OpenKore / openkore

A free/open source client and automation tool for Ragnarok Online
http://openkore.com
Other
1.29k stars 1.05k forks source link

packet tokenizer: unknown switch: 16CF #433

Closed orgmatileg closed 7 years ago

orgmatileg commented 7 years ago

Anyone know how to fix this? untitled I used Gravindo RO - Indonesia and here the ragexe https://drive.google.com/open?id=0B3UcfHfBZfh2MGNoVVNjODFzMlU i tried a lot method over googling for exctracting packet but i have no luck, all failed.. Look like they encrypted the ragexe.exe, please help me thank you..

andibanget commented 7 years ago

Ok we face almost the same problem here. :D I try to calculate and understand how this work. Let me try and wait all the masters here.

ilfan14 commented 7 years ago

sshot-8

any one can encoded password? i think wrong in Function password_salted_md5 and secureLoginHash..

radityo04 commented 7 years ago

@ilfan14 can i get your code sir? maybe i can try to fix it..

Eongs commented 7 years ago

@ilfan14 can you send me the file to

k1nt4r0 commented 7 years ago

how to handle the 16cf? share pls?

radityo04 commented 7 years ago

i need your config 1st and i try to analyze..

On Feb 10, 2017 1:21 PM, "Eongs" notifications@github.com wrote:

@ilfan14 https://github.com/ilfan14 can you send me the file to

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/OpenKore/openkore/issues/433#issuecomment-278867225, or mute the thread https://github.com/notifications/unsubscribe-auth/AYfWhseE3klAc4BIlxy5fk9QK4ySftc1ks5rbAHYgaJpZM4L7abP .

joserizal99 commented 7 years ago

same issue , i think its a kind of new servertype, ,they also hidden master number, donno if im right or not

orgmatileg commented 7 years ago

How to solve 16cf please?

Eongs commented 7 years ago

I haven't have the solution yet... Because of that i ask for the same too.

On Feb 10, 2017 9:46 PM, "orgmatileg" notifications@github.com wrote:

How to solve 16cf please?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/OpenKore/openkore/issues/433#issuecomment-278959194, or mute the thread https://github.com/notifications/unsubscribe-auth/AYfZAG3qiY3EvVNB9v_Dl5BYunDWLi86ks5rbHhagaJpZM4L7abP .

lututui commented 7 years ago

16CF is not a valid RO packet switch. This usually means the sever settings are wrong or that the server has some kind of shield. It could also mean that a previous packet had an incorrect length in recvpackets.

Eongs commented 7 years ago

Then how do we solve this problems... Can you give me the solution?

On Feb 10, 2017 10:13 PM, "lututui" notifications@github.com wrote:

16CF is not a valid RO packet switch. This usually means the sever settings are wrong or that the server has some kind of shield. It could also mean that a previous packet had an incorrect length in recvpackets.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/OpenKore/openkore/issues/433#issuecomment-278970514, or mute the thread https://github.com/notifications/unsubscribe-auth/AYfZAEek_x95Tc77TVY2nGqjNY0sjV_jks5rbH6MgaJpZM4L7abP .

c4c1n6kr3m1 commented 7 years ago
the solution is easy to say !!!!!! , 
`decrypt those 20 bytes 16CF packet`
but hard to do ..........
ilfan14 commented 7 years ago

@lututui yes.. the server have new shield like i said in the top.. can you help me?

michaelaw320 commented 7 years ago

Seems the 20 bytes are encrypted by idRO's Dephine protection, this kind of problem existed since 2010 I think http://forums.openkore.com/viewtopic.php?f=56&t=8587&start=70

noobforce commented 7 years ago

@ilfan14 can u send me what extraxtor did u use to bypass that 16cf so I can try to help encode that md5 password? Thank you

spyware293 commented 7 years ago

Instead of trying to decrypt the login packet, you can just make delphine to do it for you.

It's not worth to bot though. You will ended up getting banned.

kancielz commented 7 years ago

@spyware293 nice bro, can you give me the file?? please please please

Eongs commented 7 years ago

Nice can you share the file to me too...

On Feb 13, 2017 9:55 AM, "kancielz" notifications@github.com wrote:

@spyware293 https://github.com/spyware293 nice bro, can you give me the file?? please please please

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/OpenKore/openkore/issues/433#issuecomment-279283061, or mute the thread https://github.com/notifications/unsubscribe-auth/AYfZAFWy6wA7qobKS6cqP5C1KLvSjEOuks5rb8YfgaJpZM4L7abP .

papanyashen commented 7 years ago

@spyware293 can u post how to make delphine do de encrypt ? thanks in advanced

cydh commented 7 years ago

The delphine plugin, yes? I just saw a slight in that sources and the forum link on the plugin file, seems it's the solution. (Can 't test yet)

On Feb 13, 2017 9:30 AM, "spyware293" notifications@github.com wrote:

Instead of trying to decrypt the login packet, you can just make delphine to do it for you.

https://camo.githubusercontent.com/0f470fa0cb81b20a6bdb653d5ab7c030439231e0/687474703a2f2f692e696d6775722e636f6d2f335744764d694b2e706e67

It's not worth to bot though. You will ended up getting banned.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/OpenKore/openkore/issues/433#issuecomment-279280357, or mute the thread https://github.com/notifications/unsubscribe-auth/AD1K4NY_DiHm0mluGKR7SDYyNuT6H1WTks5rb8BigaJpZM4L7abP .

k1nt4r0 commented 7 years ago

@spyware293 how u do that? teach pls?

abd-kohar commented 7 years ago

@k1nt4r0 @Eongs @kancielz it already stated "Instead of trying to decrypt the login packet, you can just make delphine to do it for you."

instead begging to spoon-feed, why don't we just try from clue that he said (delphine.pl). and post n ask for some help, if there's (obviously) any prob or stuck.

other ppl, does it hardly, struggle for many many hours to solve prob like this, do you even think??? their contribution, their effort, their spent time and u all just like... "give me the code pls, share the code pls, send me the code pls" WOW, ur life so ez man...

k1nt4r0 commented 7 years ago

lol bro, can u read my post? i said "teach pls?" i know the plugin, and i ask about the decrypt lol

dont judge a book from the cover i try to bypass it from the first cbt and until now i didnt get it, so i ask a help to decrypt cause i never did it before

i search already from google, but the my openkore got error so, i ask how to do it cause he got it already

RaynV commented 7 years ago

I think he refer to Idro's delphine protection

"make delphine to do it for you." Probably he's using X-Kore that's how netredirect.dll work

BangToyib commented 7 years ago

@spyware293 nice bro, can you share the file??

hendra814 commented 7 years ago

seriuously? delphine key again? ok. i'll try it

Edops commented 7 years ago

@spyware293 please kindly share your way to enable delphine.pl in the meantime i'll search for older forum answers

rundumb commented 7 years ago

@spyware293 can you share how to make delphine work for this server ? or a guide ... thx b4 Well im clueless about delphine ... this is what i got so far ... can you tell me which part i do wrong

delphine

Edops commented 7 years ago

@rundumb how to use delphine.pl?

ilfan14 commented 7 years ago

@spyware293 just one question.. how you inject ragexe.exe with your RPE/WPE to sniff packet??

hendra814 commented 7 years ago

please learn from this old forum hopefully this is can help you guys http://dwarna-ro.blogspot.co.id/p/cara-buat-togelkey-idro.html

rundumb commented 7 years ago

@hendra814 i did but all of those link dead

k1nt4r0 commented 7 years ago

@hendra814 i tried it already, but i got nothing

abd-kohar commented 7 years ago

@Edops edit sys.txt in control folder, enable da plugin there. loadPlugins 3 or loadPlugins 2 and write the plugin name in _loadPluginslist

rundumb commented 7 years ago

i got new problem ... wtf ... please help me senpai delphine2

Edops commented 7 years ago

zzz already enable delphine plugins, still stuck at 16CF code, where did i do wrong?

so from what i learn

  1. enable plugins on sys.txt
  2. create 2 txt files on tables "delphine-data.txt" & "delphine-key.txt" (which i don't know what to write inside
  3. run start.exe (?) CMIIW

and @hendra814 any link to the video mentioned?

528custom commented 7 years ago

@Edops (2.) please refer to the full manual. you should put something on them.

Lilori commented 7 years ago

lol spyware was being hated by almost ppl in idro. now ppl in idro pleased to him about bot. loooool

note: try to re-encrypt the packet in 'another' way, and do all your knowledge.

528custom commented 7 years ago

@Lilori oh the irony :))

I once creating those "togel" key back in 2010(?) for my people. let me try this method once more.

michaelaw320 commented 7 years ago

@spyware293 would you mind elaborating on what you meant by let the delphine do the work, my assumption would be you linked the delphine (in ragexe/dll) to openkore (either the dll or the exe) and executes a function from within the dll/exe or you used some sort of XKore Poseidon method? or you meant the delphine.pl plugin?

jegrek commented 7 years ago

one lil problem here, remapped data capture from injecting the "exe" and data capture from sniff ,

anyone ?

Edops commented 7 years ago

@528custom well the link is outdated and mostly the file is gone from 4shared, and there's no vid to help too, so i'm still clueless what to do with that .txt file *sadlife

528custom commented 7 years ago

believe me, if you guys share anything works on this thread, remember, every people on this planet can also access this thread :)

spyware293 commented 7 years ago

@michaelaw320 You can hook the ws2_32.dll inside ragexe and redirect the login packet to openkore. Alternatively, you can use xkore but you need to hide it from mfc90g.dll because it scan other process modules that contain perl and xstools.

andibanget commented 7 years ago

@spyware293 Thanks for all the clue. You're my inspiration :D

zelda21 commented 7 years ago

@spyware293 please share config ^_^

michaelaw320 commented 7 years ago

@spyware293 I see, responses like this are the responses that makes github healthy I'm wondering what is the function prototype that you called from ws2_32.dll, did you disassembled it?

Edops commented 7 years ago

what sniffer do you guys use to sniff?

cydh commented 7 years ago

Try Wireshark. Hmm can't get alive link for rPE.

On Feb 13, 2017 3:24 PM, "Edops" notifications@github.com wrote:

what sniffer do you guys use to sniff?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/OpenKore/openkore/issues/433#issuecomment-279321709, or mute the thread https://github.com/notifications/unsubscribe-auth/AD1K4J-TmYv67DXvutTdjxCuE3cTc_Hvks5rcBNGgaJpZM4L7abP .

danzhere commented 7 years ago

@spyware293 can u help me how to hook dll inside exe?