Tetris i think your problem is the password.i used this deciphered pass for 'sa' and i get the same error with you. If you set the password of 'sa' to none, i mean no password at all then it will auth the account in sql and you will pass to the next step that is my problem because when herlock has not opt file to specify this setting the he uses 'sa' by default with empty password.
If you decompile herlock using an APP called ''RecStudio'' let the program load herlock and search into strings so you will understand what i mean, also you may find many usefull infos in there if you are not already in this subject...
It was DES not RC4. Here are the project files, decrypted same way it was encrypted with DES key !_a^Rc*|#][Ych$~'(M _!d4aUo^%${T!~}h*&X%. But I only think it will work on the password.
The no password idea worked as well thanks. I feel rather stupid on that one and my friend told me to do the same. I figured a null password would of gave error since it was encrypted in the opt for one, and not the other.
Also now it appears I am connected, and getting stored procedure errors. on_server_startup.
No matter what we are working in a forward direction. Now I'm to database issues. But I'd really like to set a focus on getting opt files working for us the way they should. Basically we are just bypassing and side-skirting to the next issue instead of focusing on getting the opt working correctly files that will help us set these up right in the future. The way I am understanding it, values are hard coded into the server as fallbacks, or default values... when they should be over-rided by the opt files. But then again, they could of been compiled completely offset, I'm not sure. Either that or EOP files play a bigger role then I think.
Slowly but surely progressing but we definitely need more actual development help more than just you and I Jason.
Thanks for desutil. I had some problems to open it with express studioin order to make it exe with a key and string input.But its ok i finaly managed it. I agree that we need more ppl to work with us. **** if we only had an expert to decrypt the packets and start studying the protocol, i like so much this game so im rdy to start coding a server from the begining.. Anyway i hope more ppl will join us soon. Sorry that i didnt published the packets package that i promised but this array has info about my personal account so i dont want to share the userid,pass,char.names(to avoid ban maybe) etc.. I created a new account and today i will capture all the packets again...
So had a day off work today, sat down with a 12 pack and did some more work on the database. I've got the stored procedure for on_server_startup fixed now, and saved the proceedure for you all. I've also been reversing stored procedure information to import to the telecaster tables and columns. Tedious but works.
The DBUpdater.opt still has me puzzled if anyone can try and take at crack at it. I think it will help us populate arcadia db. In either case I'll look at it tomorrow and give the decryptor a try on it. I saw in the DPUpdater.exe code the same des key. At this point even if I have to manually extract data from rdu files, it will be worth it. Worth a try at least.
After work tomorrow, I'll work on telecaster some more til I have a few more tables populated, then post my work. Still might be a couple more days til I get them to you all. I'll have to do a bit more reversing, then drop a lot of stored procedures to re-try them, and package everything up to run smooth for you all.
Also, just for fun, another way to elimate authserver.opt clutter is to add...
S db.auth.connection_string:Provider=sqloledb;Persis t Security Info=True;Initial Catalog=Telecaster;Data Source=127.0.0.1;User id=sa;Password=
This will overwrite the connection string, and since connection string comes before db.auth.account and db.auth.password_ it will automatically take effect without the need of those two commands.
And one more thing, a legend for the opt files... what the s's and n's mean.
Code:
switch( type )
{
case 'S':Set( key, data ); break;
case 'F':Set( key, (float)atof(data) ); break;
case 'V':sscanf( data, "%f;%f;%f", &v.x, &v.y, &v.z ); Set( key, v ); break;
case 'Q':sscanf( data, "%f;%f;%f;%f", &q.x, &q.y, &q.z, &q.w ); Set( key, q ); break;
case 'N':Set( key, atoi(data) ); break;
case 'T':Set( key, (short)atoi(data) ); break;
}
S = String = text
F = Float = Integer with period other integer
N = Interger
T = Short = small #
V = wont use
Q =wont use
-> Kentacky:Thanks Kentucky, we already knew the 2 first ports nice to know the index port too.
-> Tetris:Nice work Tetris.. Im sure you will do it with updater.
A question. Do you think that nflavor uses the same DES encryption for communication packets of client with aurora and herlock too?
No, forget the DES unfortunately. The RDU is binary and not encrypted, which the only way we can reverse them is through binary. It's possible to setup a program to give us basic structure, but in doing so we'll lose precious data like int, varchar. We'll have to find a way to make the DBUpdater work! Also unfortunately, we do not have enough information on RC4 format. Decryption is no longer an easy option. (I know your wanting to start a emulator jason, but lets try and go with what we got for now.)
Here's what I think we'll need. Data miners, gather information on EOP files! Create a collective of possible opt strings and solutions. We must find a way to figure out how to get opt files to work. We also need to learn the importance of EOP files, and what role they play. ELA files. what are they, what are their role? Getting a somewhat working telecaster is possible at this point, but without many crucial stored procedures. Arcadia is the big one, we need to unlock it. We have many files and tools in front of us, we just need to unlock their mystery. What we need is a better understanding of how each file has its own role.
To summarize, it seems that telecaster holds and stores user data while arcadia contains game server data such as mobs, npc's, items and such.
@Kentucky, thanks for index port as well. I was not aware of it as well. How did you get it?
Ok i agree that we have to study the files that we already have and i think if we work hard, these files are enough to make both servers to work.Ofc we may need some reverse eng. with client too. The problem for me is that im not sure if i can help your excellent until now work on [files-understanding-decrypting etc], so in order to be active on rappelz ps project im trying to collect information about [packets/protocol/decrypting etc] while i challenging with our files too.
So you think that C<>S communication packets are encrypted with RC4? Also GameGuard modifies the packets too for more protection or is just an active app on both sides Server-Client in order to protect the sframe process from RAM-reading-moding?
the private server is gone and i dont think it will come back. i know this may be the wrong section but someone hacked the game server and put an http and ftp server in the game server. you guys might want getting the server directly instead of working backwards.
dont believe me, put the game server's ip in your browser. port scan the ip too to see the remote desktop, http, and ftp server on.
the private server is gone and i dont think it will come back. i know this may be the wrong section but someone hacked the game server and put an http and ftp server in the game server. you guys might want getting the server directly instead of working backwards.
dont believe me, put the game server's ip in your browser. port scan the ip too to see the remote desktop, http, and ftp server on.
"It works!"
ㅋㅋㅋㅋ
Scanning ports on 69.162.125.26
69.162.125.26 is responding on port 21 (ftp).
69.162.125.26 isn't responding on port 23 (telnet).
69.162.125.26 isn't responding on port 25 (smtp).
69.162.125.26 is responding on port 80 (http).
69.162.125.26 isn't responding on port 110 (pop3).
69.162.125.26 isn't responding on port 139 (netbios-ssn).
69.162.125.26 isn't responding on port 445 (microsoft-ds).
69.162.125.26 isn't responding on port 1433 (ms-sql-s).
69.162.125.26 isn't responding on port 1521 (ncube-lm).
69.162.125.26 isn't responding on port 1723 (pptp).
69.162.125.26 isn't responding on port 3306 (mysql).
69.162.125.26 is responding on port 3389 (ms-wbt-server).
69.162.125.26 isn't responding on port 5900 ().
69.162.125.26 isn't responding on port 8080 (webcache).
Let's start with, yes, you are correct, wrong section.
Exploiting or brute forcing that server in either case will not be easy, at least for any of us DEV's. Nor is that what this development thread is here for. Port 3389 is open which is good, but 445 the smb port is closed leaving it closed for exploit. Port 21 being open is unusual for the server, as it's usually not. Usually I have to run -Pn just to even get any result. In either case since smb is not open to exploit, and the server is using a 3rd party program for ftp instead of IIS using inbuilt accounts, smb exploits and tcp binds are not an option, the only resolve I see is to brute force. Do as you like, but please don't talk about that here.
And If I am not correct The "It works!" Message is apache default website... site is no longer using IIS. Therefore also leaving all webdav PUT exploits out. Your all welcome to do whatever, but please, all I ask is not in this thread.
I'm nearly finished with custom telecaster databases. This isn't getting us too far, but is a lot of progress. Basically, I just need to fix a problem in on_server_startup stored procedure, and fix a couple other issues, and I'll get these uploaded for you all. That's really, the only news I have. I'm off work the next couple of days, so I'll be able to focus more, maybe even post a tutorial to get everyone else up to speed. It'd be nice, for you all to be on the same page as I am so we can focus our efforts forward, and not being held back.
Another thing to know is that, these tables and databases may not be entirely complete. Tomorrow I will go through and manually see what I can find to add to the database... as usual this takes time, but worth it. Hopefully by the time I upload most of the information will be here as I'm currently missing a few tables, and information in all tables, and columns in about 6 known tables. But in the end, I only have so much information to go by. Also we are missing alot of stored procedures. These can be reversed yes, but not anytime soon. I will get started on those after more basic understanding of how everything works. Never the less, Arcadia DB is still the big one, so getting the some/most of telecaster out of the way will be promising.
Anyways, sorry for the wait all, standby please. These will be available soon! I promise.
--=* Emulator files/Server files *=-- 05/12/2008 - RF Online - 2 Replies Sorry created a thread to search for emulator files but was lazy at first and didn't use google so have edited my original post. Just in case anyone else needs here is the link.
RF Server Files, Once and for all - Pirate Server
![[DEV] Server files!](https://www.elitepvpers.com/forum/iconimages/rappelz/dev-server-files_ltr.gif){kind=small}
**** if we only had an expert to decrypt the packets and start studying the protocol, i like so much this game so im rdy to start coding a server from the begining.. Anyway i hope more ppl will join us soon. Sorry that i didnt published the packets package that i promised but this array has info about my personal account so i dont want to share the userid,pass,char.names(to avoid ban maybe) etc.. I created a new account and today i will capture all the packets again...
