Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Cabal Online
You last visited: Today at 22:59

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement



Cracking CabalRider, need advice (With findings so far)

Discussion on Cracking CabalRider, need advice (With findings so far) within the Cabal Online forum part of the MMORPGs category.

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Oct 2008
Posts: 11
Received Thanks: 0
Cracking CabalRider, need advice (With findings so far)

First of all, I'm new to cracking, so what I did might sound noobish/stupid.
As CabalRider went p2p I wanted to see how cracking actually works and read some tutorials about it. I ran into some problems and reported my findings below. I hope that someone can give me a pointer or advice on how to solve problems or even telling me I'm taking the right/wrong course.
First I replaced loginfailed.html by loginsuccess.html, but that didn't work (ofcourse).
I then decompiled it using, PE explorer, ollydbg and W32Dasm. PE explorer didn't give me a 1 on 1 translation as W32Dasm did, but it had a lot more information. After some hours I discovered with ollydbg that cabalrider initial program only contains data and code and the code creates it's own program based on the data. This in itself is a lot different from all the tutorials and can't find a tutorial how to work with this.
Despite that I managed to found the address for changing a jnz to jz to circumvent the check for entering no pass. But it also changed jnz on other places. To continue on this road would mean that I'd have to figure out how the code generator works and change the seed of this function and hope it's pretty local?
An other way would be to take the assembly generated by PE explorer(which unrolls the complete prgram and try to compile that. I tried this in MSVC but it gave a lot of some errors:
-Invalid instruction operands <-- like movzx eax,[eax], might not be executed at all? Apprently caused by missing DWORD/WORD/BYTE PTR DS: Anyone knows a decompiler that automatically adds this?
-call [USER32.dll!EnableWindow] <---invalid apperarently, how can I change that?
-instruction operand must have size <--for example setnz [esp+13h]
-Way too long label names <--Might be able to rename them, but are used under exporting.

EDIT: This is for CabalRider_EUROP 1.0.13_888 btw
EDIT2: Just downloaded 1.0.15 so will continue with that one.
Bastiaan is offline  
Old 10/21/2008, 16:28   #2
 
dieblume123's Avatar
 
elite*gold: 0
Join Date: Sep 2008
Posts: 365
Received Thanks: 67
i would help u to crack it but i have no time but try it with a sniffer programm and search wich file connect to cr and change it if u find it pm me :P
dieblume123 is offline  
Old 10/21/2008, 16:48   #3
 
elite*gold: 0
Join Date: Oct 2008
Posts: 11
Received Thanks: 0
Quote:
Originally Posted by derneger123 View Post
i would help u to crack it but i have no time but try it with a sniffer programm and search wich file connect to cr and change it if u find it pm me :P
What do you mean? Everything up to the launcher at least is done in bin/cabalrider.exe which is the file I'm working on. All the other exe and dll files seem to be useless/diversion.
Bastiaan is offline  
Old 10/21/2008, 17:38   #4
 
dieblume123's Avatar
 
elite*gold: 0
Join Date: Sep 2008
Posts: 365
Received Thanks: 67
hi im a friend of (derneger123) he is in hospital i dont now what he meant with this im a noob in cracking but i can try it :P
*dont worry if i not answer at ur post,s xD
dieblume123 is offline  
Old 10/21/2008, 18:08   #5
 
elite*gold: 0
Join Date: Dec 2007
Posts: 11
Received Thanks: 1
i try too to crack cabalrider , i am noob in that too :s
i try to change hours for free login( i change the hours on my computer ) ,the button are visible but the game don t start ...

if we block the time of the program, can it works ?
but how make that ? :s
all windows when we start cabal rider are there i think "\cfg\web"
i have try to inject the impetus.dll , all in this files are the bot ( open with ressource tunner ) but dont work or i dont have use a good injector ( use cabalbot 1.07 for start the game and block gg )

sorry for my bad english ^^ , i hope you have understand what i try to make ^^'
l3vf is offline  
Old 10/21/2008, 18:29   #6
 
elite*gold: 0
Join Date: Oct 2008
Posts: 11
Received Thanks: 0
Quote:
Originally Posted by l3vf View Post
i try too to crack cabalrider , i am noob in that too :s
i try to change hours for free login( i change the hours on my computer ) ,the button are visible but the game don t start ...

if we block the time of the program, can it works ?
but how make that ? :s
all windows when we start cabal rider are there i think "\cfg\web"
i have try to inject the impetus.dll , all in this files are the bot ( open with ressource tunner ) but dont work or i dont have use a good injector ( use cabalbot 1.07 for start the game and block gg )

sorry for my bad english ^^ , i hope you have understand what i try to make ^^'
My best guess is that it verifies the time on the cabalrider server aswell. impetus.dll isn't used at the verification stage, I renamed mine and untill you start the game, it doesn't use it I guess, so for cracking the login, I don't bother with that.
Modifying cfg\web calls functions in cabalrider.exe and the checking is done there.
I haven't read anything about injectors, only hex editing. I'm gonna try disassembling with IDA Pro, hopefully I can compile the assembly generated from there.
Bastiaan is offline  
Old 10/21/2008, 21:31   #7
 
elite*gold: 0
Join Date: Dec 2007
Posts: 11
Received Thanks: 1
i have try to use another version , the 1.0.7 version .
i have change option of button "Start game" and now dont need to connect for launch game and bot .
gameguard detected the bot, so i change files "imptus.dll" ,"adpater & Toloadadapter" and the folder "cfg" ( try with all file & folder of 1.0.12 , 13 , 14 , 15 )but i use always 1.0.7 , the game launch , the gameguard dont detected bot , login , choise server & char, but the bot aren't load... when i exit , i have the same error when the folders "prefetch" arent clean and the game dont load bot ...

the version 1.0.7 dont work on new version it s maybe that, we need to modif but how & what ? if anyone know , tell us ^^
l3vf is offline  
Old 10/22/2008, 00:02   #8
 
elite*gold: 0
Join Date: Oct 2008
Posts: 11
Received Thanks: 0
Quote:
Originally Posted by l3vf View Post
i have try to use another version , the 1.0.7 version .
i have change option of button "Start game" and now dont need to connect for launch game and bot .
gameguard detected the bot, so i change files "imptus.dll" ,"adpater & Toloadadapter" and the folder "cfg" ( try with all file & folder of 1.0.12 , 13 , 14 , 15 )but i use always 1.0.7 , the game launch , the gameguard dont detected bot , login , choise server & char, but the bot aren't load... when i exit , i have the same error when the folders "prefetch" arent clean and the game dont load bot ...

the version 1.0.7 dont work on new version it s maybe that, we need to modif but how & what ? if anyone know , tell us ^^
Can you give a guide on how you managed to circumvent the start game button? and if possible the other changes?
Bastiaan is offline  
Old 10/22/2008, 00:47   #9
 
dieblume123's Avatar
 
elite*gold: 0
Join Date: Sep 2008
Posts: 365
Received Thanks: 67
if u load the dll,s with an injektor the bot CAN,T go cause in the config of the rider exe are the requiet* -.-* something like this ( *goto ... *klick.. *load... etc.)
u can write a file that make this (need a long long time-.-) or u find the *-.-*.
xD
sry 4 my bad english
*dont now the word :P*

i found the (file) 004BC974 server 1 (dx)

004BC964 208.43.130.109 in cr/bin

i thing this is the file that we need to change
dieblume123 is offline  
Old 10/22/2008, 01:37   #10
 
elite*gold: 0
Join Date: Oct 2008
Posts: 11
Received Thanks: 0
Quote:
Originally Posted by derneger123 View Post
if u load the dll,s with an injektor the bot CAN,T go cause in the config of the rider exe are the requiet* -.-* something like this ( *goto ... *klick.. *load... etc.)
u can write a file that make this (need a long long time-.-) or u find the *-.-*.
xD
sry 4 my bad english
*dont now the word :P*

i found the (file) 004BC974 server 1 (dx)

004BC964 208.43.130.109 in cr/bin

i thing this is the file that we need to change
Yeah, the exe file in the bin folder is the one we have to change, but changing it is a problem. That location gets overwritten during execution, at the start where it generates it's own code.
At 414F18 the jump that checks whether you gave an account is located (if you don't it says input account id), so I was able to change that during runtime. Same goes for the password and I got the login failed screen without entering an username or pass. But I can't create a permanent fix, because this code part is generated during runtime.
So the only possible way to get this to work, is to do disassembly dump of the generated code and then recompile it. Ollydbg can't dump disassembly, PE explorer disassembly has issues as I described in the OP and the version from IDA doesn't have the disassembly from the runtime period and the version it does creates has an issue with jumping to a label in an other segment and throws an access violation as it can't write to the position where the code is supposed to generate.


Edit: I might just have gotten a major breakthrough, gonna experiment a bit, will let you know before I go to bed.
Edit 2: I have to get some sleep, but , the post before the last, has the answer. I managed to get the login failed screen without entering an account or password. Hopefully I can do something more impressive tomorrow.
Bastiaan is offline  
Old 10/22/2008, 11:22   #11
 
dieblume123's Avatar
 
elite*gold: 0
Join Date: Sep 2008
Posts: 365
Received Thanks: 67
ok hmm now we need to find the (file) how says *generate code* and delete it :P
and i think where done xDDD (hope)
dieblume123 is offline  
Old 10/22/2008, 12:33   #12
 
elite*gold: 0
Join Date: Oct 2008
Posts: 11
Received Thanks: 0
Quote:
Originally Posted by derneger123 View Post
ok hmm now we need to find the (file) how says *generate code* and delete it :P
and i think where done xDDD (hope)
It's the same file, and by doing as what's said in the post I pointed at in my second edit, you'll get the uncompressed version that doesn't generate code. Now just have to circumvent all checks and then see if there are any problems with loading cabal.

Edit: Login system cracked, I can press login and then start game to start cabal, but the bot isn't loading yet, so gonna take a look at the other 3 DLL's.
Bastiaan is offline  
Old 10/22/2008, 14:45   #13
 
elite*gold: 0
Join Date: Oct 2008
Posts: 1
Received Thanks: 0
oh guys if you succes cracking bot than i own you...
wuking is offline  
Old 10/22/2008, 18:01   #14
 
elite*gold: 0
Join Date: Dec 2007
Posts: 11
Received Thanks: 1
for crack the version 1.0.7 and "start game" can be press and start ,i have used PE explorer or Resource Tuner ( it same .. ) , for PE explorer

- open CabalRider.exe
- press ressource viewer / editor
- double click on dialog/102
- find the button "start game"
- [X] in [ ] for WS_disabled
- style type : push button ( dont know if needed ^^ )

now you can start the game only click start game , but cant play with bot , if we change a part of programm , can be work but dont know what...
l3vf is offline  
Old 10/22/2008, 18:01   #15
 
elite*gold: 0
Join Date: Dec 2007
Posts: 11
Received Thanks: 1
for crack the version 1.0.7 and "start game" can be press and start ,i have used PE explorer or Resource Tuner ( it same .. ) , for PE explorer

- open CabalRider.exe
- press ressource viewer / editor
- double click on dialog/102
- find the button "start game"
- [X] in [ ] for WS_disabled
- style type : push button ( dont know if needed ^^ )

now you can start the game only click start game , but cant play with bot , if we change a part of programm , can be work but dont know what...
l3vf is offline  
Reply


Similar Threads Similar Threads
Cabalrider released new bot for PH [Cabalrider 1.04]
11/13/2010 - Cabal Hacks, Bots, Cheats, Exploits & Macros - 24 Replies
here's the link http://219.129.239.193/down/CabalRider_PH1.0.4.exe enjoy botting!! kalat nyo para less chance of getting banned !! hihi.. :D
Asking for a lil advice
11/18/2009 - Conquer Online 2 - 10 Replies
So as we all know once u hit 110 u get a DB. With my past accounts I used to spend this DB on various things but I never really felt a difference in my pvp experience. So what do u guys think would be the best way for a ninja to spend a DB ? Note:I don't spend any money on CO and I don't plan to xD
need a little advice
11/03/2007 - Archlord - 0 Replies
hi peeps i am new here and could use a little advice is there a bot that is elementalist friendly i have tryed a couple (simpletons AOBote 2.0 )but with pets they just dont cut it u always end up targeting your pet and sitting there lookin like a fool lol aobot dont work at all now for some reason it keeps tellin me this verson closed so i am gettin more than a little anoyed with that one too and simpletons is working but only really with my archer thanks in advance
SOX findings, place ur sox findiings here
06/04/2007 - Silkroad Online - 8 Replies
place ur sox finds here :D i just found a sos lvl 8 glaive =P <hr>Append on Jun 4 2007, 01:11<hr> 20 mins later i find another sos chest.. lvl 13



All times are GMT +2. The time now is 22:59.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2024 elitepvpers All Rights Reserved.