website to generate the required .dat file. You have to enter your account name and get a file as reply which you need to put into the "user" folder of your l2server directory. The basic programming logic behind this site is explained here. If you use the website you'll only need to download L2Server Package and follow Step 2 & 3. If you trust the site enough to put in your account name is your decision. I made it, but in the end thats not going to guarantee you anything.Alright,
i spend some time to hack around the walker code. I have to admit i've yet to figure out how the algorithm works but at least i found a way to extract the magic code for an account. I'll try to explain as easy as possible how to get it, but i'm not going to make an idiots guide - getting the key does involve quite some effort. If you can't or don't like to follow this guide i'm offering to generate keys for 1m teon adena per account. rolleyes.gif
What is needed:
Unpacked Walker provided by sublimies (also blame him for any virii this may have...)
L2Server Package provided by jetic (see above)
OllyDebug - yeah we're going to disassemble
Step 1) Extract L2WalkerUnpacked.exe into your Walker directory, Ollydebug and L2Server into their own directories. If you already use L2Server no need to download it again.
Step 2) if you haven't done this already, alter your hosts file (\windows\system32\drivers\etc ) with adding
127.0.0.1 vip.towalker.com
127.0.0.1 vip1.towalker.com
127.0.0.1 vip2.towalker.com
127.0.0.1 vip4.towalker.com
127.0.0.1 vip5.towalker.com
127.0.0.1 vip6.towalker.com
127.0.0.1 vip7.towalker.com
Step 3) Launch l2asrv.exe from L2Server package
Step 4) Start OllyDbg - it should be save to say yes if a warning msg about a .dll comes up. Load (File -> Open) L2WalkerUnpacked.exe into Ollydebug.
Step 5) A warning msg will pop-up, you can safely ignore it
Step 6) Maximize the new window and Hit Ctr+G, enter 47d5a9 and hit ok (we're jumping to a certain address inside the code)
Step 7) Use F2 once, which puts up a red marker at the current position. We just set a breakpoint, whenever the program reaches this code line it will stop and wait for our input
user posted image
Step 8) Use Debug -> Run - you should notice now at your taskbar that walker has been started (if not, use Debug -> Run again).
Step 9) Switch over to walker, enter your username and any password you like and hit login
Step 10) Ollydbg will popup soon after, because we hit the breakpoint. If you take a look at the right side of the screen, you'll notice a line that goes like EDI 0119FCA0 ASCII "AB123DASD...."
user posted image
Step 11) While we're quite close to our result, the line you see there is not yet we're looking for, use Debug -> Run again and you'll notice those numbers change, now use Debug -> Run once more and we're at our goal.
Step 12) Start Notepad and write down what you now find between the quotes. Make sure to adjust the window size as needed to see the full string, it consists of 32 characters.
user posted image
Step 13) Because of l2servers internal format we need to insert 48 random characters infront of that string. The easiest way would be to use 1234567890 format...
user posted image
Step 14) Save this file as YourAccountName.dat into l2server\user directory. (if you did it right, the file has a size of 80 bytes)
Step 15) Close Ollydbg, run your normal walker and if you did everything right you're able to login.(no need to restart l2aserv.exe) At the moment l2aserv.exe has a little error with packets while logging in, but after some waiting time it still manages to get into the game.
As a technical sidenote: i'm confident the part which i filled with random characters normally contain a sort of encrypted login name. I've also seen walker accessing the area in which that stuff is stored but there seem to be no problems with logging in, so no idea what it really is supposed to do.
thx to dham (credit to him)
from gamhak
It would be nice to add some links with the refered programs
