Jump to content

Recommended Posts

Posted (edited)

tools :

  • ollydbg

how to video : http://www.megaupload.com/?d=8QVJDX6K

keep in mind as they have anti-bot packets in gameserver are encrypted but you can find the encryption key or u can generate your own here u can see how the key generated
 

0040112A  |. FF15 10804000  CALL DWORD PTR DS:[<&KERNEL32.GetTickCou>; [GetTickCount

00401130  |. 50            PUSH EAX

00401131  |. 8945 10        MOV DWORD PTR SS:[EBP+10],EAX

00401134  |. E8 DC000000    CALL L2.00401215

00401139  |. 59            POP ECX

0040113A  |. E8 E8000000    CALL L2.00401227

0040113F  |. 8945 08        MOV DWORD PTR SS:[EBP+8],EAX

00401142  |. C165 08 10    SHL DWORD PTR SS:[EBP+8],10

00401146  |. E8 DC000000    CALL L2.00401227

0040114B  |. 8BF8          MOV EDI,EAX

0040114D  |. 037D 08        ADD EDI,DWORD PTR SS:[EBP+8]

00401150  |. E8 D2000000    CALL L2.00401227

00401155  |. 8945 08        MOV DWORD PTR SS:[EBP+8],EAX

00401158  |. C165 08 10    SHL DWORD PTR SS:[EBP+8],10

0040115C  |. FF15 28804000  CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>; [GetCurrentProcessId

00401162  |. 0345 08        ADD EAX,DWORD PTR SS:[EBP+8]

00401165  |. 50            PUSH EAX                                ; /<%08X>

00401166  |. 8BC7          MOV EAX,EDI                              ; |

00401168  |. 3345 10        XOR EAX,DWORD PTR SS:[EBP+10]            ; |

0040116B  |. 50            PUSH EAX                                ; |<%08X>

0040116C  |. 57            PUSH EDI                                ; |<%08X>

0040116D  |. 68 AC864000    PUSH L2.004086AC                        ; |Format = "%08X%08X%08X"

00401172  |. 53            PUSH EBX                                ; |s

00401173  |. FF15 2C814000  CALL DWORD PTR DS:[<&USER32.wsprintfW>]  ; \wsprintfW

00401179  |. 8B3D 38804000  MOV EDI,DWORD PTR DS:[<&KERNEL32.SetEnvi>;  kernel32.SetEnvironmentVariableW

0040117F  |. 83C4 14        ADD ESP,14

00401182  |. 53            PUSH EBX                                ; /Value

00401183  |. 68 88864000    PUSH L2.00408688                        ; |VarName = "__lameLauncher__"

00401188  |. FFD7          CALL EDI                                ; \SetEnvironmentVariableW

0040118A  |. 68 84864000    PUSH L2.00408684                        ; /Value = "1"

0040118F  |. 68 64864000    PUSH L2.00408664                        ; |VarName = "OMP_NUM_THREADS"

00401194  |. FFD7          CALL EDI                                ; \SetEnvironmentVariableW

i will not move further btw the server sucks so it doesnt worth the time to decrypt the gameserver packets

 

Edited by Universe
  • 2 years later...
Posted

Hi, sorry for post, but I need to bypass that server.

Server have security for all bot's, like l2tower, l2net.

When I turn on l2net, game off :(

Yeah, lameguard can do that :D

Just pm anath3ma, with a small paysafe, i'm sure he'll be able to assist you.

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...