Jump to content

Recommended Posts

Posted

Well i was using OOG walker 10.6.3 in a C4 server:

 

website: http://www.wca.com.ve

Register: http://registro.wca.com.ve/

Patch: http://rapidshare.com/files/35893244/Wcaup...pdater.zip.html

Patch mirror: http://files-upload.com/281143/Wcaupdater.zip.html

 

 

 

 

I had no problems at all using OOGwalker/IGWALKER i even programmed 7 chars to level up toguether in party.

but one gamemaster entered the game and said: "We are restarting the server for an update".

 

He restarted the server in about 5 minutes and then I could not connect any char using OOGWAlker anymore.. I got this new error i cant understand:

 

Link LogingServer Succeed

Package Error...

Login LogingServer Failed

 

 

here ill post everything i used to connect with oogwalker 10.6.3:

(Set.ini)

 

[DEFAULT]

CountryList=RUSS;venezuela;

DefaultCountry=1

DefaultServer=0

DefaultCharacter=0

DefaultAccount=

DefaultPassWord=

[venezuela]

LoginServerIP=72.232.252.211

LoginServerPort=2106

ProtocolVersion=656

ServerList=[01]BARTZ

 

(patcher.ini)

[main]

left=397

top=137

l2online=0

la2=0

gmlist=1

anchor=1

buff=1

ppe=1

java=0

token=1

token_v=0

token_patch=5F3B352E5D39342D33313D3D2D257854215E5B24

 

(option.ini)

[Options]

Title=L2Walker 10.6.3

EXE=l2walker.exe

Server=STANDART

Token=5F3B352E5D39342D33313D3D2D257854215E5B24

OffSet=$0053A4E4

GMFix=0

Rename=1

 

 

If you could help me connect to this server again using OOGWAlker i will be very pleased

 

Thank you all for your support and help in advance

Posted

I think I know whats happening... Thing is i havent got it right yet..

 

I think that the port that im sending is 2106(the one every walker uses) but the port im recieving is different...

 

What i did was download WP v5.04F which can be found at: http://saur.x33.ru/ the whole page is in another language i cant understand but i manage to download it anyway.

 

I download the program opened it and then i opened OOGWalker 10.6.3 and clicked on it (o the WP program) then i selected a token that i know is the same as the one of my server (in my case was: Avalon Lineage2.net.ua), you can find this by opening the file inside the folder of WP named "Token.wp" u compare the one yo have with the existing one... If you own the token number but its not on this file then copy at the end of this file and also at the end of "token.wp~" 3 lines:

 

ns32=The name you want here

fs32=0 0(this doesnt change

ts32=Your token here separated by spaces..

 

remember to change the number of the 3 lines... If the last line has something like:

ns31=warsmith (03.06)

fs31=0 0

ts31=5B 34 31 39 5D 39 34 2D 33 31 3D 3D 2D 25 26 40 33 5E 2B 5D

 

you copy:

ns32(it needs to be 32 instead of 31 for every new line up to the 3rd)

 

Well... after doing all this clicked on a sun icon next to the token... made sure the protocol version is the same as the set.ini in the walker configuration(on both fields) and then i went to the walker

 

Put my loging password and clicked on login... This was the new output:

 

16:37:45 WP v5.04F © Sauron

16:37:45 Link LoginServer Succeed.

16:37:48 Login LoginServer Succeed.

16:37:48 服务器[01]当前在线率:13.96%,能否登陆:能

16:37:52 服务器[01]当前在线率:13.96%,能否登陆:能

16:37:57 服务器[01]当前在线率:13.96%,能否登陆:能

16:37:59 ->Login LoginServer Fail.

 

The thing that is in chinesse means:

 

servers [01] current online rate : 13.96%, whether the landing : no

 

 

So i managed to go throw the login part but now walker tries to access the server 3 times ad logs off..

 

Can someone help me from here?

 

L2WPPv0.5.3_free WalkerPacketsPatcher by ZyB ©

 

I dont know where to find it tho... Someone gave me the configuration of this program (the one that is requested by walker in order to work):

 

(ws2_32.ini)

// L2WPPv0.5.3_free WalkerPacketsPatcher by ZyB ©

 

LF20KILL_AUTO true

LF20KILLER false

RQL_DISABLE false

MOVEPATCH false

WAITPATCH false

EXTENDSAY true

 

// Ïåðåä òåì êàê çàéòè â èãðó îáÿçàòåëüíî íàñòðîéòå ïîä ñâîé ñåðâåð (true-âêëþ÷åíî)

LINEAGEII false //demo

CLUB-IX false

LINEAGEWORLD false //demo

ABYSS false //demo

 

 

LOG false

 

// Ñëåäóþùèå íàñòðîéêè íåîáõîäèìû äëÿ ïåðåíàïðàâëåíèÿ ïàêåòîâ ÷åðåç socks5 ïðîêñè ñåðâåðà

// â ïðîãðàììàõ, íå ïîääåðæèâàþùèõ ïðîêñè (LineageII êëèåíò îäèí èç íèõ).

// ýòà âåðñèÿ äëÿ ïðîêñåé, íå èìåþùèõ ïàðîëè íà âõîä, òåñòèðîâàëàñü äëÿ WP_PPC(ñ)Sauron

PROXY false

PROXY_IP 127.0.0.1

PROXY_PORT 20260

 

 

 

If someone could help me get this tool... I will be able to use walker again.. Thank you all for your quick replay and help in advance

Posted

Just tried 10.6.4 and nothing new happens...

 

Aperently the server is using a program called hauth made by hint and its creating a filter to avoid the use of walker...

 

As you all know in the set.ini we put portnumber: 2106... Well Im able to access the server using this port but i think (im not sure) that the server is returning 21060 and I dont know what to do with this info.

 

 

Thing is that walker keeps giving me this output:

23:44:51 WP v5.04F © Sauron

23:44:51 Link LoginServer Succeed.

23:44:54 Login LoginServer Succeed.

23:44:54 服务器[01]当前在线率:7.30%,能否登陆:能

23:44:57 服务器[01]当前在线率:7.30%,能否登陆:能

23:44:59 服务器[01]当前在线率:7.30%,能否登陆:能

23:45:03 ->Login LoginServer Fail.

Posted

I am using WP504F and already tried with 10.6.0.4, I can give you a test acc and the info for the server if you want to see it for yourself, and try to help us :)

Posted

Im using eL2Walker 10.6.4 and WP v5.04F...

 

ive tried different options like disabling in the "Walker panel": Anchors... then enabling it, or disabling c buff gmlist ... I mean ive tried basicly every combination there...

 

If also tried to changing the port GServ to 7777---21060--2106---20260... I even used netstat o the cmd propmt to see if 2106 is the correct port and apperently it is.. its under the domain of: secure.monstertax.com:2106

 

when i go to the optionProxy P-C i get lost for many of the option are not understandable...(when u click on P-C on that men u things get even worse)

Posted

i havent got a test account... I cant create an account because the CP is off atm, apperently they suffered a bruteforce and they no longer allow some1 to create a new account... They open the register from time to time.. As soon as i can create a test account ill give it to u guys

Posted

http://www.maxbastards.gr/forum/index.php?topic=5498.0

 

Take a look ^^ I have the same problem, but i haven't tested it since l2x is down for maintance...

 

Yup.. Ive done my search and everything you used to make walker work is fine... The new protection is call HAUTH, it filters the package that can be sent to the server...(made by hint the same creator of hlapex). To break his security we need to use the "Proxy C-P" option that is inside the program: "WP v5.04F"... The mayor problem for me is that my knowledge doesnt go that far... Ive tried using for proxy 1: 21060 20260 7777 and for proxy2: same

 

Ive also tried to modify the options that can be found when u press the "P-C" button but everything is in either russian or in some other language or in unknown characters like "???????" and i cant understand a thing... I personally know the gamemaster of the server i use and he wont give me the right configuration to make walker work... But he made it work

 

He mentioned that the new protection takes the port 2106 and then returns 21060 or 20260, walker crashes cuz he cant find the correct port to log in

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Posts

    • Update: Advanced Rate Limiting Rate limiting is now applied to: Login attempts Account registration Password recovery Email confirmation resends WhatsApp verification Checkout access The system maintains independent counters by IP address and user identity, helping prevent traditional brute-force attacks as well as distributed credential-stuffing attempts using multiple proxies. Brute-Force and Credential-Stuffing Protection Protection is not limited to the visitor's IP address. The system also tracks attempts associated with the account, username, or email address, reducing the effectiveness of attacks performed through rotating IP addresses, proxies, or VPN services. Global HTTP Security Headers Security headers are applied across the entire website: X-Frame-Options X-Content-Type-Options Referrer-Policy HTTP Strict Transport Security These headers help protect the website against clickjacking, MIME-type confusion, insecure referrer exposure, and HTTP downgrade attempts. Secure Error Handling Internal exceptions are recorded in protected security logs while visitors receive sanitized error messages. This prevents the accidental exposure of: Internal file paths Database information SQL errors Server configuration Application stack traces Private Storage Exposure Monitoring The system automatically checks whether the private storage directory is publicly accessible in production. If exposure is detected, a security warning is recorded for the administrator without interrupting the website. This directory may contain licensing information, rate-limit records, and security logs and must never be publicly accessible. OAuth Request Protection Google and Facebook authentication flows use cryptographically random state values stored in the user's session. Returned state values are validated using constant-time comparison, helping prevent OAuth request forgery and unauthorized account-linking attacks. Telegram Authentication Validation Telegram login information is protected through: HMAC signature validation Constant-time hash comparison Authentication timestamp verification Expired-login rejection Secure Verification Tokens Email, password recovery, and WhatsApp verification systems include: Cryptographically secure random tokens Hashed WhatsApp verification codes Automatic expiration Limited verification attempts Resend cooldowns One-time token invalidation Account Activation Protection When email or WhatsApp verification is required, the game account remains restricted until all required verification steps are completed. Unverified users cannot bypass the confirmation process through standard or social login. Secure Upload Processing Administrative image uploads include: Real MIME-type inspection Image-content validation File-size limits Extension allowlists Server-generated random filenames Rejection of invalid or disguised files Original user-provided filenames are never used as the final stored filename. Path Traversal Protection Theme and template identifiers are restricted to validated slugs and must exist in the internal list of allowed themes. This prevents directory traversal and unauthorized local-file access through manipulated template names. Atomic Ticket Transfer Protection Ticket transfers use transactional and durable delivery processing. The balance is conditionally debited, the delivery is recorded before communication with the game database, and failed deliveries remain pending for safe reprocessing. This helps prevent: Free-item delivery Inconsistent balances Duplicate delivery Partial transaction failures Lost transfer records Concurrent Balance Protection Administrative balance adjustments use database transactions and row-level locking. This prevents simultaneous balance operations from overwriting each other or creating inconsistent account balances. Secure Redirect Handling Redirect values are sanitized against header injection, and external redirects are restricted to HTTPS destinations. Password Security Improvements The website uses modern password hashing for player-panel accounts and bcrypt with a configurable cost for supported game-server account systems. Compatibility is included for game-server implementations requiring the $2a$ bcrypt prefix. Duplicate Payment Prevention Built-in protections include: Idempotency control Transaction reference validation Payment status verification Unique external payment references Database transactions and rollback Durable payment history Completed-order verification These protections prevent: Double credits Repeated processing Duplicate payment callbacks Incomplete financial operations Signed Payment Callback Protection Payment callbacks are protected through: HMAC-SHA256 authentication Constant-time signature comparison Signed callback timestamps Callback freshness validation Shared callback secrets This helps prevent forged payment notifications, callback manipulation, and replay attacks. SQL Injection Protection The database layer uses: PDO Prepared statements Parameter binding Controlled internal allowlists for dynamic identifiers User-controlled values are not directly concatenated into SQL queries. XSS Protection Output and form data are protected through: HTML escaping Attribute escaping Input filtering HttpOnly session cookies MIME-sniffing protection Frame embedding restrictions These measures reduce the risk of Cross-Site Scripting, malicious HTML injection, session theft, and clickjacking. CSRF Protection Sensitive forms and administrative operations use session-based CSRF tokens. Requests without a valid token are rejected, helping prevent unauthorized actions performed through malicious external websites. Secure Session Protection The session system includes: HttpOnly cookies Secure cookie support SameSite restrictions Session ID regeneration Authentication state validation Session timeout controls These protections reduce the risks of session fixation, session theft, and unauthorized account reuse. reCAPTCHA Protection Google reCAPTCHA may be enabled on sensitive public forms to reduce: Automated account registrations Spam submissions Bot login attempts Automated password recovery abuse Confirmation Resend Limits Email and WhatsApp confirmation resends are protected through: Cooldown periods Rate limiting Expiring verification codes Attempt counters This prevents verification-message flooding and excessive external API usage. Licensing and Anti-Cloning Protection The website includes centralized licensing controls with: License-key validation Domain binding Signed license responses Cached license validation Temporary offline grace period Circuit-breaker protection Unauthorized-domain rejection These measures help prevent unauthorized installation, cloning, and redistribution of the system.
    • Tool that allows you to download the Lineage 2 game client directly from the official publisher CDNs. It fetches the CDN's file list and downloads every patch file, decompresses it (LZMA / Zip) and writes the finished client to disk — and can resume or repair an existing installation instead of starting over. It runs several client downloads at once through a batch queue, so you can prepare multiple regions or versions in a single session.   Supported: NCSoft CDNs (TW / KR / JP / NA) and  4game CDNs(RU / EU)   Download: https://drive.google.com/file/d/11SDcNASqO2GKOBT79LFu7mqvSRSJZvBS
    • https://l2avokado.com/ Hello everyone,   After some time of development, we've decided to open L2Avokado to the public in its current development stage. We're looking for players who enjoy Interlude and would like to help shape the project before its official release.   This isn't a "launch" announcement. Instead, we're inviting the community to log in, explore the server, test the systems we've built, and provide honest feedback. Whether it's bug reports, balance suggestions, progression ideas, or quality-of-life improvements, we'd love to hear them.   Our goal has always been to create an Interlude server that feels familiar while offering a fresh progression experience. We've intentionally avoided custom weapons, armor, and client modifications. Instead, we've focused on redesigning progression through reworked hunting grounds, quests, crafting, and gameplay systems while remaining compatible with a clean Interlude client.   At this stage, the core progression path has been implemented, including the main hunting grounds, quests, custom systems, and events. However, as the project is still under active development, there will inevitably be bugs, balance issues, and areas that require further polishing.   This is exactly why we'd like your help.   We're looking for players who are willing to: Test gameplay and progression. Report bugs and exploits. Suggest balance improvements. Share ideas for new features or quality-of-life changes. Help us build a server that the community genuinely enjoys playing.   The Client and System downloads are already available on our website, so you can jump straight into the game. We're also working on a dedicated launcher that will simplify installation and future updates.   If you're interested in helping develop a unique Interlude project and want your feedback to genuinely influence the direction of the server, we'd love to have you with us.   We look forward to seeing you in-game and hearing your thoughts on Discord. https://l2avokado.com/
  • Topics

×
×
  • Create New...

Important Information

This community uses essential cookies to function properly. Non-essential cookies and third-party services are used only with your consent. Read our Privacy Policy and We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..