Openkore.com

OpenKore Forums
It is currently 23 Oct 2017, 20:33

All times are UTC - 5 hours [ DST ]





Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Everyone is interested...
PostPosted: 14 Jun 2017, 23:50 
Offline
Moderators
Moderators
User avatar

Joined: 16 Dec 2011, 02:53
Posts: 1148
Location: Brazil
On how gameguard works ? And to provide help and some solution to heartbleed packets ? It's a great adventure to learn ASM, C++ and Perl. :D
We must use DllInjection and etc...
It's only for high class in forum.

Must know how to use OllyDbg only

GameGuard source in perl...stills in development (index keys are wrong, i can't get the correct index) :

Code:
#!/usr/bin/env/perl

package ggemu;

#use warnings;
use strict;
use FindBin;
use lib "$FindBin::Bin/lib";
use Crypt::Blowfish;
use Switch;

my $glog = 0;
my $inca_salt = pack("H16", "\@SAU^T2*K");  # min. 8 bytes
my (@input_keys, @output_keys, @inback) = ();
my $each;

@inback = @input_keys;
my @GG_tables = qw(
0x0F9446A94 0x928304C 0x77B2D648 0x0D117EAAC 0x0B24EE97F 0x0A85B70C3 0x30622CB0 0x0E77A8939 0x6A961563
0x37EC7C64 0x0D9613D31 0x0FE2AD3DF 0x34CFC72 0x0A6CC2510 0x72BEFBCD 0x0E539EA9F 0x9D40909B 0x25FA9AD5
0x0B6A6563 0x0DD96AD5A 0x2693E0CE 0x8486ABA5 0x85648B24 0x0B4411C3F 0x0A034EC0C 0x0E450789F 0x0FBC6DEF
0x8C4B482E 0x1A339554 0x3489F284 0x6952FCD4 0x54A31038 0x74800AC6 0x74103893 0x0C34637C3 0x1D59A44C
0x0DE2C1B42 0x0A5E51ACB 0x2E993ECC 0x0C55DF47A 0x2926F8D9 0x0D618B8FF 0x683AD2E0 0x6EA0E0B2 0x646E728A
0x0F79A034C 0x0A439311E 0x7509915 0x9F04A835 0x86A1AA4 0x0DF774D66 0x915FFE81 0x0CBF99A0A 0x1A98CD16
0x0FA1315B9 0x1AAD0FF8 0x0E64C38FA 0x0B053DA2 0x160C8A25 0x8448DD9A 0x0F2ED93E4 0x0FDDF5848 0x1245BAAC
0x0EE424735 0x0FFDC99F8 0x0D00820F9 0x1FEBA74E 0x499A7DFB 0x0FB1A5C16 0x0B27FB4B4 0x1BD031E9 0x94306FCB
0x0E8A6CC4F 0x8545F599 0x0F81386AF 0x0EE25FDA5 0x0C590E791 0x4869E178 0x0D5A4887F 0x0D0C149EF
);

sub logKeys {
@input_keys = qw (0xD3D8B810 0x1CFF9DE3 0x4DD370AF 0xFBA6CD0C);
#@input_keys = qw (0x6A89AC00 0xA9BBE251 0xFDCBD2E2 0x703FC411);
#@input_keys = qw (0x5E5C7C62 0x045F3CC9 0x1B342DC3 0x93C14C35);
#@input_keys = qw (0x887F1D7B 0x3896F6B9 0x29A9D6CF 0x8BC49824);
#@input_keys = qw (0x71EE03FD 0x345EA10C 0xED31583B 0x50531752);
}

sub GGST {   #GameGuard::Start
GGBD();GGKY();GGSC($input_keys[0]);GGOP();GLOG(1, 1);
}

sub GLOG {  #GameGuard::Debug
my ($message) = @_;
   if ($_[1]) {
      my $length;
      
      foreach (@output_keys) { $length += int(length(unpack("H*", $_))); };
      #printf ("[Debug] --> %s\n[\n[0x%08X], [0x%08X], [0x%08X], [0x%08X]\n]\n\n", "GameGuard::SK called", @output_keys);
      printf ("[Debug] --> %s = %d\nFinal hash : 09D01400%08X%08X%08X\n", "Hash length is : ", 20, $output_keys[0],$output_keys[1],$output_keys[2],$output_keys[3]);
   } elsif ($_[1] eq 0) {
      print "[Debug] --> Sorry, we can't return the final hash\n";
   }
   else {
      printf ("[Debug] --> %s\n", $message);
   }
   return 1;
}

sub GGKY {   #GameGuard::Keygen
GLOG("GameGuard::KY called") if ($glog);
    my ($v1, $v2, $v3, $v4, $v5, $v6, $v7, $v8, $v9, $i, $j, $result) = 0;
   $v5 = 8;
   $v4 = 1;
   while ($v5)
   {
      $v7 =  $input_keys[0];
      $v6 = $v4 + $input_keys[0];
      for ($i = 0; $i < $v5; ++$i)
      {
         for ($j = 0; $j < $v4; ++$j)
         {
            $v8 = $v6 ^ $v7;
            if ($v8 & 0x80) {
               $v9 = 2 * $v8 ^ 0xA9;
            }
            else {
               $v9 = 2 * $v8;
            }
            $v7++;
            $v7 ^= $v9;
            $v6++;
            $v6 ^= $v9;
         }
         $v7 += $v4;
         $v6 += $v4;
      }
      $v5 >>= 1;
      $v4 *= 2;
   }
   
   $v1 = $input_keys[2];
   $input_keys[2] = $input_keys[3];
   $input_keys[3] = $v1;
   $v2 = $input_keys[1];
   $input_keys[1] = $input_keys[0];
   $input_keys[0] =  $input_keys[3] ^ $v2;
   return $result;
}

sub GGOP {   #GameGuard::Keygen2
GLOG("GameGuard::OP called") if ($glog);
  my ($iIndex, $itemporaryValue, $trust) = 0;
   $output_keys[0] = 0x10056;
   $output_keys[1] = GGRD();
   $output_keys[2] = GGRD();
   $output_keys[3] = GGRD();

   GLOG("GameGuard::RD called") if ($glog);
   if ($input_keys[0])
   {
      $iIndex = $input_keys[0];
      $iIndex = $GG_tables[($iIndex - 1) % 0x32];
   }
   $trust = GGFD($iIndex, ($input_keys[0] - 1) % 0x14 + 10);
   GLOG("GameGuard::FD called") if ($glog);
   for (my $iPtr2C = 0; ($iPtr2C <= $input_keys[0]) && ($input_keys[0] <= 0x3E8); $iPtr2C++)
   {
      $iIndex = $iIndex - 2 + ($input_keys[2] ^ $input_keys[3]) % 3 + $trust - 2;
   }

   
   if ($input_keys[0] < ($iIndex - 1)) {
      print "Default keys set\n";
      @output_keys = qw(0x8F91FEA3 0x5CDCE1EB 0x4020E041 0xA7ABA6AE);
      sendx();
      return 1;
   }
=cut
   switch ($each) {
      $itemporaryValue = $output_keys[0] ^ $output_keys[3];
      $output_keys[3] = $output_keys[2] ^ $output_keys[1];
      $output_keys[2] = $itemporaryValue;
      $itemporaryValue = $output_keys[0] ^ $output_keys[1];
      $output_keys[0] = $output_keys[1];
      $output_keys[1] = $itemporaryValue;
      $output_keys[2] ^= (0xC082AF4F & 0xFFFFFFFF3FFFFFF4);
      GGBE();
      my ($temp1, $temp2);
      $output_keys[2] += 2;
      $output_keys[0] ^= 0xDF253E7E;
      $output_keys[1] ^= 0xC81827E9;
      $output_keys[3] ^= 0x3B9D3BBE;
      $temp1 = $output_keys[3];
      $temp2 = $output_keys[2];
      $output_keys[3] = $temp2;
      $output_keys[2] = $temp1;
      return 1;
   }
=cut
   GGSD();
}

sub GGSD {   #GameGuard::Send
my $itemporaryValue = $output_keys[0] ^ $output_keys[3];
$output_keys[3] = $output_keys[2] ^ $output_keys[1];
$output_keys[2] = $itemporaryValue;
$itemporaryValue = $output_keys[0] ^ $output_keys[1];
$output_keys[0] = $output_keys[1];
$output_keys[1] = $itemporaryValue;
GGBE();
return 1;
}

sub GGRD {   #GameGuard::Rand
my $iResult = 0;
my $m_temporaryValue;
   for (my $i = 0; $i<8;$i++)
   {
      $m_temporaryValue = GNRD();
      $m_temporaryValue = $m_temporaryValue % 0x10;
      #$iResult |= ($m_temporaryValue << ($i << 2));
      $iResult |= ($m_temporaryValue << (4 * $i));
   }
   return $iResult;
}

sub GGBD {   #GameGuard::Blowfish_Decrypt
   my $cipher = new Crypt::Blowfish $inca_salt;
   unpack("H*", $cipher->decrypt(pack("H16", $input_keys[1], $input_keys[3])));
   $input_keys[2] ^= 0xE2F3D164;
   $input_keys[3] ^= 0x6FD4EE8E;
   unpack("H*", $cipher->decrypt(pack("H16", $input_keys[0], $input_keys[2])));
   $input_keys[0] ^= 0xDA93AB6F;
   $input_keys[1] ^= 0xED3AE7DB;
   GLOG("GameGuard::BD called") if ($glog);
   return 1;
}

sub GGBE {   #GameGuard::Blowfish_Encrypt
   my $cipher = new Crypt::Blowfish $inca_salt;
   $output_keys[0] ^= 0xD253FC2E;
   $output_keys[1] ^= 0x630FC331;
   unpack("H*", $cipher->encrypt(pack("H16", $output_keys[0], $output_keys[2])));
   $output_keys[2] ^= 0xCC0C559F;
   $output_keys[3] ^= 0x1AC6186C;   
   unpack("H*", $cipher->encrypt(pack("H16", $output_keys[1], $output_keys[3])));
   GLOG("GameGuard::BE called") if ($glog);
   return 1;
}

sub GGSC {   #GameGuard::Switch case
#printf "Index = %08X\n", $_[0];
my $found = 0;
   if ($found eq 1) {
      print "Found = " . sprintf("%X", $_[0]) . " and each = $each\n";
   } else {
      print "Switch not found... add : " . sprintf("0x%08X\n\n", $_[0]);
   }
}

sub GGFD {   #GameGuard::FunctionDemangle
my ($iIndex, $iLevel) = @_;
my ($result, $i, $j, $k) = 0;
   switch ($iLevel % 0xA)
   {
      case 1 {
         for ($i = 97; $i > 0; --$i) {
            $iIndex = $iIndex - $i + 1;
         }
      }
      case 2 {
      $iIndex -= 105;
         if (!($iLevel % 2)) {
            --$iIndex;
         }
      }
      case 3 {
         $iIndex = $iIndex - 8999 + 100;
      }
      case 4 {
         for ($j = 98; $j > 0; --$j) {
            $iIndex = $j + $iIndex - 1;
         }
      }
      case 5 {
         $iIndex -= 68;
      }
      case 6 {
         $iIndex += 64;
      }
      case 7 {
         $iIndex = $iIndex - 187 + 100;
      }
      case 8 {
         for ($k = 99; $k > 0; --$k) {
            $iIndex = $iIndex - $k - 1;
         }
      }
      case 9 {
         if ($iLevel % 3)
         {
            if ($iLevel % 3 == 1) {
               ++$iIndex;
            }
            else {
               $iIndex -= 2;
            }
         }
         else
         {
            --$iIndex;
         }
      }
      default:
      if ($iLevel % 2) {
         $iIndex -= 103;
      }
      else {
         $iIndex -= 71;
      }
   }
if ($iLevel >= 2) {
   $result = GGFD($iIndex, $iLevel - 2);
}
else {
   $result = $iIndex;
}
return $result;
}

sub INFO {   #This::Console
system("COLOR C");
   do {
      print "#" x 73 ."\n";
      print "#\t\t[~INFO] --> Tables size : " . scalar @GG_tables . " \t\t\t\t#\n";
      print "#\t\t[~INFO] --> Trident (Poseidon/GG) emulator\t\t#\n";
      print "#\t\t[~INFO] --> Made by : SkylorD  \t\t\t\t#\n";
      print "#\t\t[~INFO] --> Thanks to Licielg & Jean Pablo\t\t#\n";
      print "#\t\t[~INFO] --> Made IN : 04/12/2016 05h12m\t\t\t#\n";
      print "#\t\t[~INFO] --> github.com/AlexandreBR3N   \t\t\t#\n";
      print "#\t\t[~INFO] --> Made to work in bRO   \t\t\t#\n";
      print "#\t\t[~INFO] --> It's still in progress   \t\t\t#\n";
      print "#" x 73 ."\n\n";
   } while (0);
}

sub GNRD {
my $iResult = 0;
my $rand;
$rand = 0x343FD * $rand + 0x269EC3;
$iResult = $rand;
return ($iResult >> 16) & 0x7FFF;
}

=cut
GGOP:
   return GGBE($output_keys[0]);
   @pinKey = GGBE (@poutkey);
}
=cut

*start = *logKeys;
*getinfo = *INFO;
*main = *GGST;
&start;
&getinfo;
&main;

system("pause");
1;

_________________
"'There are three things all wise men fear: the sea in storm, a night with no moon, and the anger of a gentle man.'" :P

Click here and travel to a new world -> Newbies
Read before asking something.
How to connect to private servers


Top
 Profile  
 
 Post subject: Re: Everyone is interested...
PostPosted: 15 Jun 2017, 13:04 
Offline
Been there done that!
Been there done that!

Joined: 09 Apr 2017, 07:23
Posts: 119
wait


Top
 Profile  
 
 Post subject: Re: Everyone is interested...
PostPosted: 15 Jun 2017, 13:45 
Offline
Moderators
Moderators
User avatar

Joined: 16 Dec 2011, 02:53
Posts: 1148
Location: Brazil
Liciel
Jean Pablo
Me

3 peoples developing it.

Need more peoples. With this, will be easy to create plugins/macros :P

_________________
"'There are three things all wise men fear: the sea in storm, a night with no moon, and the anger of a gentle man.'" :P

Click here and travel to a new world -> Newbies
Read before asking something.
How to connect to private servers


Top
 Profile  
 
 Post subject: Re: Everyone is interested...
PostPosted: 27 Aug 2017, 09:04 
Offline
Human
Human
User avatar

Joined: 21 Jul 2009, 13:27
Posts: 24
Hi skylord, im very interested in this but i don't know where to start to get close to u guys' goals. Right now im learning the basics of C programming. Can u suggest me which kind of exercise i should practice so that i can polish my skills asap !?

_________________
Hi everyone dont scold me plz


Top
 Profile  
 
 Post subject: Re: Everyone is interested...
PostPosted: 29 Aug 2017, 13:24 
Offline
Moderators
Moderators
User avatar

Joined: 16 Dec 2011, 02:53
Posts: 1148
Location: Brazil
NOTE : Recently i have noted that i have discovered somekind of junkcode not scanned by CRC, and injected somes dll. And gameguard had updated last week, covering.
Then i believe they are shitting his pants.

Quote:
where to start to get close to u guys' goals

You need infiltrate in some area, knows ? And spread out self like a viruses.

To get this results i got, you need know only RCE and use some tools.
But with tools, you won't get 100% of the code of gameguard.

And well at this point you can see that i'm stopped, my skills are insufficient.
I'm calling not 'sufficient' peoples, but avaiable persons.

I'm stopped at Themida virtual functions. Some peoples bypassed it but i dunno how i can. (polymorphic engine)

http://www.mpgh.net/forum/showthread.php?t=760907

This is the GameGuard source.
In your skills, it won't help much.

But at least you can understand somethings about C/C++/RCE.
The only skill you'll learn is to learn how to reverse code in GameGuard.

What i will gain with this ?
R: I can teach where/how i have stopped, and if you want to continue, ok, if not, ok !

Code:
/* Credits To Gene In This Portion - Polymorphic a bit of it needs to be changed */
    itemporaryValue = pInKey[2]-0x35f3a386;
    itemporaryValue ^= 0xad5656c6;
    itemporaryValue += 0xd97e3d52;
    itemporaryValue -= 0xdfe08b35;
    itemporaryValue += 0x1c9f236d;
    itemporaryValue ^= 0x03f74ad0;

    pOutKey[1]    = itemporaryValue;
    pOutKey[2]    = itemporaryValue ^ 0xf8805824;
/* End Credits to Gene */

Can u see this ?
My gameguard code is only missing this piece of code with updated values.

If i got these values, we can bot with infinite bots and give support to all servers using GameGuard. Don't need to use poseidon.
But this piece of code is obfuscated. And is hard FOR ME to get this.

_________________
"'There are three things all wise men fear: the sea in storm, a night with no moon, and the anger of a gentle man.'" :P

Click here and travel to a new world -> Newbies
Read before asking something.
How to connect to private servers


Top
 Profile  
 
 Post subject: Re: Everyone is interested...
PostPosted: 31 Aug 2017, 13:18 
Offline
Human
Human
User avatar

Joined: 21 Jul 2009, 13:27
Posts: 24
Okie seems like it is a long way to go. But ill start learning about it slowly.

By the way, i found a snapshot of a python code claiming to bypass the phro server's protection here. Do u know in which way the person is trying to bypass from ?

http://imgur.com/y6Nvx6i

Is this the same method u r trying to accomplish ?

_________________
Hi everyone dont scold me plz


Top
 Profile  
 
 Post subject: Re: Everyone is interested...
PostPosted: 02 Sep 2017, 20:30 
Offline
Moderators
Moderators
User avatar

Joined: 16 Dec 2011, 02:53
Posts: 1148
Location: Brazil
Well i don't understand about python, but what i'm doing is a emulator.
GameGuard emulator
I guess its fake

_________________
"'There are three things all wise men fear: the sea in storm, a night with no moon, and the anger of a gentle man.'" :P

Click here and travel to a new world -> Newbies
Read before asking something.
How to connect to private servers


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group