[Release]INT Hack Example

Page 3 of 3

01/17/2011 17:14 meak1#31

jeah google solve it, why u not google create proxy dll c++ or so????

here is enough released now, now its ur turn

Edit: 1minute epvp search function [Only registered and activated users can see links. Click Here To Register...] >.<

01/17/2011 17:28 thekingisback#32

so ... there isnt a dll file in ur forum Blood ... u mean about the Kalonlinehook.dll ?

01/17/2011 17:33 strik3r2k5#33

[Only registered and activated users can see links. Click Here To Register...] Enough tuts for you.
If you still cant run this simple dll, then you should start with 0!

01/17/2011 18:05 Verdacht#34

Thiesius tutorial appears on many forums like the link you just posted now. I did not found another tutorial with google yet.

01/29/2011 12:25 ILikeItEasy#35

Quote:

PHP Code:

/*********************************** Credits to .....?! I don't know o.O ************************************/ int ASyncPos = 0; int FinalSize = 0; int WINAPI FilterRecv(SOCKET Socket,char *Buffer, int iLength, int iFlags) { if (ASyncPos==FinalSize && FinalSize>0) { MyRecv(Buffer, ASyncPos); ASyncPos = 0; } int RecvRET = DetourRecv(Socket, Buffer, iLength, iFlags); if (RecvRET<0) { return RecvRET; } if (ASyncPos==0) FinalSize = *((short int*) Buffer); ASyncPos+=RecvRET; return RecvRET; }

That would be my "MagicRecv" :P

About receive:
Received packets are encrypted. Server sends data size first, then a packet with the data then an unknown packet (sometimes more).

int RecvRET = DetourRecv(Socket, Buffer, iLength, iFlags);
RecvRET returns < 0 (I believe -1) for the unknown packets.

Luckily for most people here, the decrypted packet is stored in the same memory as the encrypted packet (Encrypted data gets replaced by decrypted data).

My MagicRecv waits for the unknown packet to be received before the buffer gets analysed. This gives the kal client enough time to decrypt the received packet.

This way you get a small delay in packet handling, but... imho, it is the next best solution after decrypting the packet yourself :)

btw..
My original release of the code was:

PHP Code:


			
int ASyncPos=0;

int FinalSize=0;



int WINAPI __stdcall MyMagicRecv(SOCKET s, const unsigned char* buf, int len, int flags)

{



    if (ASyncPos==FinalSize && FinalSize>0)

    {

        HandlePacket(buf, ASyncPos);

        ASyncPos = 0;

    }

    int ret = OrigRecv(s,buf,len,flags);

    if (ret<0)

    {

        return ret;

    }

    if (ASyncPos==0)

        FinalSize = *((short int*) buf);

    ASyncPos+=ret;

    return ret;

}

[Only registered and activated users can see links. Click Here To Register...]

01/29/2011 15:25 Thiesius#36

I think the engine calls the recv twice. First time it specifies buffer length to 2, so the buffer receives only length. Then it does few size checks and calls the recv again for full packet.

To get your recv synchronized with send I would recommend (beside direct hook which is the most correct solution) to check for caller address and if you are supposed to get full packet then decrypt it manually. It's useful if you are generating AESKeys (So you don't have to change the source every week) and you don't want synchronize the sendcrypt with recv manually (It doesn't look very nice).

01/29/2011 16:27 ILikeItEasy#37

Yeah, recv gets size first, then data.

MagicRecv makes 3 loops to get the full packet

1st: Get first 2 bytes (= size of full packet)
2nd: Get content of packet
3rd: ret < 0 go start your packet handling
any other ret < 0 loops will be ignored until we get a ret=2 for the next start of a packet.

If you have your own decrypt, the principle works about the same.
1st ret>0 --> Toggle=0
2nd ret>=0 --> Toggle=1
Toggle=1 --> copy buffer, decrypt, handle packet

ret<0 ignore always

01/31/2011 14:36 DrogenViech#38

Did anyone come up with the mob-attack-packet yet? I made a bot and unfortunaly i have no direct send-hook so i can't take a look at what an regular left-click-attack-packet looks like :(

01/31/2011 14:47 bloodx#39

0x0C-bd-1-MonsterUID

01/31/2011 14:48 DrogenViech#40

Quote:

Originally Posted by bloodx

0x0C-bd-1-MonsterUID

Oh gott! Danke :handsdown:

Oh god, Thanks!

02/17/2011 19:40 DrogenViech#41

Irgendwer 'ne Idee warum das, was ich gebastelt hab' alle paar Stunden crasht? Bekomme oefter auch einfach C/L :(

Edit:
Die Exception.dmp datei weist mich oefter auf folgende Zeile hin:

if (RecvRET < 0)

Scheint also irgendwas mit dem Receive hook zu tun zu haben.

02/17/2011 20:10 MoepMeep#42

Quote:

Originally Posted by DrogenViech

Irgendwer 'ne Idee warum das, was ich gebastelt hab' alle paar Stunden crasht? Bekomme oefter auch einfach C/L :(

Edit:
Die Exception.dmp datei weist mich oefter auf folgende Zeile hin:

if (RecvRET < 0)

Scheint also irgendwas mit dem Receive hook zu tun zu haben.

Haste wohl schei�e zusammengebastelt :>

02/17/2011 20:16 meak1#43

hm viell. hast du bei deinem "selber" gebasteltem zuviel c&p benutzt =/

02/17/2011 20:54 DrogenViech#44

Mensch Leute, hackt doch nicht so auf den blutigen Anf�ngern rum D:
Ich sollte mir echt tutorials nehmen, statt alles durch learning by doing zu versuchen (das klappt naemlich wie's aussieht nur bei Lua).

Edit:
Weiss jemand wenigstens, ob die gepostete Source im ersten Post noch vernuenftig funktioniert? Falls ja, muss ich meinen kram wohl einfach neu anfangen :(

02/18/2011 13:33 MoepMeep#45

Lass halt einfach 24Stunden das von Bloodx laufen, dann wei�te es :>

Page 3 of 3