it sends when a monster spawns, where it spawns, if somebody fights with it, if a monster is red (automatically going to attack you) or yellow (not going to attack you automatically), what monster it is etc etc.
i think packet manipulation works way more precise.
i am not going into the details, i didnt do this on my own. but it makes very much sense, it should work.
do not send me any questions in any way on how exactly anything of the following points would work.
1. Unpack neuz.exe
2. (assembly) at the place where neuz.exe jumps to the part where it launches gameguard, simply overjump this. tadaa, no NProtect
3. neuz.exe will close itself (quit) when it figures out that GG isn't running.
find the check for GG and jump to the part in the program where the check jumps to, usually, if GG _IS_ running. tadaa, client thinks it's running while it isn't. directly brings us to:
4. The server knows that GG is NOT running and therefore disconnects you.
Capture the packets sent by GameGuard. (up to you how. i dont answer questions on this)
5. make a proxy. i.e. with mIRC Script:
Listen on port 28000 and 5400 (might use other ports as well, just check it )
6. find the IP(s) that FlyFF connect to. easily done with a firewall and/or packet sniffer like ethereal / WPE Pro.
Remember them, they will become important in step 7.
Change these IP's in neuz.exe to 127.0.0.1 (localhost).
neuz.exe now connects to your mIRC proxy.
7. ensure that when neuz.exe connects to mIRC,
mIRC _DIRECTLY_ connects to the IP that neuz.exe connected to, before.
8. You now can inject the data that GameGuard sends.
remember to also not ask me about the encrypting / decrypting.
Once this is done, flyff can connect to the server again, WITHOUT having NProtect running.
If you got to THIS point, you are holding a very powerfull tool package in your hands.
You should now be able to build injection plugins for the mIRC that you just missused to be a proxy.
-> Speed-Skill, Teleport, Spam (or flood), PK Hack, Highspeed dropping of penya / items at any place (remember penya cubes), maybe also Duping, ...
You also could log all the data sent, and, depending on your coding/scripting skills, making an OWN Server!
Latest notes:
1. remember to not execute flyff.exe! it's the evil updater which would overwrite your neuz.exe
also you should give the new exe a new name to ensure this never happens. i.e. proxyneuz.exe
2. it doesnt run without having the updater started before? no problem!
there are 2 ways to go arround this. an easy one and a harder one.
easy: make a batch file.
Code:
@echo off proxyflyff.exe sunkist
bit harder: (assembly) remove the check for this parameter being sent directly in your proxyflyff.exe
3. The version of flyff i am using doesn't allow windowmode. what to do?
edit the file 'sunkist.ini'
add 2 new rows, i.e. near to your ID in the ini file.
Code:
sunkist 1 Dev 1
4. This all sounds easy except capturing GG packets while it's running.
-> you can eighter rootkit the sniffer to hide it from GG or use a second computer to capture the packets being sent through the ethernet bridge.
...but if you use a second computer, you could also try to just use WPE Pro to manipulate the data. this should even work with having GG running on the other PC...
5. where do i get the tool (whatever) ?
-> google it. google is a -very easy to use- search engine.
if google.com doesn't help, you might want to try
search engine (using yahoo's databases)6. this tutorial should apply for alot of other games using TCP as well.
UDP is a bit harder.
If you have any questions to this, keep them for you.
I am not responsible for questions to this.
If you have any suggestions, post them below.
Remember, spam and begging is/are NOT tolerated on ************.net
In the future, don't open threads asking questions that have been answered here.
To questions on reposting this on another forum:
I dont allow it. place a link instead.
Remember, any damage this may cause is your problem.
Any bans that may be set due to this are your problem as well.
You do this at your own risk, and you are responsible for your actions. Not I.
I'm not releasing a hack doing this, I just give the theoretical part for it.
