Aura Kingdom Bot

[Oriya9]

Quote:

Originally Posted by AlainProvist

@JuJu : je t'ai ajouté

@Oriya9 : I finally put my ret 2 functions over the dumper one (search for 50 64 89 25 00 00 00 00 83 EC 2C 56 57 8D 45 F3). No more crash handling at all = nor more logs + dump creation = no more waste of time on the launcher on next start .

Even better, well done!

Quote:

Originally Posted by ntKid

You guys getting expensive with offsets =P just Detour CreateFileA and CreateFileW API's and check if lpFileName matches one of the logs you want to avoid, if so return INVALID_FILE_HANDLE and its done.

BTW nice to see you are still alive Alain and Oriya9.

Hey ntKid, nice to see you're still here as well!
hmmm, the entire point of what I posted in the previous post is editing the executable directly.

Quote:

Originally Posted by Oriya9

but if the goal is to stop it from dumping stuff regardless, then we can hook the function that is being used to create a dump file and just kill the client when it's called.
but what if somehow the hook itself fails and generates an error? this is where the most secure way to solve this is to just edit the executable with RETN on the dump creation function.

hooking the function will not guarantee a working "bypass" because the hook itself can still potentially fail (for example, Windows Vista will need the PSAPI version to be set to 1 to hook it and it'll use an entirely different library for the hook).
and of course, messing with the stack and/or heap segments after they're loaded to the memory is just an unnecessary hassle when you can just edit the code segment and have a "permanent fix".
these are just a couple out of many reasons why you almost always want to edit the executable if you can (because for more complicated things you can't. the file size must be the same and the edits must be valid code instructions).
and a tiny side-note, the main idea was not only to disable the file creation but to bypass the entire dump creation function.

And.. at the top of everything, these are not offsets, these are actual code instructions (assembly).

PHP Code:

55 8B EC 81 EC 08 01 00 00 53 56 57 68 03 01 00 00

55 = PUSH EBP
8B EC = MOV EBP, ESP
81 EC 08 01 00 00 = SUB ESP, 108
53 = PUSH EBX
56 = PUSH ESI
57 = PUSH EDI
68 03 01 00 00 = PUSH 103 


this is what the compiler has compiled, this is the actual compiled code that is being executed when the said function is being called.
we are not looking for an offset that points us to a what we want to edit, we are looking for the actual code instruction to edit.

Hope that clarifies what I meant in the previous post better

Cheers!
Oriya.

[Selfo#]

did i can then the bot use by german aura kingdom?

[ntKid]

Quote:

Originally Posted by Oriya9

Even better, well done!

Hey ntKid, nice to see you're still here as well!
hmmm, the entire point of what I posted in the previous post is editing the executable directly.

hooking the function will not guarantee a working "bypass" because the hook itself can still potentially fail (for example, Windows Vista will need the PSAPI version to be set to 1 to hook it and it'll use an entirely different library for the hook).
and of course, messing with the stack and/or heap segments after they're loaded to the memory is just an unnecessary hassle when you can just edit the code segment and have a "permanent fix".
these are just a couple out of many reasons why you almost always want to edit the executable if you can (because for more complicated things you can't. the file size must be the same and the edits must be valid code instructions).
and a tiny side-note, the main idea was not only to disable the file creation but to bypass the entire dump creation function.

And.. at the top of everything, these are not offsets, these are actual code instructions (assembly).

PHP Code:

55 8B EC 81 EC 08 01 00 00 53 56 57 68 03 01 00 00

55 = PUSH EBP
8B EC = MOV EBP, ESP
81 EC 08 01 00 00 = SUB ESP, 108
53 = PUSH EBX
56 = PUSH ESI
57 = PUSH EDI
68 03 01 00 00 = PUSH 103 


this is what the compiler has compiled, this is the actual compiled code that is being executed when the said function is being called.
we are not looking for an offset that points us to a what we want to edit, we are looking for the actual code instruction to edit.

Hope that clarifies what I meant in the previous post better

Cheers!
Oriya.

Got it. You guys always go for the cream of the pie

----

Someone posted earlier about hardcoding npc information this will only be good to an extent because you wont be able to interact with npcs when u get near them( the npc id's change when the channel reboots or crashes and they are diferent per channel, you will need to analize the recv packets as soon as you recv nearby entity information and validate it against the entity table that is inside the packed files. )

Cheers!

[1900.]

Hab mir nicht alles durchgelesen. Arbeitest du nun an einem Bot?

[Oriya9]

Quote:

Originally Posted by ntKid

Someone posted earlier about hardcoding npc information this will only be good to an extent because you wont be able to interact with npcs when u get near them( the npc id's change when the channel reboots or crashes and they are diferent per channel, you will need to analize the recv packets as soon as you recv nearby entity information and validate it against the entity table that is inside the packed files. )

Cheers!

NPC (monsters as well) spawn opcode: 0x01DE
first 4 bytes are an unsigned int and it's the ID (the dynamic ID you were talking about).
the 2 bytes after that are an unsigned short and it's the database ID (I call it dataID).
the dataID can be used to check with c_biology.ini if it's an interactive NPC, static NPC, monster, etc and also with t_biology.ini to get the name if needed.
I'm not sure what's the one byte after those 2 bytes but the 8 bytes after that one byte are 2 floats for the coordinates.

PHP Code:

struct npcSpawn
{
DWORD id;
WORD dataID;
BYTE unk;
float x;
float y;
}; 


[botgramming]

Quote:

Originally Posted by 1900.

Hab mir nicht alles durchgelesen. Arbeitest du nun an einem Bot?

Jo, geplanter erster Release ist vllt. noch diese Woche

[1900.]

Quote:

Originally Posted by botgramming

Jo, geplanter erster Release ist vllt. noch diese Woche

Der wird dann voraussichtlich was alles können? Bzw ist es möglich n Char selber von 1-xx lvln lassen zu können?

[botgramming]

Quote:

Originally Posted by 1900.

Der wird dann voraussichtlich was alles können? Bzw ist es möglich n Char selber von 1-xx lvln lassen zu können?

nun, theoretisch ja, praktisch kann er keine Quests machen und deshalb nur im ersten Gebiet spielen (1-10).

Wir wissen noch nicht, ob Quests später implementiert werden, vermutlich schn (dauert aber noch länger) Im Vordergrund stehen erst einmal Dungeons und vorallem höhere Charaktere, da es sehr einfach ist auf lvl 20 in 1.30h zu kommen

[Selfo#]

Der wird aber auch für den DE Server funktionieren?

[botgramming]

@Selfo

The bot will work for all Aura Kingdom servers, even the private servers I guess and it will work for win7, win8 and win8.1

cheers,
botgramming

[heavensdps]

when is the release date and what are the features?

[botgramming]

A first peek.

cheers,
programming

[heavensdps]

when?

[botgramming]

Quote:

Originally Posted by heavensdps

when?

We try to get a first release in the next few days.
The bot will not be 100% efficent but 99% relyable, meaning he realizes if he gets stuck and stuff.

Features until then:
-Killing mobs(obviously)
-SkillCooldown(it always uses the first skill in the lowest bar (skills 1-7) that is not on cooldown)
-Heal(if you have a healskill put it on slot 8, it will be used at 75% health)
-moving on the maps (every map up to lvl 55(we don't have higher charactes))
-staying near the spot (the bot will be moving around to find enemys. He will return to his initial spot if he moves to far away)
-fast login(you can save username and password and the bot will start the game for you(username and pw saved in config file in Appdata, pw is AES encrpted))
-Select a farmspot (we know most mobs from lvl 0-55 and there spots. Select them from a dropdown and the bot will go there (from any map) and start farming)
-AutoRepair(after about 300 kills (30-45 min) the bot will move to a merchant on his current map and repair his weapon.)
-AutoSell(the bot checks his inventory before he starts farming. On a repair trip he will sell everything he dropped, he will not touch any of the stuff that was there before)
-Revive (if you die the bot will revive you at the healer and return to the spot)

Requirements:
-We support only 2 resolutions(for now): 1024x768 and 1920x1080
-We will test the bot on Win XP, Win 7 and Win8
-We will test the bot on german and English Clients
-The bot runs as Administrator

There is a lot of additional stuff planed:
-Solo Dungeon
-SkillRecognition (recognize skills and use them efficently, AI fr every class)
-Support any resolution
-Team dungeons <- This is our target. we want a group of bots to play together efficently
- It is late so i do not remeber all the other stuff......

We are doing this for fun so stay calm and wait

[heavensdps]

Quote:

-moving on the maps (every map up to lvl 55(we don't have higher charactes))

it will use the teleport gate or just walking?