Jump to content
MaxCheaters Official Group on Discord
Top.MaxCheaters.com is now OPEN – Lineage 2 Top Listing
L2JForge.live Interlude Premium Emulator

Smart Guard's Smart Crypt Is A Scam!

kavar.dyminsky
 Share

Recommended Posts

kavar.dyminsky Newbie

kavar.dyminsky

Posted
Posted
I represent all clients that bought this software. 
Smart guard, be honest with yourself and refund every noob that you sold it to.
 
Instructions:
Decrypt any files protected by SmartCrypt with effectively two lines of code.
 
SmartCrypt can be bypassed simply by loading the file you want into memory via the Core.dll method appLoadFileToArray
The array loaded by appLoadFileToArray will be completely free of any encryption, it can then be saved to file, I personally use appSaveArrayToFile as the Core already has this function for us.
 
This proof of concept was created on the Interlude client but should work without issue on any client version.
The following code must be compiled using Visual Studio as a DLL and the resulting DLL should be attached to l2.bin
 
Attaching DLL Instructions


Download Explorer Suite http://www.ntcore.com/exsuite.php
Use CFF Explorer to open L2.bin
On the left side, click "Import Adder"
Click "Add", locate your compiled DLL file
In "Exported Functions" box click "DllMain" then click "Import By Name"
Click "Rebuild Import Table"
On the left side, click "Rebuilder"
Click "Bind Import Table" check box then click "Rebuild"
Save L2.bin (Keep a backup of original ofc)

 
#include <windows.h>
 
void DumpFile()
{
typedef void (__cdecl *f_appLoadFileToArray)(char *, wchar_t *, int);
typedef void (__cdecl *f_appSaveArrayToFile)(char *, wchar_t *, int);
 
f_appLoadFileToArray appLoadFileToArray = (f_appLoadFileToArray)GetProcAddress(GetModuleHandleA("Core.dll"), "?appLoadFileToArray@@YAHAAV?$TArray@E@@PBGPAVFFileManager@@@Z");
f_appSaveArrayToFile appSaveArrayToFile = (f_appSaveArrayToFile)GetProcAddress(GetModuleHandleA("Core.dll"), "?appSaveArrayToFile@@YAHABV?$TArray@E@@PBGPAVFFileManager@@@Z");
 
char TArray[0x14];
memset(TArray,0,0x14);
 
appLoadFileToArray(TArray, L"..\\System\\Interface.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
appSaveArrayToFile(TArray, L"..\\System\\Interface.decrypted.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A")));
}
bool dumped = false;
void StartCheck()
{
// wait until WinDrv is loaded just so we know everything we need is initialized correctly
if (GetModuleHandleA("WinDrv.dll") != NULL) {
if (!dumped) {
DumpFile();
dumped = true;
}
}
}
__declspec(dllexport) BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved )
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
case DLL_THREAD_ATTACH:
StartCheck();
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
 
Below are screenshots of a successfully decrypted SmartCrypt protected Interface.u with source fully viewable via UTPT
 
post-193482-0-83528400-1472863106_thumb.jpg
post-193482-0-41080000-1472863098_thumb.jpg
 
The words of the developer:
"Private encryption keys - 100% safety!"
"Protected files are guaranteed from being modified or viewed"
 
That's your chance to claim your money back and quit wasting money.
 
 
I wasn't sure where was the best place to stick this topic as it didn't really fit into the categories so if a mod feels it's better placed somewhere else feel free to move it, thanks!
imtheboss2012 Newbie

imtheboss2012

Posted
Posted

*haha*

 

 

 

not

 

thought it was some bypass for smartguard, people will still buy it, no matter if there are some backdoors on files. eglobal also had some shitty things on their system and people still played there. 

Szakalaka Newbie

Szakalaka

Posted
Posted

It's true for everything, see how themida managed to protect retail client files, wow

 

Do you realise they are using 10 yo version without any special features? There are even scripts for those who do not know how to unpack basic stuff

  • 3 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • Posts

    • ZhangX
      WTB: L2OFF C++ Source Freya/H5 | Budget 500-2000 EUR

      By ZhangX · Posted

      Never buy from gx gustavo orellano, he's a scammer.  
    • finalpanais
      i need help with c3 system...

      By finalpanais · Posted

      Good evening everyone! I wouldn't normally ask for help with something like this, but I'm honestly stuck and can't figure it out anymore. I have a C3 pack (I'll also include the link below since it took me a while to find a good one with everything needed to run it): (https://www.mediafire.com/file/glhnscql6hkd6ra/l2jnvc3_rev178_Greenhope_l2j_%2Bjava_%2Bsql.zip/file) The problem is that I'm completely stuck on one thing. No matter what I do, I can't log in. I keep getting a "wrong protocol" error. I've tried changing the protocol from 550–700 all the way to 1–999. I've tested many different C3 versions and every main system I could find, but I still haven't managed to log in successfully. I'm not sure if I'm doing something wrong when saving the .ini file after changing it to my server's IP address. If anyone could help me, I would really appreciate it. I'll keep the server online so that if someone is willing to assist, they can try logging in and help me figure out what's wrong. Server IP: 194.219.108.63 Thank you very much in advance to anyone who decides to take the time to help me. I'd really love to get this pack running properly and preserve it for the future.
    • Databay
      █ 7,000,000+ RESIDENTIAL PROXIES ✅ FROM 0.65$ / GB █

      By Databay · Posted

      This is a bump: https://databay.com/
    • Anosim
      Reliable SMS Activations & Rentals – 100% Physical SIMs

      By Anosim · Posted

      Anosim Update   - New updated design is live - Free Numbers added on the mainpage - Use free numbers for activation - Receive SMS for free   ⸻   New Blog added Future news, updates and platform changes will be posted there   ⸻   Partner Section added New space for partners and integrations   ⸻   New Websites for Activation added   🇩🇪 Germany wg-gesucht.de dikidi.net 🇨🇭 Switzerland Tutti.ch Ricardo.ch 🇦🇺 Australia Gumtree.com.au 🇬🇧 UK Askable.com   ⸻   New Countries added for Activation   🇦🇷 Argentina 🇧🇬 Bulgaria 🇨🇲 Cameroon 🇭🇷 Croatia 🇬🇷 Greece 🇰🇿 Kazakhstan 🇲🇦 Morocco   ⸻   New Full Rent 🇬🇪 Georgia +995 Numbers Full Rent now available Real SIM Cards No VoIP   ⸻   Available now on https://anosim.net
    • Anosim
      Proxied.com - 5G Dedicated Mobile Proxies – Germany 🇩🇪

      By Anosim · Posted

      Shadowsocks Released   World’s first Dedicated Mobile Proxy with Shadowsocks support. Dedicated 4G/5G mobile proxies can now be used with Shadowsocks.   New dedicated mobile proxy locations added: 🇩🇪 Germany (Leipzig) 🇳🇬 Nigeria (Lagos) 🇺🇸 USA (South Haven)   Also available: 🌐 Residential Proxies from $1/GB   ⚡️ Datacenter Proxies from $0.50/GB   Available now on Proxied.   https://proxied.com For Free Trials, write us a DM with your registered E-mail.

  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..