[GUIDE] Getting around bakeice - The simple way

[gerenda110]

thanks

[sekyyy]

what about making a simple guide ow to bypass it and sticky?...my english is too bad to understand this one ;)

[eXploiterZ]

woow cool! ty

[noodle]

hard way but i will try that concept in my own server

[crowbr]

So here it is, I'm done with l2mega (It was yet another server that was going to destroy itself with the custom trash)

 

The idea is extremely simple, I think everybody will agree.

 

Securities that only change the login process, such as bakeice, are completely useless. You can bypass them all the same way... so here it is

Concept

"official" represents the bakeice client

"walker" represents any other client you want to connect to your server with

 

The method~

Official login: real login, then at GameServer send ProtocolPacket, recieve KeyInit, send RequestAuthLogin, kick official client

Walker login: fake local login, at GS-> ignore ProtocolPacket, recieve official KeyInit, ignore RequestAuthLogin, and then it's ready, stream the server connection to the walker connection

 

The official client has to do the RequestAuthLogin because it requires keys that were sent at loginserver

 

Proof of concept:

This requires 2 computers, physical or not (L2 works now in vmware 6.5b :D ).

For this simple demo I made to show the idea, walker connects to 127.0.0.1:2106 (direct), and official is on the other comp. The official client is proxied to the walker computer (SOCKSv5, port 1999)

 

First login with the right username on the walker client, select the only server and enter, the console will display Local connection waiting. Now, login with the official client and enter the real server you want

 

Your walker client should now be at char selection screen, done~

 

Note: the reason you have to login with the same username for the fake local login is that if your usernames don't have the same length, the XOR key will be corrupted, as there is no encryption handling in this application.

 

This executable requires the .net framework 2.0

 

http://www.mediafire.com/?mlchm2pzmxw

 

The source is included, and in source/resources/ there are the C4 and IL loginserver packets for the fake local connections

 

My app also supports OOG connections on port 2107 but you need an IL-C5 interface and I did that as a module of my own packet editor, and it's not ready for release

 

 

Back to retail ~ !

 

You have L2walker for l2mega? Please send me a link for download: gmmaku@gmail.com

 

[rostol]

The method~

Official login: real login, then at GameServer send ProtocolPacket, recieve KeyInit, send RequestAuthLogin, kick official client

Walker login: fake local login, at GS-> ignore ProtocolPacket, recieve official KeyInit, ignore RequestAuthLogin, and then it's ready, stream the server connection to the walker connection

 

The official client has to do the RequestAuthLogin because it requires keys that were sent at loginserver

 

You sir are a genius... this is awesome work.

[ppconde]

usefull+hard but still very good post ;D

[facuzz]

thanks, so useful.

[raiderek]

I prefer ZoOoOoM's method but this one works too for me!

[Baalzephon]

Thx, good info and nice job :)

[icetalker]

Hey I tried the simplified guide but that didn't work for me so I want to try the one with virtual machine. I got a question.. What kind of virtual machine can you use or it doesn't matter? Can i use windows virtual machine?

 

yay 100th post!

 

Plus where did you learn/come up with this kind of stuff? Computer networking or what? and how do you know if your server has bake-ice? On mine i can bot for about a minute and then i get my upload connection cut off. I can still download. Is that bake ice?

[LikMeBallen]

use vm-ware :D

[•̪̀●๖ۜNΩ ۜNaMε™]

It is hard...

[FossilSnake]

I know this thread is old... but is there any chances to get l2fork working for hellbound?