[HOT SHARE] L2 Sublimity Walker

Anarchy · September 19, 2010

And if you want to know if i made this... i can make you a tutorial step by step what i have done on comclt32.dll to make my system work...

And most of all i didn't care on share this thing and be famous in here...those last days i started posting in these forum...

I shared my work..i don't care about copyrighting it...

But next time i think i must add my signature because most of you people don't appreciate...

Some Donators in here know me in real life...and they know about my knowledge

Update :

About Sublimity protection the only login difference between other servers is that the blowfish is inside comclt32.dll instead of engine.dll...

Normally engine.dll push the blowfish to pass gameserver but for this server the fuction is called from comclt32.dll

I don't know if this .dll sends any other packet to be acceptable from the server

So making L2walker OOG calling fuctions from my modified comclt32.dll might be an option...

I have to try

I commonly working with attached hacks on L2.exe but L2walker OOG is stand alone...and i have to learn where to import those fuctions..

Most of all i dont care about OOG because i think that IG is the best...

WHAT?! lol.

Why the hell would you need to have your modified dll have anything to do with walker? If you know the new blowfish key then you just need to change L2Walker's default key to match, which btw is only used for the login, not the gameserver.

Grats to you for your share, I'm not trying to seem like one of the people you discribed in your post, but my only problem came when I saw "but it might be tricky cause of the login steps of this server..." which showed an extreme lack of knowledge or research with Sublimity's protection, and I have a problem with the large amount of people who come on here with a modicome of knowledge and brainwash all the 13 year olds into thinking they are god when 90% of the time they haven't actually done anything, however, I am not saying you are one of those people.

Simmo · September 19, 2010

Name: L2Sublimited Telis.exe

niggafgt · September 19, 2010

This has keylogger written all over it.

YouWishToKnowMyNick · September 19, 2010

This has keylogger written all over it.

said by "niggafgt" with 26 posts must to be true.

ExConX · September 19, 2010

how u can open more than 2 boxes ?

GiN-ToNiC · September 19, 2010

use a Virtual Machine and HotSpotShield or any other proxy/VPN client So u have different IP´s and HWID´s. Then u can 4box ;)

OR use more then 1 pc :D

TILEMACHOS · September 19, 2010

WHAT?! lol.

Why the hell would you need to have your modified dll have anything to do with walker? If you know the new blowfish key then you just need to change L2Walker's default key to match, which btw is only used for the login, not the gameserver.

Grats to you for your share, I'm not trying to seem like one of the people you discribed in your post, but my only problem came when I saw "but it might be tricky cause of the login steps of this server..." which showed an extreme lack of knowledge or research with Sublimity's protection, and I have a problem with the large amount of people who come on here with a modicome of knowledge and brainwash all the 13 year olds into thinking they are god when 90% of the time they haven't actually done anything, however, I am not saying you are one of those people.

Look...

I sniffed the packets from the server with the normal system of sublimited and i saw that the blowfish is pushed while entering the L2 World...Wrong blowfish after character selection and you take a disconnect...

After unpacking and searched inside comclt32.dll i saw that the key is in this dll...

Firstly i tried to use bfishy.dll from fyyre but nothing changed..Comclt32.dll is a must to connect to server like that..Original name of this dll is ClientEX.dll don't thing that is COMCLT32.dll that exists in System32

So i make this dll importable for my new client...where Zero guard does not exists...

After a big search that i have done i found that this dll was asking for l2walker clients and if they found then terminates them..So i modified this module more..

I know where the blowfish normaly pushed but this modified client that they make is using different login method than normal clients do... So thats why i m talking about login steps..

Protections on lineage servers have taken a different road from simple antibots that can found running procceses on computer...

_________________________________________________________

There's a masterpiece antibot with a completly changed server Authd (Kasha Protection Module) that packet are crypted with alogorithms that makes them completely unreadable.

L2walker OOG or a system with the correct settings (blowfish,Ip address,and port) will never communicate with those servers until these crypt/decrypt algorithms on packet send/recieve are added..In game packets are staying the same...but the login engine is something that they can make it work as they want...

Don't stay in thinking that things on login are always the same..

ExConX · September 19, 2010

use a Virtual Machine and HotSpotShield or any other proxy/VPN client So u have different IP´s and HWID´s. Then u can 4box ;)

OR use more then 1 pc :D

can u post more detailed info for this?

GiN-ToNiC · September 19, 2010

u dont need more details just do what i said omg....

and if u dont know what a virtual machine is ask your fiend Google :D

Anarchy · September 19, 2010

Look...

I sniffed the packets from the server with the normal system of sublimited and i saw that the blowfish is pushed while entering the L2 World...Wrong blowfish after character selection and you take a disconnect...

After unpacking and searched inside comclt32.dll i saw that the key is in this dll...

Firstly i tried to use bfishy.dll from fyyre but nothing changed..Comclt32.dll is a must to connect to server like that..Original name of this dll is ClientEX.dll don't thing that is COMCLT32.dll that exists in System32

So i make this dll importable for my new client...where Zero guard does not exists...

After a big search that i have done i found that this dll was asking for l2walker clients and if they found then terminates them..So i modified this module more..

I know where the blowfish normaly pushed but this modified client that they make is using different login method than normal clients do... So thats why i m talking about login steps..

Protections on lineage servers have taken a different road from simple antibots that can found running procceses on computer...

_________________________________________________________

There's a masterpiece antibot with a completly changed server Authd (Kasha Protection Module) that packet are crypted with alogorithms that makes them completely unreadable.

L2walker OOG or a system with the correct settings (blowfish,Ip address,and port) will never communicate with those servers until these crypt/decrypt algorithms on packet send/recieve are added..In game packets are staying the same...but the login engine is something that they can make it work as they want...

Don't stay in thinking that things on login are always the same..

I say again

WHAT?! lol

I'm going to ignore the fact that you are completely oblivious to L2Sublimity's actual protection methods because that pales in comparison to the fact that you think Kasha's protection is a masterpiece...

Let's start off with the first part, how does adding extra encryption on the login packets only make it a masterpiece? It's not like you even need to know the actual algorithm that hes using considering you could copy/paste his enc/dec functions and replicate it yourself.

And you even said it yourself, the ingame packets are the same, completely untouched, do you know how -beep-ing retarded that is?! That means all you have to do is login past server-selection and then pause or completely remove Kasha's protection module and then manually inject l2walker.dll into the client.

This is the exact same shit as bake-ice, protecting only the auth which leaves absolutely no room for verification that the protection module is even running once the player has reached the world. PATHETIC.

Did you even know that L2Walker and L2.Net can be defeated by changing 3 packet opcodes and then correcting them in the client by changing the addresses on the packet handler table rather than immidiately post-decryption? If L2Sublimity's opcode scrambling function acted on the handler table instead then your current dll still wouldn't allow walker to work as it wouldn't be able to determine which packet is which and would just /fail all over itself.

These protections are crap, pieces of shit made by kids who have no idea what they are doing. All of this stupid -beep-ing dll systems that are all bypassable with even the smallest amount of reverse engineering knowledge. When someone makes a ring-0 driver protection system with self-defense THEN you may call it a masterpiece.

TILEMACHOS · September 19, 2010

I say again

WHAT?! lol

I'm going to ignore the fact that you are completely oblivious to L2Sublimity's actual protection methods because that pales in comparison to the fact that you think Kasha's protection is a masterpiece...

Let's start off with the first part, how does adding extra encryption on the login packets only make it a masterpiece? It's not like you even need to know the actual algorithm that hes using considering you could copy/paste his enc/dec functions and replicate it yourself.

And you even said it yourself, the ingame packets are the same, completely untouched, do you know how -beep-ing retarded that is?! That means all you have to do is login past server-selection and then pause or completely remove Kasha's protection module and then manually inject l2walker.dll into the client.

This is the exact same shit as bake-ice, protecting only the auth which leaves absolutely no room for verification that the protection module is even running once the player has reached the world. PATHETIC.

Did you even know that L2Walker and L2.Net can be defeated by changing 3 packet opcodes and then correcting them in the client by changing the addresses on the packet handler table rather than immidiately post-decryption? If L2Sublimity's opcode scrambling function acted on the handler table instead then your current dll still wouldn't allow walker to work as it wouldn't be able to determine which packet is which and would just /fail all over itself.

These protections are crap, pieces of shit made by kids who have no idea what they are doing. All of this stupid -beep-ing dll systems that are all bypassable with even the smallest amount of reverse engineering knowledge. When someone makes a ring-0 driver protection system with self-defense THEN you may call it a masterpiece.

You Know what RIJNAEL encryption algorithm is???

That is the algorithm Kasha uses to encrypt packets...

It is contained in L2.dll that provides with his client...

Copy paste asm codes you know that doesn't works what do you think when i said adding codes...you think about copy and paste??

I have partially unpacked Kasha modules but if you think it is easy to unpack enigma protector do it..

My main target is to find and bypass the fuction that asks if L2walker presents...you ll never understand..i made the same with sublimity

I never said about injecting l2walker while program is running...

The only fuction that those antibot have is to close applications when they are found attached on l2client or running stand alone...The packet encryption and all this shit i know that have nothing to do with l2walker or anything else...

I just want to make a client with kashas files but with less functions that kasha made it...

Files that original antibot client uses like kashas are necessary to connect to their server...so it is necessary add some of them to the new client

For Sublimity server necessary file was comclt32.dll wich is responsible for killing l2walker

Anarchy · September 19, 2010

You Know what RIJNAEL encryption algorithm is???

That is the algorithm Kasha uses to encrypt packets...

It is contained in L2.dll that provides with his client...

Copy paste asm codes you know that doesn't works what do you think when i said adding codes...you think about copy and paste??

I have partially unpacked Kasha modules but if you think it is easy to unpack enigma protector do it..

My main target is to find and bypass the fuction that asks if L2walker presents...you ll never understand..i made the same with sublimity

I never said about injecting l2walker while program is running...

The only fuction that those antibot have is to close applications when they are found attached on l2client or running stand alone...The packet encryption and all this shit i know that have nothing to do with l2walker or anything else...

I just want to make a client with kashas files but with less functions that kasha made it...

Files that original antibot client uses like kashas are necessary to connect to their server...so it is necessary add some of them to the new client

For Sublimity server necessary file was comclt32.dll wich is responsible for killing l2walker

So the fact he uses AES makes it a masterpiece? Seriously?

AES is only a secure encryption to an outsider, not someone who has access to the public key which will be inside kasha's protection module and even IF he uses a polymorphic key you can still find the original public key when it is first sent to the client by hooking his AES initialization function...

I can see you are obviously new to reverse engineering otherwise you would know that unpacking the dll isn't necessary as the code in run-time is available unencrypted in the memory, unless with extremely complex encryption systems that use virtualization or self-debugging and exception code-replacement methods - which as far as i can tell enigma has neither.

TILEMACHOS · September 19, 2010

So the fact he uses AES makes it a masterpiece? Seriously?

AES is only a secure encryption to an outsider, not someone who has access to the public key which will be inside kasha's protection module and even IF he uses a polymorphic key you can still find the original public key when it is first sent to the client by hooking his AES initialization function...

I can see you are obviously new to reverse engineering otherwise you would know that unpacking the dll isn't necessary as the code in run-time is available unencrypted in the memory, unless with extremely complex encryption systems that use virtualization or self-debugging and exception code-replacement methods - which as far as i can tell enigma has neither.

Enigma contains all of those methods to prevent unpack throught a dumped memory section...

If it is so easy to you then why don't you make a working IG walker for a server that uses Kasha protection??

Let's say about DEX server

Anarchy · September 19, 2010

Enigma contains all of those methods to prevent unpack throught a dumped memory section...

If it is so easy to you then why don't you make a working IG walker for a server that uses Kasha protection??

Let's say about DEX server

Read what I said, I didn't say anything about unpacking it, attach a debugger to the running l2 process and BOOM you got all the code in-memory with no encryption.

I'll look into dex but I doubt I'll bother wasting my time on it just to prove someone like you wrong, I do have better things to do with my time you know.

TILEMACHOS · September 19, 2010

Read what I said, I didn't say anything about unpacking it, attach a debugger to the running l2 process and BOOM you got all the code in-memory with no encryption.

I'll look into dex but I doubt I'll bother wasting my time on it just to prove someone like you wrong, I do have better things to do with my time you know.

Use ollydbg ICE...load phant0m plugin for stealth and start debug...try it and you will understand

[HOT SHARE] L2 Sublimity Walker

Recommended Posts

Anarchy

Simmo

niggafgt

YouWishToKnowMyNick

ExConX

GiN-ToNiC

TILEMACHOS

ExConX

GiN-ToNiC

Anarchy

TILEMACHOS

Anarchy

TILEMACHOS

Anarchy

TILEMACHOS

Join the conversation

Posts

Topics

Browse

Activity

Store