Nice work. I was considering doing this myself, but wasn't sure it'd be worth the time and effort, with the frequency TQ are pushing out patches, I wouldn't wanna spent more than 5 minutes updating it for future versions.
Not looked into how you did it, but if you share the method it'll be handy (rather than me doing a binary comparison), then we could perhaps come up with some heuristic to get the job done quickly. My idea was just to replace calls to the libeay32 RSA_public_decrypt() and zlib inflate() with functions that take equivalent arguments but just copy over the already-decrypted buffer. I also had a go at actually implementing the decryption and inflation in a stand alone app, so that the decrypted server.dat doesn't need to be pulled from memory every new patch. openssl tests my patience too much though.
I didn't think it'd be much of a problem. I already have openssl and zlib built & configured, and I know exactly which functions match up to which in the conquer.exe. I completely cloned the arguments for RSA_public_decrypt() and passed them to my own, but the think always returns -1, a problem with BN_mod_exp_mont I believe. (TQ using some oddly modified version of openssl?)
Anyway, I gave up, it's probably a waste of time anyway since re-encrypting it would be more awkward than any of that.
Had a quick look at your patch. It does seem pretty simple, mostly just explicit jumps and nops where required. I'm not too sure it's the safest of methods, because you might end up jmping over, or noping a call to some code responsable for memory alloc/dealloc, the problems that could arise then are unpredectable. Seems to work anyway, so I can't complain about it yet. Still, how long do you think it'll take you to repeat the process next time a patch comes out? Think it'll be worth the continued effort to maintain?
Maby noping not so good - ur exe passes the login to proxy and exits before receiving the answer - else same proxy works with old exe (before last 2 pach)
Change some server ip to 127.0.0.1 - ant login in game by proxy or routing - ull se its impossible couse exe - exits before initializing .... look at communication - ull see - packets to server - then exe exits - not waiting answer
[Request] 5101 decrypted Server.dat and .EXE 09/10/2009 - CO2 Private Server - 1 Replies Yeah, I know a few of you had 5101 servers. If you don't mind just share your (conquer).exe and server.dat.
Loads decrypted server.dat tutorials 03/19/2009 - CO2 Programming - 9 Replies 1. Close all Conquer windows
2. Start "OllyDBG" press File -> Open
3. Open Conquer.exe
4. Let it load
5. Press the E icon in linen
http://img247.imageshack.us/img247/5294/start5rv6 .th.jpg
6. Double-click on the name of "Conquer"
http://img166.imageshack.us/img166/3657/start6kf0 .th.jpg
7. Right click on the CPU - Window -> Analysis -> Analysis code
http://img166.imageshack.us/img166/4885/start7qz9 .th.jpg
decrypted mapdestination.dat 01/18/2008 - Eudemons Online - 8 Replies Hello all. I have decrypted mapdestination.dat, however, I cannot find the coordinates, only texts are clearly visible.
the file is encrypted this way: if you ignore first 4 bytes, group of 532 bytes is xor-ed with first byte of encryption key, next 532 bytes are xor-ed with second byte of key.. etc..
structure of the decrypted file is unknown to me, maybe someone will be lucky.
no clear coordinates can be seen..
here is the encryption key for decrypting the file:
byte enc_key = new...
