Hello,
as you know, Server.dat got encrypted after a certain patch (I belive 5072) and you cannot simply NOP the inet_addr in order to connect to private servers/proxies etc. For this higher patches, the "NOP the inet_addr" method it's working but once I replace the Server.dat content (a crypted one) with the normal one, there are no servers to choose, I mean, the message "Server.dat failed" doesn't pop-up but it's obviously there is something wrong with the file since if I replace the custom Server.dat with a original, untouched one, it works but well, I can't edit its content.
Now I'm asking you people, what should I search in Ollydbg or what's the method to make the Conquer.exe bypass this encryption and read directly the uncrypted content.
The server.dat is encrypted by RSA at patch 5180-5187(5817 I think..) and I believe only one person so far has cracked that?
Anyhow, I would assume the server.dat structure has changed dramatically since they implemented the RSA encryption.
I have accomplished the task of overriding the connect() function in both C++ and C#.
I have never attempted to mess with the inet_addr function on its own as such, as I think it gets overriden when hooking connect() (a function conquer.exe uses from ws2_32.dll to connect).
As for C++ I just use detours, I detour the connect function(from memory the exact name of the function is "connect" and the parameters are "socket s, inet_addr Handle, int length" that's right or at least very similar, double check!) and replace the IP with my own, and the ports.
As for C#, I do the exact same thing, but with EasyHooks, Someone posted a C#+C++ code of doing this task without using Detours or EasyHooks but pure changing the memory using kernel32.
But as I said.
Override the connect function and replace the IP and port and return it.
Yup, thank you, this is valueable info. However, the thing I req to do is more a ASM thing but nevertheless, your stuff is cool and it will help me for my future projects.
NOP-ing the inet_addr just let's you connect to localhost (127.0.0.1) and thats all, it doesnt help in decrypting/bypassing the server.dat.
I used to patch some addresses around that call to change the ip/port upon login
And i believe that if you spend some time debugging the exe you will find where the server.dat is being decrypted.