Closed orgmatileg closed 7 years ago
just want to know is mandatory to use 2 type of program 1 for sniffing packet like smartsniff and 1 for packet extractor like WPE or rPER to get full key data? or we can use only one of it?
Anyone has link to download smartsniff?
im using wireshark not smartsniff. you can try it too https://www.wireshark.org/download.html
gravindo change their antibot back to the beginning, you can use xkore 1 now
@serverlegend use xkore, with rename dll file? how about recvpackets? same like shinryukeen shared?
xkore works again
@RaynV can u teach me ?
@satria5 you just need bypas, inject the client for xkore 1
@satria5 can u teach me bro ? im need bypas for xkore 1
teach me plis
can i get link to download xkore 1?. thx
@serverlegend : could you tell which dll need to change to bypass xkore? i tried to change xstools.dll but openkore cannot run, it seem need to change lot of file to compile it.
@serverlegend oke thank you for the clue.
@serverlegend i try to inject but netdirect still detect it...did u mean i must bypass the netdirect so i can run the bot?how did u do that bro...enlight me please :D
@serverlegend bro can teach me how to inject client for xkore1?
sorry iam totally crushed hahah
anyone ?
im trying to use xkore 1 but seems it detected by ragexe (hackshield). Anyone can give a clue what dll or file need to rename/change to bypass it? Or any other way to hide it from ragexe like hide tools?
why i keep having unable to inject netredirect.dll , i search whole forum , still got no response , i tried re hex too ,but same result , i tried run as admin ,still fail , anyone can enlight me ?
@dalvian I think we need to hide/rename it, because gravindo intercept whatsoever. But it seems cant do manually. We need tools, maybe someone kindly share download link for tools. If we lucky someone will compile every steps to make kore works again.
@RaynV need the clue bro, because the openkore the exe cannot start with start.exe. maybe we need to change something in src folder?
you can new download openkore
@acesfz what do you mean new download openkore? could you explain hehe
this step, can bypass detected start.exe, without using hidetoolz but can't to inject NetRedirect.dll
any someone can clue this step to inject pls.
OriginalWSASendProc = (MyWSASendProc) HookImportedFunction( GetModuleHandle(0), (PSTR)"WS2_32.DLL", (PSTR)"WSASend", (PROC)MyWSASend);
OriginalWSASendToProc = (MyWSASendToProc)
HookImportedFunction( GetModuleHandle(0), (PSTR)"WS2_32.DLL", (PSTR)"WSASendTo", (PROC)MyWSASendTo);
OriginalWSARecvProc = (MyWSARecvProc)
HookImportedFunction( GetModuleHandle(0), (PSTR)"WS2_32.DLL", (PSTR)"WSARecv", (PROC)MyWSARecv);
OriginalWSARecvFromProc = (MyWSARecvFromProc)
HookImportedFunction( GetModuleHandle(0), (PSTR)"WS2_32.DLL", (PSTR)"WSARecvFrom", (PROC)MyWSARecvFrom);
OriginalSendProc = (MySendProc)
HookImportedFunction( GetModuleHandle(0), (PSTR)"WS2_32.DLL", (PSTR)"send", (PROC)MySend);
OriginalSendToProc = (MySendToProc)
HookImportedFunction( GetModuleHandle(0), (PSTR)"WS2_32.DLL", (PSTR)"sendto", (PROC)MySendTo);
OriginalRecvProc = (MyRecvProc)
HookImportedFunction( GetModuleHandle(0), (PSTR)"WS2_32.DLL", (PSTR)"recv", (PROC)MyRecv);
OriginalRecvFromProc = (MyRecvFromProc)
HookImportedFunction( GetModuleHandle(0), (PSTR)"WS2_32.DLL", (PSTR)"recvfrom", (PROC)MyRecvFrom);
OriginalConnectProc = (MyConnectProc)
HookImportedFunction( GetModuleHandle(0), (PSTR)"WS2_32.DLL", (PSTR)"connect", (PROC)MyConnect);
OriginalSelectProc = (MySelectProc)
HookImportedFunction( GetModuleHandle(0), (PSTR)"WS2_32.DLL", (PSTR)"select", (PROC)MySelect);
OriginalWSAAsyncSelectProc = (MyWSAAsyncSelectProc)
HookImportedFunction( GetModuleHandle(0), (PSTR)"WS2_32.DLL", (PSTR)"WSAAsyncSelect", (PROC)MyWSAAsyncSelect);
OriginalGetProcAddressProc = (MyGetProcAddressProc)
HookImportedFunction( GetModuleHandle(0), (PSTR)"KERNEL32.DLL", (PSTR)"GetProcAddress", (PROC)MyGetProcAddress);
i think this process will lead us to connect (hooking WS2_32.DLL)
for bypassing, it is use mhook ?
im still trying to hide xkore from hackshiled, this is same as WPE or rPE, we need to change dll file so is not detect from hackshield. Change it is easy rename dll file (probably NetRedirect.dll and XSTools.dll) but when we rename it, it will causing error openkore. We also need change function in source to integrate with this.
hey @randualas can you tell me how to bypass detected start.exe? i mean the exact step because its been long since i played RO lol like 2002? and before i was a heavy botter now it seems changing considerably but i think i manage to tweak the netdll but cant pass the ragexe got the msg like this program cant run with start/wxstart.x
realize or not, in here only @spyware293 , @oanggg , @RaynV , and @serverlegend only who can done it. but u guys wont share it, how to do, and just give a clue that not all can understand it.
just want to share some clue. Based on comment above "xkore 1" can use for this. Please search here (http://openkore.com/index.php/Main_Page) what is "xkore 1" means . Make sure you already change it to xkore 1, run openkore wait until it says to run ro, and then run your ro. You will ended by error pop up says ro cannot run with openkore run in same time (this name hackshield). Now we need to find a way to bypass this. Probably by change name of NetRedirect.dll and XSTools.dll but when rename it to other will end up error running openkore. Let's find it together to bypass this. Or someone that already done it can share. Thanks
well ive done with the netredirect dll but when im trying to realign path of xstool i failed, im not really a decoder or a programer im just trying to make sense to it lol and now im still trying to find the path which load the xstool so we can literally change it, i guess thats the only clue i need been searching in src folder but not good and been trying to work this with another angle like editing the mf90g maybe but like i said im not really a coder so still need time to work the logic
@justdoitright as i know, when u run the start.exe with xkore 1 on ur config the start.exe will need netdirect.dll and xstools too
but if u change the name, u also need to change the other connected file. like translation.pm, and the other in the src. i do the step 1 by 1 but still got error
as i got from the clue, u need to edit the hex from inside the dll to make it undetectable by ragnarok GG, but the problem is it need skill on it and its hard
Yes that's true, just some people understand what they talking about in here.. i still don't get what mean "inject Netredirect.dll to ragexe.exe" . I try using extreme inject (u can googling for it) for inject netredirect.dll to ragexe.exe, but when i run OK and RO, it still "unable to inject netreditect.dll" . I try rename netredirect.dll to vnetredirect.dll and configure in xkore.pm.. but result is same.. i'm newbie, sorry for bad english
@CadisEtramaDRaizel yes, change xstools.dll will need to change other file too (mostly from src folder). You can try to find "xstools" with notepad++ in all file your openkore folder and starting to change one by one and compile it (run openkore). Not sure how much need to change and which file need to change, i'm also not sure if this will works either :P
Make sure to run openkore first and then your ro not ro first and then openkore when you activate xkore.
i try to get bypass without xkore
as i got from sniffer, OK will receive an encrypted packet from server like
DC01 => 946B
and when we OK send the username and password to server the OK should get a packet like
DD01
but the password should be salted to get the correct respond from server
i need a help from someone who understand about this, how to make the OK send the right packet to server?
cause i giveup on xkore mode, im not good on it ~_~
@ k1nt4r0 so you do delphine key way? could you please share delphine data you get? i only have data from packet sniffer cause my WPE and rPE cannot detect ragexe program. Maybe i can try using your data.
hallo .. just to remind, if use xkore, ragexe protect by guard, u can bypass or inject .dll but he have client hash, its hard need to more in. so
@nebulacyber man how about some link of guides , its hard when all link were deads
@justdoitright u have discord?
@nebulacyber i understand what u mean, but i need to know how to do it? cause as i know to did it u need the program for editing, and how to do it? i really dont understand how to do it cause i dont have a knowledge about it.
@k1nt4r0 yes, please invite mine (justdoitright) in discord.
@k1nt4r0 @justdoitright how to invite friends at discord.
give me your discord tag
@k1nt4r0 #6691
cant find haha :s
@k1nt4r0 #1647
@k1nt4r0 give me ur discord ...
jegrek#9326
[Network::Receive] Network::Receive::idRO (mode: new) [Network::Send] Network::Send::idRO (mode: new) Connecting (202.93.25.81:6900)... connected Secure Login... Sent packet : 01DB [ 2 bytes] [Login Code Request]
now after 0000 i got 6B94 packet tokenizer lol i think ill take a break a bit
yeah same with me bro @CadisEtramaDRaizel then what to do with these things? :D
Waiting Ragnarok Client to connect on (localhost:6901) Proxying to [Indonesia - idRO: Chaos] Connecting (202.93.25.81:6900)... connected Packet Tokenizer: Unknown switch: 6B94 Client disconnected Disconnecting (202.93.25.81:6900)...disconnected Waiting Ragnarok Client to connect on (localhost:6901)
using Xkore 3 still error 6B94 i wonder where did i do wrong i mean Xkore3 is Xkore 1's brother right
Anyone know how to fix this?
I used Gravindo RO - Indonesia
and here the ragexe
https://drive.google.com/open?id=0B3UcfHfBZfh2MGNoVVNjODFzMlU
i tried a lot method over googling for exctracting packet but i have no luck, all failed..
Look like they encrypted the ragexe.exe, please help me thank you..