[Proof of Concept]Why not to trust a public multi-client (bananasplit in asm)

Patch 5063

Now this is only designed for you to input the command but could just as easily be modified to do the same if someone says it to you. This guide only explains the un-equipping phase.

First I start here:
[Only registered and activated users can see links. Click Here To Register...]
This is a subfunction of the Sendtext function, during this function EAX stores the current text about to be sent from the chat box to a packet, at 00457E85 EAX changes so I will make my hook just before here, 00457E7D has a large enough command to be changed to a JMP so this will do just fine.

This could be caved anywhere but for now ill put it at the end of the exe - so LEA EDI,DWORD PTR DS:[ESI+FA8] becomes JMP 00524BAE
[Only registered and activated users can see links. Click Here To Register...]

And now for the code:
[Only registered and activated users can see links. Click Here To Register...]
In english, this checks to see if the text you just sent matches a set codeword and if so, un equips all your gear, like I said this could easily be made so that if someone says the codeword to you, everything will unequip, I wont tell you how to do it, but the information is right there with a little modding its easily possible.

Now thats why i dont trust multi's by others haha,
Also glad theres the lock function!

So i tried this,
tho without success, well the only success is that my hat got unequiped,
I tripple checked everything how does this look like do you see if I made a mistake or was it meant to only unequip hat? :)
If so why the other calls? :)

Go into the calls to unequip slots and you'll see theres a JNZ or something, nop those jumps and it should work, that happened to me as well when I first did it but it seems to work without it for me now.

Correct me if im noob saying this lol

But would not be enough to check orignal conquer.exe file and downloaded one size?
I always do it if I download multi and i suposse your asm lines added would increase size

Quote:

Originally Posted by soymadmax Correct me if im noob saying this lol But would not be enough to check orignal conquer.exe file and downloaded one size? I always do it if I download multi and i suposse your asm lines added would increase size

Nope, this code is done inside the exe so there is no change in size.

Got it, i have to admit, very nice haha.
Now, the spot where you set your jmp aint a good spot,
When u try to whisper you will crash haha.

If I can find the jmp to a emote now THAT would be nice,
perhaps you can help me find the jmp to the kneel emote ;)

so lets say unequip is possible, ummm itemlock?

Quote:

Originally Posted by emmanication so lets say unequip is possible, ummm itemlock?

Thats not the point tho (besides that everyone has a seller), I think *M* meant this to proof that it can be done.

Quote:

Originally Posted by emmanication so lets say unequip is possible, ummm itemlock?

It doesn't matter what the hack does, the point *M* has made with this post, is anyone can modify the client to do anything. It doesn't even need to be an in game thing, but you could modify the client to run/control other applications on your machine, and it would go past any antivirus or firewall you have installed. If you download any binary from anyone, you're running the risk of losing control of your machine, so why bother, when you could just follow a simple guide and make the multi-client yourself?

Ive patched the pathfinding button with this, I like it better, that button useless anyway.

Someone could release a loader that modifies the client to do this as well ;o

Quote:

Originally Posted by unknownone It doesn't matter what the hack does, the point *M* has made with this post, is anyone can modify the client to do anything. It doesn't even need to be an in game thing, but you could modify the client to run/control other applications on your machine, and it would go past any antivirus or firewall you have installed. If you download any binary from anyone, you're running the risk of losing control of your machine, so why bother, when you could just follow a simple guide and make the multi-client yourself?

Yeah what he said.
Imagine hooking CO's anti-virus to delete all the files its supposed to scan, easily possible and would probably break Windows.

Quote:

Originally Posted by _fobos_ Got it, i have to admit, very nice haha. Now, the spot where you set your jmp aint a good spot, When u try to whisper you will crash haha. If I can find the jmp to a emote now THAT would be nice, perhaps you can help me find the jmp to the kneel emote ;)

Ya I know it crashes whisper, that just seemed like a good place for the jump considering the mod isnt made for gameplay, however this can be used for functionality also, you can build in commands to help you, unequiping all items at once has its uses, you could also build in things like speedhack etc via command. I will try later to find the kneel function, I have some ideas of where to start(GraphicD.GameDataSetQuery comes to mind).

Quote:

Originally Posted by *M* Yeah what he said. Imagine hooking CO's anti-virus to delete all the files its supposed to scan, easily possible and would probably break Windows. Ya I know it crashes whisper, that just seemed like a good place for the jump considering the mod isnt made for gameplay, however this can be used for functionality also, you can build in commands to help you, unequiping all items at once has its uses, you could also build in things like speedhack etc via command. I will try later to find the kneel function, I have some ideas of where to start(GraphicD.GameDataSetQuery comes to mind).

I will look for it aswell and yes, certainly it will have uses I tried to find the emotes i set breakpoints on all the BtnClick.wav and i hit a bp when i opened it, it just didnt get me far so i gave up, then i searched the same way for pathfinding only instead i put a bpon all NDSound.DXPlaySound and that got me further and got me to patch the pathfinding button to unequip all.

hi i'm having troubles in this edit. i'm noob in asm I try to found LEA EDI,DWORD PTR DS:[ESI+FA8] to edit and put de JMP but i can't find LEA EDI,DWORD PTR DS:[ESI+FA8] the addres isn't the same and i try with Control+F but it say unckown identifier.

can anybody help me?

Quote:

Originally Posted by darkirax hi i'm having troubles in this edit. i'm noob in asm I try to found LEA EDI,DWORD PTR DS:[ESI+FA8] to edit and put de JMP but i can't find LEA EDI,DWORD PTR DS:[ESI+FA8] the addres isn't the same and i try with Control+F but it say unckown identifier. can anybody help me?

Id say get a copy of the older exe (by downloading the older patch and install it in a new folder then rename the exe to Conquer1.exe or somethin and copy it to ur co folder), look for it look for something familiar and the info is out there really, lil searching in both exe's will get u there.
Like i said all info needed is there, only need to update.