Lameguard Bypass (Ava, Cartel, Tales)

[Szakalaka]

Hi :) Since lameguard is so ancient and many people prefer tower over other bots, i decided do upload the bypass for l2tower. This will also prevent you from getting banned. Happy botting ~~

Load the Bypass.dll with ur favourite inejctor at login or char selection screen and wait for the messagebox (up to 10 seconds usually).

Then load tower into process, log in, voila! In newer tower u have to mess around with injection settings.

 

http://imgur.com/ndDUj85

http://imgur.com/NVihCWL

 

Let me know if it worked below, thanks!

 

Link: http://www33.zippyshare.com/v/FBgYwDZ7/file.html

 

And please dont pm me for other antibots, i may do some stuff when im free ^_^

Edited October 8, 2015 by Szakalaka

[Solomun]

Nice nice...If its working, good job :P! Thanks for sharing this...Even if i hate tower i may use this one sometime.

[krystianeczzek]

Nice, thanks

[AchYlek]

work fine but tower is outdated and 3h licence is shit )

[haenir]

Any news about cracking tower for global or adre 1.99 crack?

[AlmostGood]

Any news about cracking tower for global or adre 1.99 crack?

do you also want my wallet or car?

[adr.bot]

do you also want my wallet or car?

sure why not xd

[AchYlek]

working also at l2-realm )

[Szakalaka]

Good to know. May the era of lameguard be endeed ^_^

[fxb0t]

Good work Sza. I tried to do the same shit (Im inexperienced in RE) but Thermida kills the process everytime it detects a debugger :)

[Szakalaka]

Of course the protectors dont like debuggers :) It is complex stuff but the good fact is that every file packed with the same protector uses the same antidebug checks so they are widely known and documented, just look it up somewhere. Unpacking isnt easy tho, but there is no need to do so, just observer gameguard.des during runtime.

[fxb0t]

Hello and thanks for the answer.

 

I RE'd your dll and i've seen that you patched gameguard.des (No c/p, i swear!) but my problem is that I cant find where the l2.bin calls the gameguard.des or where its loaded. I scanned threads with ProcessExplorer but i can't find it, so i was trying to Debug l2.bin during runtime so I find when it calls the module. 

[Szakalaka]

No problem that someone reversed my dll. If i wanted people not do so i would make obfuscation + pack, but i just left it alone so people actually may see what do i patch AND THEN thnk "why he does patch this and why it works ?". It is much better than spoonfeeding random people :)

 

And if u ask how it loads: its either LoadLibrary or import from the l2.bin i dont remember. But if u cant load the target in debugger then its irrelevant because u wont see it anyways

 

Btw wow you got acc from 2006 :D

Edited October 24, 2015 by Szakalaka

[fxb0t]

Hey again,

 

Yes i've been leecher for many years in this forum. I've joined when i was 10 years old? Anyway, I had some progress yesterday, i found the load of gameguard.des also i managed to debug the l2.bin,but there's another protection of Themida which sets a breakpoint when you try to modify l2.bin. :)

 

Gameguard.des uses XOR encryption btw?

Edited October 25, 2015 by fxb0t

[Szakalaka]

Well you cannot modify l2.bin without unpacking but its not needed to unpack it. You are writing a bot, not some crack so packer means literally ntohing because u focus on runtime.

 

By the way, what do you want to achieve in the end?