wongerlt Posted February 5, 2024 Posted February 5, 2024 (edited) Sharing is caring This is similar topic to just with it u can decrypt 1.5.2.2 version files. Everything same just source code different: main.cpp #include <string> #include <iostream> #include <fstream> #include <map> #include "hook.h" typedef BOOL(WINAPI *_ReadFile) (HANDLE hFile, char *lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped); _ReadFile true_ReadFile; typedef HANDLE(WINAPI *_CreateFileW) (LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); _CreateFileW true_CreateFileW; std::map<int, DWORD> Handles; void fileputcontents(const std::string& name, char* content, DWORD size, bool append = false) { std::ofstream outfile; if (append) outfile.open(name, std::ios::app | std::ios::binary); else outfile.open(name, std::ios::binary); outfile.write(content, size); } int file = 0; BOOL WINAPI new_ReadFile(HANDLE hFile, char *lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped) { bool result = true_ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped); std::map<int, DWORD>::iterator it = it = Handles.find((int)hFile); if (it != Handles.end()) { std::string filename; file++; filename = "decrypted_file.txt"; if (file == 1) { fileputcontents(filename, lpBuffer, nNumberOfBytesToRead); } else { fileputcontents(filename, lpBuffer, nNumberOfBytesToRead, true); } } return result; } HANDLE WINAPI new_CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile) { HANDLE true_handle = true_CreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile); if (wcsstr(lpFileName, L"SysString-e.dat") != 0) { std::map<int, DWORD>::iterator iter = Handles.find((int)true_handle); Handles.insert(std::make_pair((int)true_handle, (DWORD)0)); } else { std::map<int, DWORD>::iterator iter = Handles.find((int)true_handle); if (iter != Handles.end()) Handles.erase(iter); } return true_handle; } bool SetHooks(void) { FARPROC addr; HANDLE hEngine = LoadLibraryA("engine.dll"); if ((addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "ReadFile")) == 0) return false; true_ReadFile = (_ReadFile)splice((unsigned char*)addr, new_ReadFile); if ((addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "CreateFileW")) == 0) return false; true_CreateFileW = (_CreateFileW)splice((unsigned char*)addr, new_CreateFileW); return true; } int load(void) { return 0; } BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { if (fdwReason == DLL_PROCESS_ATTACH) { if (!SetHooks()) { return false; } } return true; } hook.h https://pastebin.com/V90efrHJ hook.cpp https://pastebin.com/LG92sS4b 1. CFF Explorer part: in ogg.dll file. https://prnt.sc/sl91ylUn1B18 https://prnt.sc/NkkBPbailjZH SmartDecrypt.dll must be before npkscrypt.dll Compiled Version: vs2017 (v141 xp) https://drive.google.com/file/d/1J4_OQS0dq5UD119xHi06Ve5028Ht-IWg/view?usp=sharing If u want decrypt example interface.u/xdat/or other file then just rename it to SysString-e.dat and run l2.exe (you will get error just click ok) after all in system folder must appear decrypted_file.txt. (this file will be encrypted with regular l2encrypt (413/111 and etc..) Edited February 5, 2024 by wongerlt 2
maxicroma Posted February 16, 2024 Posted February 16, 2024 Hello there after follow to the letter your guide im stuck with the final file called "decrypted_file.txt" ,i used this tool to decrypt the regular encrypt (413). also i attached the file wich im try to decrypt https://www.mediafire.com/file/b6xqfaov3yea91y/systemmsg-e.dat/file
wongerlt Posted February 16, 2024 Author Posted February 16, 2024 9 minutes ago, maxicroma said: Hello there after follow to the letter your guide im stuck with the final file called "decrypted_file.txt" ,i used this tool to decrypt the regular encrypt (413). also i attached the file wich im try to decrypt https://www.mediafire.com/file/b6xqfaov3yea91y/systemmsg-e.dat/file Decrypted: https://www.mediafire.com/file/0bj7p05cl64q1at/systemmsg-e.dat/file 1
maxicroma Posted February 17, 2024 Posted February 17, 2024 wow its working ,maybe you can give me a little hand of how to do it :D? (i have a lot files to decompile to ) ,maybe my regular decompiler its not working?
wongerlt Posted February 17, 2024 Author Posted February 17, 2024 4 hours ago, maxicroma said: wow its working ,maybe you can give me a little hand of how to do it :D? (i have a lot files to decompile to ) ,maybe my regular decompiler its not working? Rename decrypted_file.txt to orginal one and then u can use l2 file editor
maxicroma Posted February 17, 2024 Posted February 17, 2024 5 hours ago, wongerlt said: Rename decrypted_file.txt to orginal one and then u can use l2 file editor Well ,i do this ,but first i need to decrypt it with a regular decryter no? this its the file that i get after use the SmartDecrypt.dll on the ogg.dll https://www.mediafire.com/file/2q606t5jqkz2cx7/decrypted_file.txt/file First of all sorry for double post . Finally it working for me ,i screw up on the CFF part ,i forgot to check the "create new section"
Dunk3L Posted August 1, 2024 Posted August 1, 2024 On 2/5/2024 at 9:30 AM, wongerlt said: Sharing is caring This is similar topic to just with it u can decrypt 1.5.2.2 version files. Everything same just source code different: main.cpp #include <string> #include <iostream> #include <fstream> #include <map> #include "hook.h" typedef BOOL(WINAPI *_ReadFile) (HANDLE hFile, char *lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped); _ReadFile true_ReadFile; typedef HANDLE(WINAPI *_CreateFileW) (LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); _CreateFileW true_CreateFileW; std::map<int, DWORD> Handles; void fileputcontents(const std::string& name, char* content, DWORD size, bool append = false) { std::ofstream outfile; if (append) outfile.open(name, std::ios::app | std::ios::binary); else outfile.open(name, std::ios::binary); outfile.write(content, size); } int file = 0; BOOL WINAPI new_ReadFile(HANDLE hFile, char *lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped) { bool result = true_ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped); std::map<int, DWORD>::iterator it = it = Handles.find((int)hFile); if (it != Handles.end()) { std::string filename; file++; filename = "decrypted_file.txt"; if (file == 1) { fileputcontents(filename, lpBuffer, nNumberOfBytesToRead); } else { fileputcontents(filename, lpBuffer, nNumberOfBytesToRead, true); } } return result; } HANDLE WINAPI new_CreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile) { HANDLE true_handle = true_CreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile); if (wcsstr(lpFileName, L"SysString-e.dat") != 0) { std::map<int, DWORD>::iterator iter = Handles.find((int)true_handle); Handles.insert(std::make_pair((int)true_handle, (DWORD)0)); } else { std::map<int, DWORD>::iterator iter = Handles.find((int)true_handle); if (iter != Handles.end()) Handles.erase(iter); } return true_handle; } bool SetHooks(void) { FARPROC addr; HANDLE hEngine = LoadLibraryA("engine.dll"); if ((addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "ReadFile")) == 0) return false; true_ReadFile = (_ReadFile)splice((unsigned char*)addr, new_ReadFile); if ((addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "CreateFileW")) == 0) return false; true_CreateFileW = (_CreateFileW)splice((unsigned char*)addr, new_CreateFileW); return true; } int load(void) { return 0; } BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) { if (fdwReason == DLL_PROCESS_ATTACH) { if (!SetHooks()) { return false; } } return true; } hook.h https://pastebin.com/V90efrHJ hook.cpp https://pastebin.com/LG92sS4b 1. CFF Explorer part: in ogg.dll file. https://prnt.sc/sl91ylUn1B18 https://prnt.sc/NkkBPbailjZH SmartDecrypt.dll must be before npkscrypt.dll Compiled Version: vs2017 (v141 xp) https://drive.google.com/file/d/1J4_OQS0dq5UD119xHi06Ve5028Ht-IWg/view?usp=sharing If u want decrypt example interface.u/xdat/or other file then just rename it to SysString-e.dat and run l2.exe (you will get error just click ok) after all in system folder must appear decrypted_file.txt. (this file will be encrypted with regular l2encrypt (413/111 and etc..) Hi, I got the error "invalid pe file possible reason: no export table present" in CFF when I try to add the dll file in L2.exe, any idea what's happening?. btw I used vs2013 I appreciate your support
Victory Posted August 1, 2024 Posted August 1, 2024 1 hour ago, Dunk3L said: Hi, I got the error "invalid pe file possible reason: no export table present" in CFF when I try to add the dll file in L2.exe, any idea what's happening?. btw I used vs2013 I appreciate your support Okay I'm pretty sure there was already compiled one shared by @wongerlt. Yeah there you go.
Dunk3L Posted August 1, 2024 Posted August 1, 2024 (edited) 14 minutes ago, Victory said: Okay I'm pretty sure there was already compiled one shared by @wongerlt. Yeah there you go. I got it... Edited August 1, 2024 by Dunk3L 1
Denza Posted August 5 Posted August 5 On 2/17/2024 at 2:02 AM, wongerlt said: Decrypted: https://www.mediafire.com/file/0bj7p05cl64q1at/systemmsg-e.dat/file Hello Can you try pls my file too ? I did everything according to the instructions. I got decrypted file.txt But ActiveAnticheatCrypt remained there. https://www.mediafire.com/file/2dg2il427txb6td/SysString-e.dat/file I did everything according to the instructions. I got decrypted file.txt But ActiveAnticheatCrypt remained there.
Vision Posted August 6 Posted August 6 On 8/5/2025 at 3:17 AM, Denza said: Hello Can you try pls my file too ? I did everything according to the instructions. I got decrypted file.txt But ActiveAnticheatCrypt remained there. https://www.mediafire.com/file/2dg2il427txb6td/SysString-e.dat/file I did everything according to the instructions. I got decrypted file.txt But ActiveAnticheatCrypt remained there. Make a topic with your own issue and don't spam here. Thank you!
wongerlt Posted August 16 Author Posted August 16 On 8/5/2025 at 3:17 AM, Denza said: Hello Can you try pls my file too ? I did everything according to the instructions. I got decrypted file.txt But ActiveAnticheatCrypt remained there. https://www.mediafire.com/file/2dg2il427txb6td/SysString-e.dat/file I did everything according to the instructions. I got decrypted file.txt But ActiveAnticheatCrypt remained there. Working and with Active Anti Cheat Crypt. there is: https://pastebin.com/ESvWBZ4H
vnesnasnow Posted October 25 Posted October 25 Please help me decrypt these files, I can't do it. https://wdho.ru/ky2q
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now