[Release] ClassicConquer Bot/Multi-Tool (Packets, Overlays, Plugins)

04/14/2026 15:15 brklol#16
Quote:
Originally Posted by Eckounlimitd23 View Post
anyway to change the script where it store stuff after dying instead of just going back to the spawn? i've been trying to figure it out



nevermind got it figured out. i also tweaked it where if the bot detects a player nearby, it'll move opposite direction, just a little safety measure.

i really appreciate you releasing this. the source the did help and actually learned a lot of codings becuase of it. thanks again.
Cool, feel free to contribute it to the repository :3
04/17/2026 22:03 Djarius#17
// Simplified logic for the SendMsg Hook
signed int __stdcall Hooked_SendMsg(void* pClient, char* pData, uint32_t dwSize) {
uint16_t packetSize = *(uint16_t*)pData;
uint16_t packetType = *(uint16_t*)(pData + 2);
char* payload = pData + 4;

if (packetType == 0x0421) {
// REPLACE: Use hardcoded donor hardware ID packet
memcpy(payload, donor_0421_payload, donor_0421_size);
return Original_SendMsg(pClient, pData, donor_0421_size + 4);
}

if (packetType == 0x041B) {
// 1. Extract Key Material (Timestamp + Password Hash)
// 2. Derive AES Key: MD5(TS + Pass + TS + Magic)

// 3. Decrypt Field 6 (the 64-byte blob)
AES_128_CBC_Decrypt(field6_ptr, decrypted_blob, derived_key, iv);

// 4. SPOOF: Overwrite machine-specific bytes in the decrypted struct
memcpy(decrypted_blob + 16, "00:11:22:33:44:55", 17); // Spoof MAC
memcpy(decrypted_blob + 32, "DESKTOP-GHOST", 13); // Spoof Hostname
*(uint32_t*)(decrypted_blob + 12) = 0; // Force VM Flags to 0

// 5. Re-encrypt and replace in the buffer
AES_128_CBC_Encrypt(decrypted_blob, field6_ptr, derived_key, iv);
}

return Original_SendMsg(pClient, pData, dwSize);
}

That look right
04/29/2026 21:22 jakeypops7#18
Quote:
Originally Posted by brklol View Post
Hi all,

Decided to open source the bot/tool I've been working on for Classic Conquer (conqueronline.net).

I don't expect anyone to contribute to this project but feel free to open a pull request if you're curious enough. The existing code is by no means perfect, it was a learning experience for me as well.

The 'original' source comes with a HWID and anti-cheat spoofer for the login flow, but I decided to not publish that part of the tool. However, you may follow [Only registered and activated users can see links. Click Here To Register...] to figure it out yourself.

[Only registered and activated users can see links. Click Here To Register...]

PS: I will NOT compile the project for you. You will have to figure it out yourself. It is set up in a way that it should be easy enough for you to figure it out.
Thanks for dropping this, it's been a really fun project to mess around with. I've added a bunch of stuff to my version, HWID support, an Auto VPN for switching IPs on the fly, a Tao Hunter with Fire of Hell and single target skills, a Dynamic Gold Collector, and some pathing tweaks to mix things up a bit. Also threw in a Repair All option for the Artisan Spammer and built a plugin for farming Squamas. Currently working on an Auto Blue Mouse Quest plugin and a couple other things I think would be pretty useful. I also fixed up the looting and cleaned up the settings a lot, felt like there was just way too much going on before, wanted it to feel less overwhelming.
Anyway, appreciate you putting this out there, gave me a great base to work from. Might contribute back at some point but for now keeping my version private with a few friends.

Cheers!
04/30/2026 04:36 Eckounlimitd23#19
Quote:
Originally Posted by brklol View Post
Cool, feel free to contribute it to the repository :3
Well. I'm done with this server. i got banned a couple of times now. i did a speedrun to see how far i can go, i got up to 27 days, almost maxed out gears, full 2 soc, 3 legs and 55 prestige till i got banned.

i am not sure how to contribute to github but here is my src files if anyone wants it.

to sum it up, i added more features to the original source.
-store after death
-pushback away from other players
-added more maps
-tele to market if blue name nearby
-added walk to pathfinder
-robust picking up +1s items
-added a timer for run time and cooldown

... i might have missed more but i created green notations on each blocks to notate what it does.

i couldn't get hwid figured out so i dont think ill be coming back soon.
05/24/2026 01:05 JJRedeemer#20
When I inject, I get this.

[info] [init] Waiting for login...

how to fix ?

edit: I guess server changed some offset or something cause it just hangs up on waiting for login even if I compile another dll. even if I bypass that, the overlay in game wants to wait for login even if the character in logged.
05/25/2026 04:38 ConQeReD#21
Quote:
Originally Posted by JJRedeemer View Post
When I inject, I get this.

[info] [init] Waiting for login...

how to fix ?

edit: I guess server changed some offset or something cause it just hangs up on waiting for login even if I compile another dll. even if I bypass that, the overlay in game wants to wait for login even if the character in logged.
The RVA offsets are wrong because the client was updated. I'm not sure my Scylla dump is good, I didn't have the time to try and get the real OEP, but there's no symbol information to find the things here.

If brk updates the list, it's probably worth implementing a signature scanner to find these offsets instead of hard-coding them, that way updates to the client won't break things. Alternatively if you get a good dump from the old exe you could probably already do that.
05/25/2026 15:24 JJRedeemer#22
Quote:
Originally Posted by ConQeReD View Post
The RVA offsets are wrong because the client was updated. I'm not sure my Scylla dump is good, I didn't have the time to try and get the real OEP, but there's no symbol information to find the things here.

If brk updates the list, it's probably worth implementing a signature scanner to find these offsets instead of hard-coding them, that way updates to the client won't break things. Alternatively if you get a good dump from the old exe you could probably already do that.
ah okay I don't how to do any of that, it took me a few days just to get the program compiled and even then I'm not sure if the steps I took to get it compiled were the right way to do it...but i got it to work either way...

The offsets I found with CE didn't work either. I guess it is more complicated than that.
05/25/2026 22:14 brklol#23
I unfortunately don't have time to work on this right now, but I've done a quick version sync on Ghidra. I'll include the Ghidra files so you guys can play around with it.

[Only registered and activated users can see links. Click Here To Register...]
05/25/2026 22:36 brklol#24
Here's also a quick summary of my findings and missing RVAs
05/26/2026 03:58 ConQeReD#25
Do you have any plugins or any information that will allow x64dbg to debug the exe while attached without being detected to get more information about Themida protected function calls?

ScyllaHide didn't seem to do the job, it's enough to get the OEP and dump the process but trying to set a breakpoint on a function to look at callers or follow up with memory breakpoints to find where allocation or reads are happening just causes the application to exit, or if launched say a debugger is attached.
05/26/2026 06:21 Djarius#26
Use ghidra
05/26/2026 11:07 brklol#27
Quote:
Originally Posted by ConQeReD View Post
Do you have any plugins or any information that will allow x64dbg to debug the exe while attached without being detected to get more information about Themida protected function calls?

ScyllaHide didn't seem to do the job, it's enough to get the OEP and dump the process but trying to set a breakpoint on a function to look at callers or follow up with memory breakpoints to find where allocation or reads are happening just causes the application to exit, or if launched say a debugger is attached.
I used Cheat Engine along with Ghidra. Tried ScyllaHide on x64dbg like you mentioned, but couldn't get it to work, so I sticked to the basics which worked fine.
05/31/2026 20:12 JJRedeemer#28
anyone able to update the offsets to get it working again? I'm failing to get it to work.

edit: I have had zero luck getting the offsets fixed, I'm guessing whatever the server updated is a lot harder to acquire.
06/04/2026 17:20 jakeypops7#29
Quote:
Originally Posted by JJRedeemer View Post
anyone able to update the offsets to get it working again? I'm failing to get it to work.

edit: I have had zero luck getting the offsets fixed, I'm guessing whatever the server updated is a lot harder to acquire.

CNETCLIENT_GET_INSTANCE is wrapped in a ton of Themida virtualization, which is probably what's causing the extra CPU usage everyone's been complaining about on their Discord. It's a pretty important function that gets called a lot, so all that overhead adds up quick. I'm pretty sure Flux will end up reverting it there's way too many people complaining for them to just ignore it.

Ill look at sifting through the Themida Virtualization tonight & see if i can find the reference or whatnot.
06/04/2026 22:29 JJRedeemer#30
Quote:
Originally Posted by jakeypops7 View Post
CNETCLIENT_GET_INSTANCE is wrapped in a ton of Themida virtualization, which is probably what's causing the extra CPU usage everyone's been complaining about on their Discord. It's a pretty important function that gets called a lot, so all that overhead adds up quick. I'm pretty sure Flux will end up reverting it there's way too many people complaining for them to just ignore it.

Ill look at sifting through the Themida Virtualization tonight & see if i can find the reference or whatnot.
ah okay, hopefully it gets reverted then and the offsets don't change again lol, I wonder if there is a way around this if it doesn't get changed back to original. I was able to get the bot stable, it just crashes every time I enable auto-hunt. I'm guessing CNETCLIENT_GET_INSTANCE is probably the issue then.