Hey guys miss ya all <3
this is a small dll source code that i coded in the past when i was interesting in silkroad development.
What does the job: protecting from sniffing the BFK of the .PK2 files
Code:
now i have to generate the xor key o.o this is example and change it in the dll source codeCode:#include <windows.h> #include <stdio.h> #include <string.h> #include "xorstr.h" #include "detours.h" #pragma comment(lib,"detours.lib") #define ARRAYSIZE(x) sizeof(x)/sizeof(x[0]) DWORD g_ProtectAddress[] = { 0x004978B8, 0x004CCC4A, 0x004CCE1F, 0x0083A84D, 0x0083A8B1, 0x0083A90D, 0x0083A9C5, 0x0083A969, 0x0083AE69 }; DWORD RandomKey; char* pszKey; DWORD GetRandomValue() { DWORD value; __asm { rdtsc mov value ,eax } return value; } DWORD GetJmpAddr(PBYTE pJmp) { DWORD m_Addr; __asm { mov eax,pJmp add eax,[eax+1] add eax,5 mov m_Addr,eax } return m_Addr; } __declspec(naked) void _protectme() { __asm { pushfd push edx push eax mov eax,RandomKey not eax xor eax,pszKey not eax mov edx,[esp+0xC] mov [esp+0xC],eax mov eax, edx pop edx push eax mov eax, dword ptr [esp+0x8] push eax popfd mov eax, dword ptr [esp+0x4] retn 0x8 } } void Initialize() { RandomKey = GetRandomValue(); pszKey = new char[20]; strcpy(pszKey,/*MeGaMaX*/XorStr<0x7A,8,0x1F16EAF3>("\x37\x1E\x3B\x1C\x33\x1E\xD8"+0x1F16EAF3).s); __asm { not pszKey mov eax,RandomKey not eax xor pszKey,eax } DWORD oldProtect; for(int i=0;i<ARRAYSIZE(g_ProtectAddress);i++) { DWORD oldAddress = g_ProtectAddress[i]; DetourTransactionBegin(); DetourUpdateThread(GetCurrentThread()); DetourAttach((void**)&g_ProtectAddress[i],&_protectme); DetourTransactionCommit(); VirtualProtect((PVOID)oldAddress,4,PAGE_EXECUTE_READWRITE,&oldProtect); ((PBYTE)oldAddress)[0] = 0xE8; } } BOOLEAN WINAPI DllMain(HINSTANCE hDllHandle,DWORD nReason,LPVOID Reserved ) { switch(nReason) { case DLL_PROCESS_ATTACH: Initialize(); break; case DLL_PROCESS_DETACH: break; } return TRUE; } How to use: First of all you must get the push address from the client .exe files aka (sro_client.exe , replacer.exe , silkroad.exe) i will provide here the vsro 188 address sro_client.exe: Code: 0x004978B8, 0x004CCC4A, 0x004CCE1F, 0x0083A84D, 0x0083A8B1, 0x0083A90D, 0x0083A9C5, 0x0083A969, 0x0083AE69 silkroad.exe: Code: 0x00430FD3, 0x00408C15, 0x00408A17 replacer.exe: Code: 0x00403B23 now what i have to do after i got the address i will replace them in this function: Code: DWORD g_ProtectAddress[] = { };
Code:
/*MeGaMaX*/XorStr<0x7A,8,0x1F16EAF3>("\x37\x1E\x3B\x1C\x33\x1 E\xD8"+0x1F16EAF3).s
now what ?, you have to compile the dll, and add call to the dll in the exes by Import REConstructor 1.7e FINAL, remove the old bfk in the exe files like 169841 make it 90 90 90 90 90 90 or 00 00 00 00 00 00 cuz after you are importing this dll there is no use for the real bfk in the client anymore
note: i didnt provide how to generate the xor key, cuz i want this section to think how to do that, use your brain , and try to be more respectful in silkroad community, google is your friend
note2: this method have nothing to do with any other methods i used in any servers development i was in, for example Ludoworks
note3: after some days i will provide how to generate the xor key but like i said above i would like to see development instead of creating servers...
note4: you have to recompile the dll 3 times to change the address for every .exe file
source code in attachments, enjoy love ya guys , new hope, crayu , perry , pokemon man , synx , caipi , PowerPoint , and all of my friends and sro community
Please register or login to download attachments.
Reply With Quote