idRO Not Working after 27-01-2010 | All Version

[michaelaw]

Update 10-3-2010 : Just as harry84 says....

Here is the new ragexe.exe and xyz.cfg (xyz.dll also included)

And here is the new screenshot :

[kLabMouse]

Well. I made something....
The Imports are restored, but!!!
there is 5 Functions that are running using VM.
thus are:
tGsEncrypt::Encrypt
tGsEncrypt::Decrypt
tChecker::Main
madCodeHook::Unknown1
madCodeHook::Unknown2

So.. I was wrong in the first Place.
Anyone wonna Help????

[h4rry84]

i have no idea about it. i only knew that madCodeHook is a code hooker -_-a

[ToXCiL]

This was the temporary solution openkore to idro until xyz.dll could be solved.
This method could be considered to be quite stupid, but at least openkore could be run.
Earlier I didn’t share this method, because according to me was not yet the perfect solution.
So I only tell to several people that according to me could in believed and he would not share to others.

This method rather was difficult, because needed "tabel" that must be updated continually.
The belief remained at the belief, the friend ate the friend.

After he knew how got “tabel”, he then began sold openkore.
Possibly several people already known who sold this program.
In fact he was a moderator in the oficial forum lytogame.

So I thought better the user openkore in idro knew this method.


open functions.pl find:

Code: Select all

	if (defined($data) && length($data) > 0) {

add after:

Code: Select all

		if ($net->getState() < 2){
			$data = idro_decrypt($data);
		}

in last line before

Code: Select all

return 1;

add before:

Code: Select all

sub idro_decrypt {
	my $data = shift;
	my $data2 = "";
	my @tabel  = split / *\ + */,"30 ED 5D 60 34 D8 31 75 1F AC A3 FB B8 09 CC A1 3F 3B C4 C1 E4 E1 3D 6E 86 77 E7 18 9B 97 A2 4B 8A E9 DB 69 7C 95 AF E2 5E FA 40 BF EE 47 59 4F 76 7E A6 DA 3C AB C6 68 9E 54 23 7B 33 49 62 B4 FE C9 B9 F5 5B B6 2D 1B 14 8F B0 FF 02 8C D0 11 A7 7F CA 88 99 E0 87 4E B2 2B A0 D6 F4 8D F9 91 EF AE 46 7A 74 9F C5 FC 42 5F 2A 89 0F CF 41 50 81 CE 6B C2 D4 A8 F0 B7 1A 96 1E 3E 9D D3 BB 01 24 E6 8E 82 F3 5C 04 20 78 F2 C3 CB DE EC 73 B3 64 DC CD 83 B1 7D 00 19 0D 38 35 43 94 32 15 07 6D D7 AD 39 67 B5 70 80 10 29 36 3A 90 2E 66 48 13 65 D5 BC C0 9C 45 71 A5 0B 28 F1 27 06 17 A9 72 6A E3 DD 5A D9 84 85 61 E8 1D 22 0E 6C BE 63 98 1C 6F A4 92 16 F7 25 C8 12 37 C7 EA D2 BD BA 4C 55 0C F8 EB 8B 05 08 E5 21 03 57 44 93 53 FD F6 DF 51 D1 26 2F 58 4D 79 9A 0A 52 2C 4A 56 AA ";
	my @hex  = split / *\ + */,getHex($data);
	for (my $i=0;$i < @hex; $i++) {
		$data2 .= giveHex($tabel[hex($hex[$i])]);
	}
	return $data2;
}

this is temporary solution for 10maret until next maintenance.
after maintenance, the tabel will change.
in next post i will tell how to find the tabel.

[h4rry84]

it's nice to see that someone want to contribute another idea

[ToXCiL]

this is the way to get "tabel"
first we capture the packet via ethernet
we cannot use wireshark because xyz.dll block winpcap
so we can use other sniffer, for exaple use Socket Sniffer

the second packet capture by using WPE
xyz block WPE too, but if we rename the dll, we can use for 2~5 second
that enough for getting packet start with DC 01

ok let start
- run ragexe.exe fill username and password (do not enter yet)
- run socket sniffer, select ragexe.exe process and start capture
- run wpe, select ragexe.exe process, and start capture
- return to ragexe.exe dan press enter

now we get data like this

Code: Select all

91 7F 48 96 FB A5 BF 75 56 BD BA 48 71 B2 CC B8 4D 93 53 C9
DC 01 14 00 52 B5 A9 A8 87 06 28 14 CE D5 0E A5 8C 83 88 E8

91 7F 48 96 79 4C C0 04 FC 11 BE 54 9B 37 70 8B 54 C5 6C CE
DC 01 14 00 96 02 72 34 2C 3B 17 99 43 68 81 CB 99 D9 0F BE

packet data 91 7F is from socket sniff and packet data DC 01 is from WPE
do it continously until we get 100 packet+

collect all data, and save into file data.txt
continue ....

[ToXCiL]

Code: Select all

#!/usr/bin/env perl
# Syntax:
#	mapper.pl <namafile> <hex1> <hex2>
#	
# namafile : file yang berisi data hexa hasil capture
# hex1     : hexa pertama yang sejajar dengan DC
# hex2     : hexa kedua yang sejajar dengan 01

use strict;

package App;

my %hasil;
my @hex1;
my @hex2;

open FILE, "< $ARGV[0]";
open FILE2, "> result.txt";
	foreach (<FILE>) {
		$_ =~ s/^\s+//;
		$_ =~ s/\s+$//;
		if (/^$ARGV[1] $ARGV[2]/) {
			my @hexx  = split / *\ + */, $_;
			foreach (@hexx) {
				$_ =~ s/^\s+//;
				$_ =~ s/\s+$//;
				push (@hex1,uc($_));
			}
		} elsif (/^DC 01/) {
			$_ =~ s/^\s+//;
			$_ =~ s/\s+$//;
			my @hexx  = split / *\ + */, $_;
			foreach (@hexx) {
				$_ =~ s/^\s+//;
				$_ =~ s/\s+$//;
				push (@hex2,uc($_));
			}
		}
	}
	my $count = @hex1;
	for (my $i=0 ; $i<@hex1;$i++) {
		if ((defined $hasil{$hex1[$i]}) && ($hasil{$hex1[$i]} != $hex2[$i])){
			print "Ada data yang salah $hex1[$i] $hasil{$hex1[$i]}\n";
		}
		$hasil{$hex1[$i]} = $hex2[$i];
	}
	my $i=0;
	foreach my $key (keys %hasil) {
		$i++;
 }

	print "$i key dari 256\n";

	for (my $i=0;$i<256;$i++) {
		my $key2 = uc(sprintf("%.2x",$i));
		print "$hasil{$key2} ";
		print FILE2 "$hasil{$key2} ";
		if ($i % 26 == 25) {print "\n";}
 }

close FILE;
close FILE2;

for example :

Code: Select all

C:\>mapper.pl data.txt 91 7F

91 7F is 1st and 2nd hexa from packet sniffer
after that, we get file result.txt that contain a new table of decyption

remember, you must get 256 keys
if less then 256, you must get another capture packet from socket sniff+wpe


the end

[t3quila]

PERFECTO! God Bless You Toxcil!

[dewarna]

ToXcil

it`s work,GBU

[kLabMouse]

Hmm... Translation Table? Translation table have just one rule: key's must not be duplicated.
The thing that this algo do not support is the UDP Handshake and key exchange.
This way they can find you, and ban easily.