[Question(s)]Editing Conquer.exe

Alright guys, i'm fairly new to this but i'm not mentally retarded either. As you could read in the title, I'm having some issues with editing the conquer.exe. I've read on the forum about finding the blowfish (which I got already) and something about an encryption key. However for some reason those seem to be the same to me. If they're not, could anyone guide me how I could find the encryption key? Where am I supposed to edit the blowfish/encryption key and should I use Ollydbg or Notepad++ with either of those?

I've tried opening conquer.exe in Notepad++ but for some reason everything seemed to be encrypted, that's why I'm wondering if it's the right program.

Owell, I did some research about editing it and came to the conclusion that I would have to get a clean unmodified conquer.exe (server I'm aiming for is currently running a binary 5065 client) and change the blowfish/encryption so that it would let me connect to the server. Should I get CIDLoader as well to prevent any hassle?

I know lots of threads have been made lately, and they're all noobish (just like mine to be honest) questions about editing/cracking a conquer.exe, so excuse me for creating another thread.

My main questions would be:

- What's the difference between the blowfish and the encryption key and where would I be able to find the encryption key if there's a difference?

- Where am I supposed to edit the blowfish/encryption and which program should I use for that?

- Should I use a loader to prevent autopatching or anything? (Aiming for CIDLoader, since I used that in the past. I read about Nullable's loader as well, but for some reason I'd prefer CID's)

Any information granted on this subject would be much appreciated.
Once again, my apologies for making another thread on this subject!

With kind regards,
Hassan28

Quote:

Originally Posted by Hassan28 Alright guys, i'm fairly new to this but i'm not mentally retarded either. As you could read in the title, I'm having some issues with editing the conquer.exe. I've read on the forum about finding the blowfish (which I got already) and something about an encryption key. However for some reason those seem to be the same to me. If they're not, could anyone guide me how I could find the encryption key? Where am I supposed to edit the blowfish/encryption key and should I use Ollydbg or Notepad++ with either of those? I've tried opening conquer.exe in Notepad++ but for some reason everything seemed to be encrypted, that's why I'm wondering if it's the right program. Owell, I did some research about editing it and came to the conclusion that I would have to get a clean unmodified conquer.exe (server I'm aiming for is currently running a binary 5065 client) and change the blowfish/encryption so that it would let me connect to the server. Should I get CIDLoader as well to prevent any hassle? I know lots of threads have been made lately, and they're all noobish (just like mine to be honest) questions about editing/cracking a conquer.exe, so excuse me for creating another thread. My main questions would be: - What's the difference between the blowfish and the encryption key and where would I be able to find the encryption key if there's a difference? - Where am I supposed to edit the blowfish/encryption and which program should I use for that? - Should I use a loader to prevent autopatching or anything? (Aiming for CIDLoader, since I used that in the past. I read about Nullable's loader as well, but for some reason I'd prefer CID's) Any information granted on this subject would be much appreciated. Once again, my apologies for making another thread on this subject! With kind regards, Hassan28

Blowfish is an encryption scheme, and an encryption scheme requires an encryption KEY for both it's encryption and decryption to work.

to grab the default blowfish key for Conquer (yes default, there is another dynamic key, there are many repetitions of answers on this one, search on this forum), you can use Ollydebug or Cheat Engine. I'll provide guide for CE.

Open CE, select Conquer.exe (you should have conquer running)
Go to CE-memory view, under Search tab select find memory
Search for TQServer from 0 to 7FFFFFFF, you should see BC234xs45nme7HU9 after TQServer, that is your default encryption key.

To edit Conquer.exe you need ollydebug, with my limited knowledge, that is the only tool i am aware of. you can change the Key string and save as another exe.

If you know how to edit the exe, why be afraid of updates?

Extensive knowledge (maybe not that much:rolleyes:) is required to edit the exe, it is only up to you to learn the required knowledge. If you do not have a solid background, non will be bothered to guide you, hence why the pros are not answering.

Quote:

Originally Posted by shitboi Blowfish is an encryption scheme, and an encryption scheme requires an encryption KEY for both it's encryption and decryption to work. to grab the default blowfish key for Conquer (yes default, there is another dynamic key, there are many repetitions of answers on this one, search on this forum), you can use Ollydebug or Cheat Engine. I'll provide guide for CE. Open CE, select Conquer.exe (you should have conquer running) Go to CE-memory view, under Search tab select find memory Search for TQServer from 0 to 7FFFFFFF, you should see BC234xs45nme7HU9 after TQServer, that is your default encryption key. To edit Conquer.exe you need ollydebug, with my limited knowledge, that is the only tool i am aware of. you can change the Key string and save as another exe. If you know how to edit the exe, why be afraid of updates? Extensive knowledge (maybe not that much:rolleyes:) is required to edit the exe, it is only up to you to learn the required knowledge. If you do not have a solid background, non will be bothered to guide you, hence why the pros are not answering.

You can actually change the key in notepad++.

Quote:

Originally Posted by I don't have a username You can actually change the key in notepad++.

well? go on please no one asked you to stop :P its good to learn small pieces of the puzzle every now and then, you never know when such information can come in handy xD

Quote:

Originally Posted by m7mdxlife well? go on please no one asked you to stop :P its good to learn small pieces of the puzzle every now and then, you never know when such information can come in handy xD

Open Conquer.exe in notepad++ and search for "TQServer". It's to the right of that.

[Only registered and activated users can see links. Click Here To Register...]

yeah, it does make sense to do it through a text editor since editing stored strings should not affect byte codes.

Quote:

Originally Posted by shitboi yeah, it does make sense to do it through a text editor since editing stored strings should not affect byte codes.

Yup.

Alright, for some reason there's no TQServer in the mentioned Conquer.exe as you can see here:


Could this be caused by their Enigma Protection (unlicensed)?

I tried figuring out their blowfish by using the TQMultihack's blowfish detection. It does hook to the client, but whenever I try to enable one of the hacks, it automatically shuts down the client. This is the blowfish that it came up with:

However whenever I try to connect with a non-edited Conquer.exe with the same blowfish (seems to be the original one), it won't let me connect.

This is the original conquer.exe's blowfish:


Whenever I try to connect to their server using the unedited conquer.exe, I get this message:


Does anyone have a clue what i'm doing wrong?

My guess is that Ultimation's program can't find the blowfish either so it uses the default one instead? However, I'm most likely wrong since I'm new to this.

~
I'll attach both the conquer.exes in hope that anyone is willing to help me out or atleast is able to give me a hint in the right direction!

It should be either encrypted or packed with some packer. Good luck:o


EDIT: if you are able to execute that edited exe you have there. Then you might be able to find out it. When it is not being executed, it might be in a state where you cannot make sense out of the contents. But if it is executed, it should have built in deciphering mechanism. So, all you need to do is to use OD/CE to look at it's memory view and do a case-free search for "crypto" it might be somewhere near there. (that is assuming he might have changed encryption key and TQServer/TQClient stamps altogether)

that's my 2 cents

Sounds very much like our client @ L2H. It's not terribly more advanced than others, but good luck.

If you do happen to crack it, you'll be banned pretty quickly if you use an exploit. We're aware of and can detect all known ones for the 5065 binaries. Shame shame.

Quote:

Originally Posted by Lateralus Sounds very much like our client @ L2H. It's not terribly more advanced than others, but good luck. If you do happen to crack it, you'll be banned pretty quickly if you use an exploit. We're aware of and can detect all known ones for the 5065 binaries. Shame shame.

It indeed is the L2H one, however I'm not really interested in exploiting anything, I just want to get some basic knowledge of how things work since I knew that you'd probably be the one who took care of the conquer.exe and you seem to know what you're talking about.

I was thinking about laying the goal high so that I would force myself to try and understand things and mostly do research on things.

Quote:

Originally Posted by Hassan28 It indeed is the L2H one, however I'm not really interested in exploiting anything, I just want to get some basic knowledge of how things work since I knew that you'd probably be the one who took care of the conquer.exe and you seem to know what you're talking about. I was thinking about laying the goal high so that I would force myself to try and understand things and mostly do research on things.

Ah alright. Well, the protection isn't anything amazing, but it's a step above the nooby "tricks". I know of much better ways to protect the key now; if it's too easy to crack it/too many people get a cracked version, I'll implement the method I have in mind. Honestly, it's a lot of trouble for a server that will soon launch legit 1.0.

.