l33ts

The new server and client side protection seem to be this: http://hint.fatal.ru/hAuthD.zip More info can be found on google :P

Its not in that way exactly, the loader looks for a l2walker.exe process in memory if found it connect to an antibot server and logs you. The loader also seem to override some lineage crypt functions or crypt/hide the token, whit a captured login (a valid packet) packet and the debuger running, as you can see in the image the token is _;5.]94-31==-%xT!^[$, but isnt it. So... we need a cracker :P

Hi, on this weekend a lot of private servers changed its old antibot system (la2.gr, Roxy, L2Dex ...) There are some new dll & files in this patch windrv.dll, unbot.dll, hguard.dll & more. I've been seeing packets with a own made sniffer, and aparently they seem to be normal l2 encripted packets, two bytes with packet length and the rest of bytes encripted with blowfish. But whit the token obtained from the client (Token in memory of l2.exe process) they cant be decoded, and also the packet chechsum fails. I think they have changed the client/server encription method, or the token offset in memory. Also they now prevent the exe to be inyected/loaded. I dont have enought reverse reverse engineer/cracking exp to debug the process and see how the client is coding now the packets, but i would be able to make a l2walker pasarell for the new crypt method. Thx.