Question about values in EDEN ETERNAL

dkaitos · 2011-06-28, 03:37 PM

Hi all guys,

Some days ago I decided to hack the client of EDEN ETERNAL, a fresh aeria game, just went in open beta.
I never hacked a MMO, I want to try with this, because it's like any other classic MMORPG.
I can find the values but seems all these values are just the "labels" written on the interface of the game, so I could not really change ATK speed or MOV speed.

How do I know if the values are stored on the client?
If these values are stored on the client, how can I change them?

Thanks in advice for any response/comments.

Dwar · 2011-06-28, 03:51 PM

Originally Posted by dkaitos

How do I know if the values are stored on the client?

Check them all... I always follow these steps when begin to analyze new client:
1. Check all common values. But as these values are "common" it's difficult to find bugs
2. Check game files. Will help you a little bit to understand client structure
3. Debug the client
4. Trace, check, trace etc... Read disassembled code to find something

But don't forget, in OBT many clients without protection... after release they will be packed and some rootkits/viruses will be attached to them (HS, GG, xTrap etc)

dkaitos · 2011-06-28, 04:07 PM

Thanks for your tips, I'm going to follow all your steps.

Originally Posted by Dwar

But don't forget, in OBT many clients without protection... after release they will be packed and some rootkits/viruses will be attached to them (HS, GG, xTrap etc)

Infact, I want to have the chanche to work without Antihacks system becouse I'm a newbie ^^"

Dwar · 2011-06-28, 04:17 PM

Originally Posted by dkaitos

without Antihacks system

So, seize the day

dkaitos · 2011-06-28, 04:57 PM

I think these values are encrypted, I think i should find the REAL values stored somewhere... Should I look what writes that address right?

Dwar · 2011-06-28, 05:06 PM

Originally Posted by dkaitos

Should I look what writes that address right

Yeah, try to find routines that writes data to that addresses; set memory BP on read/write.

dkaitos · 2011-06-28, 05:34 PM

0050CA75 - D9 9A 80000000 - fstp dword ptr [edx+00000080] //When i debug i find this write on my values

so i open the memory for more understanding

0050CA5E - E8 BDDB0600 - call 0057A620
0050CA63 - 5F - pop edi
0050CA64 - 5E - pop esi
0050CA65 - C2 0800 - ret 0008
0050CA68 - DB 44 24 10 - fild dword ptr [esp+10]
0050CA6C - 8B 56 0C - mov edx,[esi+0C] // It put inside EDX, ESI plus 0C [*1]
0050CA6F - D8 0D 8C59B300 - fmul dword ptr [00B3598C] : [(float)0.0010] // a multiply (?)
0050CA75 - D9 9A 80000000 - fstp dword ptr [edx+00000080] // <--- LINE WHERE IT WRITES [*2]
0050CA7B - 8B 46 0C - mov eax,[esi+0C]
0050CA7E - 8B 88 80000000 - mov ecx,[eax+00000080]
0050CA84 - 8B 56 24 - mov edx,[esi+24]
0050CA87 - 51 - push ecx
0050CA88 - 8B 8A 88000000 - mov ecx,[edx+00000088]
0050CA8E - E8 FDDB0600 - call 0057A690

[*1] here ESI = 0CE9F040
[*2] here EDX = 0CEA04E0

inside ESI and EDX, there are addresses, right? Should I go look in those addresses for earn the real values?

Dwar · 2011-06-29, 03:05 AM

Originally Posted by dkaitos

Should I go look in those addresses

Check this routine from the beginning, step-by-step trace and watch for registers.
By the way, game will be protected by xTrap (or maybe). Also it looks like another GrandFantasia modification

dkaitos · 2011-06-29, 03:35 PM

Originally Posted by Dwar

By the way, game will be protected by xTrap (or maybe). Also it looks like another GrandFantasia modification

Is this good

?

Dwar · 2011-06-29, 03:50 PM

Originally Posted by dkaitos

Is this good ?

What exactly? Xtrap or GrandFantasia? xTrap has some interesting protection methods, but as others game protection app - it's a ratified virus

About GF, dunno, generally I don't play games

Thread: Question about values in EDEN ETERNAL

Thread Tools

Display

Question about values in EDEN ETERNAL

Posting Permissions