[EXCLUSIVE SHARE] IG WALKER FOR KASHA PROTECTION (L2Elixir,L2Dex etc.) UPDATED!!

MasterWalker · December 28, 2010

On this server (http://www.lineageii.com.br/) that told you test, the run up to L2Walker IG, as well as on any other server that has Kasha, and it looks to use a method of very stupid. But you must use two clients as emir0n suggested.

PS: Note that AntiBot is stopped, which makes the detection of L2fork, Proxifier and L2Walker.

See the picture:

TILEMACHOS · December 28, 2010

As i Understand you can continue login in Gameserver even if Process Explorer is detected and Closed??

I think Patch with a loader is a good idea to bypass some Threads that running...

I have to learn if that can be done...i ll start a search about loaders on Enigma Protector and VmProtect...

You gave me a good idea now and if cam be done there will be no any obstacle for any protection bypass :D

I ll need some time to do this because i have used loaders ony for simple apps and not L2

__________

UPDATE :

Not a good idea...Both Packer are strong Protected against Loaders.. :/

emir0n · December 28, 2010

looks good

anyway bit OT : hidetoolz for win7/x64 still not out ? didnt find any updated version till now

emir0n · December 28, 2010

looks good

anyway its also possible to make the crossconnection with original client/clean client+l2net

anyway bit OT : hidetoolz for win7/x64 still not out ? didnt find any updated version till now

MasterWalker · December 28, 2010

As i Understand you can continue login in Gameserver even if Process Explorer is detected and Closed??

I think Patch with a loader is a good idea to bypass some Threads that running...

I have to learn if that can be done...i ll start a search about loaders on Enigma Protector and VmProtect...

You gave me a good idea now and if cam be done there will be no any obstacle for any protection bypass :D

I ll need some time to do this because i have used loaders ony for simple apps and not L2

__________

UPDATE :

Not a good idea...Both Packer are strong Protected against Loaders.. :/

Tilemachos, even with the detected ProcessExplorer I can still log in, because when I see that Kasha has detected the process, then I shall adjourn the l2.exe action, and then active again, so that the notification window does not close the antibot consequently the login screen of the client also does not close. So just use the method suggested by emir0n (L2Fork, Proxifier and L2Walker IG / OOG).

But we do not know how long this method will work, because the antibot can be corrected.

Oddi · December 28, 2010

If lineageii.com.br worked with non-BR ip's, I'd show you how to make a clean system folder. Kasha protection is really easy to disable.

MasterWalker · December 28, 2010

If lineageii.com.br worked with non-BR ip's, I'd show you how to make a clean system folder. Kasha protection is really easy to disable.

You could then do a clean system of Lineage II as an example?

I believe that IP is not BR.

TILEMACHOS · December 29, 2010

looks good

anyway bit OT : hidetoolz for win7/x64 still not out ? didnt find any updated version till now

HideToolz is Just a Program that works Like Phant0m Plugin for OllyDbg...It is Using a "Non Plug n Play Device" Driver that is Loaded when you are Starting the program...

You can find the Devices in : Control Panel -> Device Manager : View -> Show Hidden Devices and now look Down in the Devices for "Non Plug n Play Drivers" There you can Find the Drivers are Created From proccess like HideToolz and Proccess Explorer

The Same uses the Enigma Protector (Loads up his own Divice witch is a "Proccess Explorer" by it Self) to trace for Hidden and Illigal Proccess by the Name of the Driver...Here is a really Good Program Very Similar for Searching what i m talking About and can see anything running on Computer : RootKit UnHooker (WinXP Only)

I don't Remember what is the Name is Used by HideToolz but i can Change it in a Debbuger :D

That means Even if it is not working and HideToolz can be Detected i can make them Stealth again...!

So inform me if HideToolz are Detected and i ll Share a Version that is Stealth :D

I did the Same with Proccess Explorer wich i renamed it in Navicat Explorer ("NaviExp" for Driver Name) :D

L2.Net has an Internal Proccess Name tottaly Different from that we can see...Oddi Knows offcourse what i am talking About and i have to say that doing this is Clever...

Ps: Oddi The Source Obscufator that your team is using on L2.NET Believe me is doing Great Job and it worths the Moneys that you guys Spend ;)

Tilemachos, even with the detected ProcessExplorer I can still log in, because when I see that Kasha has detected the process, then I shall adjourn the l2.exe action, and then active again, so that the notification window does not close the antibot consequently the login screen of the client also does not close. So just use the method suggested by emir0n (L2Fork, Proxifier and L2Walker IG / OOG).

But we do not know how long this method will work, because the antibot can be corrected.

Nice Exploit found by MasterWalker :D :D

If lineageii.com.br worked with non-BR ip's, I'd show you how to make a clean system folder. Kasha protection is really easy to disable.

Oddi you mean that you can make a new clean system that can directly connect to the server with out any Problem and hacks Attached on? Some but i think all Server Systems are including a file...the L2.dll wich is essensial to make the connection and the purpose of this file is packet Crypt/Decrypt...

Just tell that you can do what i understand!!! :o :D

emir0n · December 29, 2010

@TILEMACHOS thx 4 the info man,usefull

@MasterWalker heh nice exploit and good thinking ;D

TILEMACHOS · December 29, 2010

Normally after Detecting a Tools it should Countdown until Kill the Client...

This will fixed fast guys...But there is Something i hope Kasha reads :

YOU 'LL NEVER STOP US WITH A STUPID ENIGMA PROTECTOR :D :D

1) WE CAN CHANGE NAMES TO DRIVERS

2) WE CAN CHANGE NAMES TO APPS

3) WE CAN BRUTE CRC (soon i ll share that and works for every packer)

4) SOON WE'LL CAN UNPACK AND CRACK

KISSES HAPPY NEW YEAR

[move]-=WITH LOVE NAVICAT=-[/move]

Oddi · December 29, 2010

Oddi you mean that you can make a new clean system that can directly connect to the server with out any Problem and hacks Attached on? Some but i think all Server Systems are including a file...the L2.dll wich is essensial to make the connection and the purpose of this file is packet Crypt/Decrypt...

Just tell that you can do what i understand!!! :o :D

Take a look at this:

http://insane-gamers.com/showthread.php/9462-SOLVED-www.beyond.lt

That server uses kasha protection, with my system folder both walker and l2net works with no tools.

TILEMACHOS · December 29, 2010

Take a look at this:

http://insane-gamers.com/showthread.php/9462-SOLVED-www.beyond.lt

That server uses kasha protection, with my system folder both walker and l2net works with no tools.

I think that this Server is Protected by Kasha but the only changed thing is the Blowfish...

If they payed for this they are really Jerks

This Server has not the L2.dll (AES) if there was you ll get ConnectionTimeout (Disconnect)

Like L2DEX does...hope you understand me :)

This Server has a packed Engine.dll with Enigma so you can't just debbug Dump etc. and find the Moded Blowfish in there...

So i think you find the blowfish while sniffing the TCP connection and you patched a clean system with Bfishy.dll and set in L2.ini IP to Localhost for redirecting the Connection on L2.NET... Am i Right??

Offcourse this is a low Protection for servers...and if there are Server patched like this one by Kasha there are LOL easy to break hehe

emir0n · December 29, 2010

when i remember right the early versions of kasha were just changing the blowfish and they were monitoring the process names for unwanted applications and nothing more ...

anyway ... does kasha protection come with free updates,or do u have to buy them to stay "uptodate" ? :o

TILEMACHOS · December 29, 2010

when i remember right the early versions of kasha were just changing the blowfish and they were monitoring the process names for unwanted applications and nothing more ...

anyway ... does kasha protection come with free updates,or do u have to buy them to stay "uptodate" ? :o

Well as i know...

You Send your System to Kasha from account that you creating after paying

He gives you a file save Folder on his site where you can login with username and Pass to a link he gives you...

You Send the unprotected original system that you made and anything Server side that need to be changed and after he adds the protection you get the files from your Web folder...

I once found the L2DEx link Space i'll look and i ll post it as a proof :P

Anyway really noobie change only blowfish but i understand that some servers has not enough money to spend...

____________________________________________________________________

UPDATE : Link that Admins from L2DEX are Connected with Kasha (Web Folder)

I am sure that in this Folder there is all essential files that Lineage.ro won't Leaked somewhere..Unprotected System,Server Side Auth etc. :D :D

Lineage.ro Web Folder

Think Someone can Bruteforce or what else and Login??

_____________________________________________________________________

Oddi · December 29, 2010

l2dex use kasha combined with a custom protection made by the l2walker creator.

[EXCLUSIVE SHARE] IG WALKER FOR KASHA PROTECTION (L2Elixir,L2Dex etc.) UPDATED!!

Recommended Posts

MasterWalker

TILEMACHOS

emir0n

emir0n

MasterWalker

Oddi

MasterWalker

TILEMACHOS

emir0n

TILEMACHOS

Oddi

TILEMACHOS

emir0n

TILEMACHOS

Oddi

Create an account or sign in to comment

Create an account

Sign in

Posts

Topics

Browse

Activity

Store