Bypass MXCustomDB Check !!

[FeN$x]

Ok people, some guys say that they can run his server without CustomDB hehehe, well let them think and do whatever, for me its more secure use MXCustomDB, but some reports say that the only reason why GS Fall its caused CustomDB...

So here i was checking and i made a bypass how??

lol here we go:

Target: Mydll
Protection: None
Objetive: Make Bypass of CustomDB ^^

1.- Open a beer and hear metallica: "The call of Ktulu or The Unforgiven" (optional)

2.- Open Ollydbg and open MYDLL on it...

3.- We are here:

150153E2 > $ E9 4AD10000    JMP Bypassed.15022531
150153E7   . D1E7           SHL EDI,1
150153E9   . 47             INC EDI
150153EA   . 51             PUSH ECX
150153EB   . 46             INC ESI
150153EC   . 3369 59        XOR EBP,DWORD PTR DS:[ECX+59]
150153EF   . 42             INC EDX
150153F0   . C2 71BE        RETN 0BE71

lol wtf that is like packed one... but lets press F7 for watch where JMP lead us..

4.- We press F7 one time and we are here:

15022531   >-E9 62FEFFFA    JMP Bypassed.10022398

again another JMP, lets pass it with F7 one time...

5.- We pass it and now we are here:

10022398   55               PUSH EBP //This is unpacked point

Well now we can search, but for what??

mmm remember that Ducking string that say that you dont got MXCustomDB On?

yep lets find that but we cant search for string, we need to look with our own eyes...

6.- We look well on code and we found it:

10018D47   68 30300510      PUSH Bypassed.10053030                   ; ASCII "Set ExDb Socket Error !"
10018D4C   E8 28320200      CALL Bypassed.1003BF79
10018D51   6A 10            PUSH 10
10018D53   8B55 EC          MOV EDX,DWORD PTR SS:[EBP-14]
10018D56   81C2 A0040000    ADD EDX,4A0
10018D5C   52               PUSH EDX
10018D5D   8B45 EC          MOV EAX,DWORD PTR SS:[EBP-14]
10018D60   8B88 9C040000    MOV ECX,DWORD PTR DS:[EAX+49C]
10018D66   51               PUSH ECX
10018D67   E8 7C750000      CALL <JMP.&WS2_32.#4>
10018D6C   8945 F8          MOV DWORD PTR SS:[EBP-8],EAX
10018D6F   837D F8 FF       CMP DWORD PTR SS:[EBP-8],-1
10018D73   74 0E            JNZ SHORT Bypassed.10018D83
10018D75   6A 00            PUSH 0
10018D77   6A 00            PUSH 0
10018D79   68 48300510      PUSH Bypassed.10053048                   ; ASCII "Connect MxExDB Error!
 Please Confirm MxExDB Lanched!"
10018D7E   E8 F6310200      CALL Bypassed.1003BF79
10018D83   8B55 EC          MOV EDX,DWORD PTR SS:[EBP-14]

7.- Cool we got MXExDB error now lets saw a little up and whats that 2 opcodes:

10018D6F   837D F8 FF       CMP DWORD PTR SS:[EBP-8],-1 // IF 1 means MXExDB its on, if is 0 means that is not
10018D73   74 0E            JNZ SHORT Bypassed.10018D83 //Jump only if is 1

Voila now you know about jumps so we gonna change JNZ to JE and we gonna save our changes made in a backup file but with the name MYDLL.

now we open GS and voila MXExDB bypass ^^.

Enjoy...

Credits: FeN$x
Teams: Diamond & crackermuteam.

 

[keepitlive]

Hehe good job, now all you need to do is to share the bypassed mydll hehehehe
Less work for others

But good job Its a dumbass error hehe

 

[navossoc]

Ok, we can bypass the mxexdb, btw... the game don't will have more bugs ? or something like that ?

[]'s

 

[navossoc]

I have tested works, btw some questions if we can bypass he we don't create more bugs in game ? and... what the mxexdb make ?

[]'s

 

[Frijol777]

Whats the difference between cracking it and just leaving it how it is.?

I would int try this because theres no % of this making any know bugs,(FIX)

 

[siliconshadow]

The gamesevrer fails because of poor programming and the server running out of nonpageable memory.

Everything that requires a driver takes 4kb of nonpageable memory you only have 256kb of this each socket that opens takes up part, each driver you have running takes up part.

But if you have a non signed driver on your system you may find that it uses pageable memory isntead of non pageable (Signed drivers are checked for this) the most common culprit is the graphics card. Installing signed drivers and sticking in as much RAM as you can afford is the real and only way of fixing this problem.

 

[FeN$x]

Here is file bypassed for lazy one:

You must be registered to see links

Enjoy it and rename it to Mydll.dll :3dflagsdo

 

[RX.Rix]

could you upload the GS somewhere.. it's not that i'm lazy.. it's just that i couldn't understand it ... ollydbg sayd something that it couldn't open mydll.dll .. so i got olly's shadow (Shadow olly ) that opend it.. but i don't know how to use it ( more into hex ^^ ) so jeah.. i'd be glad if you would ... cos i can't run my gs . it has the mxexdb error

 

[RX.Rix]

could you upload the gs.. i don't have the olly skill yet ( more into hex ^^ )

 

[RX.Rix]

Could you upload the GS cos i can't figure the olly out hmy:

 

[RX.Rix]

could you upload the gs.. i can't figure the olly out hmy:

 

[RX.Rix]

could you upload the gs.. i can't figure olly out

 

[RX.Rix]

could you plz upload the gs..

 

[darranthegreat]

i dont get step 7. do we delete all the other lines except those 2?

 

[darranthegreat]

How do we save the file? I cant seem to save it as a .dll

 

[darranthegreat]

How to save as a backup file?

 

[darranthegreat]

how to save as backup? i dont get that part//

 

[darranthegreat]

Voila now you know about jumps so we gonna change JNZ to JE and we gonna save our changes made in a backup file but with the name MYDLL.

i dont get that line, how do we save the file?

 

[darranthegreat]

Voila now you know about jumps so we gonna change JNZ to JE and we gonna save our changes made in a backup file but with the name MYDLL.

I dont get that line, how do we save the file?

 

[darranthegreat]

Voila now you know about jumps so we gonna change JNZ to JE and we gonna save our changes made in a backup file but with the name MYDLL.

I dont get that line, how do we save the file?