I found this tutorial...
and i just want to share this..
This will give you an idea on how to bypass gameguard.
All credits goes to Sexy Romanian SunBeam
Hey guys
Here is a TuT How To do/make a Server Emulation
This will NOT make patched wallhacks unpatched!!!
1. History
----------
This method of "defeating" GameGuard came to life in 2001-2002. The first game ever having this protection was and still is - MU Online. The ideea of making a server that would "update" GameGuard with old files was commonly used at that time. People simply updated the tutorial and used it on other games that received GameGuard's "blessing". Which brings us to these days.
GameGuard uses a module that determines speed of transfer and checks if updates for any of its modules are available. If yes, the update begins, the modules are re-initialised, then launched and the game starts.
Formerly, the tutorial stated that in order to achieve server emulation, one needed to know what GameGuard "tells" the server. In simpler terms, where does GameGuard update from and what is the server's structure. Using a simple firewall, one can find the site, but can't determine the server directory from which GameGuard updates. For that I think I've heard something about a program called Ethereal which caught packets upon send. But it seems, GameGuard's packets are also encrypted nowadays.
2. Why emulating GameGuard ?
-----------------------------
First of all, emulation isn't only used for the purpose of hacking. Why am I saying this ? Well, if you are having a dial-up connection and want to play the game, the simple fact of having GameGuard connect to its server will slow you load-up times drasticaly. I also noticed that when I installed GunBound Philippines Service and tried to play, GameGuard wouldn't want to connect. It simply froze and I had to wait like 10 minutes only for the update process, let alone re-initialisation. Well, if you want to play GPS from a far country, connection problems appear. Same goes for MapleStory Global. Back in the days when GameGuard would CRC the game's files, my connection got closed upon entering the game. This is the good part of the emulation.
Emulating will also allow one user to use obsolete|detected hacks, by simply downgrading the protection modules [reverting to old revision files].
NOTE : GameGuard files have a period of life-time. So, when the regular modules are at revision 7xx and you are trying to use 4xx ones, your GameGuard.des might not recognize them and end up in the common known error : "GameGuard.des was not found". That can be overcome, if you manage to make GameGuard.des not check for the digital signature of the files .
3. Knowledge is power
---------------------
In order to achieve emulation, you need to know certain facts of the "trade".
First of all, GameGuard uses two keys to decrypt the game's .ini. The same decryption keys are used to parse update.cfg [what is update.cfg ? - the file that contains all the info regarding GameGuard's modules - such as : CRC, version, command lines etc. - and that file, in case you wonder, is stored and read from iNCA's servers and can also be downloaded]
Those two keys are located at the end of each file. So, basically all of GameGuard's modules are digitally signed. Open any of the .des files with a hex editor and look at the very end of the file. You'll see the two keys :
Quote:
!&.2 = 32812621
"&.2 = 32812622
Using those keys, and knowing what the public decryption key is, GameGuard is able to read the content of the encrypted files.
Second of all, if you read the tutorial till here, you noticed that I say "nowadays GameGuard uses encryption on its own packets". Well, knowing the used keys, and the public RSA key, you can simply decrypt the .ini|.cfg and read the whole server information GameGuard requests on launch and when it tries to update.
4. Setting up
-------------
As I earlier said, it's very easy to emulate the protection, once you know what you have to do. Having the .ini file decrypted, you will be able to know :
* server IP
* server path [the directory on the server where the update files are located]
* backup server [usually, iNCA used a backup server if any problems appered with the primary server]
* backup path [when backup server was used, a path was also required]
Currently, for MapleStory Global, the game's .ini [MapleStoryUS.ini] in its decrypted format is as follows :
Quote:
[GAMEMON]
GAME_NAME=MapleStoryUS
UPDATE_SERVER=gameguard.mapleglobal.com
UPDATE_PATH=/nProtect/GameGuard/RealServer/
BACKUP_SERVER=72.5.148.122
BACKUP_PATH=/nProtect/GameGuard/RealServer/
OPTION_VALUE=0
SPEEDCHECK_INTERVAL=1000
SENDERL=1
GAMECRC=0
USE_DRV=1
REVISION=47
What can we learn from this ?
1. The primary update server is : gameguard.mapleglobal.com
2. The primary server path where the files are stored is : /nProtect/GameGuard/RealServer/
3. The secondary [backup] server is : 72.5.148.122
4. The secondary path : /nProtect/GameGuard/RealServer/
Also, there are some other options GameGuard checks : for connection speed once in 1000 ms, CRC on the game's files is disabled as you can see GAMECRC=0 and it also checks for the revision indicative REVISION=47.
If you ever wondered how we obtained old revision files for GameGuard, now you know the answer. For those who are retarded, try this :
*ttp://UPDATE_SERVERUPDATE_PATHFILE_NAME
as in for example :
*ttp://gameguard.mapleglobal.com/nProtect/GameGuard/RealServer/update.cfg
You can change the update.cfg at the end with any of the .npz files [GameMon.npz, NPSCAN.npz, etc...] This is the way to download revision files...
5. Emulating
------------
For that you'll most likely be needing an emulation server. Apache can do that for you by simply installing it.
Once you do that, the local server path will be in the htdocs folder. That is what we'll use for UPDATE_SERVER.
We will need to create the UPDATE_PATH : /nProtect/GameGuard/RealServer/. So, in htdocs, you'll need to create that directory tree. Simply create a folder and name it "nProtect", enter that folder and create another one called "GameGuard". In GameGuard folder create "RealServer".
Once UPDATE_PATH is set, we'll need the revision files. For that use any revision files you want - old, new - and put them in that folder [RealServer]
Ok, we set up our server, now let's make GameGuard connect to it. In order to achieve this, you need to edit the hosts file, located in WINDOWS/system32/drivers/etc. Once you get there, you will find the file. Open it with Notepad and add the following :
Quote:
127.0.0.1 gameguard.mapleglobal.com
127.0.0.1 72.5.148.122
the save the file. Reffer to NOTE #2 below for what you MUST do once you saved your file.
What can we learn from this ?
1. 127.0.0.1 = the local server as in your computer; that is the default IP for your computer's ID
2. The syntax "127.0.0.1 gameguard.mapleglobal.com" is identical to this : once your computer tries to contact gameguard.mapleglobal.com, it will be redirected to 127.0.0.1; same goes for the other IP
3. Why add both IPs, and not only "gameguard.mapleglobal.com" ? Because we want to make a full emulation, and then not wonder why it still connects to the real server instead of ours. Capisci ? That's the reason people fail to do emulation and say it's patched. Because they add only one IP and don't cover all the "holes"
NOTE :
1. I hope you noticed that UPDATE_PATH and BACKUP_PATH are identical. In GunBound, for example, they are different and to make a full emulation, you also need to add the BACKUP_PATH in htdocs.
2. GameGuard can detect if the update server is changed. And if that happens, it will change the data you wrote in the hosts file. For that not to happen simply change file attributes to Read-only (For stupid people : right-click the file, Properties, tick Read-only)
That covers it all. Once you do all I said here, you shouldn't have problems with your emulation and everything will work just fine. Am waiting for questions and for suggestions on updating this tutorial. Note that I won't update it with stupid data such as : go to this folder and do that and so on...
This tutorial is general, and should be enough for you to achieve emulation
Credits To:
The Sexy Romanian SunBeam
 |
