[Release] Hack for KalOnline PServers

Page 5 of 22

06/18/2010 00:16 habbo33#61

Its again me;)

I got a question to all.

Is there at the moment an easy way to go
ug or og without UCE/Artmoney etc. on private
server? like Fusion?^^

The Storm-hacks by Thiesius are really good, but
nearly useless if everyone can see you. Dont take
more than 1 day and youre blocked.

Greetz

06/18/2010 01:28 Timo264#62

[Only registered and activated users can see links. Click Here To Register...]

06/18/2010 14:32 kostas5#63

dont works anymore for me :S xD
maybe u could update it ?

06/18/2010 15:37 Thiesius#64

Yea, they removed dbghelp loading on Fusion. Nevermind, I will create injector then, but I'm kinda busy right now... you might use your imagination how to reslove it. Hint: You can always create Proxy DLL which will load 2 Dlls. So for example you can create Proxy of VERSION.DLL and also call LoadLibraryA for dbghelp (This hack). :P

06/18/2010 18:43 el_ninio#65

Client closes when i inject the file

06/19/2010 11:46 ParadoxThePro#66

why kal keep closing when i log on acc?:S

06/19/2010 12:37 pamz12#67

coz you can't read/it's not meant 4 ur server u are playing on

06/21/2010 16:54 Thiesius#68

I have even better idea than waste my time and being spammed all day long ...

I will release patterns, masks, relative distances and asm handling functions

Code:

//PATTERNS AND MASKS
BYTE 			bPattern_SendPacket_KOCP[]	= {0x55, 0x89, 0xE5, 0x83, 0xEC, 0x14, 0x89, 0xE8, 0x8B, 0x40, 0x04, 0x83, 0xE8, 0x05, 0xA3, 0xDC, 0x1D, 0x32, 0x02, 0x83, 0x3D, 0x98, 0xEA, 0x70, 0x00, 0x00, 0x74, 0x07};
const char * 	chMask_SendPacket_KOCP 		= "xxxxxxxxxxxxxxx?????xxxxxxxx";
BYTE 			bPattern_RecvPacket[]	= {0x89, 0x55, 0xFC, 0xE9, 0x2A, 0x6E, 0xFF, 0x6F, 0x48, 0x02, 0x89, 0x8D, 0xFC, 0xCE, 0xFF, 0xFF, 0x83, 0xBD, 0xFC, 0xCE, 0xFF, 0xFF, 0x67, 0x0F, 0x87, 0xB2, 0xE8, 0x00, 0x00, 0x8B, 0x95, 0xFC, 0xCE, 0xFF, 0xFF};
const char * 	chMask_RecvPacket		= "xxx?????xxxxxxxxxxxxxxxxxxxxxxxxxxx";
BYTE 			bPattern_SendJump[] 	= {0x53, 0x56, 0x57, 0x8B, 0x7D, 0x14, 0x8B, 0x75, 0x10, 0x8B, 0x5D, 0x0C, 0xE8};
const char * 	chMask_SendJump		= "xxxxxxxxxxxxx";
BYTE			bPattern_SendJump2[]	= {0x50, 0xE8, 0xEC, 0x06, 0x00, 0x00, 0x83, 0xC4, 0x0C, 0x84, 0xC0, 0x74, 0x3A};
const char *	chMask_SendJump2		= "xx????xxxxxxx";

//JMPACKS AND RELATIVE DISTANCES FROM PATTERN
// SAMPLE: pSendPacket_KOCP = pSend_KOCP_RelDist + FindBlahBlah(ADDY1, ADDY2, PATTERN, MASK);
pSend_KOCP_RelDist = 0x00;
pSend_KOCP_JMPBack = pSendPacket_KOCP + 0x06;

// YOU DON'T HAVE TO USE PATTERN FOR RECV BTW
pRecv_RelDist = 0x0A;	
pRecv_JMPBack = pRecvPacketKOCP + 0x06;

pSendJump_RelDist = 0x2C;
PSendJump2_RelDist = 0x0B;

//HANDLERS
void __declspec( naked ) RecvHook(void)
{
	__asm
	{
		PUSHAD// NOT REALLY NECESSARY, BUT NVM

		PUSH EAX
		CALL RecvHandler
		POP EAX

		POPAD
		MOV DWORD PTR SS:[EBP-0x3104],ECX
				
		JMP DWORD PTR [pRecv_JMPBack]
	}	
}

int __declspec ( naked ) SendPacket(BYTE bType, LPCSTR lpszFormat, ...)
{
//SEND HAS OLD PROLOGUE
	__asm
	{
		PUSH EBP
		MOV EBP,ESP
		SUB ESP,0x14
	}

//  <= FUNCTION BODY HERE. USE OLD SOURCES IF YOU DON'T HAVE ANYTHING SPECIAL TO DO=>

// EPILOGUE
	__asm
	{
		jmp DWORD PTR [pSend_KOCP_JMPBack]
	}
}

When you have address (Obtained from pattern search + reldists) and jumps - use Intercept (or any other function of your choice) to hook from pSendPacket_KOCP to SendPacket and do the same for Recv.
You must also create function void RecvHandler(unsigned char * chBuffer) (Guess why).

For pSendJump use [Only registered and activated users can see links. Click Here To Register...] and fill the destination area with NOPS, 6 bytes long.

06/21/2010 17:11 habbo33#69

Ok Guys.

You have all you need now to find a solution.
Gogo guys I wanna see a running hack.

Just fun^^

I dont know much about program...
In other words Im just a leecher.
So if someone found a solution please
post it here^^ So I can go on with my
+18 weapon experiment:)

Greetz

06/21/2010 17:57 nidecker#70

Quote:

Originally Posted by habbo33

Ok Guys.

You have all you need now to find a solution.
Gogo guys I wanna see a running hack.

Just fun^^

I dont know much about program...
In other words Im just a leecher.
So if someone found a solution please
post it here^^ So I can go on with my
+18 weapon experiment:)

Greetz

:facepalm:

06/21/2010 20:43 habbo33#71

Quote:

Originally Posted by nidecker

:facepalm:

06/22/2010 22:22 _FightZ_#72

still works on fusion ... just use KLOAD

06/25/2010 20:55 habbo33#73

Maybe you could explain what is KLOAD
and how to use it?

Never heard it before:D

06/26/2010 14:33 hoseta#74

its work on requiem kal ? and work all uces? there is no GBL xD ?? some1 test uce and the hack ?

06/30/2010 11:39 vorsakend#75

Quote:

Originally Posted by hoseta

its work on requiem kal ? and work all uces? there is no GBL xD ?? some1 test uce and the hack ?

working extremely fine on requiem.
and for uce, i tested with ArtMoney PRO v7.33 and its working fine also ;)

here are the requiem skill values. [[Only registered and activated users can see links. Click Here To Register...] Kealy for them]
enjoy.

Page 5 of 22

« First

Last »