Exiled Bot Crack Guide

ee5 · 03/31/2014, 07:47

Quote:

Originally Posted by Sixstrings

[/url]

thank you, but no luck even this time

they are neither shown in Olly plugins menu nor unpacked well: archeive is broken.

Thiago9999 · 04/01/2014, 08:20

any progress? Sixstrings

Sixstrings · 04/02/2014, 01:45

Quote:

Originally Posted by Thiago9999

any progress? Sixstrings

well, I could freeze the elite status using cheat engine, I would not call that a real crack, but at least, it seems to work. Try it out, download:

I've unpacked the bot using the setevent feature and only removed phoning home, which is still the same.

install and start cheat engine. start ollydbg, load bot into olly, search for:
"Exiled Bot (Elite)", two lines above set a memory breakpoint on the CMP command (F2), start the bot through olly, it will stop at this breakpoint, look right under the disassembler window, DS:[xxxxxxxx]=00,
now go to cheat engine, add address manually, enter the address xxxxxxxx, set to byte, click ok, in the address window, doubleclick value 00, set it to 01, press space to freeze this value,
go back to olly, remove the breakpoint (F2 again), press F9 to start the bot,
it should turn to Elite. Test it, I did only 2 runs.
I think this can all be done with cheat engine (without olly) but I didn't try, used cheat engine for the first time.

Thiago9999 · 04/02/2014, 04:12

Thank you. I'll wait a crack

Sixstrings · 04/02/2014, 11:26

Check this out, tell me if it works:

Sethios · 04/02/2014, 13:12

works for me, tnx. btw i'd like to know how you did it

i was trying to find the code that checks the key by looking at
00409DF9 68 4CDA6100 PUSH 61DA4C; ASCII "Key to enable Elite Features."
and
00409F0F 68 A8DA6100 PUSH 61DAA8; ASCII "Elite Features Unlocked!"

but didn't manage to find anything, got lost in the jumps.

Then i tried to find what jumps to "Exiled Bot (Elite)" like you mentioned but also couldn't figure it out...sry I'm a bit new to assembly (only about two months) so i still get easely lost in the code.

Sixstrings · 04/02/2014, 13:43

It's so simple, I can't believe I oversaw it till now.

1. unpack with the script using the setevent feature (see Tutvideo 7), it's a bit more complicated
2. search for all referenced text strings "Exiled Bot (Elite)"
the code looks like this:

0040B5FF A1 30B66700 MOV EAX,DWORD PTR DS:[0x67B630]
0040B604 8038 00 CMP BYTE PTR DS:[EAX],0x0
0040B607 74 07 JE SHORT 0040B610 ; ExiledBo.0040B610
0040B609 68 28E26100 PUSH 0x61E228 ; ASCII "Exiled Bot (Elite)"
0040B60E EB 05 JMP SHORT 0040B615 ; ExiledBo.0040B615
0040B610 68 3CE26100 PUSH 0x61E23C ; ASCII "Exiled Bot"

change it to:

0040B5FF A1 30B66700 MOV EAX,DWORD PTR DS:[0x67B630]
0040B604 C600 01 MOV BYTE PTR DS:[EAX],0x1
0040B607 90 NOP
0040B608 90 NOP
0040B609 68 28E26100 PUSH 0x61E228 ; ASCII "Exiled Bot (Elite)"
0040B60E EB 05 JMP SHORT 0040B615 ; ExiledBo.0040B615
0040B610 68 3CE26100 PUSH 0x61E23C ; ASCII "Exiled Bot"

so, instead of checking the elite status, we set it to elite here every time the bot wants to check that flag.

3. remove phoning home if you like, search for "No Connection", NOP that JNZ command two lines above.

4. be prepared for more changes to the auth system on the next release

Sethios · 04/02/2014, 14:07

well i tried NOPing that short jump few days ago but didn't change the compare, missed that...so just that i understand, by giving it a move to 0x1 you trick it into thinking it's allways "true"?
and can you please explain why it didn't work for me when i dried to swap just the jump to JNE?

Sixstrings · 04/02/2014, 14:25

Quote:

Originally Posted by Sethios

well i tried NOPing that short jump few days ago but didn't change the compare, missed that...so just that i understand, by giving it a move to 0x1 you trick it into thinking it's allways "true"?
and can you please explain why it didn't work for me when i dried to swap just the jump to JNE?

this routine does nothing but setting the bot window title to "Exiled Bot" if it's non-elite, or "Exiled Bot (Elite)" if it's elite. So, NOPing the jump only sets the window title to "Exiled Bot (Elite)" even if the bot is still non-elite.
Now, we don't check the flag for elite, we set it to elite instead, no matter how and where the status is checked and this flag gets set to 0 or 1 because of the auth system. This will for sure be fixed on the next release if the authors see this crack.

killermcmc · 04/02/2014, 14:26

Quote:

Originally Posted by Sixstrings

Check this out, tell me if it works:

I am trying this now (The status said Elite) but i am using it on a low level character so i am not sure if it will still work past level 45... Anyone tried this crack?..

Thiago9999 · 04/02/2014, 14:41

works for me (y) THX "lvl 70"

touchedzeroo · 04/02/2014, 15:43

hey sixstrings, when I try and run that exe file u uploaded why does it say ...
the version of this file is not compatible with the version of windows your running. check your computers system information to see whether u need x86 (32bit) or x64 (64-bit) version of the program and then contact the software publisher..

im on windows 7 ultimate 64 bit

Sixstrings · 04/02/2014, 16:00

Quote:

Originally Posted by touchedzeroo

hey sixstrings, when I try and run that exe file u uploaded why does it say ...
the version of this file is not compatible with the version of windows your running. check your computers system information to see whether u need x86 (32bit) or x64 (64-bit) version of the program and then contact the software publisher..

im on windows 7 ultimate 64 bit

I have no idea, I'm also on Win7 ultimate x64 and it works, it works also in vmware with win7 x32 and XP x32. maybe some download error? download again and retry.

e2537066 · 04/02/2014, 18:11

@sixstrings: thank you! also thanks for the executable!
trying this later on today

slm.sesame · 04/02/2014, 19:07

Stoped responding about 10min botting.

Spoiler