Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Rohan
You last visited: Today at 21:05

  • Please register to post and access all features, it's quick, easy and FREE!

 

Rohan hack (open source)

Reply
 
Old   #1
 
elite*gold: 0
Join Date: May 2008
Posts: 92
Received Thanks: 9
Rohan hack (open source)

This thread will be an "open source" like for Rohan hack. Here we'll discuss and find out the new addresses used lately on Rohan versions.

I have some simple questions:

- Why sorien changed from login.rohan.co.kr to login.playrohan.com ?

login.rohan.co.kr [222.231.39.6] to login.playrohan.com [206.82.210.26]

Gradius



Gradius is offline  
Old   #2
 
elite*gold: 0
Join Date: May 2008
Posts: 92
Received Thanks: 9
For Future References:

Rohan Hack #1 - GM Commands

I'll be explaining how to enable GM commands in this one.

First, go to the address 00411145 you should see this:
MOVZX EAX,BYTE PTR SS:[ESP+A9]

The command above reads your access level and moves it to the EAX Register (Padded with 0's), so what you need to do is create your own function to write your own access level.

So you create a call at that address to a code cave you found/created, in this example, I'll be using the address 00427AE2 as my code cave.

So you change the code at 00411145 to:
CALL 00427AE2
then you go to 00427AE2 and write this code:
MOV BYTE PTR SS:[ESP+0A9],0FA
MOVZX EAX,BYTE PTR SS:[ESP+0A9]
RETN


Rohan Hack Preparation

Make sure you do this before any other hacks.

Initialize Code Cave
Go to 00427AE0 and change the command there to RETN.

Now highlight and select from address 00427AE1 to 00427C59, right click, Binary -> Fill with NOPs.


Rohan GM Commands

Here's the list of Rohan GM Commands:

/ Commands
silent
quiet
tele
move
npc
telenpc
call
callparty
kick
who
whonpc
npccut
summon
create
whoall
kickall
hide
invisible
detect
snoop
good
health
return
ban
changejob
givemoney
giveabi
giveski
givelevel
cheathelp
showme
showtext
showui
showall
showframe
minimapjump
respawncurpos
respawnbindpos
cammode
showtexttexture
telepos
notice
settime
save_current_siege_status
clientshop
gmspeed
gmroom
getquest
guildview
guildset
getbank
prison
parole
abm
rbm
gbm
sbm
noticebox
createlocalnetentity
clearlocalnetentity
noticetext
savepos
twarea
twstatus
twinfo
twterm
teleportal
teleportalauto
sysvocinfo
screenfontsize
createeffect
viewani
printf_cmd
localteleportal
cameratest
cameraold
chwinmode
minioffset
setminimap
mypos
presentring
usekeymoving
seteventlevel
guildwarequal
guildwarblocking
trade

!* Commands
respawn bind pos
respawn cur pos
test camera on
test camera off
show target info on
show target info off
camera mode 0
camera mode 1
camera mode 2
camera mode 3
camera mode 4


Rohan Hack #2 - Increased Damage

Normally when you attack, you tell the server to start an attack on a target and the server handles everything from there, updating you when you attack and what not.

But there's a way to make attacking client-side, it's a pretty simple exploit, that once built into the game, can become a very good hack.

This hack does not increase your damage, it just makes you attack extremely fast.

You'll need to hack two different things for this one, you need to disable the animations for attacking while its in use and the actual attacking.

(If you leave the animation on, it won't work correctly.)

This is probably going to be a long one so bear with me. :x

Disable Attack Animation
Go to 0048A7EB and change the command there to JE 0048A87D .

This will disable the attack animation for players. (Yourself and others)

Damage Hack
I'm just going to copy and paste the code to make things shorter, and then explain what it does and what not.

For this hack, I'll be using 00427AF4 as the start of the code cave.

Go to 00487C31 and change that code to CALL 00427AF4.
This command will jump to our custom code.

Go to 00487C37, right click it, go to Binary, and Fill With NOPs.
This change will disable the client from setting the current attack state.

Go to 00487C67, right click it, go to Binary, and Fill With NOPs.
This change will disable attack speed, so your next attack is called instantly.

Now go to 00427AF4 and put this code. (Make sure it's perfect)

XOR EDI,EDI
MOV EDX,DWORD PTR DS:[0AF1264]
MOV EAX,DWORD PTR DS:[0AF1260]
MOV ECX,DWORD PTR DS:[0AC2F38]
PUSH EDX
PUSH EAX
PUSH 0
PUSH 1308
CALL 004070C0
MOV EDX,DWORD PTR DS:[0AF1264]
MOV EAX,DWORD PTR DS:[0AF1260]
PUSH EDX
PUSH EAX
LEA ECX,DWORD PTR SS:[ESP+1C]
PUSH ECX
MOV ECX,DWORD PTR DS:[0AC2F38]
PUSH 1307
CALL 004070C0
INC EDI
CMP EDI,4
JL SHORT 00427AF6
MOV EDI,EBP
RETN

This code sends 4 sets of stop attacking / start attacking commands to the server.

The 4 in CMP EDI, 4 is how many loops it does, so you can change it to suit your needs.
(I dont suggest going over 20, 4 should be the perfect number for everyone.. Going too high may make you do less damage.)

I think that's everything I should post about this, but I'm tired.. So if I forgot anything, I'll edit it later.


Rohan Hack #3 - Bypass Patcher

Go to 0043EE11 in the code area, right click it and go to Follow in dump -> Immediate Constant.

Now in the dump area, change to

Highlight what you just changed, right click it and click Copy to executable file, right click the new window and click save file.

Now press CTRL F2.

Once its restarted, go to 0043ED80 and change the code there to MOV EDX, 9F81B4

Also, make sure Fill with NOPs is checked in the assemble window.

Go to 0043EDA8 and right click then Binary -> Fill with Nops.

Right click the CPU window, Copy to Executable -> All Modifications.

Click Copy All, and then in the new window, right click the code area and click Save file.


Gradius is offline  
Old   #3
 
elite*gold: 0
Join Date: May 2008
Posts: 92
Received Thanks: 9
Comparing Original / Hacked

00010775: 0F E8
00010776: B6 78
00010777: 84 66
00010778: 24 01
00010779: A9 00
0001077A: 00 90
0001077B: 00 90
0001077C: 00 90

00026DF0: 55 C3
00026DF1: 8B 90
00026DF2: EC C6
00026DF3: 83 84
00026DF4: E4 24
00026DF5: F8 A9
00026DF6: 6A 00
00026DF7: FF 00
00026DF8: 68 00
00026DF9: F6 FA
00026DFA: 2D 0F
00026DFB: 9C B6
00026DFC: 00 84
00026DFD: 64 24
00026DFE: A1 A9

00026E02: 00 C3
00026E03: 50 90
00026E04: 64 33
00026E05: 89 FF
00026E06: 25 8B
00026E07: 00 15
00026E08: 00 E4
00026E09: 00 32
00026E0A: 00 AF
00026E0B: 81 00
00026E0C: EC A1
00026E0D: 48 E0
00026E0E: 04 32
00026E0F: 00 AF

00026E11: A1 8B
00026E12: 00 0D
00026E13: 3C B8
00026E14: AC 4F
00026E15: 00 AC
00026E16: 8B 00
00026E17: 4D 52
00026E18: 08 50
00026E19: 53 6A
00026E1A: 56 00
00026E1B: 8B 68
00026E1C: 75 08
00026E1D: 0C 13
00026E1E: 57 00
00026E1F: 56 00
00026E20: 6A E8
00026E21: 3B 4B
00026E22: 89 00
00026E23: 84 FE
00026E24: 24 FF
00026E25: 54 8B
00026E26: 04 15
00026E27: 00 E4
00026E28: 00 32
00026E29: E8 AF
00026E2A: D2 00
00026E2B: 23 A1
00026E2C: 58 E0
00026E2D: 00 32
00026E2E: 8B AF
00026E2F: 0D 00
00026E30: 2C 52
00026E31: A4 50
00026E32: AC 8D
00026E33: 00 4C
00026E34: 68 24
00026E35: EC 1C
00026E36: 68 51
00026E37: 9F 8B
00026E38: 00 0D
00026E39: E8 B8
00026E3A: B2 4F
00026E3B: 45 AC
00026E3C: 01 00
00026E3D: 00 68
00026E3E: D9 07
00026E3F: 05 13
00026E40: E8 00
00026E41: 68 00
00026E42: 9F E8
00026E43: 00 29
00026E44: D9 00
00026E45: C9 FE
00026E46: DA FF
00026E47: E9 47
00026E48: DF 83
00026E49: E0 FF
00026E4A: F6 08
00026E4B: C4 7C
00026E4C: 44 B9
00026E4D: 0F 8B
00026E4E: 8A FD
00026E4F: F4 C3
00026E50: 00 90
00026E51: 00 90
00026E52: 00 90
00026E53: 33 90
00026E54: DB 90
00026E55: 33 90
00026E56: C0 90
00026E57: 88 90
00026E58: 5C 90
00026E59: 24 90
00026E5A: 48 90
00026E5B: B9 90
00026E5C: FF 90
00026E5D: 00 90
00026E5E: 00 90
00026E5F: 00 90
00026E60: 8D 90
00026E61: 7C 90
00026E62: 24 90
00026E63: 49 90
00026E64: F3 90
00026E65: AB 90
00026E66: 66 90
00026E67: AB 90
00026E68: AA 90
00026E69: 8D 90
00026E6A: 7E 90
00026E6B: 08 90
00026E6C: 8B 90
00026E6D: C7 90
00026E6E: C7 90
00026E6F: 44 90
00026E70: 24 90
00026E71: 44 90
00026E72: 0F 90
00026E73: 00 90
00026E74: 00 90
00026E75: 00 90
00026E76: 89 90
00026E77: 5C 90
00026E78: 24 90
00026E79: 40 90
00026E7A: 88 90
00026E7B: 5C 90
00026E7C: 24 90
00026E7D: 30 90
00026E7E: 8D 90
00026E7F: 50 90
00026E80: 01 90
00026E81: 8A 90
00026E82: 08 90
00026E83: 40 90
00026E84: 3A 90
00026E85: CB 90
00026E86: 75 90
00026E87: F9 90
00026E88: 2B 90
00026E89: C2 90
00026E8A: 50 90
00026E8B: 57 90
00026E8C: 8D 90
00026E8D: 4C 90
00026E8E: 24 90
00026E8F: 34 90
00026E90: E8 90
00026E91: 4B 90
00026E92: AF 90
00026E93: FD 90
00026E94: FF 90
00026E95: 8B 90
00026E96: 44 90
00026E97: 24 90
00026E98: 44 90
00026E99: BF 90
00026E9A: 10 90
00026E9B: 00 90
00026E9C: 00 90
00026E9D: 00 90
00026E9E: 3B 90
00026E9F: C7 90
00026EA0: 8B 90
00026EA1: 44 90
00026EA2: 24 90
00026EA3: 30 90
00026EA4: 89 90
00026EA5: 9C 90
00026EA6: 24 90
00026EA7: 5C 90
00026EA8: 04 90
00026EA9: 00 90
00026EAA: 00 90
00026EAB: 73 90
00026EAC: 04 90
00026EAD: 8D 90
00026EAE: 44 90
00026EAF: 24 90
00026EB0: 30 90
00026EB1: 8B 90
00026EB2: 0E 90
00026EB3: 50 90
00026EB4: 8B 90
00026EB5: 46 90
00026EB6: 04 90
00026EB7: 50 90
00026EB8: 51 90
00026EB9: 8D 90
00026EBA: 54 90
00026EBB: 24 90
00026EBC: 54 90
00026EBD: 68 90
00026EBE: C4 90
00026EBF: 68 90
00026EC0: 9F 90
00026EC1: 00 90
00026EC2: 52 90
00026EC3: E8 90
00026EC4: B7 90
00026EC5: 4C 90
00026EC6: 58 90
00026EC7: 00 90
00026EC8: BE 90
00026EC9: 0F 90
00026ECA: 00 90
00026ECB: 00 90
00026ECC: 00 90
00026ECD: 8D 90
00026ECE: 44 90
00026ECF: 24 90
00026ED0: 5C 90
00026ED1: 83 90
00026ED2: C4 90
00026ED3: 14 90
00026ED4: 89 90
00026ED5: 74 90
00026ED6: 24 90
00026ED7: 28 90
00026ED8: 89 90
00026ED9: 5C 90
00026EDA: 24 90
00026EDB: 24 90
00026EDC: 88 90
00026EDD: 5C 90
00026EDE: 24 90
00026EDF: 14 90
00026EE0: 8D 90
00026EE1: 50 90
00026EE2: 01 90
00026EE3: 8A 90
00026EE4: 08 90
00026EE5: 40 90
00026EE6: 3A 90
00026EE7: CB 90
00026EE8: 75 90
00026EE9: F9 90
00026EEA: 2B 90
00026EEB: C2 90
00026EEC: 50 90
00026EED: 8D 90
00026EEE: 44 90
00026EEF: 24 90
00026EF0: 4C 90
00026EF1: 50 90
00026EF2: 8D 90
00026EF3: 4C 90
00026EF4: 24 90
00026EF5: 18 90
00026EF6: E8 90
00026EF7: E5 90
00026EF8: AE 90
00026EF9: FD 90
00026EFA: FF 90
00026EFB: 6A 90
00026EFC: 15 90
00026EFD: 8D 90
00026EFE: 4C 90
00026EFF: 24 90
00026F00: 14 90
00026F01: 51 90
00026F02: 8B 90
00026F03: 0D 90
00026F04: 58 90
00026F05: 03 90
00026F06: AD 90
00026F07: 00 90
00026F08: C6 90
00026F09: 84 90
00026F0A: 24 90
00026F0B: 64 90
00026F0C: 04 90
00026F0D: 00 90
00026F0E: 00 90
00026F0F: 01 90
00026F10: E8 90
00026F11: 9B 90
00026F12: 58 90
00026F13: 15 90
00026F14: 00 90
00026F15: 39 90
00026F16: 7C 90
00026F17: 24 90
00026F18: 28 90
00026F19: 72 90
00026F1A: 0D 90
00026F1B: 8B 90
00026F1C: 54 90
00026F1D: 24 90
00026F1E: 14 90
00026F1F: 52 90
00026F20: E8 90
00026F21: 8F 90
00026F22: 46 90
00026F23: 58 90
00026F24: 00 90
00026F25: 83 90
00026F26: C4 90
00026F27: 04 90
00026F28: 39 90
00026F29: 7C 90
00026F2A: 24 90
00026F2B: 44 90
00026F2C: 89 90
00026F2D: 74 90
00026F2E: 24 90
00026F2F: 28 90
00026F30: 89 90
00026F31: 5C 90
00026F32: 24 90
00026F33: 24 90
00026F34: 88 90
00026F35: 5C 90
00026F36: 24 90
00026F37: 14 90
00026F38: 72 90
00026F39: 0D 90
00026F3A: 8B 90
00026F3B: 44 90
00026F3C: 24 90
00026F3D: 30 90
00026F3E: 50 90
00026F3F: E8 90
00026F40: 70 90
00026F41: 46 90
00026F42: 58 90
00026F43: 00 90
00026F44: 83 90
00026F45: C4 90
00026F46: 04 90
00026F47: 8B 90
00026F48: 8C 90
00026F49: 24 90
00026F4A: 54 90
00026F4B: 04 90
00026F4C: 00 90
00026F4D: 00 90
00026F4E: 64 90
00026F4F: 89 90
00026F50: 0D 90
00026F51: 00 90
00026F52: 00 90
00026F53: 00 90
00026F54: 00 90
00026F55: 8B 90
00026F56: 8C 90
00026F57: 24 90
00026F58: 4C 90
00026F59: 04 90
00026F5A: 00 90
00026F5B: 00 90
00026F5C: 33 90
00026F5D: C0 90
00026F5E: E8 90
00026F5F: 1B 90
00026F60: 45 90
00026F61: 58 90
00026F62: 00 90
00026F63: 5F 90
00026F64: 5E 90
00026F65: 5B 90
00026F66: 8B 90
00026F67: E5 90
00026F68: 5D 90
00026F69: C3 90

0003E310: 8B BA
0003E311: 15 C8
0003E312: C4 8D
0003E313: F4 9F
0003E314: AF 00
0003E315: 00 90
0003E338: 8B 90
0003E339: 52 90
0003E33A: 04 90

00087581: 8B E8
00087582: 96 7E
00087583: D4 F8
00087584: 01 F9
00087585: 00 FF
00087586: 00 90
00087587: C7 90
00087588: 82 90
00087589: F0 90
0008758A: 00 90
0008758B: 00 90
0008758C: 00 90
0008758D: 02 90
0008758E: 00 90
0008758F: 00 90
00087590: 00 90
000875B7: D9 90
000875B8: 58 90
000875B9: 10 90
0008A10D: 84 8C

000D29EC: 74 EB

00325ECB: EB 8A
00325ECC: 03 4F
00325ECD: 8D 01
00325ECE: 49 47
00325ECF: 00 84
00325ED0: 8A C9
00325ED1: 4F 75
00325ED2: 01 F8
00325ED3: 47 B9
00325ED4: 84 08
00325ED5: C9 00
00325ED6: 75 00
00325ED7: F8 00
00325ED8: 8B BE
00325ED9: C8 A4
00325EDA: C1 8B
00325EDB: E9 9F
00325EDC: 02 00

005F8BA4: 52 37
005F8BA5: 65 34
005F8BA6: 62 64
005F8BA7: 6F 31
005F8BA8: 6F 65
005F8BA9: 74 62
005F8BAA: 20 31
005F8BAB: 79 39
005F8BAC: 6F 64
005F8BAD: 75 35
005F8BAE: 72 32
005F8BAF: 20 38
005F8BB0: 73 63
005F8BB1: 79 31
005F8BB2: 73 64
005F8BB3: 74 37
005F8BB4: 65 62
005F8BB5: 6D 66
005F8BB6: 21 37
005F8BB7: 20 61
005F8BB8: 28 66
005F8BB9: 41 61
005F8BBA: 6C 34
005F8BBB: 6C 64
005F8BBC: 6F 38
005F8BBD: 63 34
005F8BBE: 61 62
005F8BBF: 74 61
005F8BC0: 69 37
005F8BC1: 6F 34
005F8BC2: 6E 38
005F8BC3: 20 64
005F8BC4: 46 00
005F8DCF: 69 6C
005F8DD0: 6E 6F
005F8DD1: 66 67
005F8DD2: 6F 69
005F8DD3: 2E 6E
005F8DD4: 79 2E
005F8DD5: 6E 70
005F8DD6: 6B 6C
005F8DD7: 2D 61
005F8DD8: 67 79
005F8DD9: 61 72
005F8DDA: 6D 6F
005F8DDB: 65 68
005F8DDC: 73 61
005F8DDD: 2E 6E
005F8DDE: 63 2E
005F8DDF: 6F 63
005F8DE0: 2E 6F
005F8DE1: 6B 6D
005F8DE2: 72 2F
005F8DE3: 00 26
005F8DE4: 68 31
005F8DE5: 74 26
005F8DE6: 74 55
005F8DE7: 70 53
005F8DE8: 3A 00

90 = NOOP
Gradius is offline  
Thanks
1 User
Old   #4
 
elite*gold: 0
Join Date: May 2008
Posts: 92
Received Thanks: 9
What is the IP the game uses for "Select your server" list ?

Gradius


Gradius is offline  
Old   #5
 
elite*gold: 0
Join Date: May 2008
Posts: 92
Received Thanks: 9
Whoa, it seems no1 wants to help.

Gradius
Gradius is offline  
Old   #6
 
elite*gold: 0
Join Date: Aug 2008
Posts: 101
Received Thanks: 60
Quote:
Originally Posted by Gradius View Post
Whoa, it seems no1 wants to help.

Gradius
just use an program thats shows all running connections
i used to have a good one (ip config or smt)
it show you evry running connection, with that u can check the ip's yourself
zwartsz is offline  
Old   #7
 
elite*gold: 0
Join Date: May 2008
Posts: 92
Received Thanks: 9
The exe files is compressed by MZ (typical), what's the right way to uncompress ?!

Gradius
Gradius is offline  
Old   #8
 
elite*gold: 0
Join Date: Apr 2008
Posts: 738
Received Thanks: 160
gradius are you doing this with cheat engine?? if not tell me what program you use?
rodelero2 is offline  
Old   #9
 
elite*gold: 0
Join Date: Feb 2008
Posts: 231
Received Thanks: 98
Quote:
Originally Posted by Gradius View Post

- Why sorien changed from login.rohan.co.kr to login.playrohan.com ?

login.rohan.co.kr [222.231.39.6] to login.playrohan.com [206.82.210.26]

Gradius
Because with the hacked client u open directly the client without the launcher if u dont change login.rohan.co.kr to login.playrohan.com it wouldn't login and when u change it, it bypass the patcher (when u change anything it will replace it)
powerfear is offline  
Old   #10
 
elite*gold: 0
Join Date: May 2008
Posts: 92
Received Thanks: 9
I see.

Well, atm I just need to know how to uncompress MZ format (auto-decompressing exe file.

After that I can produce a patch in no time.

Edit: MZ is Win32 Portable Executable File Format

Gradius
Gradius is offline  
Old   #11
 
elite*gold: 0
Join Date: Feb 2008
Posts: 231
Received Thanks: 98
look at this
powerfear is offline  
Old   #12
 
elite*gold: 0
Join Date: May 2008
Posts: 92
Received Thanks: 9
MZ isn't unzip/zip type.

Gradius
Gradius is offline  
Old   #13
 
elite*gold: 0
Join Date: May 2008
Posts: 92
Received Thanks: 9
I need good infos on how to disable GameGuard on Rohan.

I have found some infos, but they're all undated or very old.

Gradius
Gradius is offline  
Old   #14
 
elite*gold: 0
Join Date: May 2008
Posts: 92
Received Thanks: 9
This one disable gameguard:

Rohan Hack Preparation

Make sure you do this before any other hacks.

Initialize Code Cave
Go to 00427AE0 and change the command there to RETN.

Now highlight and select from address 00427AE1 to 00427C59, right click, Binary -> Fill with NOPs.


But it only works on old version, and I don't have that file (the original, before the change).

Gradius
Gradius is offline  
Old   #15
 
elite*gold: 0
Join Date: May 2008
Posts: 92
Received Thanks: 9
The new address seems to be: 04020C0 (old one was 427AE0 from 08/30 file).

Gradius


Gradius is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
[RELEASE] [OPEN SOURCE] CE 5.5 Pointer to AutoIt Source-Code
Habe heute erst gemerkt, dass es hier eine AutoIt Sektion gibt xD also poste ich mal mein Programm mit rein. Funktionsweise: 1. in CE Rechtsklick...
6 Replies - AutoIt
Headset source OPEN SOURCE REQUEST!
Yow As u know samehvan started a project to make the Gay headset source cooler. Then LOTF released (fucking super.pvper) Now noone wanna work on...
3 Replies - CO2 Main - Discussions / Questions



All times are GMT +2. The time now is 21:05.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.