AK - Duplicating help needed

btw oriya, did you got to the duplicating part? were you creating the program for duplicating by the time you were offered? just wanna know how far youve gotten.

Quote:

Originally Posted by nafmuq btw oriya, did you got to the duplicating part? were you creating the program for duplicating by the time you were offered? just wanna know how far youve gotten.

No. and I don't think I'm going to.
I don't normally do this kind of things, dupe exploit, the way I see it, is like gambling.
you spend a lot of time to find something profitable just so it could be fixed 2 days later.
and even if it's kept private in a very good manner, your profit is still bound to that exploit.
once it's fixed, your income is gone. and you never know when it will be fixed.
I focus on botting and botting-related things. it might not be as profitable as say, a dupe exploit... but it is pretty solid and steady.


Anyways, about the packet editor:
I've got an "Ok" from the Chinese to release such thing but there was still something missing, the GUI, and frankly I have no time to create a GUI if it's not CLR. whoever dealt with purely native windows before knows what I'm talking about.
so... I grabbed one of my old projects (for a different game) which had pretty solid, not good enough, but solid (feature-wise) PE.
the only problem was it's a .NET project. injecting a .NET DLL is fine, but since it's managed code, you can't do anything with it.
injecting such DLL is basically like injecting garbage into the game.

Luckily, we have nice NuGet packages such as DllExport which allows us to make the library treat certain functions as __declspec(dllexport) functions.
so I converted the encryption function to C#, hooked the needed functions and injected the DLL.
now, since it's all dllexport based, there is no entry point at all. but remotely calling a dllexport function is just fine.
so... quickly after injecting the DLL, the program is calling the "main" function of the DLL (simulating an entry point you could say).

From that point and on, it's pretty much the same with one exception:
you can't inject "Recv" (Server-to-Client) packets, only "Send" packets (Client-to-Server).
the reason behind it is that the function that is receiving the encrypted packet is decrypting the buffer and having the switch statement too (the one to actually handle the packet).
there's no separate function for handling the packet. and that function is trying to grab the buffer off of a weird socket class.
with C++ that'd be easy to just call that function and jump the needed instructions (the encryption one) in real time and write the buffer pointer to the needed register.

But you can't read/write hardware registers with managed code.
.NET can't do that, the only real way to "inject" (it's not really injecting at that point) a "Recv" packet is by creating a bridge connection ("proxy") between the game and localhost.
this way, in theory, you could encrypt packets as if the server sent them and send them to the client via that socket and afterwards change the encryption key back to its previous value.

That being said, "Recv" packets are normally, and in most games fully, well.. useless (as they're clientsided).
unless the client is expecting a certain packet and will crash otherwise. but anything besides that is purely useless and can only be used for things like messing with your friends and saying things like "Hey look, I have 1B gold".
so no real harm done.
I might still work on it if it will be needed (by either creating that proxy or by going back to unmanaged code).
but from what I've seen so far, the client never actually expect a packet and never crashes because of such thing.

Anyways, I'm not going to say more as I'm really really tired and I barely wrote this post.
I will probably explain some of its features tomorrow, but for now I'll just leave the packet editor here for you guys to try out.
put both files in your AK folder and run AKPE.exe, it will automatically start the launcher.
login like your normally do and the PE window should appear once the game launches. if the launcher/game crash during launch, just try again.
multiclient is integrated in this PE, so you can try things like trades and such with two accounts.

P.S
Please excuse any misspells, as I said, I'm really really tired and I'm pretty sure I've had plenty hehe.

Good luck finding profitable exploits! :)
Oriya.

Edit:
Reported to be abused not only on the official servers but also in private servers.
all development is currently suspended and download has been removed.
please refer to this post for more information: [Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by Oriya9 No. and I don't think I'm going to. I don't normally do this kind of things, dupe exploit, the way I see it, is like gambling. you spend a lot of time to find something profitable just so it could be fixed 2 days later. and even if it's kept private in a very good manner, your profit is still bound to that exploit. once it's fixed, your income is gone. and you never know when it will be fixed. I focus on botting and botting-related things. it might not be as profitable as say, a dupe exploit... but it is pretty solid and steady. Anyways, about the packet editor: I've got an "Ok" from the Chinese to release such thing but there was still something missing, the GUI, and frankly I have no time to create a GUI if it's not CLR. whoever dealt with purely native windows before knows what I'm talking about. so... I grabbed one of my old projects (for a different game) which had pretty solid, not good enough, but solid (feature-wise) PE. the only problem was it's a .NET project. injecting a .NET DLL is fine, but since it's managed code, you can't do anything with it. injecting such DLL is basically like injecting garbage into the game. Luckily, we have nice NuGet packages such as DllExport which allows us to make the library treat certain functions as __declspec(dllexport) functions. so I converted the encryption function to C#, hooked the needed functions and injected the DLL. now, since it's all dllexport based, there is no entry point at all. but remotely calling a dllexport function is just fine. so... quickly after injecting the DLL, the program is calling the "main" function of the DLL (simulating an entry point you could say). From that point and on, it's pretty much the same with one exception: you can't inject "Recv" (Server-to-Client) packets, only "Send" packets (Client-to-Server). the reason behind it is that the function that is receiving the encrypted packet is decrypting the buffer and having the switch statement too (the one to actually handle the packet). there's no separate function for handling the packet. and that function is trying to grab the buffer off of a weird socket class. with C++ that'd be easy to just call that function and jump the needed instructions (the encryption one) in real time and write the buffer pointer to the needed register. But you can't read/write hardware registers with managed code. .NET can't do that, the only real way to "inject" (it's not really injecting at that point) a "Recv" packet is by creating a bridge connection ("proxy") between the game and localhost. this way, in theory, you could encrypt packets as if the server sent them and send them to the client via that socket and afterwards change the encryption key back to its previous value. That being said, "Recv" packets are normally, and in most games fully, well.. useless (as they're clientsided). unless the client is expecting a certain packet and will crash otherwise. but anything besides that is purely useless and can only be used for things like messing with your friends and saying things like "Hey look, I have 1B gold". so no real harm done. I might still work on it if it will be needed (by either creating that proxy or by going back to unmanaged code). but from what I've seen so far, the client never actually expect a packet and never crashes because of such thing. Anyways, I'm not going to say more as I'm really really tired and I barely wrote this post. I will probably explain some of its features tomorrow, but for now I'll just leave the packet editor here for you guys to try out. put both files in your AK folder and run AKPE.exe, it will automatically start the launcher. login like your normally do and the PE window should appear once the game launches. if the launcher/game crash during launch, just try again. multiclient is integrated in this PE, so you can try things like trades and such with two accounts. P.S Please excuse any misspells, as I said, I'm really really tired and I'm pretty sure I've had plenty hehe. Good luck finding profitable exploits! :) Oriya.

hi Oriya9, thanks for sharing,

i have some feedback,
i tried it and idk why it 100% crashed my game,
here is the pic when it crashed

PE window did not appear at all, just that "Send box" appear after the game launched,

win 7 32bit and got .net framework 4 installed here,

do i need any other stuff to make it work? thanks in advance, :)

Quote:

Originally Posted by sakray777 hi Oriya9, thanks for sharing, i have some feedback, i tried it and idk why it 100% crashed my game, here is the pic when it crashed  Spoiler [Only registered and activated users can see links. Click Here To Register...] PE window did not appear at all, just that "Send box" appear after the game launched, win 7 32bit and got .net framework 4 installed here, do i need any other stuff to make it work? thanks in advance, :)

doesn't work with private server

Quote:

Originally Posted by Shane¸ doesn't work with private server

i dont play in private server,:)

Quote:

Originally Posted by sakray777 i dont play in private server,:)

don't skip the intros

Quote:

Originally Posted by Shane¸ don't skip the intros

neither skip the intro,
i run it as admin, else it wont pop the launcher,

the "crash Send box" appear after game launched instead PE window i guess,
then the game just crashed after loading done,
maybe i missing something?

Ok, so mine opens fine, problem is, i dont know what to with this, what is supposed to do, i just get adresses and numbers, sorry

Quote:

Originally Posted by Rikardo1991 Ok, so mine opens fine, problem is, i dont know what to with this, what is supposed to do, i just get adresses and numbers, sorry

can i ask what windows/bit are you using? how did you open it? mine keeps crashing :mad:

so there is no hack for AK?

Quote:

Originally Posted by mesoless so there is no hack for AK?

The AKPE that Oriya made is one huge step in the direction for exploits.
I'm not super knowledgeable when it comes to packet editing, but I have the basics down. Play around with it, that's the most simplest and easiest way to understand how it works, and what you can do with it.

Thanks Oriya for your work thus far!

Playing around with it myself, trying to see if it's possible to keep selling item's that don't exist to NPC's, or keep receiving the gold with the item sold, or changing it in some form..

Quote:

Originally Posted by sakray777 neither skip the intro, i run it as admin, else it wont pop the launcher, the "crash Send box" appear after game launched instead PE window i guess, then the game just crashed after loading done, maybe i missing something?

Don't alt-tab at all, especially not to the packet editor on loading screens, just wait till your ingame then alt tab to the packet editor

Quote:

Originally Posted by encodex The AKPE that Oriya made is one huge step in the direction for exploits. I'm not super knowledgeable when it comes to packet editing, but I have the basics down. Play around with it, that's the most simplest and easiest way to understand how it works, and what you can do with it. Thanks Oriya for your work thus far! Playing around with it myself, trying to see if it's possible to keep selling item's that don't exist to NPC's, or keep receiving the gold with the item sold, or changing it in some form.. Don't alt-tab at all, especially not to the packet editor on loading screens, just wait till your ingame then alt tab to the packet editor

did not alt tab at all. i ran AKPE.exe as admin. logged in. loading then it wont load it says AK stopped for some reason then the AK crash report with send button. launched it for 20x already. maybe it has something to do with .NET version or windows version? no idea :(

Quote:

Originally Posted by pussyhater did not alt tab at all. i ran AKPE.exe as admin. logged in. loading then it wont load it says AK stopped for some reason then the AK crash report with send button. launched it for 20x already. maybe it has something to do with .NET version or windows version? no idea :(

it's probably related to your epvp username

There were some issues with the hooks. they were going out of sync when unhooking and re-hooking the function in order to call the original function.
some packets were randomly lost because of that (mostly Server-to-Client packets that came in large batches).

The only real effective way to sort this out is what I've been trying to avoid due to lack of time.
which is a proxy and self-management of the entire encryption (sort of like in a clientless, but with a client connected to it).
there's no other way, so it must be done. I noticed tons of monster spawn and NPC spawn packets that randomly got out of sync.
it's just unbearable.

I've started working on it and it might be finished today/tomorrow. but it's worth the wait, it's way better than direct hooks.
also, it might as well solve issues that some of you encountered as the only hooks left are Winsock (WSAConnect and closesocket) and Kernel32 (CreateMutex, for the multiclient).
nothing too "extreme" left.

Oh, and of course, Recv "injection" will be available as well since it gives us full control of the network flow.
I've also fixed a few minor GUI-related bugs and corrected some text-related mistakes and misspells.
a "Log Recv/Send packets with this content only" feature was also added so it will be easier to actually filter packets by, say.. an ID of an item or a player, a string (text) and so on...

I'll keep you guys posted.

Quote:

Originally Posted by Oriya9 There were some issues with the hooks. they were going out of sync when unhooking and re-hooking the function in order to call the original function. some packets were randomly lost because of that (mostly Server-to-Client packets that came in large batches). The only real effective way to sort this out is what I've been trying to avoid due to lack of time. which is a proxy and self-management of the entire encryption (sort of like in a clientless, but with a client connected to it). there's no other way, so it must be done. I noticed tons of monster spawn and NPC spawn packets that randomly got out of sync. it's just unbearable. I've started working on it and it might be finished today/tomorrow. but it's worth the wait, it's way better than direct hooks. also, it might as well solve issues that some of you encountered as the only hooks left are Winsock (WSAConnect and closesocket) and Kernel32 (CreateMutex, for the multiclient). nothing too "extreme" left. Oh, and of course, Recv "injection" will be available as well since it gives us full control of the network flow. I've also fixed a few minor GUI-related bugs and corrected some text-related mistakes and misspells. a "Log Recv/Send packets with this content only" feature was also added so it will be easier to actually filter packets by, say.. an ID of an item or a player, a string (text) and so on... I'll keep you guys posted.

Thanks again, I'll wait for the updated version before doing my head in.