Okay, so this made about zero sense to me. Would you mind making a dumbed down version for people who have never done this before? Would be greatly appreciated.
[Guide] Finding the PK2 Blowfish Key in 5 Easy Steps
07/09/2011 01:54
QuantumRising#16
07/09/2011 02:08
peppe27#17
1.how i know which one is latest ?Quote:
Search in ollydbg for ".pk2", till you find the latest one, then click on it and follow the guide.
2.should i search only for .pk2 or media.pk2 like on thie screens ?
3.how do i "step into the function call"
4.in step 3 what means "Trace into the higher level function call" how do i get inside "GFXFileManager DLL" ?
Im stuck on step 3 and cant find anything that is on third screen.I think the problem is that i dont understand what that steping into function is ,was just looking for text strings that was on first and second screens.Would appreciate help from someone who is pro with ollydbg.
07/09/2011 16:29
r7slayer#18
He means search for ".pk2" in all reference text strings in olly. Its easier to just search for the "Media.pk2" instead which is in the tutorial. Ignore what KingLi said just then. Otherwise it will confuse you.Quote:
2.should i search only for .pk2 or media.pk2 like on thie screens ?
3.how do i "step into the function call"
4.in step 3 what means "Trace into the higher level function call" how do i get inside "GFXFileManager DLL" ?
Im stuck on step 3 and cant find anything that is on third screen.I think the problem is that i dont understand what that steping into function is ,was just looking for text strings that was on first and second screens.Would appreciate help from someone who is pro with ollydbg.
Anyway i'm in the same position as you, stuck on step 3. It says "Trace into the higher level function call" But Which function call am i supposed to Trace into lol?
The tutorial seems good untill step 2, after this it becomes unclear what to do.
Iv'e searched for the text string "false" which i can see in the screen shot/dump but i cannot find the correct string, like it does not exsist. I find mulitple "false" text strings but not the one in the screen shot which is near "kernal32.CreateFileA" & "USER32.MessageBoxA"
07/09/2011 16:33
r7slayer#19
You found the Blowfish key? Apparently you need to convert it to MD5 if that makes sense?Quote:
OllyDbg 1.10Quote:
07/09/2011 17:12
walus32#20
im open .dll found all but wher is key??
[Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
07/09/2011 19:12
Kazuyaš#21
lol you guys are making this 10x harder than it actually is. your putting too much
thought into it and not approaching it in a more practical and simple way. ;)
the key literally takes seconds to find. honestly the part that takes up the most time, is
loading sro_client in Ollydbg, finding the key once you have it open, literally takes
3 seconds ;)
thought into it and not approaching it in a more practical and simple way. ;)
the key literally takes seconds to find. honestly the part that takes up the most time, is
loading sro_client in Ollydbg, finding the key once you have it open, literally takes
3 seconds ;)
07/10/2011 20:59
r7slayer#22
Well instead of been smug you could just give some info or a hint? lolQuote:
thought into it and not approaching it in a more practical and simple way. ;)
the key literally takes seconds to find. honestly the part that takes up the most time, is
loading sro_client in Ollydbg, finding the key once you have it open, literally takes
3 seconds ;)
better than just saying, ohh it only takes 3 seconds, when you allready know we are having trouble locating it.
I'm mad bro:mad:
07/10/2011 21:46
peppe27#23
Yes ,im sure it takes 3 seconds if you done it before or worked with ollydbg on something else.Can you just help and answer questions i asked before in this topic ?Quote:
thought into it and not approaching it in a more practical and simple way. ;)
the key literally takes seconds to find. honestly the part that takes up the most time, is
loading sro_client in Ollydbg, finding the key once you have it open, literally takes
3 seconds ;)
07/11/2011 05:45
Kazuyaš#24
i would have posted exactly how to get it and what it was right when theQuote:
better than just saying, ohh it only takes 3 seconds, when you allready know we are having trouble locating it.
I'm mad bro:mad:
key changed, but since i am friends with Snyx, i couldnt go against him since
hes the one that changed it :P so im not going to explain it. but hints are
always alright ;) lol.
07/13/2011 10:57
MadoXV#25
Awesome
07/13/2011 15:13
Schickl#26
Its pretty easy to change it^^Quote:
key changed, but since i am friends with Snyx, i couldnt go against him since
hes the one that changed it :P so im not going to explain it. but hints are
always alright ;) lol.
07/30/2011 10:37
softsoldier#27
ok i love this post cause it should help me with my problem "private server media pk2" anyways i managed to get step 1 and 2 breakpoints,
but im kinda lost on step 3
also should the client be running when i do this? as in running the client through debugger? if so shouldnt i crack the client's gameguard and "please Execute silkroad launcher"? i can already do that im just asking a bunch of questions hopefully i can get a few answers to help assist me in this little problem.
but im kinda lost on step 3
i dont believe i know how to step into a trace or how ever its done, im new to some of these things i used to just crack games by simply replacing JNE with JE and etcQuote:
Step 3: Trace into the higher level function call. Now that we are inside the GFXFileManager DLL, we have to find the top level function that eventually causes the Blowfish key to be generated and used to setup encryption. Carefully refer to the screenshot to locate the function. Set a breakpoint as shown on the function call. When you step into the function call proceed to Step 4. NOTE: Before you step into the function call, the PK2 base key is at the top of the stack. This value is important for non-official versions for my old PK2 writing tools.
also should the client be running when i do this? as in running the client through debugger? if so shouldnt i crack the client's gameguard and "please Execute silkroad launcher"? i can already do that im just asking a bunch of questions hopefully i can get a few answers to help assist me in this little problem.
07/30/2011 14:17
DaxterSoul#28
“Search for text” again and this time type in “Please Execute”. You should land in this area:
[Only registered and activated users can see links. Click Here To Register...]
JNZ to JMP
[Only registered and activated users can see links. Click Here To Register...]
JNZ to JMP
07/31/2011 00:12
softsoldier#29
Thanks daxter I got the client bypassed and everything now ill try to do the blowfish key when I get home
ok i finnaly understood this after some intensive reading on ollydbg now im kinda lost as to where to get the blowfish key im at part 5 but what do i do after i set the last break point and hit that break point? is the key generated into a file? or is there some dump i should do ill keep trying of course and if i get it ill let you all know but til then hope someone can reply ^^
ok i finnaly understood this after some intensive reading on ollydbg now im kinda lost as to where to get the blowfish key im at part 5 but what do i do after i set the last break point and hit that break point? is the key generated into a file? or is there some dump i should do ill keep trying of course and if i get it ill let you all know but til then hope someone can reply ^^
07/31/2011 04:53
softsoldier#30
ok i finnaly understood this after some intensive reading on ollydbg now im kinda lost as to where to get the blowfish key im at part 5 but what do i do after i set the last break point and hit that break point? is the key generated into a file? or is there some dump i should do ill keep trying of course and if i get it ill let you all know but til then hope someone can reply ^^