[Discussion] Removing DC Flag

[brian86]

it will not yet fix the DC flag! u need to search the DC flag then change it!

[cabal4life]

where to serach the dc flag? in olly?

[dlnqt]

use UnExeStealth to unpack the first protection in cabalmain.. you'll get a new .exe which is around 8.5mb for me. The problem is there is another protection, I'll keep you guys updated.

BTW, use DiE (packer identifier). I recommend it.. don't limit yourselves to 1 tool only, try different kinds. You can get a lot of reverse engineering tools over at (forums). Collaborative tool library here: .

Here are the steps which I think will make dmg hack work again. (Please don't PM me since I haven't succeeded yet in making damage hack work.):

1. Unpack cabalmain.exe
2. Live debug cabal (this means attaching ollydbg while your cabal is running)
3. In order to make live debug work, you need to bypass GG (Cabal Rider ofcourse)
4. Download ollytrace (WSASend WSARecv Send Recv packet catcher)
5. Get yourself dc while equipping earrings/bracelets (damage hack method)
6. Save logs from ollytrace (OllyTrace is like WPE, but better since it is a plugin of OllyDbg.)
7. Equip Earrings/bracelets normally (meaning you can actually wear it without using CE)
8. Save logs from ollytrace
9. Compare the two
10. This is where I stop, you need to set breakpoints when the actual dc happens, so you know where in the ASM is making you disconnected.
11. Trial and error.. traceback few steps just to find where the dc flag is
12. Once you find the asm address, apply it to your unpacked cabalmain.exe

This has been my research so far, I'm lazy to continue as I'm busy with work. Hope you guys make it work

PS: I doubt anybody here claiming they got it to work has really made it work, they just want other people who actually made it to work share their method Unless they provide you with recent screenshots, that's the time you believe People here who I think manage to make damage hack work again is someone122 ofcourse, NovaCygni, punkstyle and chrome

[sparrowaie]

why is gopotato not in the list? don't you think he did? hehehe...

this is really becoming very educational... people like me who doesn't even have any background on programming tries to have LUCK on this one. hahaha...

still trying to unpack cabalmain.exe. i got stuck here so reading more tutorials from the very basic ones. whew!

@Hackers/Reversers who made this work, please give us more hint/s on unpacking...

another thread have been started solely for unpacking. i know its not bad to share your knowledge on that part.

[logan432]

Quote:

Originally Posted by dlnqt

use UnExeStealth to unpack the first protection in cabalmain.. you'll get a new .exe which is around 8.5mb for me. The problem is there is another protection, I'll keep you guys updated.

BTW, use DiE (packer identifier). I recommend it.. don't limit yourselves to 1 tool only, try different kinds. You can get a lot of reverse engineering tools over at (forums). Collaborative tool library here: .

Here are the steps which I think will make dmg hack work again. (Please don't PM me since I haven't succeeded yet in making damage hack work.):

1. Unpack cabalmain.exe
2. Live debug cabal (this means attaching ollydbg while your cabal is running)
3. In order to make live debug work, you need to bypass GG (Cabal Rider ofcourse)
4. Download ollytrace (WSASend WSARecv Send Recv packet catcher)
5. Get yourself dc while equipping earrings/bracelets (damage hack method)
6. Save logs from ollytrace (OllyTrace is like WPE, but better since it is a plugin of OllyDbg.)
7. Equip Earrings/bracelets normally (meaning you can actually wear it without using CE)
8. Save logs from ollytrace
9. Compare the two
10. This is where I stop, you need to set breakpoints when the actual dc happens, so you know where in the ASM is making you disconnected.
11. Trial and error.. traceback few steps just to find where the dc flag is
12. Once you find the asm address, apply it to your unpacked cabalmain.exe

This has been my research so far, I'm lazy to continue as I'm busy with work. Hope you guys make it work

PS: I doubt anybody here claiming they got it to work has really made it work, they just want other people who actually made it to work share their method Unless they provide you with recent screenshots, that's the time you believe People here who I think manage to make damage hack work again is someone122 ofcourse, NovaCygni, punkstyle and chrome

thanks but you dont need the unexestealth. you just need to know how to unpack the asprotect.. thanks again and will update this thread if successfull

[dlnqt]

hmm? I tried unpacking with just asprotect unpacker but I was unsuccessful. unexestealth + RL!dePacker = unpacked cabalmain.exe

but maybe there's another way

[logan432]

Quote:

Originally Posted by dlnqt

hmm? I tried unpacking with just asprotect unpacker but I was unsuccessful. unexestealth + RL!dePacker = unpacked cabalmain.exe

but maybe there's another way

i did use manual unpacking.. i just tried my oep to ImpRec program and it is correct.. did you see the series of error codes? i.e. ASCII "RPC_E_CONNECTION_TERMINATED

[dlnqt]

series of error codes? in ollydbg? I see a LOT. I see everything cabalmain.exe has. skills boots gloves etc.

[logan432]

Quote:

Originally Posted by dlnqt

series of error codes? in ollydbg? I see a LOT. I see everything cabalmain.exe has. skills boots gloves etc.

ASCII "RPC_E_CONNECTION_TERMINATED <--- like this

[168Atomica]

It is the generic error that a connection was stopped.
RPC_E_CONNECTION_TERMINATED = no more data exchange. As you may know, cabal uses RPC to run processes between client and server. Just before this error code is the condition that makes cabal DC. Oh my oh my... now you are close.

[logan432]

Quote:

Originally Posted by 168Atomica

It is the generic error that a connection was stopped.
RPC_E_CONNECTION_TERMINATED = no more data exchange. As you may know, cabal uses RPC to run processes between client and server. Just before this error code is the condition that makes cabal DC. Oh my oh my... now you are close.

then i am right thanks atomica! now i dont know what to do lol. can i change the binary code of the RPC_E_CONNECTION_TERMINATED or there is a specific command?

[brian86]

Quote:

Originally Posted by dlnqt

use UnExeStealth to unpack the first protection in cabalmain.. you'll get a new .exe which is around 8.5mb for me. The problem is there is another protection, I'll keep you guys updated.

BTW, use DiE (packer identifier). I recommend it.. don't limit yourselves to 1 tool only, try different kinds. You can get a lot of reverse engineering tools over at (forums). Collaborative tool library here: .

Here are the steps which I think will make dmg hack work again. (Please don't PM me since I haven't succeeded yet in making damage hack work.):

1. Unpack cabalmain.exe
2. Live debug cabal (this means attaching ollydbg while your cabal is running)
3. In order to make live debug work, you need to bypass GG (Cabal Rider ofcourse)
4. Download ollytrace (WSASend WSARecv Send Recv packet catcher)
5. Get yourself dc while equipping earrings/bracelets (damage hack method)
6. Save logs from ollytrace (OllyTrace is like WPE, but better since it is a plugin of OllyDbg.)
7. Equip Earrings/bracelets normally (meaning you can actually wear it without using CE)
8. Save logs from ollytrace
9. Compare the two
10. This is where I stop, you need to set breakpoints when the actual dc happens, so you know where in the ASM is making you disconnected.
11. Trial and error.. traceback few steps just to find where the dc flag is
12. Once you find the asm address, apply it to your unpacked cabalmain.exe


another thread have been started solely for unpacking. i know its not bad to share your knowledge on that part.

The problem is there is another protection, I'll keep you guys updated.

I was able to unpack the file and have it running through CR . However , if I attempt to attached olly to cabalmain.exe and run debug . It is detected by GameGuard , from this point I no longer know what to do hide olly and phantom don't seem to work . Please advise if there is any software I can use to bypass the 2nd protection . ^>> ^ thanks .. guys

[HumanaOne]

i got past the unpacking stage thanks to a Newbie ^_^ loz >> i am currently on the live debugging phase - i see a thread that when i try to suspend, Cabal stops, and when i re-activate, Cabal resumes the process - i think me and Mr Newb are getting closer by the second - it does make it better if you're working with someone who works hard and never complain.

[dlnqt]

Quote:

Originally Posted by brian86

The problem is there is another protection, I'll keep you guys updated.

I was able to unpack the file and have it running through CR . However , if I attempt to attached olly to cabalmain.exe and run debug . It is detected by GameGuard , from this point I no longer know what to do hide olly and phantom don't seem to work . Please advise if there is any software I can use to bypass the 2nd protection . ^>> ^ thanks .. guys

huh? There is no gameguard running if you use cabal rider..

[NoobWant2Learn]

@gopotato Where are you now?? Busy hacking CABAL??? Need help here.. i have lots of unanswered questions hope you can clear my thoughts... GL