Jump to content
MaxCheaters Official Group on X
MaxCheaters Official Group on Discord
ad: Lineage II Einhovant x1 - Improve Classic 1.0

Smart Guard's Smart Crypt Is A Scam!

kavar.dyminsky
 Share

Recommended Posts

kavar.dyminsky Newbie

kavar.dyminsky

Posted
Posted
I represent all clients that bought this software. 
Smart guard, be honest with yourself and refund every noob that you sold it to.
 
Instructions:
Decrypt any files protected by SmartCrypt with effectively two lines of code.
 
SmartCrypt can be bypassed simply by loading the file you want into memory via the Core.dll method appLoadFileToArray
The array loaded by appLoadFileToArray will be completely free of any encryption, it can then be saved to file, I personally use appSaveArrayToFile as the Core already has this function for us.
 
This proof of concept was created on the Interlude client but should work without issue on any client version.
The following code must be compiled using Visual Studio as a DLL and the resulting DLL should be attached to l2.bin
 
Attaching DLL Instructions


Download Explorer Suite http://www.ntcore.com/exsuite.php
Use CFF Explorer to open L2.bin
On the left side, click "Import Adder"
Click "Add", locate your compiled DLL file
In "Exported Functions" box click "DllMain" then click "Import By Name"
Click "Rebuild Import Table"
On the left side, click "Rebuilder"
Click "Bind Import Table" check box then click "Rebuild"
Save L2.bin (Keep a backup of original ofc)

 
#include <windows.h>
 
void DumpFile()
{
typedef void (__cdecl *f_appLoadFileToArray)(char *, wchar_t *, int);
typedef void (__cdecl *f_appSaveArrayToFile)(char *, wchar_t *, int);
 
f_appLoadFileToArray appLoadFileToArray = (f_appLoadFileToArray)GetProcAddress(GetModuleHandleA("Core.dll"), "?appLoadFileToArray@@YAHAAV?$TArray@E@@PBGPAVFFileManager@@@Z");
f_appSaveArrayToFile appSaveArrayToFile = (f_appSaveArrayToFile)GetProcAddress(GetModuleHandleA("Core.dll"), "?appSaveArrayToFile@@YAHABV?$TArray@E@@PBGPAVFFileManager@@@Z");
 
char TArray[0x14];
memset(TArray,0,0x14);
 
appLoadFileToArray(TArray, L"..\\System\\Interface.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
appSaveArrayToFile(TArray, L"..\\System\\Interface.decrypted.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
}
bool dumped = false;
void StartCheck()
{
// wait until WinDrv is loaded just so we know everything we need is initialized correctly
if (GetModuleHandleA("WinDrv.dll") != NULL) {
if (!dumped) {
DumpFile();
dumped = true;
}
}
}
__declspec(dllexport) BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
StartCheck();
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
 
Below are screenshots of a successfully decrypted SmartCrypt protected Interface.u with source fully viewable via UTPT
 
post-193482-0-83528400-1472863106_thumb.jpg
post-193482-0-41080000-1472863098_thumb.jpg
 
The words of the developer:
"Private encryption keys - 100% safety!"
"Protected files are guaranteed from being modified or viewed"
 
That's your chance to claim your money back and quit wasting money.
 
 
I wasn't sure where was the best place to stick this topic as it didn't really fit into the categories so if a mod feels it's better placed somewhere else feel free to move it, thanks!
  • Thanks 1
imtheboss2012 Newbie

imtheboss2012

Posted
Posted

*haha*

 

 

 

not

 

thought it was some bypass for smartguard, people will still buy it, no matter if there are some backdoors on files. eglobal also had some shitty things on their system and people still played there. 

Szakalaka Newbie

Szakalaka

Posted
Posted

It's true for everything, see how themida managed to protect retail client files, wow

 

Do you realise they are using 10 yo version without any special features? There are even scripts for those who do not know how to unpack basic stuff

  • 3 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


  • Posts

    • HoldOnch1k
      [L2OFF] ElmoreLab - Harbor C1

      By HoldOnch1k · Posted

      ElmoreLab Harbor - Eternal C1 x1: ✅ https://harbor.elmorelab.com ElmoreLab Harbor - Eternal C1 x1 - is an exclusive server of the Eternal C1 chronicles from the top project ElmoreLab Harbor.   A unique server of its kind, on which everyone will have maximum pleasure, such as oldschool players who dream of nostalgia and to feel the warmest and classic C1 chronicles, as well as experienced players who are tired of thousands unbalanced servers of late chronicles. Due to the professional corrections of the balance system and the HONEST gameplay system - on this server, EVERY player will feel like in their own, warm and cozy Harbor C1. Let's return to the origins of L2 - back to 2004 in C1! ❤️   ⭐ Server characteristics:   STRICTLY 1 window, NO BOXES Bans for RMT and bots/cheats No donations with benefits Unique and high-quality PTS-build from Master Toma Professional corrections and full class-balance Reworked economy and closed all abuses Improved animations and all aspects of the game Exclusive HD-client with high-quality textures Experienced administration and management Fixed all bugs, geodata, exploits and holes Maximum sociality due to the 1-box system Discovering, exploring and researching Big online International server Nostalgia and oldschool-feelings   Rates: x1 Server start: 14.02.2025   The server is at the final stages of development and preparation for release. Information on the server will be updated, soon the patchnotes and changes/edits will be posted. Don't miss the legendary and epic experience on the best server in the last 20 years! ❤️ Join our C1-forum with a lot of information about server and active discussions.   ⭐ Website: https://harbor.elmorelab.com   ✅ Forum: https://forum-harbor.elmorelab.com   💥 Telegram: https://t.me/l2harbor https://t.me/l2harbor_chat   ⚡ Discord: https://discord.gg/harborelmorelab
    • Celestine
      L2server DiscordOverlay & WindowName (One Time & Permanent)

      By Celestine · Posted

      Understood Good luck with your sales buddy!
    • AntiVirus
      L2server DiscordOverlay & WindowName (One Time & Permanent)

      By AntiVirus · Posted

      yeah ok, if you say what is fuctional 100% i can't say something different 😛  but if someone find hard to compile it or get vs and all that things i have here one more simple way here to put overlay in your own server or to change your window name with few money.
    • Celestine
      L2server DiscordOverlay & WindowName (One Time & Permanent)

      By Celestine · Posted

      I've been using this for 2 years now with no issues from Discord. I don't use ogg.dll either. This one works with any l2.exe too; I don’t see any difference between them.
    • AntiVirus
      L2server DiscordOverlay & WindowName (One Time & Permanent)

      By AntiVirus · Posted

      hmm.. ok i just see that, is different code first of all. My sources is totally different based in other way, with else libraries.  I have access to modify everything even to make the clock to stop show how many time users play in server. 1) so maybe keep some personal info more hide. 2) i dont use ogg.dll 3) i create it and give it ready + support to install it. Plus what is mine can working with what ever .exe you want not just l2 with same simple method. And i am sure if you try this source to compile it, after 3 hours discord will like shadowban your API too thats my source

  • Topics

×
×
  • Create New...