Open discussion about sending packets to L2 server.GG,l2phx,hlapex...other

[Blitztrager]

I posted in this section because it is about exploits and I don't need big help just kind of discussion with experienced people.

 

 

Firstly I know hlapex is not working in 99,99% of L2 servers :D

 

As you probably know most (or maybe all) servers are protected by GameGuard=GG. I heard most L2 servers have additional tool with name anti-Hlapex. Does it mean GG is not able to detect hlapex? What is preventing to send illegal packets? I mean what software is checking if sent packet is allowed or not - GG or another anti-hacker tool?

 

What's about L2phx. Is GG able to detect it? If yes then we have to bypass GG to allow to send illegal packets. I have never done it but I know it is  possible and I saw few posts about it on this forum. The question is: is there another software, on server side, which can detect l2phx automatically?

If I bypass GG which I believed is on my client side will I be able to use any 'not allowed' tools? I will talk about it later.

 

 

AFAIK (as far as I know) there are two ways to disable GG.

1) kill it - no GG running during your L2 session - is it still possible?

2) emulating - GG is working but ... there is another question. If we emulate GG does it mean we can use any hacking tool normally blocked by GG?

 

 

I started testing L2phx on old C4 servers because I want to learn how to use l2phx for more complex hacking :D

It was not a problem to send a simply "Chat" packet. I did it and my packet was accepted by l2 server and text was displayed for everyone. It means sending  legal packet is allowed on this server - Server was not able to distinguish legal packet sent by L2 client and my prepared packet sent by l2phx - it is  good news!!! As somebody wrote on this forum L2 client is not doing anything more than sending packets to L2 server and this is true :)

 

 

 

 

p3tr0s wrote http://www.maxcheaters.com/forum/index.php?topic=2158.msg14598#msg14598

 

2)The problem is not the GG... The problem is in the restrictions of the packets that clients can send...

 

I understand client should not be allowed to send all kinds of packets. However hlapex was able to send packet to obtain super abilities like GM-skills,  over buff, adena etc - I know it was possible some months ago but ... do you know how it was possible?

Lets think about buff stacking.

If you used only L2 client and click on link provided by NPC Newbie buffer you got the same buff as many times as you wanted BUT they did not stack. In  other words it was not possible to stack buffs using L2 client on this way. However it was possible using prepared NPC_Newbie_Buff packet. How? What was  the difference between packet sent by L2 client and hlapex?

 

Another thing - I wonder why Hlapex is not working on almost all servers because:

1)GG is blocking this tool //true or not?

2)there is another security tool which is blocking Hlapex //true or not?

 

There is one sure thing - hlapex is blocked but I wonder how? Anything sent by hlapex is blocked OR it is not possible to run hlapex and login to server?

 

As you know there is another tool L2phx which role is sending/blocking modified or not packets. I suppose the same like hlapex but it was/is NOT blocked.  You still can send legal packet and use some exploits like getting as many adena as you want- see post  http://www.maxcheaters.com/forum/index.php?topic=8876.0  . I think it is not working now but ... it was possible to send modified packets to L2 server and  use exploit so please do not tell me it is not possible :)

 

 

Feel free to join to this discussion if you can share your thoughts or want to learn how the hell is it working.

 

Please do not post spam in this topic as spam post will be deleted.

 

[Demonic SouL]

lol man..have u ever use like cheatengine?when u open it the gameguard write u a message 'illegan program detected' something like this ...

with l2phx or hlapex u can log in but the problem is inside!the packets  like this :1b 10 00 00 00 is blocked from the server

and if u send it it will detect you and you will be kicked or banned or jailed(setting from the server files)

as i know this is the problem! if i am wrong ,sorry ;)

[knoxville]

lol man..have u ever use like cheatengine?when u open it the gameguard write u a message 'illegan program detected' something like this ...

with l2phx or hlapex u can log in but the problem is inside!the packets  like this :1b 10 00 00 00 is blocked from the server

and if u send it it will detect you and you will be kicked or banned or jailed(setting from the server files)

as i know this is the problem! if i am wrong ,sorry ;)

 

 

Yeap.. the problem is: the packets blocked from the server. When you try push any packet, aotumatic message: "you are kick for ilegal blablabla"

 

This is the fucking problem with the utilies  (l2phx, hlapex)

 

 

[Blitztrager]

Yes I used cheatengine and another similar tool. I read you need to kill gameguard to be able to use cheatengine. It was working for WoW and Cabal Online so should work for L2 as well :D

 

Regarding to l2phx or hlapex I understand L2 servers have packet filters which are illegal and are blocked on the server side.

I wonder when this 'filter' was applied - after exploits made in hlapex period?

[boever]

Game Guard is preventing u to use the programs while running the client.. not blocking packets at all

The Amphex fix (sry if the name is wrong , i can't remember right) is a tool used to block the modified packets.

 

The message u get like :You are disconnected for illegal actions.. imo this is a prevention by NCsoft themselves..

i suggest u to read more about packets (wikipedia powa)

U will see that each packet has a following number.. f.e. send packet 1 gets nr 1 , confirm of receiving packet gets nr 2 and so on

I think it's nearly impossible to get these numbers matched.

 

If anyone knows a way to do this properly, then please feel free to share :)

 

Regards

[Blitztrager]

 

Yes I know something about packets as I am IT Network Specialist ;). It is almost impossible to do this because as you said each packet has ACL number etc but ... we don't need to hack packets in queue to GameServer because we already are sending them from our L2 client side to L2 Server side without any problem...

 

Ok so I learned hlapex was working because it was sending special, existing in game, packets. It was possible because servers were not protected against it. They -GM,Developers, NCSOFT did not expect somebody will craft speciall tool which allow to send ANY packet.

Now they can block these special packets thanks to Amphex aka Amp. Is it true? I think yes.

We can assume most of L2 servers applied Amphex or whatever name it has. It means it is not possible and will not to send any special packet like rebooting server or duping items if we use illegal packet. However you can't tell something is not possible in 100% :)

 

I see we can run tools if we kill/block/emulate Game Guard. Thanks

 

 

Do you think server Dragon Network was not protected in August and later? I am talking about well known adena bug where you could buy some items for zero Adena and sell it for cash? There was used one l2phx script which I suspect was blocking packet about spending adena //I can be very wrong about role of adena script. I will try to figure out how this script is working. It should not be very hard...

If you know how l2phx script did this bug please write PM or post it in my topic but please hide it. You will save my time :)

 

Backing to buff packets. Do you know why it was possible to stack buffs using hlapex? Multiple packets sent in small interval caused to stack buffs? I don't think there was sent a special packet. If somebody cast on me buff he used specified packet. If he will record this packet and send 1,2,3 10 times more I will get the same buff 1,2,3..10 times but it will not be stack. Same like normal buffing... If you don't know why then forget this part of topic :)

 

[Topa]

About the buff stack i tried to do it manually and i saw the stats changing.. but it wasent fast like when we use hlapex i think it worked well cuz spammed the same packet really fast

[boever]

About the buff stack i tried to do it manually and i saw the stats changing.. but it wasent fast like when we use hlapex i think it worked well cuz spammed the same packet really fast

 

U actually saw your stats increasing while u were buffed and asked for new buffs? U_U

[anderkiu]

They cant block packets. When you play, you send packets all the time. When you use a tool, you send packets. Its the same thing. They can try to block packet sending from external programs by adding encryption to the packets, but its only a matter of time until someone finds the encryption key and is able to send/receive packets.

For example.. L2.Net is an ingame/outgame bot that sends/receives packets from client. This is possible because "slothmo" (the programmer) found the blowfish key to decrypt/crypt packets.

 

Blocking packets is impossible, blocking programs isnt, but its easy to unblock, just recompile the source after changing some stuff and release it to people again.

[Topa]

idk one thing anderkiu says that blocking packets is impossible... and blocking programs isnt.. uhm in some servers u can use hlapex and for example u can get weapons from normal traders but when u try to get skills from another class u get kicked... so the program is working but i can send an X packet.. isnt that blocking a packet?

[Blitztrager]

@anderkiu I see you understand how it is working :) and I agree it is easy to block current version of program.

As you said the easiest way to find exploiters is to make a translation/encryption to the packets and then make a tool on server side which is checking who is sending old/not crypted/not changed packets.

L2 client, modified by Admins, will send crypted packets which will be decrypted on server side.

 

Currently I am using modified L2phx which is using special dll file which I believe is crypting packets before it will send to L2 server.

However it will work only on these servers which are using exactly the same encryption which is implemented on L2 server.

 

Could you imagine this situation. I want to illegal open castle gate doors. Of course I can't do this using L2 client if I not belong to clan who have castle.

Ok so now I want to use L2phx which is sending not crypted/original packets to open doors.

If server has any packet protection like encrypting packets my packets will be blocked by protection because they will be not crypted.

 

Ok but if I have working L2 client which was modified by Admins so this L2 client is sending crypted packed. I can sniff this packet and compare with uncrypted. Thanks to this I can find blowfish key (of course it is not so easy as I wrote but I wanted to show how it is working). Thanks to founded key I can implement it in injection dll which I will use with L2phx.

Thanks to this I will be able to send crypted packets, L2 server will decrypt them to original. Does it mean I will be able to open gate even if I should not be able to this?

@Topa good question. I remember that there were L2 servers where you could get some items or skill but could not do anything more. On other servers you could get skills but not items.

 

Open question: does it means they had poor protections?

 

I think now most of servers are crypting all type of packets and thanks to this they are 'save' ;)

[Geovision]

do you have an english version of l2phx? i trying to work with it too..

[Blitztrager]

use l2phx 3.16 posted in this forum - it is in English (90%) and interface is not very different (almost the same) than 3.18

[Mr.Stathis]

NAH, most servers about 99 % hlapex dont work...what u gonna do with it :S

i tried many many servers...and when i tried to use a packet i got dc...so Hlapex isnt the best solution to noob's problem. Just farm , farm....

And if it work the next day u will have ban cause u will be detected...haha.

Hlapex is useless :D cya....Good luck with packets... I <3 Farming..haha

[hypper]

Why the fuck you guys keep talking about HLAPEX? Forget HLAPEX! If you want to send/receive packets use L2PHX or L2.NET!

Its obvious that hlapex is dead, everybody knows it, stop pointing that.

 

@Blitztrager

L2Phx already encrypts the packets man. Yes all servers have packet encryption because this is how Lineage 2 works. If it didnt encrypt the packets then you could sniff them using a packet analyzer like Ethereal. Since it is encrypted, a packet sender with support to encryption must be used, like l2phx.