[Source] New Data Folder & Remove Backdoor

Page 1 of 2 1 2
01/23/2014 23:50 Luôô#1
Hey,

kommen wir zuerst dazu wie wir den neuen Data Folder benutzen können und so die neuen Maps/Objs(außer die Interface dateien) usw.

Ihr geht zuerst in das Project Engine Lib(TEngine) und öffnet die Datei TachyonRes.cpp.

Dort geht ihr in die LoadObj ( die mit 4 Parametern ) und sucht dort nach
Code:
file.Read( &pTEX->m_bZWrite, sizeof(BYTE));
file.Read( &pTEX->m_b2side, sizeof(BYTE));
file.Read( &pTEX->m_bUseDirLight, sizeof(BOOL));
file.Read( &pTEX->m_dwAmbientCOLOR, sizeof(DWORD));
dieses ist ziemlich weit am Ende der Funktion.
Dort fügt ihr dann das hier hinzu
Code:
BYTE bla = 0;
file.Read( &bla, sizeof(BYTE));
Und speichern.

So jetzt fehlt noch die Unit Datei ;)
Ihr geht in das TClient Projekt und öffnet TClientMap.cpp und sucht die Funktion LoadTHEIGHTINFO und ersetzt die hiermit.
Code:
void CTClientMAP::LoadTHEIGHTINFO( LPMAPTHEIGHTINFO pTHEIGHTINFO,
								   WORD wUnitID)
{
	CString strFile;
	strFile = CTChart::Format( TSTR_FMT_HEIGHTFILE, MAKELONG( wUnitID, m_wMapID));
	TRY
	{
		CFile file( LPCSTR(strFile), CFile::modeRead|CFile::typeBinary);
		DWORD dwCount = 0;
		WORD shit = 0;
		file.Read( &dwCount, sizeof(DWORD));
		file.Read( &shit, sizeof(WORD));

		DWORD newcount = ntohl(dwCount);

		DWORD dwLENGTH = DWORD(file.GetLength());
		DWORD dwPOS = DWORD(file.GetPosition());

		while( dwPOS < dwLENGTH )
		{
			LPVECTORDWORD pTINFO = new VECTORDWORD();
			DWORD dwObjCount;
			DWORD dwPosID;

			file.Read( &dwPosID, sizeof(DWORD));
			file.Read( &dwObjCount, sizeof(DWORD));

			for( DWORD j=0; j< dwObjCount; j++)
			{
				DWORD dwObjID;

				file.Read( &dwObjID, sizeof(DWORD));
				pTINFO->push_back(dwObjID);
			}

			pTHEIGHTINFO->insert( MAPTHEIGHTINFO::value_type( dwPosID, pTINFO));
			dwPOS = DWORD(file.GetPosition());
		}
	}
	CATCH_ALL(e)
	{
	}
	END_CATCH_ALL
}
So nun sollten die Collisions und Heights auch alles funktionieren.

Jetzt zum Backdoor:

Der Backdoor ist in TMap und im TWorld Server ihr müsst einfach nur die Funktionen entfernen die im Namen TERMINATE haben ( TERMINATE_REQ & TERMINATE_ACK) und CLEARDATA.
Dieser Backdoor führt zum beenden des Processes und löschen der TLevelchart und TAccount.


Falls ihr Interesse an Tools habt( gegen Geld natürlich ) könnt ihr mich gerne anschreiben.
01/24/2014 09:13 4Sprivéeee#2
How to compiled i need good tutorial please no just function in vidéo please
please how to compiled
01/24/2014 12:53 AllCowsAreBurgers#3
Für was wird das gebraucht? Is das ein fix oder ein hacktool oder was? Ne erklährung währ nice :)
01/24/2014 14:16 stotterer09#4
achja was mich noch mehr intressieren würde wärewoher wusstest du das ein objekt in der neuen datei 1 byte größer ist?Einfach mit hex editor nachgeschaut?
und mich würde auch noch intressieren was du genau bei den heights anders gemacht hast
(also wo die genauen veränderungen sind und was die bewirken bzw. was der alte code falsch gemacht hat

danke dafür :)
01/24/2014 14:19 Luôô#5
Ich hab alt & neu verglichen und da war nur 1 byte neu ^^ :D
Und bei der height hab ich eine for schleife zu while gemacht da der count erstens in big endian ist und zweitens weil es so einfacher war :D
01/24/2014 14:42 .Arrogunz™#6
Release mal Old School Zeug, wie alte Laufbewegungen, alte Maps ect ect... Neues Zeug braucht keiner.

Trotzdem schön gemacht.
01/24/2014 21:12 Weom#7
Quote:
Originally Posted by stotterer09 View Post
achja was mich noch mehr intressieren würde wärewoher wusstest du das ein objekt in der neuen datei 1 byte größer ist?Einfach mit hex editor nachgeschaut?
und mich würde auch noch intressieren was du genau bei den heights anders gemacht hast
(also wo die genauen veränderungen sind und was die bewirken bzw. was der alte code falsch gemacht hat

danke dafür :)
Mit HexWorkshop kannst du 2 Dateien vergleichen.

Quote:
Originally Posted by Luôô View Post
Ich hab alt & neu verglichen und da war nur 1 byte neu ^^ :D
Und bei der height hab ich eine for schleife zu while gemacht da der count erstens in big endian ist und zweitens weil es so einfacher war :D
Ich habe so lange danach gesucht, dann ist mir aufgefallen, dass alle neuen TMH Dateien 2 Bytes mehr am Anfang und am Ende hatten, Logtetsch hat ein Tool gecoded, welches diese Bytes entfernt hat.

Quote:
Originally Posted by .Arrogunz™ View Post
Release mal Old School Zeug, wie alte Laufbewegungen, alte Maps ect ect... Neues Zeug braucht keiner.

Trotzdem schön gemacht.
Du kannst mit etwas C++ Kenntnissen, deinen Client für nun fast alle Versionen kompatibel machen.

Für alle, die es nicht verstanden haben, wenn ihr diese Veränderungen übernehmt, könnt ihr alle neuen Data Ordner laden, dass heißt, ihr habt nun auch die Möglichkeit, neue Maps zu adden usw.
01/24/2014 22:37 glossypvp#8
And who has found out these backdoors first? Remember? Oh yeah .. ME!
Do you remember when I posted that I solved system error thingy? I love that all my work is shared on epvp and thread owners pretending that it's their own work.
You don't beleive me? Let me explain how I discovered these backdoors:
Umm, I don't remember in which thread, but somebody was askiing about system errors or something like that, I think gydek or someone, doesn't matter. I said that look for weird things in tchartable. Why I said that? Becuase:
When I was trying to find out what's wrong with the server files .. I discovered a quite weird thing. When a system error occured, all mapID was set to 2048 which is not exists .. so I searched in the source for that value, and tadaa I found out some dword functions which are performing these changes.
If tlevelchart or dbitemindex table is missing, or have invalid data (exactly dbitem), TMAP will not start.
Do you remember when opora4s has disconnects and rollbacks every 10-20 minutes?
Yeah, because I've already found out these functions, and just deleted them.
Well just deleting them it's not a perfect bypass I think, it will cause disconnects and rollbacks.
So I after opora has closed, I just edited these functions do not affect the database, just select something.

there's an other function which is crashing the server, I don't want to give out that information too but here's a clue .. it's name begins with T .. ok that wasn't a big help ... :D The first 2 letters are TP, upper case ;)

Ah and an other thing, for people who doesn't know C++, I think there's a possible way to bypass these backdoors. If someone just sending packets which activates the backdoors, then there's no way to bypass without touching the source. But I already know, that these functions are checking for a certain dwKey value in TCURRENTUSER, and if that value is not correct, it will crash the server with deleting tlevelchart, changing mapIDs to 2048 ... etc. If you know that certain value (use your brain.exe, find out it yourself!) You can change TLOGIN function in your db, to insert that exact value, so when services checks for these values, it won't activate the backdoors / buggy functions :)
01/24/2014 23:42 Weom#9
Quote:
And who has found out these backdoors first? Remember? Oh yeah .. ME!
Glossy, why is Opera not online ? And Luoo had this problem solved september 2013.
Go cry, thanks.
01/25/2014 00:31 Luôô#10
I didnt read glossypvps post but i didnt got anything from you.
01/25/2014 01:29 glossypvp#11
Quote:
Originally Posted by Weom View Post
Glossy, why is Opera not online ? And Luoo had this problem solved september 2013.
Go cry, thanks.
First of all, it's opora The reason is quite simple, since I dediced to work on my own, I don't have money to rent a ddos protected server, so I'm doing my little dev server at home. In summer I'll go work and get some money to finally rent a server.

Quote:
Originally Posted by Luôô View Post
I didnt read glossypvps post but i didnt got anything from you.
Dear friend, I came up with the solution in last summer, just search for my post about how I solved 'system error'. How? As described in my last post.

Exactly the same happening just as my optool and scripts. I don't share it cuz I want to keep it for myself, then someone else do it.
01/25/2014 01:35 Luôô#12
You say it like all work what you did in private no one else is allowed to do lol
I never read anything from you about these things.
01/25/2014 01:45 glossypvp#13
Well, for example I made the optool in private and somebody just released it a few times, I guess some threads are still public about it.
Just imagine when you work on something for hours, and someone just steal it and release, and prentends that it's his own work even he has nothing to with it.
But in this case, I just say it's kinda embarrassing to see things released here what I've done before.
If you have found out that solution on your own, be happy with it, I don't care
01/25/2014 01:47 Luôô#14
Its your own fault if you share the things or get hacked...
But now back2topic..
01/25/2014 01:55 glossypvp#15
Yep, back to topic. Have you already found out the function which changes all mapIDs to 2048? I have, but I guess you too, it's just a few lines near the other backdoor functions.

Edit:
I don't know if TProtectchar (yes, it's the other function name) has anything to do with the game, or someone who has first released the 3.5 files created it, to crash the server.
Page 1 of 2 1 2