hello, i already have that kind of tool, mine from balq tool. is that normal that even the tools says complete or success still bunch of random numbers and letters will show, cause i unpacked the item.enc and the only readble thing apear is the item_deccs51 and others item_desc.Quote:
Hi. This is my latest project.
I've coded an application that is able to compress files into ENC files that Cabal clients use and vice versa :).
I know there already exist tools like this but I didn't like some of them so I made my own variant. One of the tools was just a console app (hate them) and the other one was coded in Java.
This application is coded in MASM.
You can choose the XOR bytes used to XOR the first DWORD of the packed data. Use HEX characters in the boxes. Valid HEX chars are 0-9, A-F. Ie. 5F, 7C, 1A...
Furthermore, you can also choose the compression level. Values:
Minimal compression: 1
Maximal compression: 9
Note! If you modify or even repack the data files, Cabal will throw an error at startup. You need to bypass the file integrity check in Cabalmain.exe :).
If you encounter any bugs, post them to this thread, don't PM me!
If your virus scanner report this application as malware, don't make a big fuzz about it because I'm not interested even slightly. It's a false positive!
Server XORs:
Cabal EU -> 1ST = 92, 2ND = 65, 3RD = 67, 4TH = 57
Cabal Helix -> 1ST = 92, 2ND = 65, 3RD = 67, 4TH = 57
Cabal C40R -> 1ST = 92, 2ND = 65, 3RD = 67, 4TH = 59
GPCabal -> 1ST = 92, 2ND = 65, 3RD = 67, 4TH = 57
Screenshot:
[Only registered and activated users can see links. Click Here To Register...]
Update Log:
~03.09.2010~
+ Initial release (ver 1.0)
~28.12.2010~
+ Bugfixes (ver 1.1)
Archive password (remove spaces):
Code:w w w . e l i t e p v p e r s . d e
[Release] Cabal ENC Compression Tool
08/01/2012 19:38
spiderx0413#76
09/04/2012 05:20
DECONGEX#77
why the file is not readable iten.enc uneditable? has a lot of NUL NUL NUL NUL NUL NUL NUL yyyyyyyyNUL yyyyyyyyyyyyyyyitem130NUL
09/06/2012 16:39
tanyabeleren#78
can i ask for SERVER XORS for PH?
09/17/2012 22:17
etitan#79
DUDE!!!, you rocks, save me many many time...:handsdown:
10/12/2012 12:25
lozboyz#80
I've already decompress the dl.enc file and the dl.dec came out and I change it to dl.txt and opened it but still unreadable (CABALPH)
10/12/2012 15:43
OmegaArma#81
Maybe they are using other xor keys.Quote:
11/22/2012 09:55
jemcanoyz#82
why when i unpack an enc file then open it with notepad it's just blank?
12/15/2012 06:31
ajsztea#83
Hello !
I have edited some warp points w the tool in mystery but anytime if i log in get error corrupt file -.-" The c.main have now some file check there or what? And 1 more think for warps i need edit the cabal enc only ?
+1 also try rename maps ( that one witch show up if u change map ) cuz its spanish or something but get error too -_-
I tried compress back in all level ( maybe they use 5 or 6 cuz thats space almost same as my edited file ) but never work
I have edited some warp points w the tool in mystery but anytime if i log in get error corrupt file -.-" The c.main have now some file check there or what? And 1 more think for warps i need edit the cabal enc only ?
+1 also try rename maps ( that one witch show up if u change map ) cuz its spanish or something but get error too -_-
I tried compress back in all level ( maybe they use 5 or 6 cuz thats space almost same as my edited file ) but never work
01/01/2013 01:00
usernname#84
Hi i'm finded one offset in cabalmain where is calling the function responsive of read %/xdata.enc
One thing i dont understand about the key is...
XOR EAX,%value;
This value where are called ,because need one rotine for calculate internal main.
Sorry my bad english,i'm braziliam :X
One thing i dont understand about the key is...
XOR EAX,%value;
This value where are called ,because need one rotine for calculate internal main.
Sorry my bad english,i'm braziliam :X
01/13/2013 18:16
juliux222#85
I don't get it. How can i nop adresses when i don't even have them? Range of adresses i have in memory editor is 76EE0000-76FB5FFE. Here's a SS. Please help me :))Quote:
BTW i'm using win7 64bit, maybe that's why adress is different? :D
01/13/2013 19:58
OmegaArma#86
Your cabalmain seems to be packed:)Quote:
BTW i'm using win7 64bit, maybe that's why adress is different? :D
01/13/2013 20:25
juliux222#87
How can i check what program is used to pack this cabalmain? Or do i need to try different unpackers? Here's my cabalmain, check it out and maybe you could link me to any guide that would give me knowledge about bypassing, cause i want to learn..Quote:
01/13/2013 22:51
OmegaArma#88
U can use PeID, DiE, RDG packer detector or other software for detecting packers/protectors.Quote:
And cabalmain you provided is packed with VMprotect, pretty good stuff, it's beyond my capabilities.
But, u can use small trick to get to the good stuff in cabalmain.
Delete every file from X-trap/GameGuard folder, run cabalmain, then when x-trap/gameguard will be updating, run OllyDBG and attach to cabalmain process, then hit alt+e, and pick cabalmain module, now you should be able to find xors, magic keys etc.
01/14/2013 19:15
juliux222#89
And how about bypassing xtrap and .enc check in cabalmain.exe? Can i change and save values if it's VMprotected or i can only read them?Quote:
And cabalmain you provided is packed with VMprotect, pretty good stuff, it's beyond my capabilities.
But, u can use small trick to get to the good stuff in cabalmain.
Delete every file from X-trap/GameGuard folder, run cabalmain, then when x-trap/gameguard will be updating, run OllyDBG and attach to cabalmain process, then hit alt+e, and pick cabalmain module, now you should be able to find xors, magic keys etc.
01/19/2013 20:47
laposte#90
How to Use those XOR keys? where to put if i get those magic and XOR keys? well, thanks, :)Quote:
And cabalmain you provided is packed with VMprotect, pretty good stuff, it's beyond my capabilities.
But, u can use small trick to get to the good stuff in cabalmain.
Delete every file from X-trap/GameGuard folder, run cabalmain, then when x-trap/gameguard will be updating, run OllyDBG and attach to cabalmain process, then hit alt+e, and pick cabalmain module, now you should be able to find xors, magic keys etc.