[Release] NosAssistant2 Bypass

[Quarry]

Hello NosTale Community,

I am excited to announce that I have successfully developed a bypass for the NosAssistant2 program! After weeks minutes of hard work and extensive testing, the bypass is finally ready and I'm making it open-source for everyone to benefit from.

What Does the Bypass Do?

The bypass is designed to enable a proxy on your computer under the IP address 0.0.0.0 and port 8000. It intercepts the response body of the /auth/check/license request.

How to use:

- Download .zip file from the attachments
- Extract .zip file
- Run NosAssistantBypass.exe file and accept the certificate
- Run NosTale and enter to the game
- Run NosAssistant2.exe and type license key: 1234567890123456
- Done!

Now, it's even open-source!
Used nuget packages:
- Titanium.Web.Proxy 3.2.0

 Spoiler

Code:

using System;
using System.Threading.Tasks;
using System.Net;
using System.Text.Json;
using Titanium.Web.Proxy;
using Titanium.Web.Proxy.EventArguments;
using Titanium.Web.Proxy.Models;

namespace NosAssistantBypass;

public class LicenseResponse
{
    public bool valid { get; set; } = true;
    public DateTime valid_until { get; set; } = DateTime.MaxValue;
}

class Program
{
    private static readonly LicenseResponse DefaultResponse = new();
    
    static void Main(string[] args)
    {
        var thankYouSoMuchForFreeLicense = true;
        if (thankYouSoMuchForFreeLicense)
        {
            var proxyServer = new ProxyServer();
            var explicitEndPoint = new ExplicitProxyEndPoint(IPAddress.Any, 8000, thankYouSoMuchForFreeLicense);

            proxyServer.AddEndPoint(explicitEndPoint);
            proxyServer.BeforeResponse += OnResponse;
            proxyServer.ServerCertificateValidationCallback += OnCertificateValidation;
            proxyServer.ClientCertificateSelectionCallback += OnCertificateSelection;

            proxyServer.Start();
            proxyServer.SetAsSystemHttpProxy(explicitEndPoint);
            proxyServer.SetAsSystemHttpsProxy(explicitEndPoint);

            Console.WriteLine("Press any key to stop the proxy server...");
            Console.ReadKey();

            proxyServer.Stop();

            Task OnResponse(object sender, SessionEventArgs e)
            {
                if (e.HttpClient.Request.Url != "https://nosassistant.pl/api/auth/check/license")
                {
                    return Task.CompletedTask;
                }
                
                Console.WriteLine("[RESPONSE] Editing auth license response...");
                var newResponse = JsonSerializer.Serialize(DefaultResponse);
                
                Console.WriteLine($"[RESPONSE] New response JSON: {newResponse}");
                e.SetResponseBodyString(newResponse);
                
                Console.WriteLine("Done, have fun! :D");
                
                return Task.CompletedTask;
            }

            Task OnCertificateValidation(object sender, CertificateValidationEventArgs e)
            {
                e.IsValid = true;
                return Task.CompletedTask;
            }

            Task OnCertificateSelection(object sender, CertificateSelectionEventArgs e)
            {
                e.ClientCertificate = null;
                return Task.CompletedTask;
            }
        }
    }
}

Remember to disable your proxy server in the Windows settings to restore your internet to normal operation after turning off the program!

Virustotal:

Post written by ChatGPT 4o

[nikus666]

check DM's

[FI0w]

Since it got a Update to check the Server's Certificate(Public Key) and its Thumbprint (can be bypassed too) I decided to Upload the full code of the NA2! Its a Decompiled version with a lil help with chatgpt 4o for the resource convertion

I Already Disabled the License Check, made yourself Admin, Made the HWID **** random so nothing of your real will be sent, removed the auto update too(exe update ****) it allows now too a random key like 123

EDIT:

[CiroDavide]

I have some problems:


The refresh for Erenia/Zenas audiences and crown doesn't update all channels in real time;
The invitation to miniland doesn't work. The bot uses the command "$Invite NAME" instead of "$InvM NAME";
I can't retrieve any information on Analytics (raids, characters, spy players etc...).

[Nasqad]

Quote:

Originally Posted by FI0w

Since it got a Update to check the Server's Certificate(Public Key) and its Thumbprint (can be bypassed too) I decided to Upload the full code of the NA2! Its a Decompiled version with a lil help with chatgpt 4o for the resource convertion

I Already Disabled the License Check, made yourself Admin, Made the HWID **** random so nothing of your real will be sent, removed the auto update too(exe update ****) it allows now too a random key like 123

EDIT:

Your version allows the creator to see who is using the cracked version. I checked, and they can know who is using it. It's dangerous because they could report those who use the cracked version.

[Claiys]

Quote:

Originally Posted by Nasqad

Your version allows the creator to see who is using the cracked version. I checked, and they can know who is using it. It's dangerous because they could report those who use the cracked version.

Agree, your char nickname is set on header for each HTTP requests.
You can just set the IP on localhost for the MQT and API server, you will just lost some useless features.

[Selerat]

Salut ça sers à quoi au juste?

[Cryticale]

nie odpala sie to w ogole

[Chente_]

Quote:

Originally Posted by Claiys

Agree, your char nickname is set on header for each HTTP requests.
You can just set the IP on localhost for the MQT and API server, you will just lost some useless features.

i tried without knowledge but i don´t know how to find these things

[eletiz]

Is the bypass secure? Or is there a leak from the pseudo?

[Chente_]

someone can please help? i tried to set the ip to local and compile it but the program broke.