Legacy V3 | Bot + Encryption bypass |
Moderator: Moderators
Re: Legacy V3 | Bot + Encryption bypass |
i think removing the encrypted packets would be kinda like playing with the old client eh?
hi, you are banned.
Re: Legacy V3 | Bot + Encryption bypass |
I'm guessing the server only accepts encrypted packets. I'd follow tsuki's method and have kore send packets to the encryption process rather than the server itself.
Re: Legacy V3 | Bot + Encryption bypass |
Hey Aris, didn't you say that you got a working client??
Well, I was looking at the (un)supported private server, and there was one with the same anti-bot, but no ways to kore connect.
Well, I was looking at the (un)supported private server, and there was one with the same anti-bot, but no ways to kore connect.
orThey have an unknown type of antibot, encrypted client and files. Kore doesn't work on this server.
Maybe this is what we have here in Legacy. But both still aren't supported ''/This server have a strong self-made packet encrypt based on dynamic tables and own server emulator based on jAthena. So if you try to run Openkore, you can receive a ban for your account, ip-address or your hardware ID (mac-adress of your network card, login packets sends you mac).
Quit.
Re: Legacy V3 | Bot + Encryption bypass |
no.
if you're wondering, lro uses harmony...
if you're wondering, lro uses harmony...
hi, you are banned.
Re: Legacy V3 | Bot + Encryption bypass |
Most of us have unpacked the .exe, it consists of harmony.dll, valour.dll and sakexe.exe. I'm currently experimenting with editting strings atm, will try other things soon. Anyone who is willing to HELP with this should come into IRC more, keep in mind some people that come in may or may not be LRO staff, but brainstorming is a + any way.
Re: Legacy V3 | Bot + Encryption bypass |
anyone got modified version of wpe please?
Re: Legacy V3 | Bot + Encryption bypass |
To elaborate more on this molebox unpacking thing, I asked someone to do it for us.
What he said was this.
Took me alot of time to find someone as nice as him.. lol... :/
What he said was this.
To download the unpacked version:You're saying harmony prevents apps from injecting something ?
It's only 50 kb and exports a function called _dummyfunc which does nothing but
Anyway, it is not actually bound to the import table (not from what I've seen so far anyway), so without explicitly loading it, it wont be executed.Code: Select all
PUSH EBP MOV EBP,ESP POP EBP RETN
I found the dll patching the main exe's import table to reroute GetProcAddress and some ws2_32.dll address to an address inside the dll from within its entrypoint.
If the program actually needs that dll, it looks like you've got to add a new section and do LoadLibrary on it, otherwise it won't get loaded.
The second dll isn't really a dll, I guess he thought he's uberly smart adding .dll to the file name
Code: Select all
http://www.zshare.net/download/1162500488692bd6/
Re: Legacy V3 | Bot + Encryption bypass |
the whole real code is in the DllMain(x,x,x)
_dummyfunc doesn nothing
and valour.dll's header is:
so it's a grf
In harmony.dll there are some chunks of data, it imports connect() and send() from the winsock library and redirects these calls to his own functions it's a very simple method to inject and redirect system calls in a software. it's something like RoApp no sp teleport thing
Code: Select all
BOOL __stdcall DllMain(HINSTANCE hinstDLL,DWORD fdwReason,LPVOID lpvReserved)
and valour.dll's header is:
Code: Select all
4d 61 73 74 65 72 20 6f 66 20 4d 61 67 69 63 Master of Magic
In harmony.dll there are some chunks of data, it imports connect() and send() from the winsock library and redirects these calls to his own functions it's a very simple method to inject and redirect system calls in a software. it's something like RoApp no sp teleport thing