Register for your free account! | Forgot your password?

You last visited: Today at 08:01

  • Please register to post and access all features, it's quick, easy and FREE!

Cracking SV

Closed Thread
 
Old   #1
 
elite*gold: 0
Join Date: Jan 2006
Posts: 406
Received Thanks: 284
Cracking SV

(This post is just for your study purpose only. I don't know original of this file. Someone send it to me. Please use it as your own risk.

If you agree to use it for study purpose here is guide to crack SV. There so many versions SV but only new SV can work with patch 4347.

** If you successfully crack Script Vessel and want to using it work as CO2 business (Smooth and Safe) . I suggest you support 9net9 who is creator of SV by buy it from website. **

Strategy to crack this program is finding way to hook process to keyboard and bypass all protection and random timer checker. You can read how to crack from step 1-6 or jump to step 7 to make your own cracked bot.

Revised May 17,2007

1) Normally SV do it's self like read/write process memory. They hook up conquer process and check value then determine bot action like click,pick,move or jump.

When you activate bot it's will check your current window is conquer that match with bot version or not. If yes they will activate bot.

During bot activate they have timer that synchronize between SV.exe and bot client on each conquer window. So our solution is finding what they talk each other and prevent criteria check that make bot slow or not respond. The most way to trace is using IDA pro for reference and using Cheat Engine for debug software. This program encrypt with UPX 3.0 try download from to unpack them before analyze with IDA pro.

After expand countrymakeinus.dll and analyze with IDA pro. We must analyze 2 things on this DLL.

2) One thing is SV bot process. Normally it's start with some kind of command like this"
Quote:

PUSH EBP
MOV EBP,ESP
MOV EAX,FS:[00000000]
PUSH FF
Just searching from "Search>Find assembly code" to find address of above command.

3) Second, Push your hook tiny code to execute file. I push this code in main loop program
Quote:

004049FB:
PUSH EBP
PUSH EBX
PUSH ECX
PUSH EAX
PUSH EDX
PUSHFD
PUSH EAX
PUSH ESI
PUSH EDI
PUSH 00000000
Using Search>Find assembly code to find it again then you must using hook command in next step.

4) Hook command, Using function call to trap key stroke is SetWindowsHookExA it's locate in User32.dll. Here is command to hook up process.
Quote:

push 00000000
push 10000000
push 100039d0* * //* address first command from step 2
push 02
call SetWindowsHookExA
5) Now it's time to inject code with current SV bot. It's same as SV inject conquer.exe, we using cheat engine to make enable/disable and inject together. Press CTRL,A at memory view window in cheat engine then click Template>Cheat Table framework code at address you will inject in step3. You will got some kind like below. For example, I using return process at address 004049FB and inject to new memory address to run hook process.
Quote:

[ENABLE]
//code from here to [DISABLE] will be used to enable the cheat

alloc(newmem,2048) //2kb should be enough
label(Loop)
label(exit)

004049FB:
jmp newmem

newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [10044004],ff
je exit
mov [10044000],00
pushad
pushfd
push 00000000
push 10000000
push 100039d0
push 02
call SetWindowsHookExA
mov [10044004],ff
popfd
popad

exit:
push ebp
push ebx
push ecx
push eax
push edx
pushfd
push eax
push esi
push edi

jmp 00404A04

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
004049FB:
push ebp
push ebx
push ecx
push eax
push edx
pushfd
push eax
push esi
push edi
6) Last part is finding protection and place to push obcode,
SV will disable all hook event by call UnhookWindowsHookEx, So just disable unhook process by set this in enable process,
Quote:

UnhookWindowsHookEx:
ret 0004
Insert protection check that you will not activate hook process again and again by checking memory address like below,
Quote:

[ENABLE]
cmp [10044004],ff** // is bot is already activate or not?
je exit* * * * * * * * * * * // Yes jump exit
mov [10044000],00 // No set variable wait state to Loop
pushad* * * * * * * * * * // Save all register
pushfd* * * * * * * * * ** // Save flag register

// ** Put Hooking process here

mov [10044004],ff* // Set bot already activate
Loop:* * * * * * * * * * * // Loop until uncheck to disable by checking variable
mov eax,000000ff
push eax
call SleepEx
push eax
cmp [10044000],90 // Check variable is Loop or not Loop
jne Loop
popfd* * * * * * * * * * ** // return all register
popad* * * * * * * * * * * // return flag
exit:

// ** Code from original code

[DISABLE]
10044000:* * * * * * * // Set variable to not Loop
nop

UnhookWindowsHookEx:
ret 0004* * * * * * * ** // Prevent unhook process
There is routine to call internet open socket. So i find place that open internet connection and replace with code from newmem.
Quote:

004275C1:
..
..
Call InternetOpenA
..
ret
7) Here is instruction to make standalone version,
Quote:

1) Start 1.10 and Cheat Engine.
here is infomation link for SV 1.10

2) Load CheatEngine with cheatengine script then select ScriptVessel process and check box on SV 1.08-1.10
3) Start Conquer program and login normally and press F11 to activate bot.
Stand Alone version of SV with CheatEngine (No internet connection)
1) Load SV V1.10
2) Check box at SV V1.08-1.10 then exit Cheat Engine.
3) Start conquer and press F11 to activate bot.

DIY hexedit Scriptvessel (No need CheatEngine)
1) Open Hexedit and goto offset $49FB (by press Ctrl ,G and insert at hexadecimal box) then replace existing value XX XX XX ... with code E9 C1 2B 02 00
2) goto offset $275C1 (by press Ctrl + G and insert at hexadecimal box) then replace existing value XX XX XX ... with BOLD value code below.
Quote:

81 3D 04 40 04 10 FF 00 00 00* * CMP [10044004],000000FF
74 25* * * * * * * * * * * * * * * * * * * * * * JE 004275F2
60* * * * * * * * * * * * * * * * * * * * * * * ** PUSHAD
9C* * * * * * * * * * * * * * * * * * * * * * * ** PUSHFD
68 00 00 00 00** * * * * * * * * * * * * * PUSH 00000000
68 00 00 00 10* * * * * * * * * * * * * ** PUSH 10000000
68 D0 39 00 10* * * * * * * * * * * * * ** PUSH 100039D0
6A 02* * * * * * * * * * * * * * * * * * * * * * PUSH 02
FF 15 64 E4 42 00* * * * * * * * * * * * CALL DWORD PTR [0042E464]
C7 05 04 40 04 10 FF 00 00 00* * MOV [10044004],000000FF
9D* * * * * * * * * * * * * * * * * * * * * * * ** POPFD
61* * * * * * * * * * * * * * * * * * * * * * * ** POPAD
55* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EBP
53* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EBX
51* * * * * * * * * * * * * * * * * * * * * * * ** PUSH ECX
50* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EAX
52* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EDX
9C* * * * * * * * * * * * * * * * * * * * * * * ** PUSHFD
50* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EAX
56* * * * * * * * * * * * * * * * * * * * * * * ** PUSH ESI
57* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EDI
E9 04 D4 FD FF* * * * * * * * * * * * * ** JMP 00404A04
3) Save then start program

How-to find obcode (from code above) and hexedit SV V1.10 (1.6 MB)

or


There is bug in orig SV that let you waste pot by using MP Pot.

Here is How to fix bug toaist alway using MP pot(Edit your conquer.exe) for SV 1.10

1) Open unpack Conquer.exe with Hex Editor. Check size of conquer.exe should more than 1 MB. If not goto step 4 to unpack it.
2) Goto offset 7AEC4 replace existing XX XX XX XX XX XX with E9 0A 65 01 00 90.
3) Goto offset 913D3 replace existing XX XX XX XX XX XX XX XX XX XX XX XX XX XX with FF 92 80 00 00 00 8B C8 E9 EA 9A FE FF.
4) Download UPX.exe from then unpack your conquer.exe with this command "UPX -d conquer.exe" *Don't miss to backup file*

Or try load this script to fix bug toaist alway using MP pot

1) Run cracked Scriptvessel, CheatEngine and Conquer.exe then Load below script then select conquer process.



2) Check box "Fix SV 1.10 for MP bug"
3) Play conquer and activate bot as normally

*New* Stand alone SV 1.11 add Follower can jump and fix MP bug
1) Open SV with hexeditor (XVI32) then press Ctrl + G goto Hexadecimal offset $2596D replace existing 5 bytes with E9 CF 1B 00 00

2) then Press Ctrl + G goto Hexadecimal offset $27541 replace 48 bytes with 60 9C 68 00 00 00 00 68 00 00 00 10 68 D0 39 00 10 6A 02 E8 78 9C 00 7E 9D 61 85 C0 0F 84 49 E4 FF FF 85 FF 0F 84 18 E4 FF FF E9 05 E4 FF FF 90

3) Save file then start SV and don't press anything. Goto game and press F11 to activate bot.
Enjoy!
anantasia is offline  
Thanks
25 Users
Old 02/24/2007, 12:12   #2
 
elite*gold: 0
Join Date: Aug 2005
Posts: 568
Received Thanks: 43
my cracked SV still works
(GAME)Master is offline  
Old 02/24/2007, 12:14   #3
 
elite*gold: 0
Join Date: Mar 2006
Posts: 1,252
Received Thanks: 475
Mine does too
GrimReaper91 is offline  
Old 02/24/2007, 21:28   #4
 
elite*gold: 0
Join Date: Nov 2005
Posts: 121
Received Thanks: 0
Same here
theduderr is offline  
Old 02/25/2007, 08:39   #5
 
elite*gold: 0
Join Date: Jan 2006
Posts: 406
Received Thanks: 284
Quote:
Originally posted by (GAME)Master@Feb 24 2007, 18:12
my cracked SV still works
Yes, Old SV is still work. But new one had new function and more protection. Just try for experience.
anantasia is offline  
Thanks
1 User
Old 02/25/2007, 16:51   #6
 
elite*gold: 0
Join Date: Nov 2005
Posts: 303
Received Thanks: 23
I just wish you good luck on your new quest to conquer.
bladefire is offline  
Old 02/25/2007, 17:07   #7
 
elite*gold: 0
Join Date: Jul 2005
Posts: 1,073
Received Thanks: 78
wht new function has 4339 version of sv?
Lake292 is offline  
Old 02/25/2007, 18:39   #8
 
elite*gold: 0
Join Date: Mar 2006
Posts: 177
Received Thanks: 2
why does _countrymakeinUS.dll have

Dr.Web
Found Trojan.PWS.Lenmir.30

i might just be a nub though and missed something befor said o.o
EvolutionHK is offline  
Old 02/25/2007, 19:37   #9
 
elite*gold: 0
Join Date: May 2006
Posts: 174
Received Thanks: 4
its safe to use the older working version ?
thechaoshydra is offline  
Old 02/25/2007, 20:31   #10
 
elite*gold: 0
Join Date: Oct 2005
Posts: 136
Received Thanks: 5
The New Script Vessel 4339 is a piece of isht anastasia, you shouldn't waste your time trying to crack the 4339 for sure I would wait for the next release and try for that one, 4339 crashes regardless of whether post mortem debugger is disabled and regardless of whether you changed your explorer shells.

Also certain people with ATI get VPU errors because of it.

But what youre doing is good and +k for your hard work.
angelbear is offline  
Thanks
4 Users
Old 02/25/2007, 21:29   #11
 
elite*gold: 0
Join Date: Aug 2006
Posts: 7
Received Thanks: 0
i got botjailed >< rofl
MrBrightside21 is offline  
Old 02/26/2007, 11:31   #12
 
elite*gold: 0
Join Date: Jan 2006
Posts: 406
Received Thanks: 284
@EvolutionHK:
I found this after stripper. If you not sure try other expander to uncompress countrymakeinus.dll.

@thechaoshydra:
Old SV still working. I just get new one and train my experience to crack it.

@angelbear:
Thx for your suggestion. Just for learning by cracking. I&#39;m sure that it&#39;s just improve little on bot.
anantasia is offline  
Old 02/26/2007, 13:05   #13
 
elite*gold: 0
Join Date: Jan 2006
Posts: 406
Received Thanks: 284
Finally I crack it.
There is new screen and new function that useful.
Attached Images
File Type: jpg post-53-1172491554.jpg (8.5 KB, 66 views)
anantasia is offline  
Old 02/26/2007, 13:07   #14
 
elite*gold: 0
Join Date: Jan 2006
Posts: 406
Received Thanks: 284
Picture of SV V1.10 for patch 4347
Attached Images
File Type: jpg post-53-1178734638.jpg (70.0 KB, 44 views)
anantasia is offline  
Old 02/26/2007, 13:33   #15
 
elite*gold: 0
Join Date: Jul 2005
Posts: 1,073
Received Thanks: 78
that new function rocks&#33; can u pls tell me how to make it work?

<hr>Append on Feb 26 2007, 14:09<hr> im trying to follow your steps but i dont understand wht u mean with unhook...
and those first 4 steps set window hooked.... i do nothing? thats just info?

<hr>Append on Feb 26 2007, 14:33<hr> ill ask once more and tell wht im doing wrong thank u in advice

so these are your steps:
this 4 steps i didnt do anything... thats just getting pass and id if im right
/*
10003664 call dword ptr [10033390] <- set hook window
10003707 call dword ptr [10033178]
100038b5 call dword ptr [100333a0] <- get window text
100038dd call dword ptr [100333a0] <- get window text
*/

here i changed to that jump but thats 2bit operation so 6 bits left i changed with 90
0040F310 <-BP and JMP 40F31E

same
0040F34D <-BP and JMP 40F360

here i just changed
0040F489 call 4144DE

here i didnt do anything it was there written just this way
004144DE jmp dword ptr 100035b0

nop 90
100035B0 <-BP

jmp and nop
100037D4 <-BP and JMP 100037DF

this one i dont understand... u mean put there nop?
100037DD call esi <- Unhook *avoid*

jmp and nop
1000383B <- BP and JMP 10003846

this i dunno also... u mean nop to all call esi? cause there is like alot call esi
1000XXXX call esi <- Unhook *avoid*

im not great at assembly codes but i understand it a little... so if u could help me i would be very thankfull
Lake292 is offline  
Closed Thread


Similar Threads
Sv Cracking
07/10/2007 - CO2 Main - Discussions / Questions - 1 Replies
Can anyone help me whit cracking the sv what programs use and how to do or give cracked sv :)
Cracking SV?
06/11/2007 - CO2 Main - Discussions / Questions - 5 Replies
If someone could plz give me a little insight here. I keep seeing these uncracked SV and have no idea in the world as to how to uncrack them. If someone would be so kind as to explain how to do this it would be greatly appreciated.
SV cracking?
03/16/2007 - CO2 Main - Discussions / Questions - 2 Replies
//



All times are GMT +2. The time now is 08:01.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2018 elitepvpers All Rights Reserved.