ADAL13

Are u a fuc*ing stup*id? I said that is for WPC of SAURON. I know more or less what it does but not exacly for that i create this thread Stop spam!

Well, i get this when i was googling, i don't know exactly what it does, i understand it more or less. But, this inject the token on walker? const EnterWorldPacket = HStr('6B000300000000000000000000000000000000C9BCF2A7665A0B9836A5BD89ED7FE4D76B49E29FEF76EBCEA3FAF4BF0C64A3B4A4CEDCC6083E6EEA45CAD3FE881387B8062C96F09B1E8EBCC69B98C86316CFD0290000000000000000000000000000000000000000000000'); var buf: string; BEGIN if length(_gBuff) < 3 then gBlockPacket; if (not _gFromServ) and StrCmp(_gBuff[3],#$81) then gBlockPacket; // GMlist // EnterWorld (ia iieiia ?aoaiea) if (not _gFromServ) and StrCmp(_gBuff[3],#$03) then _gOutBuff := EnterWorldPacket; if (not _gFromServ) and StrCmp(copy(_gBuff,1,3),HStr('3900 08')) then // RequestAuthLogin _gOutBuff := #$35 + copy(_gBuff,2,length(_gBuff)-5); if _gFromServ and StrCmp(_gBuff[3],#$15) then gSys.EnSEndS(HStr('0500D00800')); // RequestManorLst END.

any answer?

AhnLab-V3 2008.1.26.10 2008.01.25 - AntiVir 7.6.0.53 2008.01.25 - Authentium 4.93.8 2008.01.25 - Avast 4.7.1098.0 2008.01.25 Win32:Cardspy-B AVG 7.5.0.516 2008.01.25 - BitDefender 7.2 2008.01.25 - CAT-QuickHeal 9.00 2008.01.24 - ClamAV 0.91.2 2008.01.25 - DrWeb 4.44.0.09170 2008.01.25 - eSafe 7.0.15.0 2008.01.16 - eTrust-Vet 31.3.5484 2008.01.25 - Ewido 4.0 2008.01.25 - FileAdvisor 1 2008.01.25 - Fortinet 3.14.0.0 2008.01.25 - F-Prot 4.4.2.54 2008.01.24 - F-Secure 6.70.13260.0 2008.01.25 - Ikarus T3.1.1.20 2008.01.25 Trojan.Win32.Delf.nf Kaspersky 7.0.0.125 2008.01.25 - McAfee 5215 2008.01.24 - Microsoft 1.3109 2008.01.25 - NOD32v2 2822 2008.01.25 - Norman 5.80.02 2008.01.24 - Panda 9.0.0.4 2008.01.24 - Prevx1 V2 2008.01.25 Heuristic: Suspicious Self Modifying File Rising 20.28.41.00 2008.01.25 - Sophos 4.25.0 2008.01.25 Mal/Behav-053 Sunbelt 2.2.907.0 2008.01.25 - Symantec 10 2008.01.25 - TheHacker 6.2.9.197 2008.01.25 - VBA32 3.12.2.5 2008.01.21 - VirusBuster 4.3.26:9 2008.01.25 - Webwasher-Gateway 6.6.2 2008.01.25 Win32.NewMalware.CC!9728!2

L0L is from the prehistoric age! For Prelude i think, in C4 it doesn't work even your server hasn't protection

Well okey, in other order of things anyone can tell me if this are the token of the server: Here's it in the init packet: [1] S>c 0ms. 16:29:06 ------------------------------------------------------------------------------- TType: LA2 Server: LS1 ParseType: 2 (auto) EnCode: T2 K2 (auto) ------- 0 1 2 3 4 5 6 7 - 8 9 A B C D E F ------------------- 000000 AB 00 00 D1 5D AE 17 5A | 78 00 00 E2 DF 11 D8 FA «..Ñ]®.Zx..âß.Øú 000010 F8 CF 69 33 D4 96 96 D3 | E4 3B CB 0D 08 89 0A 23 øÏi3Ô––Óä;Ë..‰.# 000020 00 4F 04 5B 3B A6 A6 37 | 33 07 77 E6 56 FE F7 F2 .O.[;¦¦73.wæVþ÷ò 000030 64 73 2D 6F DB CC 4D 06 | 04 F5 3E B0 14 6D 8F E3 ds-oÛÌM..õ>°.mã 000040 4C 7B 36 AC A8 E6 10 5D | 18 8C D0 78 EA D7 90 41 L{6¬¨æ.].ŒÐxê×A 000050 C8 9E 9A 2D ED 11 FA DE | 4F 52 70 16 B2 E5 5F 40 Èžš-í.úÞORp.²å_@ 000060 E5 61 FD 51 11 A0 B8 F2 | A1 FC 05 A2 DC AD D3 54 åaýQ. ¸ò¡ü.¢Ü­ÓT 000070 84 E3 22 DA F8 D2 15 B6 | 8D 0D 25 6B 0F 6F 68 EF „ã"ÚøÒ.¶.%k.ohï 000080 80 0B D8 A2 15 F7 84 D6 | 4D BF E5 00 00 00 00 00 €.Ø¢.÷„ÖM¿å..... 000090 00 00 00 00 00 00 00 00 | 00 00 00 30 30 30 30 30 ...........00000 0000A0 30 30 30 30 30 30 30 30 | 30 30 30 00000000000 ------------------------------------------------------------------------------- LA2: "Init" size: 171 prot: 30810 $785A Addr: Size: Type: Description: Value: 0000 2 word psize 171 | $00AB 0002 1 byte ID 0 | $00 0003 4 integer LoginSessionID 397303249 | $17AE5DD1 0007 4 integer LoginProtocolRev 30810 | $0000785A 000B 128 array[const] RSApubKey (âß.ØúøÏi3Ô––Óä;Ë..‰.#.O.[;¦¦73.wæVþ÷ò 008B 16 - null (................) Thanks ;) ;)

reply to see it

Okey okey, i apologize to mcrabben then. So we need some tool to see the packets directly no? mmm maybe wpe pro? I'll try.

See, i proxificate with Proxifier 2.6 and WPC of Sauron the conection of the loader InterludeClient.exe of server FrienxL2 (www.frienzl2.com) and when u press I Agree bottom the loader sends 21 packets to 213.189.27.71:9999 And i the packets are encripted because it says undefined type, and i can't see the strings and integrates.... here's the logs Download-Link #1: http://rapidshare.com/files/86882764/autolog.dat.html pm me if u want to help and if i was wrong with mccrabben7 i'll sorry.

Are you stup*d? ALL the packets are encripted -.- S>C and C>S i can prove it. See the screen: And next time if you don't know keep your mouth shut and don't make me lose time to prove that you don't know. >.<

nobody knows?

Well i didn't try this but maybe work. You must to go to the jail and trade the chair in jail a summoning crystal (avaliable on Grocery Stores) and then send party with a summon to the char in jail, accept the party and use summon friend. if it works your char will be on the loc of the summoner^^ Luck!

It's the IG soo :(

mmm ok, then any idea? because the loader of my server neither let you use programs like IDA to get the token.

Hi everyone! well i was thinking when i had an idea! The rootkit can hide process no? So, if we knows how to make it run we can hide the l2walker and the loader don't detect him no? Well is only an idea but... Xd Pros in subjet plis post here and add the rootkit+guide ^^ xD cya

nobody knows nothing about my packets?

put in options.ini the following line: EXEname=l2walker.exe

Well in the case of frienzl2/roxy (www.frienzl2.com) to enter the game you must run a interludeclient.exe launcher, and when u run it it update the system folder, and then you must agree the conditions and when you press i agree buttom, the loader disappears and appears the l2 interlude window (small) and when you press i agree the loader sends 21 packets (all encripted) to 213.189.27.71 and port 9999. Well the first packet is seended client to server and i think that everybody can understand it: [1] C>s 0ms. 0:07:31 ------------------------------------------------------------------------------- TType: undef Server: undef ParseType: off (auto) EnCode: undef (auto) ------- 0 1 2 3 4 5 6 7 - 8 9 A B C D E F ------------------- TType íå îïðåäåëåí (îïèñàíèå) 000000 00 00 00 42 52 4F 31 30 | 37 00 00 00 00 00 00 00 ...BRO107....... 000010 C8 05 2E 8B 11 4F 50 42 | BF 6C 1A DA 40 88 0A F3 È..‹.OPB¿l.Ú@ˆ.ó 000020 0B 00 00 00 41 75 74 68 | 53 65 72 76 69 63 65 05 ....AuthService. 000030 00 00 00 4C 6F 67 69 6E | 03 00 00 00 62 6C 61 03 ...Login....bla. 000040 00 00 00 62 6C 61 ...bla i undertand that is a petition to login in the authservice (server) BUT the 18 packet (server to client) is where is all the protection of the server see the packet: [18] S>c 0ms. 0:07:34 ------------------------------------------------------------------------------- TType: undef Server: undef ParseType: off (auto) EnCode: undef (auto) ------- 0 1 2 3 4 5 6 7 - 8 9 A B C D E F ------------------- TType íå îïðåäåëåí (îïèñàíèå) 000000 52 4F 31 30 37 00 00 00 | 00 00 00 00 C8 05 2E 8B RO107.......È..‹ 000010 11 4F 50 42 BF 6C 1A DA | 40 88 0A F3 0C 00 00 00 .OPB¿l.Ú@ˆ.ó.... 000020 54 61 6C 6F 73 53 65 72 | 76 69 63 65 12 00 00 00 TalosService.... 000030 47 65 74 57 69 6E 64 6F | 77 73 52 65 73 70 6F 6E GetWindowsRespon 000040 73 65 01 00 00 00 01 18 | 00 00 00 01 0C 00 00 00 se.............. 000050 57 69 6E 64 6F 77 53 74 | 72 75 63 74 01 00 00 00 WindowStruct.... 000060 01 00 00 00 09 00 00 00 | 54 66 72 6D 53 74 61 72 ........TfrmStar 000070 74 06 00 00 00 68 4C 61 | 50 45 78 01 0C 00 00 00 t....hLaPEx..... 000080 57 69 6E 64 6F 77 53 74 | 72 75 63 74 01 00 00 00 WindowStruct.... 000090 01 00 00 00 08 00 00 00 | 54 66 72 6D 4D 61 69 6E ........TfrmMain 0000A0 29 00 00 00 68 4C 61 50 | 45 78 20 28 4C 69 6E 65 )...hLaPEx.(Line 0000B0 41 67 65 20 50 61 63 6B | 65 74 73 20 45 58 70 6C Age.Packets.EXpl 0000C0 6F 72 65 72 20 62 79 20 | 48 69 6E 74 29 01 0C 00 orer.by.Hint)... 0000D0 00 00 57 69 6E 64 6F 77 | 53 74 72 75 63 74 01 00 ..WindowStruct.. 0000E0 00 00 01 00 00 00 09 00 | 00 00 54 47 72 6F 75 70 ..........TGroup 0000F0 42 6F 78 11 00 00 00 46 | 6F 72 20 4D 79 20 46 72 Box....For.My.Fr 000100 69 65 6E 64 73 20 3B 29 | 01 0C 00 00 00 57 69 6E iends.;).....Win 000110 64 6F 77 53 74 72 75 63 | 74 01 00 00 00 00 00 00 dowStruct....... 000120 00 0D 00 00 00 54 66 73 | 53 79 6E 74 61 78 4D 65 .....TfsSyntaxMe 000130 6D 6F 00 00 00 00 01 0C | 00 00 00 57 69 6E 64 6F mo.........Windo 000140 77 53 74 72 75 63 74 01 | 00 00 00 01 00 00 00 11 wStruct......... 000150 00 00 00 54 4C 32 50 61 | 63 6B 65 74 48 61 63 6B ...TL2PacketHack 000160 4D 61 69 6E 2A 00 00 00 | 4C 32 50 61 63 6B 65 74 Main*...L2Packet 000170 48 61 63 6B 20 62 79 20 | 78 6B 6F 72 20 28 33 2E Hack.by.xkor.(3. 000180 31 2E 34 20 3F 3F 20 31 | 36 2E 30 34 2E 32 30 30 1.4.??.16.04.200 000190 37 29 01 0C 00 00 00 57 | 69 6E 64 6F 77 53 74 72 7).....WindowStr 0001A0 75 63 74 01 00 00 00 00 | 00 00 00 0B 00 00 00 54 uct............T 0001B0 4A 76 48 4C 45 64 69 74 | 6F 72 00 00 00 00 01 0C JvHLEditor...... 0001C0 00 00 00 57 69 6E 64 6F | 77 53 74 72 75 63 74 00 ...WindowStruct. 0001D0 00 00 00 01 00 00 00 00 | 00 00 00 04 00 00 00 68 ...............h 0001E0 61 63 6B 01 0C 00 00 00 | 57 69 6E 64 6F 77 53 74 ack.....WindowSt 0001F0 72 75 63 74 00 00 00 00 | 01 00 00 00 00 00 00 00 ruct............ 000200 03 00 00 00 70 68 78 01 | 0C 00 00 00 57 69 6E 64 ....phx.....Wind 000210 6F 77 53 74 72 75 63 74 | 00 00 00 00 01 00 00 00 owStruct........ 000220 00 00 00 00 05 00 00 00 | 6C 32 70 68 78 01 0C 00 ........l2phx... 000230 00 00 57 69 6E 64 6F 77 | 53 74 72 75 63 74 00 00 ..WindowStruct.. 000240 00 00 01 00 00 00 00 00 | 00 00 06 00 00 00 70 61 ..............pa 000250 63 6B 65 74 01 0C 00 00 | 00 57 69 6E 64 6F 77 53 cket.....WindowS 000260 74 72 75 63 74 00 00 00 | 00 01 00 00 00 00 00 00 truct........... 000270 00 0C 00 00 00 6C 32 70 | 61 63 6B 65 74 68 61 63 .....l2packethac 000280 6B 01 0C 00 00 00 57 69 | 6E 64 6F 77 53 74 72 75 k.....WindowStru 000290 63 74 00 00 00 00 01 00 | 00 00 00 00 00 00 06 00 ct.............. 0002A0 00 00 6C 32 77 69 6E 64 | 01 0C 00 00 00 57 69 6E ..l2wind.....Win 0002B0 64 6F 77 53 74 72 75 63 | 74 00 00 00 00 01 00 00 dowStruct....... 0002C0 00 00 00 00 00 03 00 00 | 00 69 64 61 01 0C 00 00 .........ida.... 0002D0 00 57 69 6E 64 6F 77 53 | 74 72 75 63 74 00 00 00 .WindowStruct... 0002E0 00 01 00 00 00 00 00 00 | 00 0F 00 00 00 6C 69 6E .............lin 0002F0 65 61 67 65 20 5D 5B 20 | 2E 6E 65 74 01 0C 00 00 eage.][..net.... 000300 00 57 69 6E 64 6F 77 53 | 74 72 75 63 74 00 00 00 .WindowStruct... 000310 00 01 00 00 00 00 00 00 | 00 07 00 00 00 73 6F 66 .............sof 000320 74 69 63 65 01 0C 00 00 | 00 57 69 6E 64 6F 77 53 tice.....WindowS 000330 74 72 75 63 74 00 00 00 | 00 01 00 00 00 00 00 00 truct........... 000340 00 07 00 00 00 6F 6C 6C | 79 64 62 67 01 0C 00 00 .....ollydbg.... 000350 00 57 69 6E 64 6F 77 53 | 74 72 75 63 74 00 00 00 .WindowStruct... 000360 00 01 00 00 00 00 00 00 | 00 08 00 00 00 61 72 74 .............art 000370 6D 6F 6E 65 79 01 0C 00 | 00 00 57 69 6E 64 6F 77 money.....Window 000380 53 74 72 75 63 74 00 00 | 00 00 01 00 00 00 00 00 Struct.......... 000390 00 00 0A 00 00 00 6C 61 | 32 6D 6F 6E 73 74 65 72 ......la2monster 0003A0 01 0C 00 00 00 57 69 6E | 64 6F 77 53 74 72 75 63 .....WindowStruc 0003B0 74 00 00 00 00 01 00 00 | 00 00 00 00 00 07 00 00 t............... 0003C0 00 68 6C 6E 73 69 64 65 | 01 0C 00 00 00 57 69 6E .hlnside.....Win 0003D0 64 6F 77 53 74 72 75 63 | 74 00 00 00 00 01 00 00 dowStruct....... 0003E0 00 00 00 00 00 03 00 00 | 00 20 69 67 01 0C 00 00 ..........ig.... 0003F0 00 57 69 6E 64 6F 77 53 | 74 72 75 63 74 00 00 00 .WindowStruct... 000400 00 01 00 00 00 00 00 00 | 00 04 00 00 00 20 6F 6F ..............oo 000410 67 01 0C 00 00 00 57 69 | 6E 64 6F 77 53 74 72 75 g.....WindowStru 000420 63 74 00 00 00 00 01 00 | 00 00 00 00 00 00 08 00 ct.............. 000430 00 00 73 75 70 65 72 6D | 61 6E 01 0C 00 00 00 57 ..superman.....W 000440 69 6E 64 6F 77 53 74 72 | 75 63 74 00 00 00 00 01 indowStruct..... 000450 00 00 00 00 00 00 00 06 | 00 00 00 68 6C 61 70 65 ...........hlape 000460 78 01 0C 00 00 00 57 69 | 6E 64 6F 77 53 74 72 75 x.....WindowStru 000470 63 74 00 00 00 00 01 00 | 00 00 00 00 00 00 08 00 ct.............. 000480 00 00 6C 32 77 61 6C 6B | 65 72 ..l2walker See the right colum xD well if someone knows more or want helpme PM me and i give him the full logs. Let's go a bot isn't imposible althougt it seems that yes xD Cya

i would love too xD well anybdy can told me if this server uses bakeice, because i tried find the walker and very very difficult, two new ports 9999 and 9998, packets all encripted, init too, the proxification connection was very bad, i couldn't find the token.... well i suppost that is bake ice but i want be sure. Thanks u

It tries with all combination of posibility passwords (generated by dictionary) of a login using bruteforce

Wow! Great Share NS Thanks!!!! But do you have the InGame version in english?

oh! okey! i thought that when the player X will buy from the player of 0a and not sell xD thanks u!!!

so anybody can answer me? :(

mmm i tried the makrid mothod and nothing hlapex doesn't send me the msn

STOP SPAM!!