be useful, will look into now.

12/23/2008 04:04 CrystalMaiden#17

Quote:

Originally Posted by xsvisme3177

^ Huh?

I asked why you prefer IDA, not what it is....

and wtf, thats not reverse engineering....we already know how the client checks the game files (a packet with a crc value) and we don't want to generate the same client just in a different way (reverse engineering = analysis of data - creation of same data w. different technique)

Anyways, if there are people who wanna work with me on a crc and you have programming/disassembling/al experience PM me your MSN messenger email.

I still think it's part of reverse engineering. LOL.
Anyway thanks for your post. I get the idea what to look for now and i'm working on it. :D

12/24/2008 01:10 GMThunder#18

i may have it sorted, but the new patch is just the share items, yes? i will update the crc folder and then share it with the ppl that actually took time to try things, (if it works again)

12/27/2008 12:24 emantiss#19

Quote:

Originally Posted by GMThunder

i may have it sorted, but the new patch is just the share items, yes? i will update the crc folder and then share it with the ppl that actually took time to try things, (if it works again)

so you have succeded ?:mofo:

12/27/2008 23:59 GMThunder#20

no, it seems impossible to use the old method (crc bypass) we will have to look at other ways eg memory editing...

omg a whole new can of worms

12/28/2008 10:02 xsvisme3177#21

Quote:

Originally Posted by GMThunder

no, it seems impossible to use the old method (crc bypass) we will have to look at other ways eg memory editing...

omg a whole new can of worms

your wrong. Old no_crc method works just fine ^^ ( i along with my bro made one)

BUT

oh noes, it looks like there is some new type of client check, that deals with the version of the client. oh well im going to keep working on it.

Btw memory editing is very limited for the game, ive already done alot of research with it, but there is 1 funny hack u can do with chat xD....

12/30/2008 01:23 GMThunder#22

well i might just have figured it out pm me i will try give you some info

YAAAAHHHHHHOOOOOOOO GOT ALL HACKS WORKING SSSSWWWEEEETTTT

12/30/2008 15:16 Systemerror#23

Congratz. Mem hack or nocrc?

12/30/2008 17:45 elitesneak#24

arrgh.... any more clues as to what i should be doing?

01/01/2009 03:00 twiggy345#25

Ok your probably wondering what this is. After examining the unpacked dekaron the InstantDeath released and compared it to Nebulars last no crc that he released. This coding here is the only difference that I have found. Let me repeat that. THIS CODING IS THE ONLY DIFFERENCE THAT I (AS IN ME) THAT I HAVE FOUND. If you can locate the crc check and replace it with this In my belief would create the no crc. Ok now this is where im lost. I followed Nebulars CRC identifier method in his research and am unable to find it. I just unable to find the right packet that will help with this. If you are able to find the right packet atleast post the 4 digit number on here (it will be A hexidecimal number). i know what to do after that.

[Only registered and activated users can see links. Click Here To Register...]

This is his research any help would be greatly appreciated.

[CRCCHECK size %u [CRCCHECK recv %u, %u, %u, %u check.csv list.csv ms_pInstance <|� 0�Q P�Q ��Q ��Q �Q SceneInit SceneLogin SceneLogo SceneCharSelect SceneCharCreate ScenePregame SceneGame2 SceneMapTool SceneActionScript SceneTest SceneLoginTest >> CHECKOUTCMD Start Fail

01/04/2009 04:41 xhugox#26

Quote:

your wrong. Old no_crc method works just fine ^^ ( i along with my bro made one)

BUT

oh noes, it looks like there is some new type of client check, that deals with the version of the client.

Quote:

your wrong.

You should never begin a sentence like this, unless you are 100% sure. :-/

your wrong.Well you forgot the call to list.csv, thats why your dekaron.exe does not crash.

The method still works of course, but the section nebular made will not work now. I need to do some more researches but I think I already know why...
We need to change the section because the crc functions have been modified pretty much - thanks Sparky.

Its not a new client check, it is the old version.dat check which has been modified. ( In 4.6.6 they use the same calculation for version.dat like they use for the crc)

Quote:

This is his research any help would be greatly appreciated.

[CRCCHECK size %u [CRCCHECK recv %u, %u, %u, %u check.csv list.csv ms_pInstance <|� 0�Q P�Q ��Q ��Q �Q SceneInit SceneLogin SceneLogo SceneCharSelect SceneCharCreate ScenePregame SceneGame2 SceneMapTool SceneActionScript SceneTest SceneLoginTest >> CHECKOUTCMD Start Fail

You are listing some ASCII strings, changing/adding them will not help to make the no_crc. (Well at least the listed ones...)
We need to change Assembler commands, they look like this in OllyDbg:

Code:

00C4015F   8B0485 4074BC00  MOV EAX,DWORD PTR DS:[EAX*4+BC7440]
00C40166   C1E9 08          SHR ECX,8
00C40169   31C8             XOR EAX,ECX
00C4016B   89D1             MOV ECX,EDX
00C4016D   C1E9 08          SHR ECX,8
00C40170   0FB6C9           MOVZX ECX,CL
00C40173   81E1 FF000080    AND ECX,800000FF
00C40179   8943 18          MOV DWORD PTR DS:[EBX+18],EAX
00C4017C   79 08            JNS SHORT wierd.00C40186
00C4017E   49               DEC ECX
00C4017F   81C9 00FFFFFF    OR ECX,FFFFFF00
00C40185   41               INC ECX
00C40186   89C6             MOV ESI,EAX
00C40188   0FB6C9           MOVZX ECX,CL
00C4018B   81E6 FF000000    AND ESI,0FF
00C40191   31F1             XOR ECX,ESI
00C40193   8B0C8D 4074BC00  MOV ECX,DWORD PTR DS:[ECX*4+BC7440]
00C4019A   C1E8 08          SHR EAX,8
00C4019D   31C1             XOR ECX,EAX
00C4019F   89D0             MOV EAX,EDX
00C401A1   C1E8 10          SHR EAX,10
00C401A4   0FB6C0           MOVZX EAX,AL
00C401A7   25 FF000080      AND EAX,800000FF
00C401AC   894B 18          MOV DWORD PTR DS:[EBX+18],ECX
00C401AF   79 07            JNS SHORT wierd.00C401B8
00C401B1   48               DEC EAX
00C401B2   0D 00FFFFFF      OR EAX,FFFFFF00
00C401B7   40               INC EAX
00C401B8   89CE             MOV ESI,ECX
00C401BA   0FB6C0           MOVZX EAX,AL
00C401BD   81E6 FF000000    AND ESI,0FF
00C401C3   31F0             XOR EAX,ESI
00C401C5   8B0485 4074BC00  MOV EAX,DWORD PTR DS:[EAX*4+BC7440]
00C401CC   C1E9 08          SHR ECX,8
00C401CF   31C8             XOR EAX,ECX
00C401D1   89D1             MOV ECX,EDX
00C401D3   C1E9 18          SHR ECX,18
00C401D6   81E1 FF000080    AND ECX,800000FF
00C401DC   8943 18          MOV DWORD PTR DS:[EBX+18],EAX
00C401DF   79 08            JNS SHORT wierd.00C401E9
00C401E1   49               DEC ECX
00C401E2   81C9 00FFFFFF    OR ECX,FFFFFF00
00C401E8   41               INC ECX
00C401E9   89C6             MOV ESI,EAX
00C401EB   0FB6C9           MOVZX ECX,CL
00C401EE   81E6 FF000000    AND ESI,0FF
00C401F4   31F1             XOR ECX,ESI
00C401F6   C1E8 08          SHR EAX,8
00C401F9   33048D 4074BC00  XOR EAX,DWORD PTR DS:[ECX*4+BC7440]

I would like to know what "%[^\n]\n" means, does anyone have an idea?
(It should be normal C coding, after this string fscanf() gets called)

01/04/2009 09:03 hyxodus#27

Quote:
Originally Posted by xhugox
You should never begin a sentence like this, unless you are 100% sure. :-/

your wrong.Well you forgot the call to list.csv, thats why your dekaron.exe does not crash.

The method still works of course, but the section nebular made will not work now. I need to do some more researches but I think I already know why...
We need to change the section because the crc functions have been modified pretty much - thanks Sparky.

Its not a new client check, it is the old version.dat check which has been modified. ( In 4.6.6 they use the same calculation for version.dat like they use for the crc)

You are listing some ASCII strings, changing/adding them will not help to make the no_crc. (Well at least the listed ones...)
We need to change Assembler commands, they look like this in OllyDbg:
Code:
00C4015F   8B0485 4074BC00  MOV EAX,DWORD PTR DS:[EAX*4+BC7440]
00C40166   C1E9 08          SHR ECX,8
00C40169   31C8             XOR EAX,ECX
00C4016B   89D1             MOV ECX,EDX
00C4016D   C1E9 08          SHR ECX,8
00C40170   0FB6C9           MOVZX ECX,CL
00C40173   81E1 FF000080    AND ECX,800000FF
00C40179   8943 18          MOV DWORD PTR DS:[EBX+18],EAX
00C4017C   79 08            JNS SHORT wierd.00C40186
00C4017E   49               DEC ECX
00C4017F   81C9 00FFFFFF    OR ECX,FFFFFF00
00C40185   41               INC ECX
00C40186   89C6             MOV ESI,EAX
00C40188   0FB6C9           MOVZX ECX,CL
00C4018B   81E6 FF000000    AND ESI,0FF
00C40191   31F1             XOR ECX,ESI
00C40193   8B0C8D 4074BC00  MOV ECX,DWORD PTR DS:[ECX*4+BC7440]
00C4019A   C1E8 08          SHR EAX,8
00C4019D   31C1             XOR ECX,EAX
00C4019F   89D0             MOV EAX,EDX
00C401A1   C1E8 10          SHR EAX,10
00C401A4   0FB6C0           MOVZX EAX,AL
00C401A7   25 FF000080      AND EAX,800000FF
00C401AC   894B 18          MOV DWORD PTR DS:[EBX+18],ECX
00C401AF   79 07            JNS SHORT wierd.00C401B8
00C401B1   48               DEC EAX
00C401B2   0D 00FFFFFF      OR EAX,FFFFFF00
00C401B7   40               INC EAX
00C401B8   89CE             MOV ESI,ECX
00C401BA   0FB6C0           MOVZX EAX,AL
00C401BD   81E6 FF000000    AND ESI,0FF
00C401C3   31F0             XOR EAX,ESI
00C401C5   8B0485 4074BC00  MOV EAX,DWORD PTR DS:[EAX*4+BC7440]
00C401CC   C1E9 08          SHR ECX,8
00C401CF   31C8             XOR EAX,ECX
00C401D1   89D1             MOV ECX,EDX
00C401D3   C1E9 18          SHR ECX,18
00C401D6   81E1 FF000080    AND ECX,800000FF
00C401DC   8943 18          MOV DWORD PTR DS:[EBX+18],EAX
00C401DF   79 08            JNS SHORT wierd.00C401E9
00C401E1   49               DEC ECX
00C401E2   81C9 00FFFFFF    OR ECX,FFFFFF00
00C401E8   41               INC ECX
00C401E9   89C6             MOV ESI,EAX
00C401EB   0FB6C9           MOVZX ECX,CL
00C401EE   81E6 FF000000    AND ESI,0FF
00C401F4   31F1             XOR ECX,ESI
00C401F6   C1E8 08          SHR EAX,8
00C401F9   33048D 4074BC00  XOR EAX,DWORD PTR DS:[ECX*4+BC7440]
I would like to know what "%[^\n]\n" means, does anyone have an idea?
(It should be normal C coding, after this string fscanf() gets called)

well its a regular expression...

But im too rusty to figure that one out =p
"%[^\n]\n"

I think its an expression that matches % followed by anything thats not a new-line character, and then ends in a newline character.

01/04/2009 13:35 ADHDKiD#28

I'll be looking through this information when I'm more awake.

01/06/2009 01:00 twiggy345#29

Quote:

Originally Posted by hyxodus

well its a regular expression...

But im too rusty to figure that one out =p
"%[^\n]\n"

I think its an expression that matches % followed by anything thats not a new-line character, and then ends in a newline character.

Ok im wondering is the quotes like that in the code becuase if it is then it should display that message somewhere. either on the screen, in the packet or in A file somewhere. You use quotes in C++ to display something on the screen or in a file type somewhere. You need to make sure that you have the syntax right. (Dont take it as im saying your wrong, just double checking.)

Page 2 of 2