Page 4 of 6 FirstFirst ... 23456 LastLast
Results 31 to 40 of 53
  1. #31
    DoNatz
    DoNatz is offline
    Member-in-training
    Join Date
    2010 Dec
    Posts
    75
    Thanks Thanks Given 
    3
    Thanks Thanks Received 
    32
    Thanked in
    18 Posts
    Rep Power
    0
    theres also another way for running ollydbg with divine souls (working even on x32 if your olly is protected the right way)
    debug launcher, bp CreateProcess and read arguments from stack after that pass arguments to client.exe from ollydbg (dont let the launcher start the client or the login-detail token will be void
    like that you can search with olly attached to divine souls without disableing xtrap or even inject dlls undetected

    hf

  2. #32
    falc0n
    falc0n is offline
    Member-in-training
    Join Date
    2010 Aug
    Posts
    64
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    Quote Originally Posted by DoNatz View Post
    theres also another way for running ollydbg with divine souls (working even on x32 if your olly is protected the right way)
    debug launcher, bp CreateProcess and read arguments from stack after that pass arguments to client.exe from ollydbg (dont let the launcher start the client or the login-detail token will be void
    like that you can search with olly attached to divine souls without disableing xtrap or even inject dlls undetected

    hf
    Ahh! I've done this.

    You can create a simple redirection loader for this instead : )

    This will be a bit annoying sometimes. I did it for a certain game ages ago. I don't like having ollydbg connected to an online game sometimes because the debugger lags sometimes.

    I'm just using a simple memory scanner with about 150 pointers at the moment lol XD

    Instead of coding a DLL to iterate the process of patching up about 100 monsters, I do it all manually. Maybe I should code one so that it iterates the process faster. Or Maybe I can just auto assemble a code cave and launch the iteration directly.

    // Server down at the moment. Can't do shit : /

    but I've noticed that the tokens were MD5 hashed versions of your password and ID, I checked this ages ago in Project Powder when I was new to xtrap,

    however, the game will always need you to open up a token on the server or something :S

    So I would say, if we edit the launcher.

    We can create a codecave so it doesn't create process directly through the launcher.

    We will pass the parameters over to a create process call and open up client.exe

    This way the extra parameters used to launch xtrap won't be there and we got an easy simple disabled loader for xtrap.

    // What are your views on this? We'll get started on it after you read this and give a yes : )

  3. #33
    XxN30xX
    XxN30xX is offline
    New member
    Join Date
    2010 Dec
    Posts
    5
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    well hello guys i am interested in your problem and even though i have no idea how 2 do this i would like 2 suggest a idea for this

    "Originally Posted by Dwar
    It's peace of cake to remove xTrap, but all new xTrap versions has server ping (heartbeat packets), so without emulation you are unable fully bypass this protection


    Completely agree, but it would work only if you know bugs and have hacks which can be implemented via dll injection etc. But for game analyzing (finding bugs etc) removing protection is a good way... certainly, it's also possible to use Ollydbg simultaneously with xTrap"

    well how about you create similar(if not the same) packets and send back 2 the server using your own Ip adress that way nothing will appear 2 be wrong while you are hacking away lol xD

    plz tell me if i helped you in any way and 4 all the flamers and haterz

    I AM A NEWB MOST OF HE STUFF I SAY I KNOW NOTHING ABOUT I AM JUS TRYING 2 HELP SO PLZ NO BULLSHIZ BECAUSE U CANT DO IT OR SUM ELSE LIKE THAT TY AND GOOD NIGHT

  4. #34
    DoNatz
    DoNatz is offline
    Member-in-training
    Join Date
    2010 Dec
    Posts
    75
    Thanks Thanks Given 
    3
    Thanks Thanks Received 
    32
    Thanked in
    18 Posts
    Rep Power
    0
    well basicly what you said is the same as dwar said .. sending the packet your own would be emulating the heartbeat ^^

  5. #35
    XxN30xX
    XxN30xX is offline
    New member
    Join Date
    2010 Dec
    Posts
    5
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    oh wow my bad 4 that lol xD (stupid newbie)

  6. #36
    DoNatz
    DoNatz is offline
    Member-in-training
    Join Date
    2010 Dec
    Posts
    75
    Thanks Thanks Given 
    3
    Thanks Thanks Received 
    32
    Thanked in
    18 Posts
    Rep Power
    0
    Quote Originally Posted by falc0n View Post
    but I've noticed that the tokens were MD5 hashed versions of your password and ID
    I thought that too first .. but an MD5 Hash is 32 characters long and the part of the token that doesnt change (if you dont change the login details) is only 21 characters long so its not an MD5 hash

    Quote Originally Posted by falc0n View Post
    however, the game will always need you to open up a token on the server or something :S
    dunno, didnt look into it yet

    Quote Originally Posted by falc0n View Post
    We will pass the parameters over to a create process call and open up client.exe
    thats somehow the same as the launcher does so whats the difference?

    Quote Originally Posted by falc0n View Post
    This way the extra parameters used to launch xtrap won't be there and we got an easy simple disabled loader for xtrap.
    XTrap is called from the inside of client.exe what you see after the launcher is the XTrap Updater not XTrap itself.

    Quote Originally Posted by XxN30xX View Post
    oh wow my bad 4 that lol xD (stupid newbie)
    nvm ^^

    greetz

  7. #37
    falc0n
    falc0n is offline
    Member-in-training
    Join Date
    2010 Aug
    Posts
    64
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    Quote Originally Posted by DoNatz View Post
    I thought that too first .. but an MD5 Hash is 32 characters long and the part of the token that doesnt change (if you dont change the login details) is only 21 characters long so its not an MD5 hash


    dunno, didnt look into it yet


    thats somehow the same as the launcher does so whats the difference?


    XTrap is called from the inside of client.exe what you see after the launcher is the XTrap Updater not XTrap itself.


    nvm ^^

    greetz

    But I thought you said that the xTrap only loads up when you use the launcher to load the game?

    You said to take the parameters and load client.exe with it.

    So why don't we find where the game creates process, then REDIRECT that section to our own section which tells the game to run client.exe with the parameters. This way it won't load up xtrap then like you said?

    It's just automating the process you said.

    // I already inject DLLS undetected XD! And I can edit memory undetected. Dunno, this isn't a really necessary step but I thought we should play around and complicate somethings just for the fun of it XD I've already accomplished what I need : )

  8. #38
    DoNatz
    DoNatz is offline
    Member-in-training
    Join Date
    2010 Dec
    Posts
    75
    Thanks Thanks Given 
    3
    Thanks Thanks Received 
    32
    Thanked in
    18 Posts
    Rep Power
    0
    umm .. i did NOT say that xtrap doesnt load if you start via ollydbg .. it just wont update ^^
    Last edited by DoNatz; 2010-12-28 at 12:09 PM.

  9. #39
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    Quote Originally Posted by DoNatz View Post
    i did NOT say that xtrap doesnt load if you start via ollydbg .. it just wont update
    Yeah, when you use launcher it calls xCrap update thru XPva03.dll and then start the client with xCrap loading
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  10. #40
    JY123
    JY123 is offline
    New member
    Join Date
    2010 Dec
    Posts
    10
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    Quote Originally Posted by DoNatz View Post
    debug launcher, bp CreateProcess and read arguments from stack after that pass arguments to client.exe from ollydbg
    Quote Originally Posted by DoNatz View Post
    search with olly attached to divine souls without disableing xtrap or even inject dlls undetected
    its too complicated and cannot make trainer (?i think?)

    Quote Originally Posted by DoNatz View Post
    it just wont update ^^
    if it wont update
    now can we just simply use the old version of xcrap (no heartbeat packets) and hack it?

    i cant over here -.-

Page 4 of 6 FirstFirst ... 23456 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •