|
You last visited: Today at 10:20
Advertisement
[Discussion] Removing DC Flag
Discussion on [Discussion] Removing DC Flag within the Cabal Online forum part of the MMORPGs category.
11/01/2010, 20:07
|
#586
|
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
Quote:
Originally Posted by PunkS7yle
^GG needs to be emulated, not just bypassed, else you'll crash from the heartbeat.
^X-trap is easy to bypass, though I still haven't found anything about dmg hack.
|
You can NOP the clients ability to Self-close the client and its ability to produce the "Gameguard detection" popup which comes in handy, and yeh the codecaving is for placing the "emulation" of gameguard directly into the cabal.exe itself
|
|
|
11/01/2010, 20:20
|
#587
|
elite*gold: 30
Join Date: Apr 2008
Posts: 2,947
Received Thanks: 1,768
|
Interesting theory
EDIT: Just gave it a thought, at first glance it looks ok, but, even if you prevent cabal from closing and the error from pop-ing up, the packet is still sent, and you still disconnect without the ability to login back, meaning preventing cabal from closing is pointless.
|
|
|
11/01/2010, 20:34
|
#588
|
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
Quote:
Originally Posted by PunkS7yle
Interesting theory
EDIT: Just gave it a thought, at first glance it looks ok, but, even if you prevent cabal from closing and the error from pop-ing up, the packet is still sent, and you still disconnect without the ability to login back, meaning preventing cabal from closing is pointless.
|
I would allow my client to send the packet because??? MHS Forums taught you nothing? now take for example that nasty long list of "HackDetections" like "Autoclick Detected" and so forth,,, you think there being allowed to be sent aswell xD . Remember all packets are formed in memory, before being encrypted and sent on, now as I know where in the memory these packets are being sent I can choose what to send, sending nothing, is also a option. Also there is a PUSH which controls all of the Hackdetection functions, you can either change the state of the memory to hold a fixed "No hack detected" value constantly (* The easy way *) or you can NOP the whole **** lot and use that nice chunky gap of code to put your own functions in (* And hey presto a codecave is formed that can be called from elsewhere to perform functions such as adding time to the timestamp on all skills so the server doesnt disconnect during skill-time abuse aswell as adding a few other functions *)
|
|
|
11/01/2010, 20:42
|
#589
|
elite*gold: 0
Join Date: Jun 2008
Posts: 149
Received Thanks: 138
|
Quote:
Originally Posted by NovaCygni
You can NOP the clients ability to Self-close the client and its ability to produce the "Gameguard detection" popup which comes in handy, and yeh the codecaving is for placing the "emulation" of gameguard directly into the cabal.exe itself
|
It doesn't matter if you prevent the client from closing itself, the server will still close the connection if it doesn't receive a reply from GG. In order to "emulate" the heartbeat like you guys are talking about, you would need to locate the switch-case that's used on incoming packet opcodes from the WorldSvr. You would then need to redirect the handling of the GG heartbeat packet to your own injected method. Yes, there are alternate methods, like writing a proxy, but why bother when you can just inject the code?
P.S. There's lots of empty space in the .code section for anything you want to add. No need to go removing stuff just to make room.
|
|
|
11/01/2010, 20:51
|
#590
|
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
Quote:
Originally Posted by Yamachi
It doesn't matter if you prevent the client from closing itself, the server will still close the connection if it doesn't receive a reply from GG. In order to "emulate" the heartbeat like you guys are talking about, you would need to locate the switch-case that's used on incoming packet opcodes from the WorldSvr. You would then need to redirect the handling of the GG heartbeat packet to your own injected method. Yes, there are alternate methods, like writing a proxy, but why bother when you can just inject the code?
|
You can also just hook the send/recv packet functions and send all the packets to a logger which would allow you to map the packet structs, which would give you a much larger overview of whats going on and would also give you the required information to emulate GG Responces yourself... my siggy links to exactly the same thing with Botchecks see also you dont need a Proxy but itll enable you to control the packets, and seeing how u can hook send/recv functions u can actually use the client itself to encrypt the packets for you saving you the hassle of writing out code for doing that for, meaning all you need to actually have is a table of the packets from the server which are botchecks and a table with the correct responces (* which actually isnt that big *) and you have done just the same thing but have also learned alot of the packets structs which will help alot more later on...
Quote:
P.S. There's lots of empty space in the .code section for anything you want to add. No need to go removing stuff just to make room.
|
Its a habit from editing files on other games basically its so when the files repackd I tried to keep it the same size as the original file a few have secondry checks for filesizes which where a bugger to try to bypass. Also if you notice I mention the easy way and the other way , and I like to "fingerprint" my edited files so that I can recognise my own work if someone replicates it Imitation is after all the highest form of flattery
|
|
|
11/01/2010, 21:08
|
#591
|
elite*gold: 0
Join Date: Jun 2008
Posts: 149
Received Thanks: 138
|
Quote:
Originally Posted by NovaCygni
You can also just hook the send/recv packet functions and send all the packets to a logger which would allow you to map the packet structs, which would give you a much larger overview of whats going on and would also give you the required information to emulate GG Responces yourself... my siggy links to exactly the same thing with Botchecks see also you dont need a Proxy but itll enable you to control the packets, and seeing how u can hook send/recv functions u can actually use the client itself to encrypt the packets for you saving you the hassle of writing out code for doing that for, meaning all you need to actually have is a table of the packets from the server which are botchecks and a table with the correct responces (* which actually isnt that big *) and you have done just the same thing but have also learned alot of the packets structs which will help alot more later on...
Its a habit from editing files on other games basically its so when the files repackd I tried to keep it the same size as the original file a few have secondry checks for filesizes which where a bugger to try to bypass.
|
I actually wrote an injected packet logger that hooked the send and receive methods while working on Minerva, but then decided to write an external one. Anyways, why bother hooking the whole thing when you can just handle the specific packet you want? It would be different if you wanted to log all packets, but there'd be no need if all you want to do is reply to the GG heartbeat packet. I may move my packet logger from Underground to here so people have a basis to work from. 99.9% of people here won't know wtf to do with it, but oh well.
|
|
|
11/01/2010, 21:18
|
#592
|
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
Quote:
Originally Posted by Yamachi
I actually wrote an injected packet logger that hooked the send and receive methods while working on Minerva, but then decided to write an external one. Anyways, why bother hooking the whole thing when you can just handle the specific packet you want? It would be different if you wanted to log all packets, but there'd be no need if all you want to do is reply to the GG heartbeat packet. I may move my packet logger from Underground to here so people have a basis to work from. 99.9% of people here won't know wtf to do with it, but oh well.
|
A version comes with the Cabot test source-code in the Lvl 1 Cabal Area of the "Other" site, and I personally have a desire for control over all packets hence why i mention it, though I believe we where focusing on why I would allow the client to send that packet in the first place, which obviouslly, I wouldnt, my interactions with the other packets are just something I do because packets are my method of choice.
|
|
|
11/01/2010, 21:26
|
#593
|
elite*gold: 0
Join Date: Jun 2008
Posts: 149
Received Thanks: 138
|
Quote:
Originally Posted by NovaCygni
A version comes with the Cabot test source-code in the Lvl 1 Cabal Area of the "Other" site...
|
That's not a logger. It's a very incomplete client emulator. Ostara (the packet logger) uses WinPCap to log both client and server packets, decrypts them, and displays them along with the opcode and basic information. I'll post the thread here in a bit.
|
|
|
11/01/2010, 22:20
|
#594
|
elite*gold: 0
Join Date: Jan 2008
Posts: 303
Received Thanks: 156
|
Which is useful for making a working proxy and is easily turned into a logger, and the best bots are clientless when u want to have huge bot-farm
|
|
|
11/20/2010, 10:51
|
#595
|
elite*gold: 0
Join Date: Jul 2009
Posts: 24
Received Thanks: 3
|
|
|
|
09/06/2011, 04:12
|
#596
|
elite*gold: 0
Join Date: Jun 2011
Posts: 67
Received Thanks: 4
|
i lurv this thread ^_^
|
|
|
12/17/2011, 17:18
|
#597
|
elite*gold: 0
Join Date: Dec 2009
Posts: 105
Received Thanks: 4
|
bump
|
|
|
02/25/2012, 03:04
|
#598
|
elite*gold: 0
Join Date: Jan 2012
Posts: 89
Received Thanks: 4
|
i saw a guy using speed hax without dc....
any idea how to do it?
|
|
|
10/08/2012, 21:23
|
#599
|
elite*gold: 0
Join Date: Dec 2011
Posts: 209
Received Thanks: 41
|
Honestly, i know that i'm so brainless noob, and I admit that i'm not too good at this point but i think it's trigger hack
Please, correct me if I'm wrong! ^_^
Thanks in advance
---------------------------------
I miss you NovaCygni
#Request to closed
|
|
|
10/08/2012, 21:50
|
#600
|
elite*gold: 30
Join Date: Apr 2008
Posts: 2,947
Received Thanks: 1,768
|
Quote:
Originally Posted by joxof
Honestly, i know that i'm so brainless noob, and I admit that i'm not too good at this point but i think it's trigger hack
Please, correct me if I'm wrong! ^_^
Thanks in advance
---------------------------------
I miss you NovaCygni
|
Nova posted **** in 99% of his posts, why are bumping such an old and useless thread; <
|
|
|
|
|
Similar Threads
|
[Discussion]Removing Weapon hit(s) limitations.
12/15/2009 - Mabinogi - 20 Replies
Was wondering, your thoughts/ideas about removing these restrictions.
Like a short sword "Normal 3 hit weapon"
I'd like to work on this, however. I'm clueless as to where to start or what to try.
DLL edits?
Maybe a PE saying "I've only hit once, let me keep slashing this bears throat s'more"
that sort of thing.
cause N + (figure 8 here) sounds pretty sweet.
|
Removing Dc Flag guides.
09/26/2009 - Cabal Online - 5 Replies
Hey all.
I need a bit help with this ... i was reading all removing dc flag threads but i dont understand much, can someone give me bit of guides that will help me with this ?
ok i have bypass , but i need really good guides bcoz im noob :(
|
cabal discussion. and program discussion xtrap killer
08/02/2009 - Cabal Online - 1 Replies
now alot of people had the chance of trying how to hack and such, google only gave me small hints on bypassing and factors. on my search of learning how to bypass xtrap i came across an interesting pogram... " Xtrap Killer 2279"
a person named of Irius or some sort made the program.
Cheat Engine :: View topic - X-trap Killer 2275
it was at the cheatengine site so i thought maybe the community can take a look at it! since this is trusting enough.
i managed to understand how to...
|
Binary Discussion Discussion
04/08/2009 - CO2 Private Server - 10 Replies
I dont think thats going to work, youve just made yourself a hell of alot of work :rolleyes:
Would be better to ban advertising servers in this section since 90% of people moved over to binarys anyway, theres barely any source code released because everyone either uses LOFT or the binarys, neither of which really need code (LOFT needs a complete rewrite but nothing really specific)
I would release a few things but all i can only really give out is some classes, all of my systems are...
|
All times are GMT +2. The time now is 10:20.
|
|