Elecom shield

[lacunacoil]

yeahh but Im learning..
did you bypass it Motivus ? or you are telling us what we are teorically suppose to do?

[Mushroom]

Resurrecting.

Well, i'm still trying to break the elecom shield. From what I see, the game doesn't start without npkyod.dll (it's a .exe), directxq10.dll, qtilib.dll, directx10.bin (another .exe, this one is heavier than npkyod.dll.

And somebody from brazilian forums got these packets from map-server.
Their .exe sends to map-server

Code: Select all

00000000 24 00 1a 00 8d 3c 18 44 80 89 39 ce 3b 4f 9a 87 $....<.D ..9.;O..
00000010 89 b5 c2 c8 5e c4 0a 57 c3 50 97 d9 32 88 21 c0 ....^..W .P..2.!.
00000020 58 e2 99 15 X...

Openkore sends to map-server

Code: Select all

00000000 9b 00 39 33 4e a0 21 00 65 18 64 0b 00 37 33 36 ..93N.!. e.d..736
00000010 64 1c 48 24 78 97 71 96 05 01 d.H$x.q. ..

ASCII -> ..93N.!.e.d..736d.H$x.q... 

Ps: Their .exe always send these bytes 24 00 1a.

Well, I also tried to attach ollydbg into the game, but wasn't able to do anything x.X

So, maybe we can change openkore so everytime he connects he send the right bytes, like the client. Can it work or Elecom Shield doesn't work like it?

directx10.dll and nykod.dll also take part in elecon shield protection

Proof you have no idea what you're talking about.

He's true, directx10.dll is from the elecom shield. Without it, we can't pass from the map-server like with kore. These are the files that may be from elecom shield.

Code: Select all

directx10.dll <--- can't open it with olly
directx10.bin <--- it's a .exe, if we get a different .exe and rename it to directx10.bin and game won't start.
nkyod.dll <---- can't open it with olly, the game doesn't start without it
qtilb.dll <---- the game doesn't start without it

[lacunacoil]

hello mushroom =)
yess you are right !
In my opinion the only way to bypass elecon is to make openkore send the right packets !
I was trying to use wireshark to discover the differences between the bytes sent by the offical ro client and a .exe client (which connects only until map server only) , but I wasnt sucessfull.. =( you can try that maybe you get something


here's something ive discoved by accident :
take nkyod.dll and change it to .exe... then double click it and ragnarok starts..( this profs nothing but its really weird )..
nkyOD is for odin
nkyOT old times
nkySA sakray

[Xoft]

i think it's on the client that makes you enter the map server they got a encrypted code in it...

[Mushroom]

I don't think it's the client, because without the directx10.dll and using their .exe we can't pass from map-server.

[Xoft]

what i mean is on the hex string in the client

[Mushroom]

So, we have to find it and implement it on the openkore so it can pass from map-server too.
Or make openkore hook the receive/send functions.

[Xoft]

yeah
By disassembly it?!

[Mushroom]

Problably not because i don't know C++ x.X
If somebody teach me the basic I can try it, I have a lot of time free anyway.

[Xoft]

Sorry im not good at C
anyway u can learn thru google