idontcare1

its just because skill reuse is atk spd based not cuz "u equip blabla" rsk haste dagger has fastest atk spd (unless u have zealot on, then its rsk haste sword)

its not obfucation its just easier to have the source code than copy pasting source and arranging missing things etc (using a cil decompiler when its not obfuscated).. i'm not using it to verify if your code is malware but to be able to modify the program myself and test stuff

hmm another thing is many functions don't work like spoil/create items etc etc u know why? (rest works)

will you also publish the source of C5toIL? appreciate it thx

fixed in source the packets u compare before "removing an blavbla connection" the last check is wrong

Anyone else noticed that if you compile the sources provided.. it doesn't work? Only the precompiled binary works (at least for OOG) the other one always thinks its an unrelated connection. thus the compiled version does not use the same source; thus possibly has also bad stuff inside :/

follow immediate constant in ollybgd;p this brings u the mini-binary "blob" that is injected to modify the algorithm. then either you make another dll that does the same stuff, but without the "anti botting" either you modify core.dll (and engine if u like but thats less a big deal), or u make a proxy that does it, or u use WP and a script that does it (in those cases its easy to convert back to "normal" packets that L2W will understand) Won't release until it becomes public enough as usual. U have the key points to make it yourself. last things, this dll is simply expanded by bakeice when you start the loader so just copy it and unpack it (asprotect 2.12, there are even automated unpackers everywhere on the net), tools u need, ollydbg+plugins, imprec, some hex editor, and some coding stuff for the proxy/dll/whatever u wanna make (visualstudio, basic, python,whatever u like to start with - just remember, its way easier than it looks)

click "follow immediate constant" ;)

its easy bakeice is injecting lineagebk.dll (unpacked in 2s) into l2.exe (well gameguard.des) this dll change directly the blowfish function call to change the encryption. it also get the login/pass directly. --- hook to blowfish encrypt/decrypt: 100011B0 /$ 53 PUSH EBX 100011B1 |. 56 PUSH ESI 100011B2 |. 57 PUSH EDI 100011B3 |. 68 2CB50110 PUSH 1001B52C ; /pModule = "core.dll" 100011B8 |. 8BF9 MOV EDI,ECX ; | 100011BA |. FF15 88B20110 CALL DWORD PTR DS:[<&kernel32.GetModul>; \GetModuleHandleA 100011C0 |. 8B1D 8CB20110 MOV EBX,DWORD PTR DS:[<&kernel32.GetPr>; kernel32.GetProcAddress 100011C6 |. 8BF0 MOV ESI,EAX 100011C8 |. 68 04B50110 PUSH 1001B504 ; /ProcNameOrOrdinal = "?BlowfishEncrypt@FBlowFish@@QAEXPAEH@Z" 100011CD |. 56 PUSH ESI ; |hModule 100011CE |. FFD3 CALL EBX ; \GetProcAddress 100011D0 |. 85C0 TEST EAX,EAX 100011D2 |. 74 3E JE SHORT 10001212 100011D4 |. 68 B0340010 PUSH 100034B0 ; /Arg2 = 100034B0 100011D9 |. 83C7 3C ADD EDI,3C ; | 100011DC |. 50 PUSH EAX ; |Arg1 100011DD |. 8BCF MOV ECX,EDI ; | 100011DF |. E8 0C2A0000 CALL 10003BF0 ; \unpacked.10003BF0 100011E4 |. 68 DCB40110 PUSH 1001B4DC ; ASCII "?BlowfishDecrypt@FBlowFish@@QAEXPAEH@Z" 100011E9 |. 56 PUSH ESI 100011EA |. FFD3 CALL EBX 100011EC |. 85C0 TEST EAX,EAX 100011EE |. 74 11 JE SHORT 10001201 100011F0 |. 68 60340010 PUSH 10003460 ; /Arg2 = 10003460 100011F5 |. 50 PUSH EAX ; |Arg1 100011F6 |. 8BCF MOV ECX,EDI ; | 100011F8 |. E8 F3290000 CALL 10003BF0 ; \unpacked.10003BF0 Hook to gameguard: 10001230 /$ 56 PUSH ESI 10001231 |. 68 84B50110 PUSH 1001B584 ; /pModule = "engine.dll" 10001236 |. 8BF1 MOV ESI,ECX ; | 10001238 |. FF15 88B20110 CALL DWORD PTR DS:[<&kernel32.GetModul>; \GetModuleHandleA 1000123E |. 68 54B50110 PUSH 1001B554 ; /ProcNameOrOrdinal = "?ResponseAuthGameGuard@UNetworkHandler@@UAEHXZ" 10001243 |. 50 PUSH EAX ; |hModule 10001244 |. FF15 8CB20110 CALL DWORD PTR DS:[<&kernel32.GetProcA>; \GetProcAddress 1000124A |. 85C0 TEST EAX,EAX 1000124C |. 74 10 JE SHORT 1000125E 1000124E |. 68 00100010 PUSH send_en ; /Arg2 = 10001000 10001253 |. 50 PUSH EAX ; |Arg1 10001254 |. 8D4E 3C LEA ECX,DWORD PTR DS:[ESI+3C] ; | 10001257 |. E8 94290000 CALL 10003BF0 ; \unpacked.10003BF0 1000125C |. 5E POP ESI 1000125D |. C3 RET 1000125E |> 68 38B50110 PUSH 1001B538 ; ASCII "ResponseAuthGameGuard Error" 10001263 |. E8 F8370000 CALL 10004A60 10001268 |. 83C4 04 ADD ESP,4 1000126B |. 5E POP ESI 1000126C \. C3 RET hook to getuseraccount: 100015B3 |. 68 84B50110 PUSH 1001B584 ; /pModule = "engine.dll" 100015B8 |. 89BE C4030000 MOV DWORD PTR DS:[ESI+3C4],EDI ; | 100015BE |. FF15 88B20110 CALL DWORD PTR DS:[<&kernel32.GetModul>; \GetModuleHandleA 100015C4 |. 3BC7 CMP EAX,EDI 100015C6 |. 8946 38 MOV DWORD PTR DS:[ESI+38],EAX 100015C9 |. 75 06 JNZ SHORT 100015D1 100015CB |. 57 PUSH EDI 100015CC |. E8 B0590000 CALL 10006F81 100015D1 |> 53 PUSH EBX 100015D2 |. 8B1D 8CB20110 MOV EBX,DWORD PTR DS:[<&kernel32.GetPr>; kernel32.GetProcAddress 100015D8 |. 68 F4B50110 PUSH 1001B5F4 ; /ProcNameOrOrdinal = "?GetUserAccount@UNetworkHandler@@UAEPAGXZ" 100015DD |. 50 PUSH EAX ; |hModule 100015DE |. FFD3 CALL EBX ; \GetProcAddress 100015E0 |. 3BC7 CMP EAX,EDI 100015E2 |. 8986 C8030000 MOV DWORD PTR DS:[ESI+3C8],EAX 100015E8 |. 75 13 JNZ SHORT 100015FD 100015EA |. 68 D8B50110 PUSH 1001B5D8 ; ASCII "&GetUserAccount Error!!" 100015EF |. E8 6C340000 CALL 10004A60 100015F4 |. 83C4 04 ADD ESP,4 100015F7 |. 5B POP EBX 100015F8 |. 5F POP EDI 100015F9 |. 8BC6 MOV EAX,ESI 100015FB |. 5E POP ESI 100015FC |. C3 RET

3)Buy the wear items. 4)Make the sword. It should work on L2J <== thus sux:p

thats funny when u mod some program give it to one or 2 friends and find it on maxbastards 2 weeks later *rolleyes* (the forum where mods ask money over other ppl work to get accounts lolz)