A smart noob(or no) question...

Hacking CABAL Online

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

A smart noob(or no) question...

Postby brunotacca » Thu Nov 05, 2009 10:40 am

Good night.
Well, in most cases of cabal, I change the value of an address and when i do some action with this value changed, it conflicts with the db and creates a disconnect.

I think the following.
At some point, some variable sends the data to be stored on the server.

When we do a simple search for the value displayed in full screen, I believe this address is not a address with this access.

The question is, how to find all the addresses / pointers that are associated with the variable that is displaying the value on the screen.
For reasoning, thinking these variables, we can observe their behavior and we can frozen them correctly.
Causing the frozen value is sent to the server!

Well, someone help me?
Thanks, Hugs.
brunotacca
I Have A Few Questions
 
Posts: 7
Joined: Tue Nov 03, 2009 9:25 pm

Re: A smart noob(or no) question...

Postby cobr_h » Fri Dec 04, 2009 6:09 am

people are talking about a 'DC Flag'. I am not sure yet, I searched for it but find no plain 'DC Flag is for...', but it seems this 'DC Flag' is a flag activated when the game locally detects too much activity, that wouldn't happen if it were at normal circumstances. Maybe it is, but until now, I have no certainity on this.

Well, this is a noob answer. Not sure if it is at the level of the question ;)
cobr_h
Acker
 
Posts: 72
Joined: Wed Dec 02, 2009 6:15 am

Re: A smart noob(or no) question...

Postby Cookie » Sat Dec 05, 2009 5:59 am

Live debug cabalmain.exe ,do what you do to DC yourself,traceback and find the DC flag,then remove ,patch the exe and restart the process,if u won't dc u done it right.
TIP:Unpack the exe first.
User avatar
Cookie
Hack-Master Hex
 
Posts: 611
Joined: Tue Apr 01, 2008 5:07 pm
Location: here it would seem

Re: A smart noob(or no) question...

Postby cobr_h » Sat Dec 05, 2009 7:13 am

oh boy... then all these DC while overusing it are client-sided?..

its a pity I couldn't figure how to unpack my cabalmain.exe :(

also, x-trap is there. I wish I had found the XDataV1.Xtp trick before they updated it. Or if there were a dumb hacked version of x-trap which does not veryfy executable's checksum, would be enough. ;)
cobr_h
Acker
 
Posts: 72
Joined: Wed Dec 02, 2009 6:15 am

Re: A smart noob(or no) question...

Postby pirate_sephiroth » Sat Dec 05, 2009 4:27 pm

cobr_h wrote:oh boy... then all these DC while overusing it are client-sided?..

its a pity I couldn't figure how to unpack my cabalmain.exe :(

also, x-trap is there. I wish I had found the XDataV1.Xtp trick before they updated it. Or if there were a dumb hacked version of x-trap which does not veryfy executable's checksum, would be enough. ;)

Your cabal is packed with Themida 1.9.9.0, I presume. For which there's no unpacking guide of any kind available...

EDIT: Yeah, I just saw your other post, it's Cabal BR.
User avatar
pirate_sephiroth
I Have A Few Questions
 
Posts: 7
Joined: Thu Sep 18, 2008 3:19 pm

Re: A smart noob(or no) question...

Postby Cookie » Sun Dec 06, 2009 6:30 am

Then start using SCRIPTS.
There are so many scripts for themida ,even on elitepvp ,in the topic about unpacking the exe,look in the early posts by Nova,she posted a fullload of scripts,you cant even imagine how many there are ,probably for each unpacker that existed.
User avatar
Cookie
Hack-Master Hex
 
Posts: 611
Joined: Tue Apr 01, 2008 5:07 pm
Location: here it would seem

Re: A smart noob(or no) question...

Postby pirate_sephiroth » Sun Dec 06, 2009 11:36 am

The problem is that scripts do only part of the work. In the end you have to fix the executable yourself. Themida is not noob-friendly.
User avatar
pirate_sephiroth
I Have A Few Questions
 
Posts: 7
Joined: Thu Sep 18, 2008 3:19 pm

Re: A smart noob(or no) question...

Postby Cookie » Tue Dec 08, 2009 12:26 am

It's not ,but its removable,let the script find the right OEP,then you dump it,there are a lot of google tuts on how2dump a exe
User avatar
Cookie
Hack-Master Hex
 
Posts: 611
Joined: Tue Apr 01, 2008 5:07 pm
Location: here it would seem

Re: A smart noob(or no) question...

Postby cobr_h » Tue Dec 15, 2009 10:31 am

What I found so far was using ollydbg, but as themida itself prevents using debuggers and I can't find a working ollydbg hide plugin, I am unable to even search for the OEP.

Opening the process on MHS, and searching for that executable header we see upon hex editing any .exe, I can find two entries, but I doubt one of these is a hint for where the OEP is.

executable header as I said above: The part beginning with "MZ (...) This program cannot be run in DOS mode".

Tell me, upon opening the process with MHS, is there a way to dump the non-packed executable or, better, get into the instructions to then find the DC flag?

I would appreciate a guide showing a simple sample of 'How to catch an instruction' on MHS. Will look back again on the windows' minesweeper tutorial to see if I can get something out of it.
cobr_h
Acker
 
Posts: 72
Joined: Wed Dec 02, 2009 6:15 am


Return to CABAL Online

Who is online

Users browsing this forum: No registered users and 0 guests