InternalGuard and RagnaGuard bypasses

[soulstripper]

Hello everybody,

I'm working on a bypass to InternalGuard and RagnaGuard.

These two shields are, along with Harmony, the three most used ragnarok shields in Brazil, and, as far as I noticed, pretty much used in other countries too.
They both work almost in the same way and I already know the way they both blocks openkore and other cheats and a way to bypass this.

That's the way they work:

The main .exe of the server has the incorrect set of packets, so it is, by default, unable to connect with the server. This is a client-side protection. Because of this, you can't just open the .exe (some times disguised in a .bin file). When you open, for example, InternalGuard.exe, the program awakes three .dll files, and some of them is injected in the .bin/.exe file and modify the set of packets, turning them exactly equal to the set of packets that are in server-side and allowing the connection. I'm not sure of that, but I think that openkore is unable to connect cause he got the wrong set of packets (recvpackets.txt), cause the .exe had foolish the extractor.

And my idea to bypass they:

It's not really my idea. I read this in a couple of develop forums telling people to not use these two shields, so i'm pretty convinced that this will work.
All we have to do is create a .dll who change the set of packets of the .exe, without starting the shield. Having the correct .exe, we can extract the correct recvpackets from him.

I never created a dll before, but I'm a programmer (specifically a Perl programmer, work with this at University of Sao Paulo) and have some experience with Delphi (language that the shields were made). I already decompiled InternalGuard and I'm looking how he changes the set of packets and I'll let you know of any advance.

If anyone has knowledge on any of this fields and wants to help, it would be great. The openkore is dying (what makes me truly sad, I became a programmer because of kore and think that a lot of people too) and pretty much of the reason is the advent of the private servers shields. The openkore community turned his back to the privates servers (in a certain way, cause it generates no real money) and lost an important part of the "market". There's still time to change this situation. Lets do this!

[Puding]

RagnaGuard has been updated? Few years ago I found out that RagnaGuard it's look like a XKore, the client send normal packets to RagnaGuard, then to the server, without encrypt it (like Harmony).

Also, if you just change the wpe dll name you are able to inject with no problem.

I don't know how both shields are working nowadays.

[iMikeLance]

Can you provide me an example of server using this kind of software?
I can take a loot at this kind of protection and see what I can do. But I don't see any advantage at bypassing commercial shields.

[soulstripper]

@Puding

Here's what I read about those guards:

coz it only change login packet ids and all "protect" work from client side
ie simple dll inject with changed packets will allow to connect protected server without protect from client side
its all about free version, dont know what difference with paid, but i think almost no difference

under inject dll i mean - fully disable/detach IG from exe(or take other exe/client same version with server without IG) and log in game with our dll which change packets like IG, so IG will not even run. IG not running - integrity file checking and other features of course will not work
So we just login in game as usual like without protect. And server doesnt reject us coz we change packets as it(server) wants

Well is not this protection? Client connects to a secure server hinder us only changed ID network packets.
Written dll, which will replace the ID for multiple packages . And we are playing on a server without Internal Guard.
Earlier this protection called BitSecure. Bypass was the same. http://ea-support.ws...rs/ # entry6473
But it was almost 2 years ago and nothing has changed . The author continues to increase functionality , but does not notice the elementary ability to play on a secure server without protection.
P.S. Decided to run for the test. Windows 7 x64 falls . Had to run on a Virtual XP.
Protection process almost always eats 99% of CPU time. Game hangs .

Aparently, both projects are not being pretty much updated. Specially RagnaGuard.

Yeah, you can change the dll name and inject, but is unable to take the correct recpackets from the client.

PS: You're the one who made PudingWPE? Thanks for that. I used that for a loooong time.

@iMikeLance

Example of a server with RagnaGuard: http://www.ragnatug.com.br/
Example of a server with InternalGuard: http://www.ragnaclic.com/

These two are not commercial shields. They are free shields who aren't being much updated. Bypass them mean set free to botting near a half of the private servers.

[soulstripper]

Sorry for the double post, but I think it'll worth.

Just bypassed RagnaGuard in a incredible simple way:

Renamed the WPE dll with xvi32, and got the connection infos with him. After that, took the recpackets with JCV and it's done. To use xKore 1, all I had to do was duplicate NetRedirect.dll, change his name, and change XKore_dll field in config.txt.

Tomorrow I'll take a deeper look at InternalGuard. Seems to be a bit more complicated.

[Puding]

Yes, I "made" this wpe version long time ago hahaha, this guard is simple, it's just works with filenames. But to get the correct infos, you need to inject on Ragnaguard, not on RO client, right? That's one thing I can remember.

[Buckyx]

how did you bypass internal guard?