Decrypted server.dat patch.

~~high6~~ · 12/08/2008, 08:10

This is a patch for conquer.exe that loads a decrypted server.dat.

It might have a few problems, made this quickly (shouldn't though).

Download

Features
-Loads decrypted server.data
-Bypasses play.exe
-antivirus disabled
-Patched local check.

Contains
-Conquer.exe (patched)
-Server.dat (decrypted)

Note!: The Server.dat was updated so old ones will not work. Server.dat now uses xml.

You may add onto this or apply these patches to your own client if you give credit. Pm me if you need the exact patches.

malamashka · 12/08/2008, 17:27

Yeah ty ... BUT when i change some ip in it - it says cant open server dat ....

~~high6~~ · 12/08/2008, 17:59

there is probably a check, I will look at it in a bit.

~~high6~~ · 12/08/2008, 18:06

It loads fine for me, what are you changing?

Edit: Ah, it is when you connect, give me a minute to remove the check.

malamashka · 12/08/2008, 18:12

i made few tests - it check is the ip is local - if it is - error

~~high6~~ · 12/08/2008, 18:17

fixed it, give me 5 minutes to upload.

malamashka · 12/08/2008, 18:37

still not working ... sry - local check passed ... BUT it trys to connect and exits ...

unknownone · 12/08/2008, 18:37

Nice work. I was considering doing this myself, but wasn't sure it'd be worth the time and effort, with the frequency TQ are pushing out patches, I wouldn't wanna spent more than 5 minutes updating it for future versions.

Not looked into how you did it, but if you share the method it'll be handy (rather than me doing a binary comparison), then we could perhaps come up with some heuristic to get the job done quickly. My idea was just to replace calls to the libeay32 RSA_public_decrypt() and zlib inflate() with functions that take equivalent arguments but just copy over the already-decrypted buffer. I also had a go at actually implementing the decryption and inflation in a stand alone app, so that the decrypted server.dat doesn't need to be pulled from memory every new patch. openssl tests my patience too much though.

~~high6~~ · 12/08/2008, 18:44

I dislike using external projects XD. Such a pain in the *** to get configured.

unknownone · 12/08/2008, 19:17

I didn't think it'd be much of a problem. I already have openssl and zlib built & configured, and I know exactly which functions match up to which in the conquer.exe. I completely cloned the arguments for RSA_public_decrypt() and passed them to my own, but the think always returns -1, a problem with BN_mod_exp_mont I believe. (TQ using some oddly modified version of openssl?)

Anyway, I gave up, it's probably a waste of time anyway since re-encrypting it would be more awkward than any of that.

Had a quick look at your patch. It does seem pretty simple, mostly just explicit jumps and nops where required. I'm not too sure it's the safest of methods, because you might end up jmping over, or noping a call to some code responsable for memory alloc/dealloc, the problems that could arise then are unpredectable. Seems to work anyway, so I can't complain about it yet. Still, how long do you think it'll take you to repeat the process next time a patch comes out? Think it'll be worth the continued effort to maintain?

~~high6~~ · 12/08/2008, 19:27

Didn't take long. And I don't believe I nopped any deallocing functions. I nopped the decrypt function and the inflate function.

malamashka · 12/08/2008, 19:52

Maby noping not so good - ur exe passes the login to proxy and exits before receiving the answer - else same proxy works with old exe (before last 2 pach)

~~high6~~ · 12/08/2008, 20:00

Don't really get what you mean.

malamashka · 12/08/2008, 20:40

Change some server ip to 127.0.0.1 - ant login in game by proxy or routing - ull se its impossible couse exe - exits before initializing .... look at communication - ull see - packets to server - then exe exits - not waiting answer

~~high6~~ · 12/08/2008, 20:42

Well I don't have a proxy so I cannot fix.