Thread: Bypass HackShield for RO2

Another Update:
People have been asking me for a bot for a while. So I made one.

https://progamercity.net/ragnarok-on...2-ro2-bot.html

It is a tiny (60KB), low memory usage bot.

Update:
Hello everybody. A friend of mine has developed something that autopatches and gets the playerid/token on the fly that will benefit all players who use this thread's methods. The new thread is at
https://progamercity.net/anti-cheats...-lots-sea.html

This will be left here for information references but it isn't needed anymore with the new ro2loader. I recommend everybody to use the loader that will auto patch and auto get playerid/token. This will make sure people won't make mistakes hexing.

To download the new loader visit
http://pbx.mine.nu/ro/

But if you still want to use manual method. The hex is still the same as 2013-01-24 for 2013-02-01 client.

OLD INFORMATION FOR REFERENCE ONLY

Code:

; this is now old but still relevant for people wanting to patch their own exe
.text:00822F44 57                                      push    edi             ; hInstance
.text:00822F45 FF D6                                   call    esi ; LoadStringW
.text:00822F47 E8 F8 CD FF FF                          call    sub_81FD44
.text:00822F4C 85 C0                                   test    eax, eax
.text:00822F4E 75 16                                   jnz     short loc_822F66
.text:00822F50 68 80 FD 81 00                          push    offset TopLevelExceptionFilter ; lpTopLevelExceptionFilter
.text:00822F55 FF 15 44 33 DB 00                       call    ds:SetUnhandledExceptionFilter
.text:00822F5B 57                                      push    edi ; replace with jmps loc_822F66 (EB09)
.text:00822F5C E8 F8 CD FF FF                          call    sub_81FD59 ; this is hackshield call, nop
.text:00822F61 59                                      pop     ecx ; nop the rest
.text:00822F62 85 C0                                   test    eax, eax ; nop
.text:00822F64 74 BC                                   jz      short loc_822F22 ; nop
.text:00822F66
.text:00822F66                         loc_822F66:                             ; CODE XREF: wWinMain(x,x,x,x)+85j game code continues here.
.text:00822F66 53                                      push    ebx
.text:00822F67 FF 15 88 3C DB 00                       call    ds:__imp_timeGetTime
.text:00822F6D 50                                      push    eax             ; Src
.text:00822F6E FF 15 D4 35 DB 00                       call    ds:srand

; dont use this for latest exe. this is old locations for reference 
search: 57 E8 F8 CD FF FF 59 85 C0 74 BC 
replac: EB 09 90 90 90 90 90 90 90 90 90

what it does:
sub_81FD59 is beginning of hackshield load, i looked through it but got bored quickly. decided to just never call it.
so we jump over it (jmps loc_822F66, 2 byte instruction EB09) and clean up the rest with nops so it looks nice.

Update (you need to patch your exe to remove hackshield before dual login, bot or mem searching)
Latest client patch. Make sure you updated to the latest version and use a good hex editor. I use HxD
To patch latest exe to bypass HackShield. This will be the last exe I will make. Please use the above information to find the new locations to patch as it is almost exactly the same.

Code:

; ro2.exe 2012-01-24 client hex location to bypass hackshield
search: 57 E8 DA CD FF FF 59 85 C0 74 B6
replac: EB 09 90 90 90 90 90 90 90 90 90

or download the latest from this post. I reattached latest exe.

How To Use Bypass
1. You need your "PlayerID" and and "Access Token" which is created everytime you login using ro2client.exe. Simpler way to get that information is login using

Code:

https://loginro2sg.playpark.net/ro2_main.aspx

And it will return your player id and access token seperated by a | . eg.

Code:

PP000000000000001234D|187EE94DB4DA4145A72C65962C45B7E9

Your player ID will be PP000000000000001234D
And your access token will be 187EE94DB4DA4145A72C65962C45B7E9

You can type this by hand in command prompt if you like but an easier way is to make a .bat file in the root game folder.
C:\PlayPark\RO2\bypass.bat
Inside that file can be something like

Code:

@echo off
start SHIPPING\Rag2.exe PP00000000000000XXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX login.playro2.com

there the XXXXX is your Player ID and your Access Token

Token lifetime used to be reusable as many times as you like. But I think now if you try to reuse your token, you will get a login timeout error as the token is probably thrown away after successful login. So just get a new one after you are done.

Now that it is confirmed that tokens are thrown away everytime you login. I have posted enough information here for somebody to code a custom launcher that can automatically login using the login page and automatically run Rag2.exe with new generated values each time. It shouldn't take long. But if nobody does it then I may do it later.

2. You need a patched exe if you want to bypass HackShield.
The above trick should still work with HackShield but if you want to bypass it, you can download it from the post or hex edit the latest exe on the date of this post (2013-01-24). If you have a different exe the hex locations might change so if your hex search fails, then download the one here. The game currently still allows older clients to login so I'm not sure how much longer that will last. But to prevent possible errors you should try to use the latest one.

I attached latest exe but I haven't tested it. All I did was load the game and I see no hackshield then I quit. I don't have time to run around to see if anything crashes or broken as I don't play this game anymore.

X. Failed to run shader parsers errors
If you run into this error it usually means the game can't find the correct shaders. You most likely are trying to run the game outside the RO2 root folder. You need to run it from C:\PlayPark\RO2 or whereever you installed it. If you're using bypass then you need to run it with the working directory as C:\PlayPark\RO2 (adjust according to your configs)

That is it. I hope everybody enjoys their game. I probably won't check this thread much anymore. I'm not sure how long it is before they implement something to prevent this but I think they are just busy getting the servers to run smoothly for now.