Jump to content
MaxCheaters Official Group at Discord
--> Place your ad text here <--

[EXCLUSIVE SHARE] IG WALKER FOR KASHA PROTECTION (L2Elixir,L2Dex etc.) UPDATED!!

TILEMACHOS

By TILEMACHOS
in Botting [English]

 Share

Recommended Posts

MasterWalker Newbie

MasterWalker

Posted
Posted

On this server (http://www.lineageii.com.br/) that told you test, the run up to L2Walker IG, as well as on any other server that has Kasha, and it looks to use a method of very stupid. But you must use two clients as emir0n suggested.

 

PS: Note that AntiBot is stopped, which makes the detection of L2fork, Proxifier and L2Walker.

 

See the picture:

 

10581034.jpg

 

23073702.jpg

 

49266519.jpg

 

Link to comment
Share on other sites
TILEMACHOS Newbie

TILEMACHOS

Posted
  • Author
Posted

As i Understand you can continue login in Gameserver even if Process Explorer is detected and Closed??

I think Patch with a loader is a good idea to bypass some Threads that running...

I have to learn if that can be done...i ll start a search about loaders on Enigma Protector and VmProtect...

You gave me a good idea now and if cam be done there will be no any obstacle for any protection bypass :D

I ll need some time to do this because i have used loaders ony for simple apps and not L2

 

__________

 

UPDATE :

 

Not a good idea...Both Packer are strong Protected against Loaders.. :/

Link to comment
Share on other sites
emir0n Newbie

emir0n

Posted
Posted

looks good

anyway its also possible to make the crossconnection with original client/clean client+l2net

anyway bit OT : hidetoolz for win7/x64 still not out ? didnt find any updated version till now

 

Link to comment
Share on other sites
MasterWalker Newbie

MasterWalker

Posted
Posted

As i Understand you can continue login in Gameserver even if Process Explorer is detected and Closed??

I think Patch with a loader is a good idea to bypass some Threads that running...

I have to learn if that can be done...i ll start a search about loaders on Enigma Protector and VmProtect...

You gave me a good idea now and if cam be done there will be no any obstacle for any protection bypass :D

I ll need some time to do this because i have used loaders ony for simple apps and not L2

 

__________

 

UPDATE :

 

Not a good idea...Both Packer are strong Protected against Loaders.. :/

 

Tilemachos, even with the detected ProcessExplorer I can still log in, because when I see that Kasha has detected the process, then I shall adjourn the l2.exe action, and then active again, so that the notification window does not close the antibot consequently the login screen of the client also does not close. So just use the method suggested by emir0n (L2Fork, Proxifier and L2Walker IG / OOG).

 

But we do not know how long this method will work, because the antibot can be corrected.

Link to comment
Share on other sites
MasterWalker Newbie

MasterWalker

Posted
Posted

If lineageii.com.br worked with non-BR ip's, I'd show you how to make a clean system folder. Kasha protection is really easy to disable.

You could then do a clean system of Lineage II as an example?

 

I believe that IP is not BR.

Link to comment
Share on other sites
TILEMACHOS Newbie

TILEMACHOS

Posted
  • Author
Posted

looks good

 

anyway bit OT : hidetoolz for win7/x64 still not out ? didnt find any updated version till now

 

HideToolz is Just a Program that works Like Phant0m Plugin for OllyDbg...It is Using a "Non Plug n Play Device" Driver that is Loaded when you are Starting the program...

You can find the Devices in : Control Panel -> Device Manager : View -> Show Hidden Devices and now look Down in the Devices for "Non Plug n Play Drivers"  There you can Find the Drivers are Created From proccess like HideToolz and Proccess Explorer

 

The Same uses the Enigma Protector (Loads up his own Divice witch is a "Proccess Explorer" by it Self) to trace for Hidden and Illigal Proccess by the Name of the Driver...Here is a really Good Program Very Similar for Searching what i m talking About and can see anything running on Computer : RootKit UnHooker (WinXP Only)

 

 

I don't Remember what is the Name is Used by HideToolz but i can Change it in a Debbuger :D

That means Even if it is not working and HideToolz can be Detected i can make them Stealth again...!

So inform me if HideToolz are Detected and i ll Share a Version that is Stealth :D

 

I did the Same with Proccess Explorer wich i renamed it in Navicat Explorer ("NaviExp" for Driver Name) :D

 

L2.Net has an Internal Proccess Name tottaly Different from that we can see...Oddi Knows offcourse what i am talking About and i have to say that doing this is Clever...

 

Ps: Oddi The Source Obscufator that your team is using on L2.NET Believe me is doing Great Job and it worths the Moneys that you guys Spend ;)

 

Tilemachos, even with the detected ProcessExplorer I can still log in, because when I see that Kasha has detected the process, then I shall adjourn the l2.exe action, and then active again, so that the notification window does not close the antibot consequently the login screen of the client also does not close. So just use the method suggested by emir0n (L2Fork, Proxifier and L2Walker IG / OOG).

 

But we do not know how long this method will work, because the antibot can be corrected.

 

Nice Exploit found by MasterWalker :D :D

 

If lineageii.com.br worked with non-BR ip's, I'd show you how to make a clean system folder. Kasha protection is really easy to disable.

 

Oddi you mean that you can make a new clean system that can directly connect to the server with out any Problem and hacks Attached on? Some but i think all Server Systems are including a file...the L2.dll wich is essensial to make the connection and the purpose of this file is packet Crypt/Decrypt...

Just tell that you can do what i understand!!!  :o  :D

Link to comment
Share on other sites
TILEMACHOS Newbie

TILEMACHOS

Posted
  • Author
Posted

Normally after Detecting a Tools it should Countdown until Kill the Client...

This will fixed fast guys...But there is Something i hope Kasha reads :

 

YOU 'LL NEVER STOP US WITH A STUPID ENIGMA PROTECTOR :D :D

 

1) WE CAN CHANGE NAMES TO DRIVERS

2) WE CAN CHANGE NAMES TO APPS

3) WE CAN BRUTE CRC (soon i ll share that and works for every packer)

4) SOON WE'LL CAN UNPACK AND CRACK

 

KISSES HAPPY NEW YEAR

[move]-=WITH LOVE NAVICAT=-[/move]

 

Link to comment
Share on other sites
Oddi Newbie

Oddi

Posted
Posted

Oddi you mean that you can make a new clean system that can directly connect to the server with out any Problem and hacks Attached on? Some but i think all Server Systems are including a file...the L2.dll wich is essensial to make the connection and the purpose of this file is packet Crypt/Decrypt...

Just tell that you can do what i understand!!!  :o  :D

 

Take a look at this:

http://insane-gamers.com/showthread.php/9462-SOLVED-www.beyond.lt

 

That server uses kasha protection, with my system folder both walker and l2net works with no tools.

Link to comment
Share on other sites
TILEMACHOS Newbie

TILEMACHOS

Posted
  • Author
Posted

Take a look at this:

http://insane-gamers.com/showthread.php/9462-SOLVED-www.beyond.lt

 

That server uses kasha protection, with my system folder both walker and l2net works with no tools.

 

I think that this Server is Protected by Kasha but the only changed thing is the Blowfish...

If they payed for this they are really Jerks

This Server has not the L2.dll (AES) if there was you ll get ConnectionTimeout (Disconnect)

Like L2DEX does...hope you understand me :)

 

This Server has a packed Engine.dll with Enigma so you can't just debbug Dump etc. and find the Moded Blowfish in there...

So i think you find the blowfish while sniffing the TCP connection and you patched a clean system with Bfishy.dll and set in L2.ini IP to Localhost for redirecting the Connection on L2.NET... Am i Right??

 

Offcourse this is a low Protection for servers...and if there are Server patched like this one by Kasha there are LOL easy to break hehe

Link to comment
Share on other sites
emir0n Newbie

emir0n

Posted
Posted

when i remember right the early versions of kasha were just changing the blowfish and they were monitoring the process names for unwanted applications and nothing more ...

anyway ... does kasha protection come with free updates,or do u have to buy them to stay "uptodate" ?  :o

Link to comment
Share on other sites
TILEMACHOS Newbie

TILEMACHOS

Posted
  • Author
Posted

when i remember right the early versions of kasha were just changing the blowfish and they were monitoring the process names for unwanted applications and nothing more ...

anyway ... does kasha protection come with free updates,or do u have to buy them to stay "uptodate" ?  :o

 

Well as i know...

You Send your System to Kasha from account that you creating after paying

He gives you a file save Folder on his site where you can login with username and Pass to a link he gives you...

You Send the unprotected original system that you made and anything Server side that need to be changed and after he adds the protection you get the files from your Web folder...

I once found the L2DEx link Space i'll look and i ll post it as a proof :P

 

Anyway really noobie change only blowfish but i understand that some servers has not enough money to spend...

 

____________________________________________________________________

UPDATE : Link that Admins from L2DEX are Connected with Kasha (Web Folder)

I am sure that in this Folder there is all essential files that Lineage.ro won't Leaked somewhere..Unprotected System,Server Side Auth etc. :D :D

 

Lineage.ro Web Folder

Think Someone can Bruteforce or what else and Login??

_____________________________________________________________________

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing


  • Posts

    • L2LIVEpro
      L2jOrion - Sourcecode.

      By L2LIVEpro · Posted

      Well, sorry not sorry for resurrecting old topic, but I believe it's ultimately stupid to implement license checks like Vilmis did 🙂   private static String url = "jdbc:mysql://185.80.128.233/" + getData("Zm9ydW1fZGI="); private static String username = getData("bXJjb3B5cmlnaHQ="); private static String password = getData("Y29weXJpZ2h0XzEyMw=="); con = GlobalDB.getInstance().getConnection(); PreparedStatement statement; statement = con.prepareStatement("SELECT field_6 from core_pfields_content WHERE member_id = ?"); statement.setInt(1, Config.FORUM_USER_ID); ResultSet rset = statement.executeQuery();   This awesome way of coding things leaves us with base64-encoded credentials and DB exposed and accessible globally 😉 Btw he checks his licensing data from some plugin generated table his forum uses. Vilmis took action and ensured that mrcopyright user would have only needed accesses and rights for this operation. But he forgot to ensure that his INFORMATION_SCHEMA database would not be exposed and readable... That leads us to fully readable server variables like version used (10.1.26-MariaDB-0+deb9u1 - pretty ancient DB and OS, I'd assume). From here you can go south and do some kinky stuff, if you want and have knowledge for that. But who cares, right?   Ooh, table core_pfields_content field_6 is IP address which is checked by FORUM_USER_ID. Yep, you can query all IP addresses there (124 of them right now) and also do whatever you want with them! 🙂  The most fun part? Files source has been shared what, more than 2 years ago?  Vilmis still uses very same credentials and never changed it after sources exposure - who cares. Although, "sources" may be way too strong word here. If anyone still use paid Orion versions, I'd suggest packing your shit and leaving immediately, or at least fix this incompetent fool caused problems. It's obvious Vilmis don't care or maybe doesn't even know from the first place how to solve this problem (hint hint - tiny PHP Rest API microservice which would do absolutely the same but without exposing sensitive data?). By doing that, he exposes his infrastructure and YOUR data, and he does that for more than 2 years now 🙂 Developer of century!    
    • lol021
      ⭐ LIST OF FORUMS FOR YOUR NEEDS ⭐ [OVER 100 RUSSIAN FORUMS]

      By lol021 · Posted

      discord please   
    • Finn
      Help with folder system!

      By Finn · Posted

      rename the l2.bin into l2.exe
    • L2LIVEpro
      [L2j] L2LIVE

      By L2LIVEpro · Posted

      L2LIVE.PRO- Dynamic Mid-rates Essence Seven Signs GRAND OPENING - July 5, 20:00 GMT+3 (EEST) TEST SERVER IS OPEN - COME AND CHECK IT OUT TODAY! Join our community and be part of it at: https://www.l2live.pro https://discord.gg/k3NMgR4Dmu   Server description * EXP/SP: Dynamic (x1- x100 based on your level, *before* Sayha and EXP buffs * Adena: x50 / Item Drop: x10 / Fishing EXP increased / Attribute EXP increased * Simplified gameplay to stay in the loop while not spending hours and hours farming * Starter Pack containing very useful items for beginners * MP replenishing potions with auto-consumption * No overpowered donations L2LIVE shop * All spellbook coupons, pet spellbook coupons and master books are sold via Game Assistant * Additionally you can buy SP pouches, enchanted talismans, pet training guides and various other consumables for Adena and L-Coin * More items such as cloaks, more talismans, agathions, belts, pendants, enchantment scrolls of various grades, evolution stones, etc will be added! Shop server as a shortcut, and all retail-like ways of earning items are still here! L-Coins * Drops with small change and in random amounts from Lv60+ monsters  * All raidbosses drop random amount of L-Coin Pouches generating up to 420 Lcoin per unit. **Grand Olympiad and Events** * Grand Olympiad is held week day * Format is 1v1, unlimited weekly fights  * Heroes are declared weekly at Sunday * There are three automated events - TvT, CTF and Deathmatch, running at evenings * Orc Fortress, Battle with Balok, Keber Hunter, Archievements Box, Daily Gift Calendar provisional events are active too Custom user commands * .offlineplay command, your character will keep playing till death or server restart * .offlineshop command, keeps your shop sitting until all items are purchased * .apon / .apoff - enable/disable HP/MP autoconsume And lots of other small improvements are waiting for you!   Join our community and be part of it at: https://www.l2live.pro https://discord.gg/k3NMgR4Dmu
    • milozare
      ⭐ LIST OF FORUMS FOR YOUR NEEDS ⭐ [OVER 100 RUSSIAN FORUMS]

      By milozare · Posted

      Relevant! List of forums on sale! Contact us!

  • Topics

×
×
  • Create New...