Hey lets start thinking in a new CRC!!!

[elberacasa]

Hey everyone.. i hope this new patch dont get a new .exe but i think i am wrong :S.... So we should start thinking in creating a new bypass in group work.. so not just 1 dude makes it for all ---> i know is not easy but why we dont give it a try, 20 heads think better than 1!!! If everyone put a little bit of time i think we can play the x2!!
Who is in say IN!!! whos not just fuking sit there waiting for Neb to make a new one.. Lawl
Btw Neb give me a little hint or maybe any guide of unpacking .exe or smth :P

[isaac3138]

its useless, bcuz you have noobs going around hacking in public and they doing another patch in december so...yea...

[GMThunder]

IN i pmed mastershouter for a secure crc work in progress sub forum, with access only to trusted people, i dont know if it will happen but its worth a shot, i am going to look over th standard unpacked dekeron files for 4.0.1 4.1.0 and 4.1.2 etc and the unpacked dekeronnocrc.exe for the same and see what has been edited. then look for the same things etc with 4.5.1, i think we need to trick it into looking in the crc folder than the pack file, or just sort out the calculation and feed it back to the server, if you know what i mean.

i must be easy to do, however i will share my bypass with you all if i get it sorted and am allowed. but if i do it on my own then i will die with the way to do it.

elberacasa if you send me a pm i can try and help you get it going.

[PoopDeeDoo]

I was looking over the files since I patched my bypass another way. I used the 4.1.0 client and patched nebs 4.1.10 bypass using only the crc folder and the dekaron_no_crc patch.

What I found is that no files have been modified other than the pack.d01/2/3/4 and the pack.hdr files. Meaning only the new skills and the cash shop and new quests were altered. I dont believe the crc has been changed per say. I really cant test this since the servers are down atm.

But I updated my hacked client 4.1.0 using crc bypass from 4.1.10 to the new patch 4.5.1 and the only thing overwritten was the pack files I found no changes for some reason in my nsse, dekaron, or no crc files they are all the same from 11/15/08 which was nebs patch.

The error that I got when I tried to log in after it came up was "client does not match" so I'm thinking since I had an old crc file which doesnt include the new skills, quests, cash shop stuff etc it denied me access and most likely in a best case scenario the worst will be having to edit a new pack.d04 based on the 4.5.1 data file.

I will test this later and see if I can get in with my old files and report back once the server goes back up.

Edit I did log in game fine with the current setup listed only thing that had changed was my GG was updated so I didnt inject to test. Once the server is up I'm going to put nebs bypass back in so my gg will go back to the old way and try to inject and see if i can get in to the server. If all that goes well then its back to win-hex to redit all the skills again. I'd rather do that tho than hope for a new bypass when neb said he was done with it.

[GrandSlam]

the way the CRC is checked has not been changed

i checked myself since i know how to use olly and have compiled offsets between all no_crc's to check if infact it wasn't changed

[1coolguy]

if the crc check hasn't been changed.. if adding in the new .csv files to the crc folder will it still work?

[elberacasa]

I try to use neb bypass and the crc folder.. on the new client BUT---> client does not match

[HellSpider]

Well im in as always ...

[elberacasa]

yayy at least someone is with me XD lool...lazy ppl haha

[lex22]

Hey, i am also IN on it, nothing else better to do. I am going to re-install my two moons, update old cvs from crc and see if it work's, for now.

[myty]

Quote:

Originally Posted by elberacasa

Hey everyone.. i hope this new patch dont get a new .exe but i think i am wrong :S.... So we should start thinking in creating a new bypass in group work.. so not just 1 dude makes it for all ---> i know is not easy but why we dont give it a try, 20 heads think better than 1!!! If everyone put a little bit of time i think we can play the x2!!
Who is in say IN!!! whos not just fuking sit there waiting for Neb to make a new one.. Lawl
Btw Neb give me a little hint or maybe any guide of unpacking .exe or smth :P

well i am IN too...i wanna help and learn

[HellSpider]

The calculation seems to be the same still:

Code:

00642470  /. 55             PUSH EBP
00642471  |. 8BEC           MOV EBP,ESP
00642473  |. 83E4 F8        AND ESP,FFFFFFF8
00642476  |. 81EC 0C030000  SUB ESP,30C
0064247C  |. 53             PUSH EBX
0064247D  |. 56             PUSH ESI
0064247E  |. 57             PUSH EDI
0064247F  |. 68 00005000    PUSH unpacked.00500000
00642484  |. 8BD9           MOV EBX,ECX
00642486  |. E8 A4E51D00    CALL unpacked.00820A2F
0064248B  |. 8B75 08        MOV ESI,DWORD PTR SS:[EBP+8]
0064248E  |. 83C4 04        ADD ESP,4
00642491  |. 8BF8           MOV EDI,EAX
00642493  |. 8B06           MOV EAX,DWORD PTR DS:[ESI]
00642495  |. 6A 00          PUSH 0
00642497  |. 6A 00          PUSH 0
00642499  |. 8BCE           MOV ECX,ESI
0064249B  |. 897C24 1C      MOV DWORD PTR SS:[ESP+1C],EDI
0064249F  |. FF50 04        CALL DWORD PTR DS:[EAX+4]
006424A2  |. 8B16           MOV EDX,DWORD PTR DS:[ESI]
006424A4  |. 57             PUSH EDI
006424A5  |. 68 00005000    PUSH unpacked.00500000
006424AA  |. 8BCE           MOV ECX,ESI
006424AC  |. FF52 08        CALL DWORD PTR DS:[EDX+8]
006424AF  |. 50             PUSH EAX
006424B0  |. 8D4424 14      LEA EAX,DWORD PTR SS:[ESP+14]
006424B4  |. 50             PUSH EAX
006424B5  |. 57             PUSH EDI
006424B6  |. 8BCB           MOV ECX,EBX
006424B8  |. E8 33FFFFFF    CALL unpacked.006423F0
006424BD  |. 8B5424 10      MOV EDX,DWORD PTR SS:[ESP+10]
006424C1  |. 8B4B 14        MOV ECX,DWORD PTR DS:[EBX+14]
006424C4  |. 0FB6C2         MOVZX EAX,DL
006424C7  |. 25 FF000080    AND EAX,800000FF
006424CC  |. 79 07          JNS SHORT unpacked.006424D5
006424CE  |. 48             DEC EAX
006424CF  |. 0D 00FFFFFF    OR EAX,FFFFFF00
006424D4  |. 40             INC EAX
006424D5  |> 8BF1           MOV ESI,ECX
006424D7  |. 0FB6C0         MOVZX EAX,AL
006424DA  |. 81E6 FF000000  AND ESI,0FF
006424E0  |. 33C6           XOR EAX,ESI
006424E2  |. 8B0485 E873BC0>MOV EAX,DWORD PTR DS:[EAX*4+BC73E8]
006424E9  |. C1E9 08        SHR ECX,8
006424EC  |. 33C1           XOR EAX,ECX
006424EE  |. 8BCA           MOV ECX,EDX
006424F0  |. C1E9 08        SHR ECX,8
006424F3  |. 0FB6C9         MOVZX ECX,CL
006424F6  |. 81E1 FF000080  AND ECX,800000FF
006424FC  |. 8943 14        MOV DWORD PTR DS:[EBX+14],EAX
006424FF  |. 79 08          JNS SHORT unpacked.00642509
00642501  |. 49             DEC ECX
00642502  |. 81C9 00FFFFFF  OR ECX,FFFFFF00
00642508  |. 41             INC ECX
00642509  |> 8BF0           MOV ESI,EAX
0064250B  |. 0FB6C9         MOVZX ECX,CL
0064250E  |. 81E6 FF000000  AND ESI,0FF
00642514  |. 33CE           XOR ECX,ESI
00642516  |. 8B0C8D E873BC0>MOV ECX,DWORD PTR DS:[ECX*4+BC73E8]
0064251D  |. C1E8 08        SHR EAX,8
00642520  |. 33C8           XOR ECX,EAX
00642522  |. 8BC2           MOV EAX,EDX
00642524  |. C1E8 10        SHR EAX,10
00642527  |. 0FB6C0         MOVZX EAX,AL
0064252A  |. 25 FF000080    AND EAX,800000FF
0064252F  |. 894B 14        MOV DWORD PTR DS:[EBX+14],ECX
00642532  |. 79 07          JNS SHORT unpacked.0064253B
00642534  |. 48             DEC EAX
00642535  |. 0D 00FFFFFF    OR EAX,FFFFFF00
0064253A  |. 40             INC EAX
0064253B  |> 8BF1           MOV ESI,ECX
0064253D  |. 0FB6C0         MOVZX EAX,AL
00642540  |. 81E6 FF000000  AND ESI,0FF
00642546  |. 33C6           XOR EAX,ESI
00642548  |. 8B0485 E873BC0>MOV EAX,DWORD PTR DS:[EAX*4+BC73E8]
0064254F  |. C1E9 08        SHR ECX,8
00642552  |. 33C1           XOR EAX,ECX
00642554  |. 8BCA           MOV ECX,EDX
00642556  |. C1E9 18        SHR ECX,18
00642559  |. 81E1 FF000080  AND ECX,800000FF
0064255F  |. 8943 14        MOV DWORD PTR DS:[EBX+14],EAX
00642562  |. 79 08          JNS SHORT unpacked.0064256C
00642564  |. 49             DEC ECX
00642565  |. 81C9 00FFFFFF  OR ECX,FFFFFF00
0064256B  |. 41             INC ECX
0064256C  |> 8BF0           MOV ESI,EAX
0064256E  |. 0FB6C9         MOVZX ECX,CL
00642571  |. 52             PUSH EDX
00642572  |. 81E6 FF000000  AND ESI,0FF
00642578  |. 33CE           XOR ECX,ESI
0064257A  |. C1E8 08        SHR EAX,8
0064257D  |. 33048D E873BC0>XOR EAX,DWORD PTR DS:[ECX*4+BC73E8]
00642584  |. 8D5424 1C      LEA EDX,DWORD PTR SS:[ESP+1C]
00642588  |. 68 80CCA500    PUSH unpacked.00A5CC80                   ;  ASCII "[CRC32] : %u "
0064258D  |. 52             PUSH EDX
0064258E  |. 8943 14        MOV DWORD PTR DS:[EBX+14],EAX
00642591  |. C64424 24 00   MOV BYTE PTR SS:[ESP+24],0
00642596  |. E8 7504DDFF    CALL unpacked.00412A10
0064259B  |. 8BF0           MOV ESI,EAX
0064259D  |. 8B43 14        MOV EAX,DWORD PTR DS:[EBX+14]
006425A0  |. 50             PUSH EAX
006425A1  |. B9 40000000    MOV ECX,40
006425A6  |. 8DBC24 2801000>LEA EDI,DWORD PTR SS:[ESP+128]
006425AD  |. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
006425AF  |. 8D4C24 28      LEA ECX,DWORD PTR SS:[ESP+28]
006425B3  |. 68 90CCA500    PUSH unpacked.00A5CC90                   ;  ASCII "[CRC32] Total: %u "
006425B8  |. 51             PUSH ECX
006425B9  |. C64424 30 00   MOV BYTE PTR SS:[ESP+30],0
006425BE  |. E8 4D04DDFF    CALL unpacked.00412A10
006425C3  |. 8D9424 3001000>LEA EDX,DWORD PTR SS:[ESP+130]
006425CA  |. 8BF0           MOV ESI,EAX
006425CC  |. B9 40000000    MOV ECX,40
006425D1  |. 8DBC24 3002000>LEA EDI,DWORD PTR SS:[ESP+230]
006425D8  |. 52             PUSH EDX
006425D9  |. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
006425DB  |. E8 40831D00    CALL unpacked.0081A920
006425E0  |. 8D8424 3402000>LEA EAX,DWORD PTR SS:[ESP+234]
006425E7  |. 50             PUSH EAX
006425E8  |. E8 33831D00    CALL unpacked.0081A920
006425ED  |. 8B4C24 34      MOV ECX,DWORD PTR SS:[ESP+34]
006425F1  |. 51             PUSH ECX
006425F2  |. E8 08102400    CALL unpacked.008835FF
006425F7  |. 83C4 24        ADD ESP,24
006425FA  |. 5F             POP EDI
006425FB  |. 5E             POP ESI
006425FC  |. 5B             POP EBX
006425FD  |. 8BE5           MOV ESP,EBP
006425FF  |. 5D             POP EBP
00642600  \. C2 0400        RETN 4

[myty]

Quote:

Originally Posted by InstantDeath

The calculation seems to be the same still:

Code:

00642470  /. 55             PUSH EBP
00642471  |. 8BEC           MOV EBP,ESP
00642473  |. 83E4 F8        AND ESP,FFFFFFF8
00642476  |. 81EC 0C030000  SUB ESP,30C
0064247C  |. 53             PUSH EBX
0064247D  |. 56             PUSH ESI
0064247E  |. 57             PUSH EDI
0064247F  |. 68 00005000    PUSH unpacked.00500000
00642484  |. 8BD9           MOV EBX,ECX
00642486  |. E8 A4E51D00    CALL unpacked.00820A2F
0064248B  |. 8B75 08        MOV ESI,DWORD PTR SS:[EBP+8]
0064248E  |. 83C4 04        ADD ESP,4
00642491  |. 8BF8           MOV EDI,EAX
00642493  |. 8B06           MOV EAX,DWORD PTR DS:[ESI]
00642495  |. 6A 00          PUSH 0
00642497  |. 6A 00          PUSH 0
00642499  |. 8BCE           MOV ECX,ESI
0064249B  |. 897C24 1C      MOV DWORD PTR SS:[ESP+1C],EDI
0064249F  |. FF50 04        CALL DWORD PTR DS:[EAX+4]
006424A2  |. 8B16           MOV EDX,DWORD PTR DS:[ESI]
006424A4  |. 57             PUSH EDI
006424A5  |. 68 00005000    PUSH unpacked.00500000
006424AA  |. 8BCE           MOV ECX,ESI
006424AC  |. FF52 08        CALL DWORD PTR DS:[EDX+8]
006424AF  |. 50             PUSH EAX
006424B0  |. 8D4424 14      LEA EAX,DWORD PTR SS:[ESP+14]
006424B4  |. 50             PUSH EAX
006424B5  |. 57             PUSH EDI
006424B6  |. 8BCB           MOV ECX,EBX
006424B8  |. E8 33FFFFFF    CALL unpacked.006423F0
006424BD  |. 8B5424 10      MOV EDX,DWORD PTR SS:[ESP+10]
006424C1  |. 8B4B 14        MOV ECX,DWORD PTR DS:[EBX+14]
006424C4  |. 0FB6C2         MOVZX EAX,DL
006424C7  |. 25 FF000080    AND EAX,800000FF
006424CC  |. 79 07          JNS SHORT unpacked.006424D5
006424CE  |. 48             DEC EAX
006424CF  |. 0D 00FFFFFF    OR EAX,FFFFFF00
006424D4  |. 40             INC EAX
006424D5  |> 8BF1           MOV ESI,ECX
006424D7  |. 0FB6C0         MOVZX EAX,AL
006424DA  |. 81E6 FF000000  AND ESI,0FF
006424E0  |. 33C6           XOR EAX,ESI
006424E2  |. 8B0485 E873BC0>MOV EAX,DWORD PTR DS:[EAX*4+BC73E8]
006424E9  |. C1E9 08        SHR ECX,8
006424EC  |. 33C1           XOR EAX,ECX
006424EE  |. 8BCA           MOV ECX,EDX
006424F0  |. C1E9 08        SHR ECX,8
006424F3  |. 0FB6C9         MOVZX ECX,CL
006424F6  |. 81E1 FF000080  AND ECX,800000FF
006424FC  |. 8943 14        MOV DWORD PTR DS:[EBX+14],EAX
006424FF  |. 79 08          JNS SHORT unpacked.00642509
00642501  |. 49             DEC ECX
00642502  |. 81C9 00FFFFFF  OR ECX,FFFFFF00
00642508  |. 41             INC ECX
00642509  |> 8BF0           MOV ESI,EAX
0064250B  |. 0FB6C9         MOVZX ECX,CL
0064250E  |. 81E6 FF000000  AND ESI,0FF
00642514  |. 33CE           XOR ECX,ESI
00642516  |. 8B0C8D E873BC0>MOV ECX,DWORD PTR DS:[ECX*4+BC73E8]
0064251D  |. C1E8 08        SHR EAX,8
00642520  |. 33C8           XOR ECX,EAX
00642522  |. 8BC2           MOV EAX,EDX
00642524  |. C1E8 10        SHR EAX,10
00642527  |. 0FB6C0         MOVZX EAX,AL
0064252A  |. 25 FF000080    AND EAX,800000FF
0064252F  |. 894B 14        MOV DWORD PTR DS:[EBX+14],ECX
00642532  |. 79 07          JNS SHORT unpacked.0064253B
00642534  |. 48             DEC EAX
00642535  |. 0D 00FFFFFF    OR EAX,FFFFFF00
0064253A  |. 40             INC EAX
0064253B  |> 8BF1           MOV ESI,ECX
0064253D  |. 0FB6C0         MOVZX EAX,AL
00642540  |. 81E6 FF000000  AND ESI,0FF
00642546  |. 33C6           XOR EAX,ESI
00642548  |. 8B0485 E873BC0>MOV EAX,DWORD PTR DS:[EAX*4+BC73E8]
0064254F  |. C1E9 08        SHR ECX,8
00642552  |. 33C1           XOR EAX,ECX
00642554  |. 8BCA           MOV ECX,EDX
00642556  |. C1E9 18        SHR ECX,18
00642559  |. 81E1 FF000080  AND ECX,800000FF
0064255F  |. 8943 14        MOV DWORD PTR DS:[EBX+14],EAX
00642562  |. 79 08          JNS SHORT unpacked.0064256C
00642564  |. 49             DEC ECX
00642565  |. 81C9 00FFFFFF  OR ECX,FFFFFF00
0064256B  |. 41             INC ECX
0064256C  |> 8BF0           MOV ESI,EAX
0064256E  |. 0FB6C9         MOVZX ECX,CL
00642571  |. 52             PUSH EDX
00642572  |. 81E6 FF000000  AND ESI,0FF
00642578  |. 33CE           XOR ECX,ESI
0064257A  |. C1E8 08        SHR EAX,8
0064257D  |. 33048D E873BC0>XOR EAX,DWORD PTR DS:[ECX*4+BC73E8]
00642584  |. 8D5424 1C      LEA EDX,DWORD PTR SS:[ESP+1C]
00642588  |. 68 80CCA500    PUSH unpacked.00A5CC80                   ;  ASCII "[CRC32] : %u "
0064258D  |. 52             PUSH EDX
0064258E  |. 8943 14        MOV DWORD PTR DS:[EBX+14],EAX
00642591  |. C64424 24 00   MOV BYTE PTR SS:[ESP+24],0
00642596  |. E8 7504DDFF    CALL unpacked.00412A10
0064259B  |. 8BF0           MOV ESI,EAX
0064259D  |. 8B43 14        MOV EAX,DWORD PTR DS:[EBX+14]
006425A0  |. 50             PUSH EAX
006425A1  |. B9 40000000    MOV ECX,40
006425A6  |. 8DBC24 2801000>LEA EDI,DWORD PTR SS:[ESP+128]
006425AD  |. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
006425AF  |. 8D4C24 28      LEA ECX,DWORD PTR SS:[ESP+28]
006425B3  |. 68 90CCA500    PUSH unpacked.00A5CC90                   ;  ASCII "[CRC32] Total: %u "
006425B8  |. 51             PUSH ECX
006425B9  |. C64424 30 00   MOV BYTE PTR SS:[ESP+30],0
006425BE  |. E8 4D04DDFF    CALL unpacked.00412A10
006425C3  |. 8D9424 3001000>LEA EDX,DWORD PTR SS:[ESP+130]
006425CA  |. 8BF0           MOV ESI,EAX
006425CC  |. B9 40000000    MOV ECX,40
006425D1  |. 8DBC24 3002000>LEA EDI,DWORD PTR SS:[ESP+230]
006425D8  |. 52             PUSH EDX
006425D9  |. F3:A5          REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
006425DB  |. E8 40831D00    CALL unpacked.0081A920
006425E0  |. 8D8424 3402000>LEA EAX,DWORD PTR SS:[ESP+234]
006425E7  |. 50             PUSH EAX
006425E8  |. E8 33831D00    CALL unpacked.0081A920
006425ED  |. 8B4C24 34      MOV ECX,DWORD PTR SS:[ESP+34]
006425F1  |. 51             PUSH ECX
006425F2  |. E8 08102400    CALL unpacked.008835FF
006425F7  |. 83C4 24        ADD ESP,24
006425FA  |. 5F             POP EDI
006425FB  |. 5E             POP ESI
006425FC  |. 5B             POP EBX
006425FD  |. 8BE5           MOV ESP,EBP
006425FF  |. 5D             POP EBP
00642600  \. C2 0400        RETN 4

so we need to use neb calculator?

[bruyeria]

im IN but im getting tired of having to w8 for a new CRC everytime a new dekaron.exe is launched. I think i will look for another way of doing it. currently im considering trying to make a packet filter which will answer the correct CRC or either just direct writing to the memory.

Ill keep posting about how im doing. But please let me know if a new crc bypass is completed.

[waka1]

I'll take a look at the crc when i get home tonight, time to see if those assembly language classes paid off