[Discussion] Removing DC Flag

[NovaCygni]

Quote:

Originally Posted by PunkS7yle

^GG needs to be emulated, not just bypassed, else you'll crash from the heartbeat.
^X-trap is easy to bypass, though I still haven't found anything about dmg hack.

You can NOP the clients ability to Self-close the client and its ability to produce the "Gameguard detection" popup which comes in handy, and yeh the codecaving is for placing the "emulation" of gameguard directly into the cabal.exe itself

[.Law.]

Interesting theory

EDIT: Just gave it a thought, at first glance it looks ok, but, even if you prevent cabal from closing and the error from pop-ing up, the packet is still sent, and you still disconnect without the ability to login back, meaning preventing cabal from closing is pointless.

[NovaCygni]

Quote:

Originally Posted by PunkS7yle

Interesting theory

EDIT: Just gave it a thought, at first glance it looks ok, but, even if you prevent cabal from closing and the error from pop-ing up, the packet is still sent, and you still disconnect without the ability to login back, meaning preventing cabal from closing is pointless.

I would allow my client to send the packet because??? MHS Forums taught you nothing? now take for example that nasty long list of "HackDetections" like "Autoclick Detected" and so forth,,, you think there being allowed to be sent aswell xD . Remember all packets are formed in memory, before being encrypted and sent on, now as I know where in the memory these packets are being sent I can choose what to send, sending nothing, is also a option. Also there is a PUSH which controls all of the Hackdetection functions, you can either change the state of the memory to hold a fixed "No hack detected" value constantly (* The easy way *) or you can NOP the whole **** lot and use that nice chunky gap of code to put your own functions in (* And hey presto a codecave is formed that can be called from elsewhere to perform functions such as adding time to the timestamp on all skills so the server doesnt disconnect during skill-time abuse aswell as adding a few other functions *)

[Yamachi]

Quote:

Originally Posted by NovaCygni

You can NOP the clients ability to Self-close the client and its ability to produce the "Gameguard detection" popup which comes in handy, and yeh the codecaving is for placing the "emulation" of gameguard directly into the cabal.exe itself

It doesn't matter if you prevent the client from closing itself, the server will still close the connection if it doesn't receive a reply from GG. In order to "emulate" the heartbeat like you guys are talking about, you would need to locate the switch-case that's used on incoming packet opcodes from the WorldSvr. You would then need to redirect the handling of the GG heartbeat packet to your own injected method. Yes, there are alternate methods, like writing a proxy, but why bother when you can just inject the code?

P.S. There's lots of empty space in the .code section for anything you want to add. No need to go removing stuff just to make room.

[NovaCygni]

Quote:

Originally Posted by Yamachi

It doesn't matter if you prevent the client from closing itself, the server will still close the connection if it doesn't receive a reply from GG. In order to "emulate" the heartbeat like you guys are talking about, you would need to locate the switch-case that's used on incoming packet opcodes from the WorldSvr. You would then need to redirect the handling of the GG heartbeat packet to your own injected method. Yes, there are alternate methods, like writing a proxy, but why bother when you can just inject the code?

You can also just hook the send/recv packet functions and send all the packets to a logger which would allow you to map the packet structs, which would give you a much larger overview of whats going on and would also give you the required information to emulate GG Responces yourself... my siggy links to exactly the same thing with Botchecks see also you dont need a Proxy but itll enable you to control the packets, and seeing how u can hook send/recv functions u can actually use the client itself to encrypt the packets for you saving you the hassle of writing out code for doing that for, meaning all you need to actually have is a table of the packets from the server which are botchecks and a table with the correct responces (* which actually isnt that big *) and you have done just the same thing but have also learned alot of the packets structs which will help alot more later on...

Quote:

P.S. There's lots of empty space in the .code section for anything you want to add. No need to go removing stuff just to make room.

Its a habit from editing files on other games basically its so when the files repackd I tried to keep it the same size as the original file a few have secondry checks for filesizes which where a bugger to try to bypass. Also if you notice I mention the easy way and the other way , and I like to "fingerprint" my edited files so that I can recognise my own work if someone replicates it Imitation is after all the highest form of flattery

[Yamachi]

Quote:

Originally Posted by NovaCygni

You can also just hook the send/recv packet functions and send all the packets to a logger which would allow you to map the packet structs, which would give you a much larger overview of whats going on and would also give you the required information to emulate GG Responces yourself... my siggy links to exactly the same thing with Botchecks see also you dont need a Proxy but itll enable you to control the packets, and seeing how u can hook send/recv functions u can actually use the client itself to encrypt the packets for you saving you the hassle of writing out code for doing that for, meaning all you need to actually have is a table of the packets from the server which are botchecks and a table with the correct responces (* which actually isnt that big *) and you have done just the same thing but have also learned alot of the packets structs which will help alot more later on...


Its a habit from editing files on other games basically its so when the files repackd I tried to keep it the same size as the original file a few have secondry checks for filesizes which where a bugger to try to bypass.

I actually wrote an injected packet logger that hooked the send and receive methods while working on Minerva, but then decided to write an external one. Anyways, why bother hooking the whole thing when you can just handle the specific packet you want? It would be different if you wanted to log all packets, but there'd be no need if all you want to do is reply to the GG heartbeat packet. I may move my packet logger from Underground to here so people have a basis to work from. 99.9% of people here won't know wtf to do with it, but oh well.

[NovaCygni]

Quote:

Originally Posted by Yamachi

I actually wrote an injected packet logger that hooked the send and receive methods while working on Minerva, but then decided to write an external one. Anyways, why bother hooking the whole thing when you can just handle the specific packet you want? It would be different if you wanted to log all packets, but there'd be no need if all you want to do is reply to the GG heartbeat packet. I may move my packet logger from Underground to here so people have a basis to work from. 99.9% of people here won't know wtf to do with it, but oh well.

A version comes with the Cabot test source-code in the Lvl 1 Cabal Area of the "Other" site, and I personally have a desire for control over all packets hence why i mention it, though I believe we where focusing on why I would allow the client to send that packet in the first place, which obviouslly, I wouldnt, my interactions with the other packets are just something I do because packets are my method of choice.

[Yamachi]

Quote:

Originally Posted by NovaCygni

A version comes with the Cabot test source-code in the Lvl 1 Cabal Area of the "Other" site...

That's not a logger. It's a very incomplete client emulator. Ostara (the packet logger) uses WinPCap to log both client and server packets, decrypts them, and displays them along with the opcode and basic information. I'll post the thread here in a bit.

[NovaCygni]

Which is useful for making a working proxy and is easily turned into a logger, and the best bots are clientless when u want to have huge bot-farm

[barikulkol]

[ChapsMan14]

i lurv this thread ^_^

[Trans1996]

bump

[Hajime_Saito]

i saw a guy using speed hax without dc....
any idea how to do it?

[joxof]

Honestly, i know that i'm so brainless noob, and I admit that i'm not too good at this point but i think it's trigger hack

Please, correct me if I'm wrong! ^_^

Thanks in advance
---------------------------------
I miss you NovaCygni
#Request to closed

[.Law.]

Quote:

Originally Posted by joxof

Honestly, i know that i'm so brainless noob, and I admit that i'm not too good at this point but i think it's trigger hack

Please, correct me if I'm wrong! ^_^

Thanks in advance
---------------------------------
I miss you NovaCygni

Nova posted **** in 99% of his posts, why are bumping such an old and useless thread; <