tRO Mega Thread - All tRO issues here only

[aecuto]

how can i fix this problem??

today my server has update new EAC, my openkore can login to map server but after 1-3 second my openkore has disconnect from map server, please help me or notice me about this problem.

ps. i'm newbie for programmer :D ps2. i'm from Free bot page....

[tharnnatee]

Its not EAC. Its a new protection, I think they called HMAC, if this help.

[as70873463]

Its have headers 2 byte before actor code !!

[patjung555]

i got this problem to someone can help ?

[unknown-item]

quick hack in Send.pm,

use Digest::HMAC_MD5 qw(hmac_md5);

then add:

    $self->encryptMessageID(\$msg);

    ####### begin sample handling of hmac packets
    if ($messageID eq $self->{packet_lut}{map_login}) {
        $self->{hmac_enc} = 1;
        $self->{seq} = 0;
        $self->{flag} = 1;
    } elsif ($self->{net}->getState() != Network::IN_GAME) {
        $self->{hmac_enc} = 0;
        $self->{seq} = 0;
    } elsif($self->{hmac_enc}) {
        $msg .= pack('V', $self->{flag}) . pack('V', $self->{seq}++);
        $msg .= hmac_md5($msg, pack('H*', 'EDB9D10AB84C9A2E05E38997C2F64A29'));
        $msg = pack('v', length($msg) + 2) . $msg;
    }
    ####### end sample handling of hmac packets

    $net->serverSend($msg);

if you use any xkore mode, you can simply trim packets from client (excluding map_login) like this: substr($msg, 2, length($msg) - 2 - 24) then modify as above before sending to server.

[TanasanJJ7]

@unknown-item

Delete Pls. It's not's true. OK!

[porpao]

Anyone can help ?

[zuroba]

@unknown-item

do you think it's work ?

[unknown-item]

Why don't you capture packets and compare them yourself? My code can produce correct HMAC-ed packets. Packet 0A7B -> 0A7C is not new and it is not changed, just use your existing solution. If your solution is xkore or posideon, you still need to modify them according to my above post to make your bot work.

[ghost]

@unknown-item it's doesn't work bro , I've tried to put your code in send.pm then my xkore can't even run

[zuroba]

@unknown-item i see new head packet and follow old packet about walk take attack

[unknown-item]

@tarkungZ first, you will need that perl package, Digest::HMAC_MD5, then, you need to fix xkore yourself. I provide solution to HMAC, not solution to everything. Maybe you need some openkore devs to do that.

[unknown-item]

@zuroba new packet format, after hmac is: length(2 bytes) + original packet(whole old format packet) + flag(always 1, 4 bytes) + sequence(increase by one starting from 0, 4 bytes) + hmac(16 bytes). my code generate new format packets from old ones. for xkore, you need to extract the original packet from client to server and recalculate other things(because sequence is changed, which is also included in hmac calculation).

[unknown-item]

Digest.zip this is the Digest::HMAC_MD5 package, put it into your bot folder first.

[zuroba]

@unknown-item that you code about last 16bytes calculate from hmac

[unknown-item]

@zuroba last 16 bytes is from hmac_md5(original packet + flag + seq), key is EDB9D10AB84C9A2E05E38997C2F64A29

[zuroba]

@unknown-item it default for all packet

[unknown-item]

@zuroba not for the first map_login packet(not changed), but all packets after that is the same using this new format, sequence will increase for each packet being sent. If you move to another map server, you need to reset sequence to 0 and send the old format map_login again.

[zuroba]

@unknown-item what now you can use all atk take sit not disconnect

[unknown-item]

@zapperlp see my post above. @zuroba if you are sending correct packets, why disconnect? If you run standalone, without A7B handling, you can bot for a little while before kicked by server. If you fix the xkore/posideon part with new packet format handling(from client to bot, not only bot to server), you should be able to bot without problem.

[udomsaph]

it's work for me now many thanks. Hail Hydra.

[zapperlp]

@udomsaph Can you share this solution?

[patjung555]

is not work for me D:

[scream1ng]

@unknown-item Should I make a new sub or just edit some exiting sub?

[porpao]

@udomsaph Can you help us?

[badzob]

@unknown-item Thank you for your guide. Very hard working on it.

[udomsaph]

sure, just copy and paste very simple,do the way the master instructed you. and you will be able to run it again.

[zuroba]

@unknown-item $msg .= hmac_md5($msg, pack('H*', 'EDB9D10AB84C9A2E05E38997C2F64A29')); <-- your hardcode packet ?

[scream1ng]

@zuroba It's a key that what he said.

[windhamwong]

I would like to ack on this issue. I currently have the tools for extracting sync patterns, shuffled packets and recvpackets but I need help on the login_server pattern. The extraction of encryption key pattern is on my TODO list, however we, twRO, have issues on disconnecting and I have to fix it first.

If you have any info about the login part, please put it in this issue thread. Please provide screenshot as well because images explain things easier and better.

For HMAC_MD5 thing, is that only limited to map_login only?

[danmadoon]

I cant follow this step. pls teach me step by step. Now my kore already error hahaha

[AsakuraTK]

xkore 0 worked but xkore 3 not work for me.

[viperball]

@windhamwong yes, it just happen when we arrived to the map.

[cydiath]

Disconec from map server? 5 sec

[dogsmile]

@unknown-item can u teach us step by step ? i dont know what i can do. pls help and thank

[unknown-item]

I believe someone has already followed my post to make proper changes and bot is working.

@windhamwong This post has nothing relating to stuff from twRO. HMAC packet is from EAC, I don't think this new packet format appeared anywhere else and it is applied to every map server packet except the map_login.

login part is fairly simple: '0A76' => ['master_login', 'V Z40 a32 C', [qw(version username password_rijndael master_version)]], Rijndael keys are:

my $key = pack('C32', (0x06, 0xA9, 0x21, 0x40, 0x36, 0xB8, 0xA1, 0x5B, 0x51, 0x2E, 0x03, 0xD5, 0x34, 0x12, 0x00, 0x06, 0x06, 0xA9, 0x21, 0x40, 0x36, 0xB8, 0xA1, 0x5B, 0x51, 0x2E, 0x03, 0xD5, 0x34, 0x12, 0x00, 0x06));
my $chain = pack('C32', (0x3D, 0xAF, 0xBA, 0x42, 0x9D, 0x9E, 0xB4, 0x30, 0xB4, 0x22, 0xDA, 0x80, 0x2C, 0x9F, 0xAC, 0x41, 0x3D, 0xAF, 0xBA, 0x42, 0x9D, 0x9E, 0xB4, 0x30, 0xB4, 0x22, 0xDA, 0x80, 0x2C, 0x9F, 0xAC, 0x41));

It uses 32 as block size.

[scream1ng]

@windhamwong

I'm not sure what you mean by login part.

This is server.txt that we use.

[Thailand - tRO Main server (EXE)] ip 103.55.55.12 port 6900 master_version 7 version 24 serverType tRO secureLogin 0 secureLogin_type 0 secureLogin_account 0 secureLogin_requestCode pauseCharServer 1 patchserver wpatch.ragnarok.in.th patchpath /patch70 serverEncoding Thai addTableFolders tRO charBlockSize 144 gameguard 1

Most of tRO modification could find in https://github.com/DunstleOS/openkore/tree/DunstleOS-patch-9/src/Network.

Personally, HMAC_MD5 happen only in map_login.

If you have another requirement please let me know.

[udomsaph]

for x0 already worked for me, but for x3 i haven't test.

[scream1ng]

@unknown-item Very rare person in tRO use posideon to generate 0A7B

[dekaze]

@unknown-item I received 0A7B from wireshark after that hard code in OPK.

[lungkeemao]

Anyone can help with X3?, please.

[as70873463]

@unknown-item it works for me x0 ^^

[udomsaph]

@unknown-item i don't understand you asked me, i use only raw straight code from wireshark and add to config that linked to send.pm, that i know. im not concern about posideon.

[dekaze]

@as70873463 Kindly expand step by step please.

[firstsozaa]

Global symbol "$messageID" requires explicit package name at src/Network/Send.pm line 242. Global symbol "$net" requires explicit package name at src/Network/Send.pm line 256. Compilation failed in require at src/Misc.pm line 42. BEGIN failed--compilation aborted at src/Misc.pm line 42. Compilation failed in require at openkore.pl line 59. BEGIN failed--compilation aborted at openkore.pl line 59.

Press ENTER to exit.

mine said this what should i do sir

[unknown-item]

@udomsaph @dekaze @scream1ng Thank you for explaination. I was under the impression that these packets cannot be replayed (experience from nProtect). Now I know why EAC have that E in its name.

@dekaze I think https://github.com/DunstleOS/openkore/tree/DunstleOS-patch-9/src/Network this branch is starting to commit code about HMAC.

[cydiath]

@as70873463 Kindly expand step by step please.

Erorr From star.exe Code.

Global symbol "$messageID" requires explicit package name at src/Network/Send.pm line 242. Global symbol "$net" requires explicit package name at src/Network/Send.pm line 256. Compilation failed in require at src/Misc.pm line 42. BEGIN failed--compilation aborted at src/Misc.pm line 42. Compilation failed in require at openkore.pl line 59. BEGIN failed--compilation aborted at openkore.pl line 59.

Press ENTER to exit.

[unknown-item]

@cydiath @firstsozaa you should add it to sendToServer function only, not anywhere else.

[danmadoon]

anyone try X3?

[zuroba]

@unknown-item i think my dc about recvpacket not true

[unknown-item]

@zuroba I don't think real packet length are changed since last update, don't add extra size from HMAC into recvpackets.

for x3 to work, you need to strip packets sent by client first(undo HMAC), then do the rest like x0.