Hi, on this weekend a lot of private servers changed its old antibot system (la2.gr, Roxy, L2Dex ...)
There are some new dll & files in this patch windrv.dll, unbot.dll, hguard.dll & more.
I've been seeing packets with a own made sniffer, and aparently they seem to be normal l2 encripted packets, two bytes with packet length and the rest of bytes encripted with blowfish. But whit the token obtained from the client (Token in memory of l2.exe process) they cant be decoded, and also the packet chechsum fails.
I think they have changed the client/server encription method, or the token offset in memory. Also they now prevent the exe to be inyected/loaded.
I dont have enought reverse reverse engineer/cracking exp to debug the process and see how the client is coding now the packets, but i would be able to make a l2walker pasarell for the new crypt method.
Thx.