[Release] Working Bypass + Packet Editor

Page 1 of 23 1 2311 Last »
11/11/2009 22:01 jets2fly2#1
  • The PacketEditor i use with the working dll (you all know what rPE is, but mine dosent d/c or get detected):

    Scans show False Positives
    Code:
    File rPE.rar received on 2009.11.11 20:28:39 (UTC)
[COLOR="Lime"]Result: 5/41 (12.2%)[/COLOR]
	
Antivirus 	Version 	Last Update 	Result
a-squared	4.5.0.41	2009.11.10	-
AhnLab-V3	5.0.0.2	2009.11.06	-
AntiVir	7.9.1.61	2009.11.10	-
Antiy-AVL	2.0.3.7	2009.11.10	-
Authentium	5.2.0.5	2009.11.10	- [COLOR="Red"]W32/DelfInject.A.gen!********[/COLOR]
Avast	        4.8.1351.0	2009.11.10	-
AVG	        8.5.0.423	2009.11.10	-
BitDefender	7.2	2009.11.10	-
CAT-QuickHeal	10.00	2009.11.10	- [COLOR="Red"]Trojan.Agent.IRC[/COLOR]
ClamAV	0.94.1	2009.11.10	-
Comodo	2905	2009.11.10	-
DrWeb	5.0.0.12182	2009.11.10	-
eSafe	7.0.17.0	2009.11.10	-
eTrust-Vet	35.1.7113	2009.11.10	-
F-Prot	4.5.1.85	2009.11.10	- [COLOR="Red"]W32/DelfInject.A.gen!********[/COLOR]
F-Secure	9.0.15370.0	2009.11.09	-
Fortinet	3.120.0.0	2009.11.10	-
GData	19	2009.11.10	-
Ikarus	T3.1.1.74.0	2009.11.10	- [COLOR="Red"]Virus.Win32.Agent.aj[/COLOR]
Jiangmin	11.0.800	2009.11.10	-
K7AntiVirus	7.10.892	2009.11.09	-
Kaspersky	7.0.0.125	2009.11.10	-
McAfee	5797	2009.11.09	-
McAfee+Artemis	5797	2009.11.09	- [COLOR="Red"]Artemis!B2BAC0E7CD95[/COLOR]
McAfee-GW-Edition	6.8.5	2009.11.10	-
Microsoft	1.5202	2009.11.10	-
NOD32	4592	2009.11.10	-
Norman	6.03.02	2009.11.09	-
nProtect	2009.1.8.0	2009.11.10	-
Panda	10.0.2.2	2009.11.09	-
PCTools	7.0.3.5	2009.11.10	-
Prevx	        3.0	2009.11.11	-
Rising	        22.21.01.09	2009.11.10	-
Sophos	4.47.0	2009.11.10	-
Sunbelt	3.2.1858.2	2009.11.10	-
Symantec	1.4.4.12	2009.11.10	-
TheHacker	6.5.0.2.064	2009.11.09	-
TrendMicro	9.0.0.1003	2009.11.10	-
VBA32	3.12.10.11	2009.11.09	-
ViRobot	2009.11.10.2029	2009.11.10	-
VirusBuster	4.6.5.0	2009.11.09	-
  • Bypass Removed Due to Personal Reasons.

No More Questions Please :<


In-Depth Guide on how to use rPE for beginners:

Quote:
Originally Posted by marvinody View Post
Ok In depth guide for the 100% range hit

1) Open the mabinogi start-up page and rPE
2) Hit game start and go back to rPE-> Select Process-> Open Process-> select Client.exe
3) Log in normally
4) Select your target, whether it be a monster or another player
5) Go back to rPE and hit start
6) Hit them once with range
7) Go back to rPE and hit stop
8) Now scroll through the box that SHOULD have opened up in rPE looking for "34" in size and "WS2.0 SEND" in function
9) Right click it, and hit send
10) Now another box should have opened up
11) Hit continuously, and then, in the timer box put anything from about 150-300 depending on your latency. Click get ID in the socket ID box and hit send
12) You can any range or magic skill. If you chose a person, you'll hit them as soon as they get up. You can also use melee and you'll hit them as soon as they get up. If you chose a monster, I suggest to switch between mag and range or use magic.


For Multi-targetting:

Basically, just do the same thing except instead of hitting send on the "Send a Packet" page, hit add to sendlist and do the same thing. You can put multiple of them, check them off and done.

Shutting down:

If Mabi closes or rPE closes while the other is still open, you have to close the other and open it again. No idea why, just do it
Suggested Fixes for problems found so far:

Quote:
Originally Posted by marvinody View Post
VISTA USERS RUN IN ADMINSTRATOR
that should solve your "can't inject dll" problem
11/11/2009 22:50 joeyioo#2
mmm... can i ask how does rPE work?
11/11/2009 23:15 jets2fly2#3
Quote:
Originally Posted by joeyioo View Post
mmm... can i ask how does rPE work?
the same way any other packet editor works? ._.

here, ill do the hard work for you: [Only registered and activated users can see links. Click Here To Register...]
11/11/2009 23:28 Aldeel#4
Not working for me still

I inject the DLL at the start of the client.

Bar at the top starts filling up (The % bar) Once it hits 100, Both it and the client freezes. Plus I can't find the window to veiw the packets.
11/11/2009 23:32 jets2fly2#5
/sigh

your not supposed to let that fill up, once you hit start do what you need to do, then hit stop and it'll view the packets you sent or received during that time.

ex: start -> do something -> stop -> Capture window appears.
11/12/2009 00:11 lostmage333#6
Nice work.

Now that I'm finally out of class, I'll be looking into it a lil bit. Thank you for your contributions. I am very grateful *bows*.

Out of curiosity, what types of things have you done using the packet editor? Only never miss range? I've managed stuff like using mana tunnels and stuff, but all seems rather... insignificant compared to the advantage of never miss range. Almost makes me want to pick up a bow and start ranking ranged skills >.<

Edit:
I know I'm asking for a lot here, but could you maybe explain your process of bypassing? I looked at the sizes of the .dll files for your bypass, and many of them differed significantly from the originals. I noticed that most of the files were smaller than the original (except for the log, but that hardly matters, no?) Did you somehow simply delete much of the functionality of hackshield, and then convince it to not think it was modified? If you want to keep your secrets secret, that's completely fine. I made some absolutely futile attempts myself. Being a ME student, a lot of the stuff in the hackshield research thread (that checkbox posted a while back) went wayyyyy over my head. I'm still interested in trying, but I'm always looking for additional clues, leads, etc.

Thanks!
/Edit
11/12/2009 00:16 jets2fly2#7
Thanks and np ^^

I've done the mana tunnels too :P

Other than that.. I've only done ranging, spamming skills for training, or like.. switching weapons. and there's also some things you can do with items, that other people wouldn't like very much, like.... trading something, then taking it back without them knowing.. but it has tons of possibilities, I'm just not the creative xD
11/12/2009 00:28 Dark Raccoon#8
Hot.

Ill test it later.
11/12/2009 00:38 fenrir2037#9
Very thankful for this~
11/12/2009 00:41 lostmage333#10
Tried it out a bit, running the included packet editor, as well as the mabipake family of mods. Worked flawlessly for ~20 minutes. Then HS decided to come visit. I did not inject mabiraccoon. Testing w/ that now to see if it'll help. My guess is that its the mabipake family that's getting detected, but I'm just throwing that out there.

One question, is Hackshield supposed to rewrite all the files that we replace? After getting detected, I checked again and HS had restored all of its files. Am I missing a step?
11/12/2009 00:52 jets2fly2#11
i don't use anything related to mabipake, so i would guess its that as well...
  • about the files that might just be you? it doesn't do it to my files.. but then again i use an ancient OS.
  • every time i inject MabiRaccoon it gets detected, so i don't use that either >>
  • slightly off-topic: related to the fact that i use said OS, i cant get any of the new mods to work (at least, that's what I'm guessing.). since all of my friends run XP+ and they work just fine for them ._.

EDIT:

Try to stop Hackshield from updating? i know its possible i just, for the life of me, cant remember HOW to do it D:
11/12/2009 01:11 ichigoyeh#12
Nice.... any hints on what to use/find in-game? I tried sending anything and usually nothing happens, when something does happen it just disconnects me, although I think that is because it was working.

I use windows 7, dunno if that affects anything though because I can still find packets.
11/12/2009 01:13 AKB990#13
Quote:
Originally Posted by ichigoyeh View Post
Nice.... any hints on what to use/find in-game? I tried sending anything and usually nothing happens, when something does happen it just disconnects me, although I think that is because it was working.

I use windows 7, dunno if that affects anything though because I can still find packets.
Well, some of the packets are animations, some are actions, ect. So it depends on which you send.
11/12/2009 01:19 17waystodie#14
and some are receive packets, which, if sent back will make you dc.
11/12/2009 01:35 jets2fly2#15
just make sure you only send packets that have "WS2.0::SEND" listed next to them, that'll prevent most d/c's.

example: any ranged attack you send should be:
Code:
[U]Packet #    Source       Destination            Size  Function       Data                                 [/U]
#xx         xxx.x.x.x    208.85.108.44:11020    34    WS2.0::SEND    ˆ".....¼æuikÇJ†¼cõþ̺˜vPµ¶..,<
EDIT:

Quote:
Originally Posted by Dark Raccoon View Post
Hot.

Ill test it later.
also, let me know when you do.
Page 1 of 23 1 2311 Last »