Hey lets start thinking in a new CRC!!!

wln6672 · 11/22/2008, 15:38

InstantDeath, what is that software you used there?
And thanks for the information.

Doowbert · 11/22/2008, 16:53

I could just be throwing stones at a wall, but why not just change the list.csv to a blank file. That way when it checks every file in the list.csv, it will end up checking nothing.

karlosmatias · 11/22/2008, 17:11

Quote:

Originally Posted by Doowbert

I could just be throwing stones at a wall, but why not just change the list.csv to a blank file. That way when it checks every file in the list.csv, it will end up checking nothing.

i tried that but it doesn't work =(

edit: i tried to make a new crc folder, with new files, but it doesn't work either
you have to change the .exe file, i suppose

Doowbert · 11/22/2008, 17:36

So unless I'm mistaken, in order to do this, one must find in dekaron.exe the place where it specifies the location of list.csv, check.csv, and version.dat.

I know that comparing the 4.1.1 version of the CRC bypass and the regular 4.1.1 dekaron.exe, they are different in many ways. They don't look the same at all.

Granted, I'm using WinHex to do this because I don't know assembly. Am I on the right track at all? I know that the CRC bypass for 4.1.1 has its list.csv location all the way at the bottom. Is it simply just a matter of throwing that in anywhere you'd like?

E: After trying to throw a hail Mary by copy and pasting what nebular put in his CRC bypass into the new dekaron.exe, I get the problem of a crash reporter at 64.6%. Hmph.

HellSpider · 11/22/2008, 17:37

Quote:

Originally Posted by karlosmatias

i tried that but it doesn't work =(

edit: i tried to make a new crc folder, with new files, but it doesn't work either
you have to change the .exe file, i suppose

Yea. You must edit the dekaron.exe again because new stuff is written to it.

cwichu · 11/22/2008, 17:57

IN but assembler is too hard for normal peaople, 0010101010111010100110 hehe

karlosmatias · 11/22/2008, 18:57

Quote:

Originally Posted by wln6672

InstantDeath, what is that software you used there?
And thanks for the information.

it is my question too
instantdeath, could you answer? we wanna help to figure it out

HellSpider · 11/22/2008, 21:39

Quote:

Originally Posted by karlosmatias

it is my question too
instantdeath, could you answer? we wanna help to figure it out

I used DPS (Dekaron Packet Sniffer). Sorry but i can't tell you where to get that.

Quote:

Originally Posted by cwichu

IN but assembler is too hard for normal peaople, 0010101010111010100110 hehe

Well that's why there is disassemblers to convert the binary to "more understandable" text.
I don't know anyone who reads the machine code (the 01011010). Prefer a disassembled version of the machine code

...

Systemerror · 11/22/2008, 22:02

Quote:

Originally Posted by Doowbert

So unless I'm mistaken, in order to do this, one must find in dekaron.exe the place where it specifies the location of list.csv, check.csv, and version.dat.

I know that comparing the 4.1.1 version of the CRC bypass and the regular 4.1.1 dekaron.exe, they are different in many ways. They don't look the same at all.

Granted, I'm using WinHex to do this because I don't know assembly. Am I on the right track at all? I know that the CRC bypass for 4.1.1 has its list.csv location all the way at the bottom. Is it simply just a matter of throwing that in anywhere you'd like?

E: After trying to throw a hail Mary by copy and pasting what nebular put in his CRC bypass into the new dekaron.exe, I get the problem of a crash reporter at 64.6%. Hmph.

Well, you actually should just use the CRC folder by nebular, if you don't have the required files for the CRC-Check it might intervene with the bypass. Myself, I have no idea where to start with the redirecting but the calculation is same so I think nebular or anyone else experienced shouldn't have a problem doing the new bypass. Now I am not sure if you can edit it the right way with WinHex, but I am actually quite sure that it might be doable, but then comes the part of redirecting again, which I simply don't have a clue about.

HellSpider · 11/22/2008, 22:05

Quote:

Originally Posted by Systemerror

Well, you actually should just use the CRC folder by nebular, if you don't have the required files for the CRC-Check it might intervene with the bypass. Myself, I have no idea where to start with the redirecting but the calculation is same so I think nebular or anyone else experienced shouldn't have a problem doing the new bypass. Now I am not sure if you can edit it the right way with WinHex, but I am actually quite sure that it might be doable, but then comes the part of redirecting again, which I simply don't have a clue about.

Im trying to modify the exe with olly. And the CRC folder needs to be updated. The last patch had almost all required files for the CRC updated.

hyxodus · 11/22/2008, 22:11

the redirect is the only hard part :P

HellSpider · 11/22/2008, 22:39

Nebular described that the 0x4000010 packet could be found in big switch-like structure in the file. This is just the first switch.

Nebulars, from the Expedition CRC topic:

Code:

.text:0051C370 		push esi
.text:0051C371 		push edi
.text:0051C372 		mov edi, [esp+8+pPacketObject]
.text:0051C376 		mov esi, ecx
.text:0051C378 		mov ecx, [edi+0Ch]
.text:0051C37B 		call sub_428180 ; Get Command
.text:0051C380 		cmp eax, 2040018h
.text:0051C385 		ja loc_51C4EF ; 4000010 > 2040018 --> jump taken
.text:0051C38B 		jz loc_51C4D8
.text:0051C391 		sub eax, 2040000h
.text:0051C396 		cmp eax, 17h        ; switch 24 cases
.text:0051C399 		ja loc_51C60C         ; default
.text:0051C399 		; jumptable 0051C3A6 cases 4-14
.text:0051C399 		; jumptable 0051C50E cases 33816606-33816611
.text:0051C39F 		movzx eax, ds:byte_51C690[eax]
.text:0051C3A6 		jmp ds:off_51C658[eax*4] ; switch jump

Mine from the unpacked [4.5.2] exe:

Code:

seg000:00516010         push esi
seg000:00516011         push edi
seg000:00516012         mov edi, [esp+0Ch]
seg000:00516016         mov esi, ecx
seg000:00516018         mov ecx, [edi+0Ch]
seg000:0051601B         call sub_4280C0
seg000:00516020         cmp eax, 2060001h
seg000:00516025         ja short loc_51609B
seg000:00516027         jz short loc_516089
seg000:00516029         sub eax, 2040000h
seg000:0051602E         cmp eax, 1Ah        ; switch 27 cases
seg000:00516031         ja short loc_5160AE ; default
seg000:00516031         ; jumptable 0051603A cases 2-21,23-25
seg000:00516033         movzx eax, ds:byte_516100[eax]
seg000:0051603A         jmp ds:off_5160EC[eax*4] ; switch jump

I don't know if it's useful to post this or not, but I find it interesting. I'll keep posting small things like this here.

hyxodus · 11/23/2008, 01:34

so...... am i way off or can you change the jump to always go to a correct crc packet instead of doing the conditional jumps o.o

ind3siszive · 11/23/2008, 01:45

im IN!!! but im a noob to olly

elberacasa · 11/23/2008, 04:19

Yeah instant is useful.. As we all can see it changes in some lines the old one and the new .exe