|
You last visited: Today at 17:30
Advertisement
[RELEASE+DISCUSSION] Unpacked CABALMAIN.EXE
Discussion on [RELEASE+DISCUSSION] Unpacked CABALMAIN.EXE within the Cabal Online forum part of the MMORPGs category.
09/03/2009, 16:34
|
#16
|
elite*gold: 0 
Join Date: Aug 2009
Posts: 1
Received Thanks: 0
|
Finally!!!! credit to you dlnqt atom gopotato etc..
Finally after weeks of hard labor   .. lol got it working for cabalph..... 
good thing to other dmg hackers im only focusing on one server ^^
which is mars ^^ no worries i will not f#uck up the market unlike those kiddie nobbies which flooded the whole server with 2 slot and cheap rare items ^^
gluck to those who still find their ways on making this hack work 
thanks thanks thanks to those who shed out time searching for solutions to make this hack work again....
|
|
|
|
09/03/2009, 16:57
|
#17
|
elite*gold: 0
Join Date: Oct 2007
Posts: 364
Received Thanks: 74
|
^
^
^
Newbie account.. haha. I doubt that you got it to work 
|
|
|
|
|
09/03/2009, 17:15
|
#18
|
elite*gold: 0
Join Date: Jul 2008
Posts: 72
Received Thanks: 85
|
Yup. same thought from here...
|
|
|
|
|
09/03/2009, 17:35
|
#19
|
elite*gold: 30
Join Date: Apr 2008
Posts: 2,955
Received Thanks: 1,771
|
Quote:
Originally Posted by SMT2008
nice
so what can I do now? |
Remove DC error which appears when u try to wear a bracelet using honor or lvl hack.
You can abuse the CC bug which makes it so that every time you buy something from item shop ur CC wont go down.
Client side hacks,like move speed etc.
etc..
|
|
|
|
|
09/03/2009, 17:41
|
#20
|
elite*gold: 0
Join Date: Jun 2008
Posts: 17
Received Thanks: 3
|
Quote:
Originally Posted by marskiller
Finally after weeks of hard labor .. lol got it working for cabalph.....
good thing to other dmg hackers im only focusing on one server ^^
which is mars ^^ no worries i will not f#uck up the market unlike those kiddie nobbies which flooded the whole server with 2 slot and cheap rare items ^^
gluck to those who still find their ways on making this hack work
thanks thanks thanks to those who shed out time searching for solutions to make this hack work again.... |
good for you!
could you please give some hints? 
|
|
|
|
|
09/03/2009, 20:10
|
#21
|
elite*gold: 0
Join Date: Mar 2008
Posts: 4
Received Thanks: 0
|
Quote:
Originally Posted by dlnqt
The unpacked cabalmain.exe that I posted is only for Cabal PH, but the process of unpacking is the same for other clients as well..
|
My client official its different (cabal global use themida... i dont know what version exactly, i try and try and nothing with themidas unpacks and tutorials- themida 1.8.x.x and more)
The file (cabalmain.exe packed)
Any help or tips?
|
|
|
|
|
09/04/2009, 01:52
|
#22
|
elite*gold: 0
Join Date: Jul 2009
Posts: 85
Received Thanks: 0
|
ooppps i did it again...
|
|
|
|
|
09/04/2009, 14:28
|
#23
|
elite*gold: 0
Join Date: Feb 2009
Posts: 32
Received Thanks: 8
|
WOW!.. This thread make me inspired but not in cheating/hacking!.. If 'dlnqt' will succesfully unpacked this updated cabalmain ... OMG!.. The door will open for Cabal Private Development to be updated same as official... wew!... Keep it up guys!...
|
|
|
|
|
09/04/2009, 15:12
|
#24
|
elite*gold: 0
Join Date: Jan 2008
Posts: 1,157
Received Thanks: 269
|
Quote:
Originally Posted by coajack258
WOW!.. This thread make me inspired but not in cheating/hacking!.. If 'dlnqt' will succesfully unpacked this updated cabalmain ... OMG!.. The door will open for Cabal Private Development to be updated same as official... wew!... Keep it up guys!...
|
A lot of servers already did? All what you can do without server files already is done,that means mobs/items/costumes.Another systems,like Soul Ability,new dungeons or pet training can be done just if you have server sided files too.
|
|
|
|
|
09/04/2009, 15:35
|
#25
|
elite*gold: 0
Join Date: Feb 2009
Posts: 32
Received Thanks: 8
|
Quote:
Originally Posted by Pupix
A lot of servers already did? All what you can do without server files already is done,that means mobs/items/costumes.Another systems,like Soul Ability,new dungeons or pet training can be done just if you have server sided files too.
|
Server side is easy... They are stuck in client side... as for now they can do custom .ENC..
|
|
|
|
|
09/04/2009, 18:38
|
#26
|
elite*gold: 0
Join Date: May 2009
Posts: 22
Received Thanks: 0
|
anyone know how to decrypt .enc?
|
|
|
|
|
09/04/2009, 21:28
|
#27
|
elite*gold: 0
Join Date: Jan 2008
Posts: 1,157
Received Thanks: 269
|
Quote:
Originally Posted by coajack258
Server side is easy... They are stuck in client side... as for now they can do custom .ENC..
|
Please make me server sided files from FT2/CA/FI/AoS then,if it's so easy...i'll give you all client side informations 
Quote:
Originally Posted by becks78
anyone know how to decrypt .enc?
|
Your answer:
Quote:
|
Originally Posted by Phantom*
It's likely everyone is using different clients and I don't want to deal with unpacking or Xtrap removal. So I've decided to explain everything with these I found via r.a.g.e.z.o.n.e and posted by cyber37, apparently from chumpywumpy's v2.5 server files. All clients employ the same logic.
The client uses the popular inflation/deflation algorithms found in with a suppressed header ( negative windowBits). Albeit they use an older public domain code base from the same author, Mark Adler, it can be found . The code was compiled without the PKZIP_BUG_WORKAROUND definition at line 172 and uses a custom FLUSH and NEXTBYTE definition at lines 214 and 206. Otherwise, everything else is exactly alike. The custom NEXTBYTE instructions contain XOR encryption for only the first 4 inflated bytes while the rest pass through without modification.
Client offsets of the functions are (look at your keyboard to replace back the missing digits):
inflate = ))$@D#B^
inflate_block = ))$@D#@$
inflate_dynamic = ))$@CF(#
inflate_stored = ))$@CDAA
inflate_fixed = ))$@CEB$
inflate_codes = ))$@CAE^
huft_build = ))$@C&@)
huft_free = ))$@CACA
NEEDBYTE = ))$@D$$* XOR:
byte 1 xor 0x92
byte 2 xor 0x65
byte 3 xor 0x67
byte 4 xor 0x57 The first 4 bytes of the files contain the uncompressed data size which is used to allocate the correct amount of memory. The next 4 bytes are encrypted. With this and the above knowledge you can now program your own application. I've thrown together a quick hack job sample using the zpipe example from . You can download and apply this or get the . Be warned my development platform is Linux and it won't compile for Windows. For Windows you would need to remove the code that retrieves the file size in the def function and replace it with the Win32 equivalent, eg.
Code:
HANDLE hFile;
hFile = GetStdHandle(STD_INPUT_HANDLE);
if (GetFileSizeEx(hFile, &dest_size) == 0)
return Z_ERRNO;
Apply Patch:
patch < zpipe-enc.patch Compile ZPipe:
gcc -o zpipe zpipe.c -lz Compress Usage:
zpipe < phantom.txt > phantom.enc Decompress Usage:
zpipe -d < phantom.enc > phantom.txt Note: Newer clients have a list of 128bit checksums to deter modification. It's far easier to remove the corrupt file check than it is to replace the list. Both require modifying the client.
Code:
/* zpipe.c: example of proper use of zlib's inflate() and deflate()
Not copyrighted -- provided to the public domain
Version 1.2 9 November 2004 Mark Adler */
/* Version history:
1.0 30 Oct 2004 First version
1.1 8 Nov 2004 Add void casting for unused return values
Use switch statement for inflate() return values
1.2 9 Nov 2004 Add assertions to document zlib guarantees
1.3 6 Apr 2005 Remove incorrect assertion in inf()
*/
#include <stdio.h>
#include <string.h>
#include <assert.h>
#include "zlib.h"
#include <sys/types.h>
#include <sys/stat.h>
#define CHUNK 16384
/* Compress from file source to file dest until EOF on source.
def() returns Z_OK on success, Z_MEM_ERROR if memory could not be
allocated for processing, Z_STREAM_ERROR if an invalid compression
level is supplied, Z_VERSION_ERROR if the version of zlib.h and the
version of the library linked do not match, or Z_ERRNO if there is
an error reading or writing the files. */
int def(FILE *source, FILE *dest, int level)
{
int ret, flush;
unsigned have;
z_stream strm;
char in[CHUNK];
char out[CHUNK];
char *buf;
unsigned long dest_size;
unsigned long indx = 0;
struct stat sb;
have = fileno(source);
if (fstat(have, &sb) < 0)
return Z_ERRNO;
if (!S_ISREG(sb.st_mode))
return Z_ERRNO;
if ((dest_size = (unsigned long)sb.st_size) <= 0)
return Z_ERRNO;
if (fwrite(&dest_size, 4, 1, dest) != 1 || ferror(dest))
return Z_ERRNO;
/* allocate deflate state */
strm.zalloc = Z_NULL;
strm.zfree = Z_NULL;
strm.opaque = Z_NULL;
ret = deflateInit2(&strm, level, Z_DEFLATED, -MAX_WBITS, 8, Z_DEFAULT_STRATEGY);
if (ret != Z_OK)
return ret;
/* compress until end of file */
do {
strm.avail_in = fread(in, 1, CHUNK, source);
if (ferror(source)) {
(void)deflateEnd(&strm);
return Z_ERRNO;
}
flush = feof(source) ? Z_FINISH : Z_NO_FLUSH;
strm.next_in = in;
/* run deflate() on input until output buffer not full, finish
compression if all of source has been read in */
do {
strm.avail_out = CHUNK;
strm.next_out = out;
ret = deflate(&strm, flush); /* no bad return value */
assert(ret != Z_STREAM_ERROR); /* state not clobbered */
have = CHUNK - strm.avail_out;
if (have > 0) {
buf = out;
do {
if (dest_size > indx++) {
switch (indx) {
case 1:
*buf ^= 0x92;
break;
case 2:
*buf ^= 0x65;
break;
case 3:
*buf ^= 0x67;
break;
case 4:
*buf ^= 0x57;
}
}
} while (*buf++);
if (fwrite(out, 1, have, dest) != have || ferror(dest)) {
(void)deflateEnd(&strm);
return Z_ERRNO;
}
}
} while (strm.avail_out == 0);
assert(strm.avail_in == 0); /* all input will be used */
/* done when last data in file processed */
} while (flush != Z_FINISH);
assert(ret == Z_STREAM_END); /* stream will be complete */
/* clean up and return */
(void)deflateEnd(&strm);
return Z_OK;
}
/* Decompress from file source to file dest until stream ends or EOF.
inf() returns Z_OK on success, Z_MEM_ERROR if memory could not be
allocated for processing, Z_DATA_ERROR if the deflate data is
invalid or incomplete, Z_VERSION_ERROR if the version of zlib.h and
the version of the library linked do not match, or Z_ERRNO if there
is an error reading or writing the files. */
int inf(FILE *source, FILE *dest)
{
int ret;
unsigned have;
z_stream strm;
char in[CHUNK];
char out[CHUNK];
char *buf;
unsigned long dest_size;
unsigned long indx = 0;
have = fread(in, 1, 4, source);
if (have != 4 || ferror(source)) {
return Z_ERRNO;
}
dest_size = ((unsigned long)in[0]) |
((unsigned long)in[1] << 8) |
((unsigned long)in[2] << 16) |
((unsigned long)in[3] << 24);
/* allocate inflate state */
strm.zalloc = Z_NULL;
strm.zfree = Z_NULL;
strm.opaque = Z_NULL;
strm.avail_in = 0;
strm.next_in = Z_NULL;
ret = inflateInit2(&strm, -MAX_WBITS);
if (ret != Z_OK)
return ret;
/* decompress until deflate stream ends or end of file */
do {
strm.avail_in = fread(in, 1, CHUNK, source);
if (ferror(source)) {
(void)inflateEnd(&strm);
return Z_ERRNO;
}
if (strm.avail_in == 0)
break;
buf = in;
do {
if (dest_size > indx++) {
switch (indx) {
case 1:
*buf ^= 0x92;
break;
case 2:
*buf ^= 0x65;
break;
case 3:
*buf ^= 0x67;
break;
case 4:
*buf ^= 0x57;
}
}
} while (*buf++);
strm.next_in = in;
/* run inflate() on input until output buffer not full */
do {
strm.avail_out = CHUNK;
strm.next_out = out;
ret = inflate(&strm, Z_NO_FLUSH);
assert(ret != Z_STREAM_ERROR); /* state not clobbered */
switch (ret) {
case Z_NEED_DICT:
ret = Z_DATA_ERROR; /* and fall through */
case Z_DATA_ERROR:
case Z_MEM_ERROR:
(void)inflateEnd(&strm);
return ret;
}
have = CHUNK - strm.avail_out;
if (fwrite(out, 1, have, dest) != have || ferror(dest)) {
(void)inflateEnd(&strm);
return Z_ERRNO;
}
} while (strm.avail_out == 0);
/* done when inflate() says it's done */
} while (ret != Z_STREAM_END);
/* clean up and return */
(void)inflateEnd(&strm);
return ret == Z_STREAM_END ? Z_OK : Z_DATA_ERROR;
}
/* report a zlib or i/o error */
void zerr(int ret)
{
fputs("zpipe: ", stderr);
switch (ret) {
case Z_ERRNO:
if (ferror(stdin))
fputs("error reading stdin\n", stderr);
if (ferror(stdout))
fputs("error writing stdout\n", stderr);
break;
case Z_STREAM_ERROR:
fputs("invalid compression level\n", stderr);
break;
case Z_DATA_ERROR:
fputs("invalid or incomplete deflate data\n", stderr);
break;
case Z_MEM_ERROR:
fputs("out of memory\n", stderr);
break;
case Z_VERSION_ERROR:
fputs("zlib version mismatch!\n", stderr);
}
}
/* compress or decompress from stdin to stdout */
int main(int argc, char **argv)
{
int ret;
/* do compression if no arguments */
if (argc == 1) {
ret = def(stdin, stdout, Z_DEFAULT_COMPRESSION);
if (ret != Z_OK)
zerr(ret);
return ret;
}
/* do decompression if -d specified */
else if (argc == 2 && strcmp(argv[1], "-d") == 0) {
ret = inf(stdin, stdout);
if (ret != Z_OK)
zerr(ret);
return ret;
}
/* otherwise, report usage */
else {
fputs("zpipe usage: zpipe [-d] < source > dest\n", stderr);
return 1;
}
}
|
|
|
|
|
|
09/06/2009, 00:05
|
#28
|
elite*gold: 0
Join Date: Aug 2008
Posts: 10
Received Thanks: 0
|
I tried unpack cabalsea's exe file then this error showed up
.
I used UnExeStealth to unpack the exe. Any advice?
|
|
|
|
|
09/06/2009, 05:39
|
#29
|
elite*gold: 0
Join Date: Mar 2007
Posts: 206
Received Thanks: 41
|
if u have problems determining the packer/protector used, you can try out PETools.
tools -> pe sniffer
|
|
|
|
|
09/07/2009, 05:33
|
#30
|
elite*gold: 0
Join Date: May 2009
Posts: 22
Received Thanks: 0
|
Quote:
Originally Posted by Pupix
Your answer:
|
thx pupix.
i cant seem to compile the zpipe.c, the gcc compiler that i am using is /usr/misc/gcc- 3.0.3/bin/gcc.
In file included from zpipe.c:19:
/usr/include/sys/stat.h:274: parse error before "blksize_t"
/usr/include/sys/stat.h:278: parse error before '}' token
/usr/include/sys/stat.h:334: parse error before "blksize_t"
/usr/include/sys/stat.h:335: conflicting types for `st_blocks'
/usr/include/sys/stat.h:275: previous declaration of `st_blocks'
/usr/include/sys/stat.h:338: parse error before '}' token
zpipe.c: In function `def':
zpipe.c:39: storage size of `sb' isn't known
i ignored the above errors by removing the codes that do filesize check, i managed to compiled it. after parsing the .enc, it gives me some garbage output.
anyone have a working parser for .enc?
|
|
|
|
 |
|
Similar Threads
|
[Release] Unpacked EU Cabalmain Executables
07/13/2022 - Cabal Guides & Templates - 157 Replies
Hi.
This is a thread where I'm gonna upload unpacked cabalmain.exe files from the Cabal EU client.
What is this?
An unpacked executable is an executable almost like the compiled executable before any protection and packing was applied. In this thread I will post such executables.
This is not an anti-cheat bypass!
I'm usually short on time so this thread will get updated when I have the time and feel like updating it, so it's kinda pointless to whine about slow updates etc. Though,...
|
[Release] Unpacked cabalmain Executables.
08/21/2010 - Cabal Hacks, Bots, Cheats, Exploits & Macros - 125 Replies
Hi.
I will keep posting unpacked executables of different Cabal servers here. An unpacked game executable adds different new possibilites to edit the executable or understand how the game works, thus making it easier to develop new cheats.
If you are looking for a tutorial on how to unpack the game executable of CabalEU or CabalPH then see this:
http://www.elitepvpers.com/forum/cabal-guides-temp lates/479768-release-cabalmaineu-unpacking-flash-t utorial.html
|
All times are GMT +1. The time now is 17:32.
|
|
![[RELEASE+DISCUSSION] Unpacked CABALMAIN.EXE](https://www.elitepvpers.com/forum/iconimages/cabal-online/release-discussion-unpacked-cabalmain-exe_ltr.gif){kind=small}
