[Question]TQ Antibot server

{ Angelius } · 08/14/2012, 22:32

When i connect to booth ip's

IPA = "38.82.204.88";
IPB = "121.207.250.33";

An encrypted buffer of a non static length is received so i attached ollydbg to the client logedin and set a break point at the receive call and i traced it to find out whats going on... and i came up with this... or at least thats how i understand it so far,

Im using TQ's Tqanp.dll itself so i don't have to translate its code to C# or c++ and calling Tqanp.0x87381C to decrypt the buffer starting at offset 6 and it returns the exact same values that the client might return if it received the same buffer

PHP Code:


			
int Value = ToInt(Buffer, 2);
__asm
            {
                    mov ecx,TLength//buffer length
                    sub ecx, 6// buffer length -= 6
                    push ecx 
                    push Value//bitconvert.toint(buffer, 2)
                    lea edx,DWORD PTR DS:[Buffer + 6]//address of buffer[6]
                    push EDX
                    push edx
                    mov eAx, edx
                    mov ECX,0x997660
                    CALL DWORD PTR DS:[0x87381C]// call  Tqanp.0087381C to decrypt the data
            }

And when it returns the buffer this is what the client does to the buffer

PHP Code:


			
if (Data.Length < 54)
                {
                    //sometimes the buffer length is less then 54 so... append the missing bytes as 0's 
                    byte[] Buffer = new byte[54];
                    Array.Copy(Data, Buffer, Data.Length);
                    Data = new byte[54];
                    Array.Copy(Buffer, Data, 54);
                }
                uint EAX = 0;
                int Data2 = 0;
                for (int i = 0; i < 16; i++)
                {
                    int Value = x86Assembly.Movsx(Data[38 + i]);
                    Value += Data2;
                    int Temp1 = BitConverter.ToUInt16(Data, 6);
                    Temp1 *= i;
                    Value += Temp1;
                    Data2 = Value;
                    //CMP DWORD PTR SS:[EBP-68],10200000
                    if (Data2 == 0x10200000)
                    {
                        if (EAX == 0xf20a03bd || EAX == 0xf20a03be || EAX == 0xf200a3bd)
                        {
                            //im breakpointing here 
                            break;
                        }
                    }
                }

If no results it runs another test on the data by xoring data 16 with data 8 as int's values

PHP Code:


			
EAX = BitConverter.ToUInt32(Data, 16) ^ BitConverter.ToUInt32(Data, 8);

if (EAX == 0xf20a03bd || EAX == 0xf20a03be || EAX == 0xf200a3bd)
{
    //im breakpointing here 
}

But somehow EAX never equals and the break points are never hit even thought EAX is generated exactly like the client wold generate it and equals to how the client generates it using the same buffer of data...

So i need a hand making this work.. and im not asking for a full algorithm to handle those packets, i just need a hint/push in the right direction and i needed to know if im on the right track because so far it took me like 2 days to come up with what i have so far and its annoying me :P

InfamousNoone · 08/14/2012, 23:54

to be fair, the only people that have ever looked at this indepth is ntL3fty, myself, Steve and Dean which I can guarantee none of which will release public information about this system....

I might be wrong though, maybe there is someone else who started looking into it. Any how, good luck.

{ Angelius } · 08/15/2012, 02:05

Quote:

Originally Posted by InfamousNoone

to be fair, the only people that have ever looked at this indepth is ntL3fty, myself, Steve and Dean which I can guarantee none of which will release public information about this system....

I might be wrong though, maybe there is someone else who started looking into it. Any how, good luck.

That's not being fair that's announcing how high your expectations are about other members who have the knowledge and the ability to help solving this and telling them in an indirect way how they should ignore it because that's what you are expecting them to do...

You have done the same thing on almost every single topic that concerns your projects/money making plans, the first one to comment and the first one to break others wings and bring their hopes down which is annoying

My hopes are not up as i am sure i can figure it out on my own if i spend a fair amount of time debugging the client.. but i thought that reinventing the wheel is kinda stupid and asking them folks might save tons of time...

But then again let's hope you are wrong and there is someone who is willing to step up...

diedwarrior · 08/15/2012, 02:29

Angelius is right, even if this is private information you guys should at least give him hints/directions of what he should do, even if you'll do it privately with him,
But yeah, its stuff you figured out alone, so keeping so you decide to share or not but I'm just saying what I think xD.

InfamousNoone · 08/15/2012, 14:19

Quote:

Originally Posted by { Angelius }

That's not being fair that's announce how high your expectations are about other members who have the knowledge and the ability to help solving this and telling them in an indirect way how they should ignore it because that's what you are expecting them to do...

You have done the same thing on almost every single topic that concerns your projects/money making plans, the first one to comment and the first one to break others wings and bring their hopes down which is annoying

My hopes are not up as i am sure i can figure it out on my own if i spend a fair amount of time debugging the client.. but i thought that reinventing the wheel is kinda stupid and asking them folks might save tons of time...

But then again let's hope you are wrong and there is someone who is willing to step up...

What?? I'm not saying you shouldn't try, by all means that's completely up to you. I'm saying it's silly to ask someone for help in the sense that they've already done it. At best, you'll get people who are interested in achieving the same common goal you are and help you. It's very unlikely someone who's already solved it will help you.

Quote:

Originally Posted by diedwarrior

Angelius is right, even if this is private information you guys should at least give him hints/directions of what he should do, even if you'll do it privately with him,
But yeah, its stuff you figured out alone, so keeping so you decide to share or not but I'm just saying what I think xD.

Why should I? I gave the private servers a way around the password encryption because they needed it. Nobody needs the new anti-bot methods for any good reason other than out of pure interest (which then they should figure it out themselves like Ang. is doing) or with an intent of writing a stand alone bot which we don't want any more of. Yes, we're greedy, but people need to get over it.

BTW on the newest patch they released, quite a few things changed in regards to it.

Korvacs · 08/15/2012, 14:25

On the "that's not fair" subject, how do you think the people who know about it figured it out? How is it suddenly unfair for other people to have to do the same as they had to do.

I think its unfair to make demands for knowledge from people just because your struggling with it yourself, I think its unfair that the people who put the hard work in are expected to just give up that knowledge.

Belth · 08/15/2012, 15:30

****, he isn't asking for a hand out. I'm sure he would've appreciated a simple response indicating whether he was headed in the right direction or not. You can be helpful while protecting your interests. This is sad.

bone-you · 08/15/2012, 18:07

I think it's unfair that an open community has become closed for the sake of $$. After all, what harm would it do to give out such information or even a hand?

InfamousNoone · 08/15/2012, 18:24

Because there's no good reason for anyone to know how to handle them. Standalone's already plague Conquer and this is a direct result of competing to offer more services.

Nothing that anyone actually needs is closed. As I mentioned before, I supported the private servers in releasing my bypass so they could continue their work on the newest patch given a person gets it to work (which means they deserve to continue!).

Asking what harm it would do is simply showing ignorance to the matter.

Quote:

Originally Posted by Belth

****, he isn't asking for a hand out. I'm sure he would've appreciated a simple response indicating whether he was headed in the right direction or not. You can be helpful while protecting your interests. This is sad.

Yes, he's on the right track however, he has a long way to go. Part of the response packet is a digest computed with... well 1 of A LOT of algorithms (I think it might be 21, too lazy to recount). I'm not sure if they've moved them into TQANP but I doubt they have. Secondly, if his code is dependent on TQANP it would never (without great difficulty) be able to achieve standalone which makes me question why he's looking into it. The easier thing to do on the assumption he wants to force a correct reply is find out how your bot/whatever is being detected and fool that.

{ Angelius } · 08/15/2012, 20:17

Quote:

Originally Posted by Belth

Damn, he isn't asking for a hand out. I'm sure he would've appreciated a simple response indicating whether he was headed in the right direction or not. You can be helpful while protecting your interests. This is sad.

Quote:

Originally Posted by bone-you

I think it's unfair that an open community has become closed for the sake of $$. After all, what harm would it do to give out such information or even a hand?

That... And Its amazing how greed can replicate and spread so much that one cant point you in a direction that leads you near his treasure

Quote:

Originally Posted by InfamousNoone

Because there's no good reason for anyone to know how to handle them. Standalone's already plague Conquer and this is a direct result of competing to offer more services.

Nothing that anyone actually needs is closed. As I mentioned before, I supported the private servers in releasing my bypass so they could continue their work on the newest patch given a person gets it to work (which means they deserve to continue!).

Asking what harm it would do is simply showing ignorance to the matter.

Yes, he's on the right track however, he has a long way to go. Part of the response packet is a digest computed with... well 1 of A LOT of algorithms (I think it might be 21, too lazy to recount). I'm not sure if they've moved them into TQANP but I doubt they have. Secondly, if his code is dependent on TQANP it would never (without great difficulty) be able to achieve standalone which makes me question why he's looking into it. The easier thing to do on the assumption he wants to force a correct reply is find out how your bot/whatever is being detected and fool that.

First things first...I had no intention to release or share any information about it and its for my personal use/interest

I have this idea that nothing is imposable and so is the idea of manipulating the client it self to allow more then one client to login and achieve the goal of clientless bots...

And so far it turned out ok except for the antibot server handling part... i simply can't speed up its process because when i did it took me str8 to the bot jail... and so i needed to handle it manually

And yes you can achieve standalone with such approach and its easier then you think.. and with such approach i don't have to worry about the password encryption changes nor the game encryption changes

The only reason its taking me this long is that TQ is patching so many of the antibot server related calls on client start up and it takes a while to reverse them/trace them

Any ways i don't think i was wrong when i asked for the community help but i think it was a silly idea as it turns out that every man for himself around here

InfamousNoone · 08/15/2012, 20:25

Do you know what the term stand alone means? It means to stand alone without the Conquer client running... I thought that was pretty obvious.

You weren't wrong to ask the community, I was simply stating the people who already know aren't going to provide you with many hints; at very best you would get people who share a similar interest and may then cooperate with you to achieve it.

bone-you · 08/16/2012, 01:18

Quote:

Originally Posted by InfamousNoone

Because there's no good reason for anyone to know how to handle them. Standalone's already plague Conquer and this is a direct result of competing to offer more services.

Nothing that anyone actually needs is closed. As I mentioned before, I supported the private servers in releasing my bypass so they could continue their work on the newest patch given a person gets it to work (which means they deserve to continue!).

Asking what harm it would do is simply showing ignorance to the matter.

Monopolies stifle productivity. If no one is capable of creating a competing service, what motivation does one have to make theirs better? Sharing information like that does nothing but benefit the community. If a bot has other bots competing, one must be absolutely better to attract users. Honestly, no offense, but to not want other bots to pop up is to not be confident in ones ability to create the better service. Sure, you might lose profits in the end, but is this whole thing about personal gain, or bettering the community? More options makes for a better community. After all, you can't come up with all the ideas and solutions alone. Someone else may have answers you seek to do certain things but cannot put them in action because they can't get to that point.

I just don't agree with the "I make money off this knowledge so you can't have it" deal this community has adopted. All I see is less being contributed by all.

InfamousNoone · 08/16/2012, 03:00

Cool, this is me giving a ****. Thoughts?

CrystalCastle · 08/16/2012, 03:27

Quote:

Originally Posted by InfamousNoone

Because there's no good reason for anyone to know how to handle them. Standalone's already plague Conquer and this is a direct result of competing to offer more services.

Nothing that anyone actually needs is closed. As I mentioned before, I supported the private servers in releasing my bypass so they could continue their work on the newest patch given a person gets it to work (which means they deserve to continue!).

Asking what harm it would do is simply showing ignorance to the matter.

Yes, he's on the right track however, he has a long way to go. Part of the response packet is a digest computed with... well 1 of A LOT of algorithms (I think it might be 21, too lazy to recount). I'm not sure if they've moved them into TQANP but I doubt they have. Secondly, if his code is dependent on TQANP it would never (without great difficulty) be able to achieve standalone which makes me question why he's looking into it. The easier thing to do on the assumption he wants to force a correct reply is find out how your bot/whatever is being detected and fool that.

Where abouts is this bypass you state

?

InfamousNoone · 08/16/2012, 03:33

Quote:

Originally Posted by CrystalCastle

Where abouts is this bypass you state ?

GL.