Openkore.com
http://forums.openkore.com/

cRO situation
http://forums.openkore.com/viewtopic.php?f=38&t=31077
Page 1 of 1

Author:  DrKN [ 21 Mar 2013, 22:25 ]
Post subject:  cRO situation

hello,

The cRO is relaunched last month and its currently in EP14.1 (The first EP of renewal)
However there is a big problem.
As they have a update every week and they reshuffle the packet headers every time it patched (now reshuffled 2 times)
I think the best way for supporting cRO is working on the client side
will it be possible to generate a signature list of every header assembly code?
so it can detect it and regenerate a redirect header code putting in cRO.pm

Author:  kLabMouse [ 21 Mar 2013, 22:48 ]
Post subject:  Re: cRO situation

DrKN wrote:
hello,

The cRO is relaunched last month and its currently in EP14.1 (The first EP of renewal)
However there is a big problem.
As they have a update every week and they reshuffle the packet headers every time it patched (now reshuffled 2 times)
I think the best way for supporting cRO is working on the client side
will it be possible to generate a signature list of every header assembly code?
so it can detect it and regenerate a redirect header code putting in cRO.pm


Why not like in bRO ?
There is "Detected" list of packets "normal" ID and "changed" ID that is generated out from client binary.

Author:  DrKN [ 22 Mar 2013, 21:23 ]
Post subject:  Re: cRO situation

oh really?
is that the file generated by Ever Rox's tool?

Author:  DrKN [ 23 Mar 2013, 22:53 ]
Post subject:  Re: cRO situation

The situation changed.
Now cRO is using theMida for exe protection
It is not letting OllyDBG attaching or opening the ragexe
If we need to support it we need to unpack this first but this is known as the hardest kernel exe shield

Author:  kLabMouse [ 24 Mar 2013, 03:08 ]
Post subject:  Re: cRO situation

DrKN wrote:
The situation changed.
Now cRO is using theMida for exe protection
It is not letting OllyDBG attaching or opening the ragexe
If we need to support it we need to unpack this first but this is known as the hardest kernel exe shield

Themida does not protect from memory dump. That's all that's needed. Unless they Virtualized some protection functions.

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/