|
You last visited: Today at 18:01
Advertisement
AK - Duplicating help needed
Discussion on AK - Duplicating help needed within the Aura Kingdom forum part of the MMORPGs category.
03/23/2014, 07:55
|
#46
|
elite*gold: 0 
Join Date: Feb 2014
Posts: 18
Received Thanks: 0
|
btw oriya, did you got to the duplicating part? were you creating the program for duplicating by the time you were offered? just wanna know how far youve gotten.
|
|
|
|
03/24/2014, 04:06
|
#47
|
elite*gold: 94
Join Date: Mar 2007
Posts: 569
Received Thanks: 1,496
|
Quote:
Originally Posted by nafmuq
btw oriya, did you got to the duplicating part? were you creating the program for duplicating by the time you were offered? just wanna know how far youve gotten.
|
No. and I don't think I'm going to.
I don't normally do this kind of things, dupe exploit, the way I see it, is like gambling.
you spend a lot of time to find something profitable just so it could be fixed 2 days later.
and even if it's kept private in a very good manner, your profit is still bound to that exploit.
once it's fixed, your income is gone. and you never know when it will be fixed.
I focus on botting and botting-related things. it might not be as profitable as say, a dupe exploit... but it is pretty solid and steady.
Anyways, about the packet editor:
I've got an "Ok" from the Chinese to release such thing but there was still something missing, the GUI, and frankly I have no time to create a GUI if it's not CLR. whoever dealt with purely native windows before knows what I'm talking about.
so... I grabbed one of my old projects (for a different game) which had pretty solid, not good enough, but solid (feature-wise) PE.
the only problem was it's a .NET project. injecting a .NET DLL is fine, but since it's managed code, you can't do anything with it.
injecting such DLL is basically like injecting garbage into the game.
Luckily, we have nice NuGet packages such as DllExport which allows us to make the library treat certain functions as __declspec(dllexport) functions.
so I converted the encryption function to C#, hooked the needed functions and injected the DLL.
now, since it's all dllexport based, there is no entry point at all. but remotely calling a dllexport function is just fine.
so... quickly after injecting the DLL, the program is calling the "main" function of the DLL (simulating an entry point you could say).
From that point and on, it's pretty much the same with one exception:
you can't inject "Recv" (Server-to-Client) packets, only "Send" packets (Client-to-Server).
the reason behind it is that the function that is receiving the encrypted packet is decrypting the buffer and having the switch statement too (the one to actually handle the packet).
there's no separate function for handling the packet. and that function is trying to grab the buffer off of a weird socket class.
with C++ that'd be easy to just call that function and jump the needed instructions (the encryption one) in real time and write the buffer pointer to the needed register.
But you can't read/write hardware registers with managed code.
.NET can't do that, the only real way to "inject" (it's not really injecting at that point) a "Recv" packet is by creating a bridge connection ("proxy") between the game and localhost.
this way, in theory, you could encrypt packets as if the server sent them and send them to the client via that socket and afterwards change the encryption key back to its previous value.
That being said, "Recv" packets are normally, and in most games fully, well.. useless (as they're clientsided).
unless the client is expecting a certain packet and will crash otherwise. but anything besides that is purely useless and can only be used for things like messing with your friends and saying things like "Hey look, I have 1B gold".
so no real harm done.
I might still work on it if it will be needed (by either creating that proxy or by going back to unmanaged code).
but from what I've seen so far, the client never actually expect a packet and never crashes because of such thing.
Anyways, I'm not going to say more as I'm really really tired and I barely wrote this post.
I will probably explain some of its features tomorrow, but for now I'll just leave the packet editor here for you guys to try out.
put both files in your AK folder and run AKPE.exe, it will automatically start the launcher.
login like your normally do and the PE window should appear once the game launches. if the launcher/game crash during launch, just try again.
multiclient is integrated in this PE, so you can try things like trades and such with two accounts.
P.S
Please excuse any misspells, as I said, I'm really really tired and I'm pretty sure I've had plenty hehe.
Good luck finding profitable exploits! 
Oriya.
Edit:
Reported to be abused not only on the official servers but also in private servers.
all development is currently suspended and download has been removed.
please refer to this post for more information: 
|
|
|
|
|
03/24/2014, 09:07
|
#48
|
elite*gold: 0
Join Date: Jun 2008
Posts: 30
Received Thanks: 17
|
Quote:
Originally Posted by Oriya9
No. and I don't think I'm going to.
I don't normally do this kind of things, dupe exploit, the way I see it, is like gambling.
you spend a lot of time to find something profitable just so it could be fixed 2 days later.
and even if it's kept private in a very good manner, your profit is still bound to that exploit.
once it's fixed, your income is gone. and you never know when it will be fixed.
I focus on botting and botting-related things. it might not be as profitable as say, a dupe exploit... but it is pretty solid and steady.
Anyways, about the packet editor:
I've got an "Ok" from the Chinese to release such thing but there was still something missing, the GUI, and frankly I have no time to create a GUI if it's not CLR. whoever dealt with purely native windows before knows what I'm talking about.
so... I grabbed one of my old projects (for a different game) which had pretty solid, not good enough, but solid (feature-wise) PE.
the only problem was it's a .NET project. injecting a .NET DLL is fine, but since it's managed code, you can't do anything with it.
injecting such DLL is basically like injecting garbage into the game.
Luckily, we have nice NuGet packages such as DllExport which allows us to make the library treat certain functions as __declspec(dllexport) functions.
so I converted the encryption function to C#, hooked the needed functions and injected the DLL.
now, since it's all dllexport based, there is no entry point at all. but remotely calling a dllexport function is just fine.
so... quickly after injecting the DLL, the program is calling the "main" function of the DLL (simulating an entry point you could say).
From that point and on, it's pretty much the same with one exception:
you can't inject "Recv" (Server-to-Client) packets, only "Send" packets (Client-to-Server).
the reason behind it is that the function that is receiving the encrypted packet is decrypting the buffer and having the switch statement too (the one to actually handle the packet).
there's no separate function for handling the packet. and that function is trying to grab the buffer off of a weird socket class.
with C++ that'd be easy to just call that function and jump the needed instructions (the encryption one) in real time and write the buffer pointer to the needed register.
But you can't read/write hardware registers with managed code.
.NET can't do that, the only real way to "inject" (it's not really injecting at that point) a "Recv" packet is by creating a bridge connection ("proxy") between the game and localhost.
this way, in theory, you could encrypt packets as if the server sent them and send them to the client via that socket and afterwards change the encryption key back to its previous value.
That being said, "Recv" packets are normally, and in most games fully, well.. useless (as they're clientsided).
unless the client is expecting a certain packet and will crash otherwise. but anything besides that is purely useless and can only be used for things like messing with your friends and saying things like "Hey look, I have 1B gold".
so no real harm done.
I might still work on it if it will be needed (by either creating that proxy or by going back to unmanaged code).
but from what I've seen so far, the client never actually expect a packet and never crashes because of such thing.
Anyways, I'm not going to say more as I'm really really tired and I barely wrote this post.
I will probably explain some of its features tomorrow, but for now I'll just leave the packet editor here for you guys to try out.
put both files in your AK folder and run AKPE.exe, it will automatically start the launcher.
login like your normally do and the PE window should appear once the game launches. if the launcher/game crash during launch, just try again.
multiclient is integrated in this PE, so you can try things like trades and such with two accounts.
P.S
Please excuse any misspells, as I said, I'm really really tired and I'm pretty sure I've had plenty hehe.
Good luck finding profitable exploits!
Oriya. |
hi Oriya9, thanks for sharing,
i have some feedback,
i tried it and idk why it 100% crashed my game,
here is the pic when it crashed
PE window did not appear at all, just that "Send box" appear after the game launched,
win 7 32bit and got .net framework 4 installed here,
do i need any other stuff to make it work? thanks in advance,
|
|
|
|
|
03/24/2014, 10:20
|
#49
|
elite*gold: 100
Join Date: May 2010
Posts: 1,948
Received Thanks: 1,635
|
Quote:
Originally Posted by sakray777
hi Oriya9, thanks for sharing,
i have some feedback,
i tried it and idk why it 100% crashed my game,
here is the pic when it crashed
PE window did not appear at all, just that "Send box" appear after the game launched,
win 7 32bit and got .net framework 4 installed here,
do i need any other stuff to make it work? thanks in advance, |
doesn't work with private server
|
|
|
|
|
03/24/2014, 10:34
|
#50
|
elite*gold: 0
Join Date: Jun 2008
Posts: 30
Received Thanks: 17
|
Quote:
Originally Posted by Shane¸
doesn't work with private server
|
i dont play in private server,
|
|
|
|
|
03/24/2014, 10:38
|
#51
|
elite*gold: 100
Join Date: May 2010
Posts: 1,948
Received Thanks: 1,635
|
Quote:
Originally Posted by sakray777
i dont play in private server, |
don't skip the intros
|
|
|
|
|
03/24/2014, 13:51
|
#52
|
elite*gold: 0
Join Date: Jun 2008
Posts: 30
Received Thanks: 17
|
Quote:
Originally Posted by Shane¸
don't skip the intros
|
neither skip the intro,
i run it as admin, else it wont pop the launcher,
the "crash Send box" appear after game launched instead PE window i guess,
then the game just crashed after loading done,
maybe i missing something?
|
|
|
|
|
03/24/2014, 14:13
|
#53
|
elite*gold: 0
Join Date: Aug 2011
Posts: 23
Received Thanks: 4
|
Ok, so mine opens fine, problem is, i dont know what to with this, what is supposed to do, i just get adresses and numbers, sorry
|
|
|
|
|
03/24/2014, 14:56
|
#54
|
elite*gold: 0
Join Date: May 2008
Posts: 12
Received Thanks: 2
|
Quote:
Originally Posted by Rikardo1991
Ok, so mine opens fine, problem is, i dont know what to with this, what is supposed to do, i just get adresses and numbers, sorry
|
can i ask what windows/bit are you using? how did you open it? mine keeps crashing 
|
|
|
|
|
03/24/2014, 14:56
|
#55
|
elite*gold: 0
Join Date: Sep 2010
Posts: 558
Received Thanks: 41
|
so there is no hack for AK?
|
|
|
|
|
03/24/2014, 17:33
|
#56
|
elite*gold: 0
Join Date: Dec 2008
Posts: 23
Received Thanks: 9
|
Quote:
Originally Posted by mesoless
so there is no hack for AK?
|
The AKPE that Oriya made is one huge step in the direction for exploits.
I'm not super knowledgeable when it comes to packet editing, but I have the basics down. Play around with it, that's the most simplest and easiest way to understand how it works, and what you can do with it.
Thanks Oriya for your work thus far!
Playing around with it myself, trying to see if it's possible to keep selling item's that don't exist to NPC's, or keep receiving the gold with the item sold, or changing it in some form..
Quote:
Originally Posted by sakray777
neither skip the intro,
i run it as admin, else it wont pop the launcher,
the "crash Send box" appear after game launched instead PE window i guess,
then the game just crashed after loading done,
maybe i missing something?
|
Don't alt-tab at all, especially not to the packet editor on loading screens, just wait till your ingame then alt tab to the packet editor
|
|
|
|
|
03/24/2014, 18:04
|
#57
|
elite*gold: 0
Join Date: May 2008
Posts: 12
Received Thanks: 2
|
Quote:
Originally Posted by encodex
The AKPE that Oriya made is one huge step in the direction for exploits.
I'm not super knowledgeable when it comes to packet editing, but I have the basics down. Play around with it, that's the most simplest and easiest way to understand how it works, and what you can do with it.
Thanks Oriya for your work thus far!
Playing around with it myself, trying to see if it's possible to keep selling item's that don't exist to NPC's, or keep receiving the gold with the item sold, or changing it in some form..
Don't alt-tab at all, especially not to the packet editor on loading screens, just wait till your ingame then alt tab to the packet editor
|
did not alt tab at all. i ran AKPE.exe as admin. logged in. loading then it wont load it says AK stopped for some reason then the AK crash report with send button. launched it for 20x already. maybe it has something to do with .NET version or windows version? no idea 
|
|
|
|
|
03/24/2014, 18:38
|
#58
|
elite*gold: 100
Join Date: May 2010
Posts: 1,948
Received Thanks: 1,635
|
Quote:
Originally Posted by pussyhater
did not alt tab at all. i ran AKPE.exe as admin. logged in. loading then it wont load it says AK stopped for some reason then the AK crash report with send button. launched it for 20x already. maybe it has something to do with .NET version or windows version? no idea |
it's probably related to your epvp username
|
|
|
|
|
03/24/2014, 20:17
|
#59
|
elite*gold: 94
Join Date: Mar 2007
Posts: 569
Received Thanks: 1,496
|
There were some issues with the hooks. they were going out of sync when unhooking and re-hooking the function in order to call the original function.
some packets were randomly lost because of that (mostly Server-to-Client packets that came in large batches).
The only real effective way to sort this out is what I've been trying to avoid due to lack of time.
which is a proxy and self-management of the entire encryption (sort of like in a clientless, but with a client connected to it).
there's no other way, so it must be done. I noticed tons of monster spawn and NPC spawn packets that randomly got out of sync.
it's just unbearable.
I've started working on it and it might be finished today/tomorrow. but it's worth the wait, it's way better than direct hooks.
also, it might as well solve issues that some of you encountered as the only hooks left are Winsock (WSAConnect and closesocket) and Kernel32 (CreateMutex, for the multiclient).
nothing too "extreme" left.
Oh, and of course, Recv "injection" will be available as well since it gives us full control of the network flow.
I've also fixed a few minor GUI-related bugs and corrected some text-related mistakes and misspells.
a "Log Recv/Send packets with this content only" feature was also added so it will be easier to actually filter packets by, say.. an ID of an item or a player, a string (text) and so on...
I'll keep you guys posted.
|
|
|
|
|
03/24/2014, 20:26
|
#60
|
elite*gold: 0
Join Date: Dec 2008
Posts: 23
Received Thanks: 9
|
Quote:
Originally Posted by Oriya9
There were some issues with the hooks. they were going out of sync when unhooking and re-hooking the function in order to call the original function.
some packets were randomly lost because of that (mostly Server-to-Client packets that came in large batches).
The only real effective way to sort this out is what I've been trying to avoid due to lack of time.
which is a proxy and self-management of the entire encryption (sort of like in a clientless, but with a client connected to it).
there's no other way, so it must be done. I noticed tons of monster spawn and NPC spawn packets that randomly got out of sync.
it's just unbearable.
I've started working on it and it might be finished today/tomorrow. but it's worth the wait, it's way better than direct hooks.
also, it might as well solve issues that some of you encountered as the only hooks left are Winsock (WSAConnect and closesocket) and Kernel32 (CreateMutex, for the multiclient).
nothing too "extreme" left.
Oh, and of course, Recv "injection" will be available as well since it gives us full control of the network flow.
I've also fixed a few minor GUI-related bugs and corrected some text-related mistakes and misspells.
a "Log Recv/Send packets with this content only" feature was also added so it will be easier to actually filter packets by, say.. an ID of an item or a player, a string (text) and so on...
I'll keep you guys posted.
|
Thanks again, I'll wait for the updated version before doing my head in.
|
|
|
|
 |
|
Similar Threads
|
duplicating
09/30/2012 - General Gaming Discussion - 3 Replies
can any1 please share with me as to how they duplicate items in the game...
ty in advance.
|
[WTB]Duplicating hack
01/15/2012 - Dekaron Trading - 3 Replies
Wtb an item duplication hack
|
Duplicating??!?!?!
04/29/2009 - General Gaming Discussion - 25 Replies
Hello All Neocron Runners,
I'm wondering what Macro, as well as how exactly to dupp.
I've read a few threads on here, but its mainly german, or they say how but doesnt exactly work cuz i dont know the macro and other things...
please let me know how 0_o
|
[Help] Duplicating a map?
01/10/2009 - CO2 Private Server - 2 Replies
Is it possible to duplicate the same map over and over again?
|
WoW Key Duplicating
10/17/2005 - World of Warcraft - 10 Replies
-------------------------------------------------- -----------
World of Warcraft Key Duplicating by SiLENCE.D3
Tested on EU Servers
------------------------------------------------- ------------
So, you whant a second World of Warcraft Key?
Just follow these:
This is Your Key: 123ABC-12AB-123ABC-12AB-123ABC
Block1: 123ABC
|
All times are GMT +1. The time now is 18:02.
|
|
