[RELEASE+DISCUSSION] Unpacked CABALMAIN.EXE

@noob what plugin did you use for ollydbg because now i got stronngOd and hideOD and twinr but when every time i open olly xtrap will close me down. any advice?

i think i may be able to get it to work. i will be running a few more tests after the maintenance later. was too sleepy to continue and had to go to work. :D will know that after the maintenance. :D but if not i will PM the Masters!

many thanks to dlqnt, atomica, and nova!!!!!

update:

still not working but i'm gonna keep trying! :D

@anyone
i'm new to this thing and i've no luck in unpacking cabalmain so i was trying to live debug but when i connect my char my cabal close. just want to ask what's the proper setting of exceptions?

Quote:

Originally Posted by NoobWant2Learn i think twinR would bypass xtrap as my friends from SEA uses that...

but twinr detects olly!

1st ive finish cabal unpacking

then i login in cabalrider>> attch the unpack cabalmain

uhmmm
wats next??? opening OLLY??

how can i use this olly??

and what are the other talking about DC flags wat does it mean help me


help me plsss


thnks

Does unpacking the cabalmain.exe work for activating the gm commands?
If so can someone show me how to do it, thanks :D

Quote:

Originally Posted by dlnqt VIII. Warning May this serve as a warning for people who are trying to hack cabal.. Code: 0046E341: stHackLog 0046E362: InsertHackingUserLogResult 0046E374: stHackLogNew 0046E397: InsertHackingUserLog2Result 0046E3B7: InsertSASResult 0046E3C3: license 0046E3E3: SetGmsLicenseAlertLogResult 0046E407: Reason 0046E419: RPTLogService 0046E42E: HackingUserLog 0046E445: HackingUserLogNew 0046E45E: GmsLicence 0046E470: InsertRPTLog 0046E48C: InsertRPTLogResponse 0046E4A8: InsertHackingUserLog 0046E4CC: InsertHackingUserLogResponse 0046E4E9: InsertHackingUserLog2 0046E50D: InsertHackingUserLog2Response 0046E51D: InsertSAS 0046E535: InsertSASResponse 0046E551: SetGmsLicenseAlertLog 0046E575: SetGmsLicenseAlertLogResponse 0046E582: string 0046E590: dateTime 0046E59F: boolean 0046E5E4: Header true 0046E60A: SetGmsLicenseAlertLog 0046E63F: SetGmsLicenseAlertLog 0046E64E: InsertSAS 0046E677: InsertSAS 0046E692: InsertHackingUserLog2 0046E6C7: InsertHackingUserLog2 0046E6E1: InsertHackingUserLog 0046E716: InsertHackingUserLog 0046E729: InsertRPTLog 0046E756: InsertRPTLog

Oh you can also go to the ASM code where these Checks are located and NOP the line that contains the code to Form the SendPacket for these functions, you dont need to NOP them all just the ones that begin the packet exchange from the server, oh and for the ones that are replying to a server packet just JMP Short from the start of there functions straight to the end so the server recieves empty reply packets :)

Quote:

Originally Posted by catsonic @noob what plugin did you use for ollydbg because now i got stronngOd and hideOD and twinr but when every time i open olly xtrap will close me down. any advice?

Phantom and Hideolly, be sure to go to your plugins menu and Set the settings for them though! Phantom and Hideolly bypass Xtrap and Gameguard.

*removed*

Quote:

Originally Posted by NovaCygni Oh you can also go to the ASM code where these Checks are located and NOP the line that contains the code to Form the SendPacket for these functions, you dont need to NOP them all just the ones that begin the packet exchange from the server, oh and for the ones that are replying to a server packet just JMP Short from the start of there functions straight to the end so the server recieves empty reply packets :) Phantom and Hideolly, be sure to go to your plugins menu and Set the settings for them though! Phantom and Hideolly bypass Xtrap and Gameguard.

if this tutorial is correct, why the unpacked.exe is not working? when unpacked, the said file must be working even if the file is unpacked right?

read the updates on the first page, I have to ask Nova if I can release a 1 shot unpacker for cabalmain.exe. Of course doing so you will be able to launch cabal normally, BUT the next problem will be game guard :D

ps: Anyway the 1 shot unpacker isn't made by me, just found it buried on google :D

why do u need to ask nova?? hmmm..

Quote:

Originally Posted by dlnqt read the updates on the first page, I have to ask Nova if I can release a 1 shot unpacker for cabalmain.exe. Of course doing so you will be able to launch cabal normally, BUT the next problem will be game guard :D ps: Anyway the 1 shot unpacker isn't made by me, just found it buried on google :D

why game guard? you have cabal rider for bypassing gameguard.. is it RL!deYC?

nope it's not rl!deyc.. anyway its an aspack unpacker. Just search for it and try everything you find :)

Cabal rider isn't working, CR's method of bypassing GG is by patching the asm codes of cabalmain.exe, I think it's code caving/changing asm codes or attaching its DLL files to oggvorbis.dll as QoE mentioned. I debugged cabal rider and saw the process wherein its patching cabalmain.exe right before cabalmain.exe is launched..

Since my unpacked cabalmain.exe's asm codes are all mixed up already because it's not the original cabalmain.exe anymore, it doesn't get the right asm codes to patch thus GG still loads..

.. Got a Question. I managed to view or open your unpacked cabalmain and able to see { goto 'Search for:', then choose all referenced text strings } / { lots of the actual asm codes } so what i did is i copied the address itself by paint .. then i run my original / packed cabalmain.exe and attach ollydbg . when i try to look for the exact ASM codes with my paint, i cant find the ASM codes, the address is different from the unpacked cabal and original cabal. Is it like when your using cheat engine we have different address if your using a different computer?? So i should make my own unpacked cabalmain so that it will have the same address for my original cabalmain. ????

Quote:

Originally Posted by dlnqt nope it's not rl!deyc.. anyway its an aspack unpacker. Just search for it and try everything you find :) Cabal rider isn't working, CR's method of bypassing GG is by patching the asm codes of cabalmain.exe, I think it's code caving/changing asm codes or attaching its DLL files to oggvorbis.dll as QoE mentioned. I debugged cabal rider and saw the process wherein its patching cabalmain.exe right before cabalmain.exe is launched.. Since my unpacked cabalmain.exe's asm codes are all mixed up already because it's not the original cabalmain.exe anymore, it doesn't get the right asm codes to patch thus GG still loads..

oks thanks