Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Aura Kingdom
You last visited: Today at 13:58

  • Please register to post and access all features, it's quick, easy and FREE!

 

Aura Kingdom Bot

Reply
 
Old   #16
 
elite*gold: 0
Join Date: Jul 2014
Posts: 30
Received Thanks: 8
Quote:
Originally Posted by JuJuBoSc1 View Post
To me, pixel reading is just **** ... at least go for memory reading, + the game is piece of cake to reverse.

(And yeah, I gonna release a descent bot soon aswell )
Do whatever u want Pixel reading suits our purpose well, it es realy easy to do and will probably work forever without needing any patch. We do some OCR to read the coordinates and others than that you don't need much.



botgramming is offline  
Old   #17
 
elite*gold: 0
Join Date: Sep 2012
Posts: 104
Received Thanks: 58
I wonder how you can get descent movements with only pixel reading


JuJuBoSc1 is offline  
Old   #18
 
elite*gold: 0
Join Date: Jul 2014
Posts: 30
Received Thanks: 8
Quote:
Originally Posted by JuJuBoSc1 View Post
I wonder how you can get descent movements with only pixel reading
We read the coordinates on the map an click where we want to go
botgramming is offline  
Old   #19
 
elite*gold: 0
Join Date: Sep 2013
Posts: 216
Received Thanks: 6
Quote:
Originally Posted by JuJuBoSc1 View Post
(And yeah, I gonna release a descent bot soon aswell )
i heard that one few months ago


pureleech is offline  
Old   #20
 
elite*gold: 0
Join Date: Sep 2012
Posts: 104
Received Thanks: 58
Quote:
Originally Posted by pureleech View Post
i heard that one few months ago
Yep, in fact we released it to some people already
JuJuBoSc1 is offline  
Old   #21
 
elite*gold: 0
Join Date: Aug 2012
Posts: 354
Received Thanks: 494
I don't know what you reversed to say it is a piece of cake, but after reversing the function behind the tab press (to change target), in order to make a better one not based on the fov, and the way the skill cooldownsworks, I definitly say it is a nightmare to reverse (and I'm not alone to say this)...
AlainProvist is offline  
Old   #22

 
elite*gold: 94
Join Date: Mar 2007
Posts: 567
Received Thanks: 1,492
Quote:
Originally Posted by AlainProvist View Post
Yep !

My only concern is about crashes. The game creates a dump and zip it with logs and additionnal informations when restarting the launcher. I usually delete the dump before restarting the launcher but end users won't when using a dll-injection-based bot. At the end they probably have the information that a dll has been injected but they probably don't care about this and just discard the crash report (more likely because aeria is just an editor that bought a licence from the real developpers, and devs don't really care about account bans).
You have a good point. we should actually check it out.
I don't know what their privacy policy says about sending it to them without the user's approval but I assume the user must press "Send" on that small window that is popping up when there's an unhandled exception.
You must register and activate your account in order to view images.
(http://i.imgur.com/YWt4Kuq.png)

If they do send it even without the user's approval (say.. when you re-launch the game or something) then yes, this is indeed a problem.
first things first, we need to find out if the client really send it or not because we can just get rid of that.
but if the goal is to stop it from dumping stuff regardless, then we can hook the function that is being used to create a dump file and just kill the client when it's called.
but what if somehow the hook itself fails and generates an error? this is where the most secure way to solve this is to just edit the executable with RETN on the dump creation function.
it's possible because it's a function, it's not in the heap, it's in the actual code. in our case, it's in the executable ("game.bin").
and a return is just one or three bytes to edit (depends on what type of RETN), can even be done with an HEX editor.

Here's an example on how to stop "game.dmp" creations:
in "game.bin" (the actual file, no need to run it) search for:
PHP Code:
55 8B EC 81 EC 08 01 00 00 53 56 57 68 03 01 00 00 
and change the first byte to C3 (RETN) and voila, no "game.dmp" will be created anymore.
* if you want to try it and you're using the game's launcher to launch the game, you'll have to make "game.bin" read-only (otherwise the launcher will replace it due to CRC mismatch), you'll get 2 errors with the launcher but it will still work.

As for logs, there is more than one function, I've got most of them but there are some issues with a few of them, I might look deeper into it later this week.
but you've actually opened my eyes about this, I didn't even think about it and I should've.

Cheers!
Oriya.
Oriya9 is offline  
Thanks
2 Users
Old   #23
 
elite*gold: 0
Join Date: Sep 2012
Posts: 104
Received Thanks: 58
Quote:
Originally Posted by AlainProvist View Post
I don't know what you reversed to say it is a piece of cake, but after reversing the function behind the tab press (to change target), in order to make a better one not based on the fov, and the way the skill cooldownsworks, I definitly say it is a nightmare to reverse (and I'm not alone to say this)...
Well I reversed pretty much everything needed, inventory stuff, entity, well, feel free to add me on skype (jujubosc) I can show you some stuff.
JuJuBoSc1 is offline  
Old   #24
 
elite*gold: 0
Join Date: Aug 2012
Posts: 354
Received Thanks: 494
Quote:
Originally Posted by Oriya9 View Post
You have a good point. we should actually check it out.
I don't know what their privacy policy says about sending it to them without the user's approval but I assume the user must press "Send" on that small window that is popping up when there's an unhandled exception.
You must register and activate your account in order to view images.
(http://i.imgur.com/YWt4Kuq.png)

If they do send it even without the user's approval (say.. when you re-launch the game or something) then yes, this is indeed a problem.
first things first, we need to find out if the client really send it or not because we can just get rid of that.
but if the goal is to stop it from dumping stuff regardless, then we can hook the function that is being used to create a dump file and just kill the client when it's called.
but what if somehow the hook itself fails and generates an error? this is where the most secure way to solve this is to just edit the executable with RETN on the dump creation function.
it's possible because it's a function, it's not in the heap, it's in the actual code. in our case, it's in the executable ("game.bin").
and a return is just one or three bytes to edit (depends on what type of RETN), can even be done with an HEX editor.

Here's an example on how to stop "game.dmp" creations:
in "game.bin" (the actual file, no need to run it) search for:
PHP Code:
55 8B EC 81 EC 08 01 00 00 53 56 57 68 03 01 00 00 
and change the first byte to C3 (RETN) and voila, no "game.dmp" will be created anymore.
* if you want to try it and you're using the game's launcher to launch the game, you'll have to make "game.bin" read-only (otherwise the launcher will replace it due to CRC mismatch), you'll get 2 errors with the launcher but it will still work.

As for logs, there is more than one function, I've got most of them but there are some issues with a few of them, I might look deeper into it later this week.
but you've actually opened my eyes about this, I didn't even think about it and I should've.

Cheers!
Oriya.
Good job on finding the dump creation location .
I'll add it to my bot (live memory opcode replacement when injecting the dll).

From what I've seen the game creates a dump, a screenshot and updates multiple log files when crashing. Then it pop the crash handler windows that probably zip everything and send it to the devs.
Where the funny part comes is that if you killed the process to prevent any send, and then restart the launcher, it seems that it checks something (takes so long time), and during this, zips the crash files and probably sends them oO.



@JuJuBoSc1 : Thanks for proposing, but I'm nearly retired (and tired lol) with this game. We created a dev section some month ago to share knowledge and pieces of code. But the only active devs there are retired now. We reversed multiple things together from data structures (entity, skills, cooldown, inventory, objects, fishing interface, targeting stuffs), to game functions (go to location, inventory usage/discard/salvage, use skill from bar/id, check skill cooldown, target anything (objects/mobs/npc), custom targeting methods, eudemon talk stuffs, npc talk (repair wnd call) and so on...). But now I don't have sufficient free time and motivation to continue the work.
AlainProvist is offline  
Thanks
1 User
Old   #25
 
elite*gold: 0
Join Date: Sep 2012
Posts: 104
Received Thanks: 58
Well still, feel free to contact me to talk looks like you are french too (according to your nickname )

Or anyone else that wanna talk about reversing this game for the fun
JuJuBoSc1 is offline  
Old   #26
 
elite*gold: 0
Join Date: Aug 2012
Posts: 354
Received Thanks: 494
@JuJu : je t'ai ajouté

@Oriya9 : I finally put my ret 2 functions over the dumper one (search for 50 64 89 25 00 00 00 00 83 EC 2C 56 57 8D 45 F3). No more crash handling at all = nor more logs + dump creation = no more waste of time on the launcher on next start .
AlainProvist is offline  
Thanks
1 User
Old   #27
 
elite*gold: 0
Join Date: Nov 2008
Posts: 181
Received Thanks: 458
You guys getting expensive with offsets =P just Detour CreateFileA and CreateFileW API's and check if lpFileName matches one of the logs you want to avoid, if so return INVALID_FILE_HANDLE and its done.

BTW nice to see you are still alive Alain and Oriya9.
ntKid is offline  
Thanks
1 User
Old   #28
 
elite*gold: 0
Join Date: Aug 2012
Posts: 354
Received Thanks: 494
Heeey ntKid ! Nice to see you alive too bro ^^ (I really thought you were retired ).

You're right about offset but i'm still unsure about how the launcher detects a crash occured last time (tried to remove all files created but nothing changes about the time required for the launcher to pop the launch button). With this ret instruction, I remove any sin from the root ^^.
AlainProvist is offline  
Thanks
1 User
Old   #29
 
elite*gold: 0
Join Date: Aug 2009
Posts: 171
Received Thanks: 7
It has been a long time since someone release a good one tho. Hope you guys release stuffs again, big fan anyway . Cheers.
jetrenz45 is offline  
Old   #30
 
elite*gold: 0
Join Date: Nov 2008
Posts: 181
Received Thanks: 458
Quote:
Originally Posted by AlainProvist View Post
Heeey ntKid ! Nice to see you alive too bro ^^ (I really thought you were retired ).

You're right about offset but i'm still unsure about how the launcher detects a crash occured last time (tried to remove all files created but nothing changes about the time required for the launcher to pop the launch button). With this ret instruction, I remove any sin from the root ^^.
I "retired" from Aura for a while( playing Defiance while aura doesnt have a proper content patch ), i pretty much achieved all my coding goals on Aura.. my idea of adding AngelScript and Packet support to the BOT got me boosting the development speed by 100% -.-'( no recompile 500 times to test new code and no stupid double precision floating point support converted integers like lua was doing ). Have a friend that already automated entire dungeons and daily quests on the new map by AngelScript.

I will be here on the future to share the pain of finding those offsets with you guys =P

Cheers.


ntKid is offline  
Reply

Tags
aura, aura kingdom, bot, bots, kingdom



« Previous Thread | Next Thread »



All times are GMT +1. The time now is 13:58.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.