C1 AntyBot-HowTo 1&2: Network.dll reoptimisation and encryption kay change

[Sakumi]

Nice post ~ Thank you ^^

Tested and working in under 2 minutes :)

[KEMBL]

Solution there
http://forum.ragezone.com/f343/c1-antybot-howto-1-2-a-78801/

[snoworm]

только учти что ключи уже ищут в памяти, а не в dll, а в памяти он всегда распакован

[KEMBL]

Next idea: when gamer in game, some time ahead him appear random numeric string.
If player enter it to the general game chat between 5 or 10 minutes, so they are not a bot )

This idea have very simple automatic solution:

1) Add numeric string ahead player nickname
2) Wait 5-10 min while player enter it
3) Replace string to old and kick player if not 2)

any corrections?

[karpa13a]

about external bots and 2 servers with same id - try to add first server 0.0.0.0 instead 127.0.0.1 and external bots cannot in :) but user need to select server 2 with in testing mode.

note: with 127.0.0.1 ip in db any user may forward 7777 local port to 7777 port on remote ip with no problems, in that case i dunno about how to do that :)

2KEMBL: i think there is need a bot that after 5-10min login user type in private smth like: "hello! 5+7-1=? reply to me, if not your account will be banned for 24hours" :)

[Codechanger]

в общем того раза уже хватило чтобы отсечь внешних ботов. теперь все юзают ингейм ботов. вот бы теперь обсудить отлов ингейм валкеров, и проч.

Невозможно в принципе. Или патчить Network.dll на отлов определенных процессов в памяти.

[Eliot]

This is very usefull, stickied, i also try to merge with Your other thread.

[pipoulo]

1rst You can dump the dll from memory, even the most compressed and protected one and get the hash key. Just wait until L2.exe go to login screen (the dll is fully decrypted there, we dont need its IAT table etc etc), then dump the dll with yoda's LordPE. Search for the hash bla bla. Tested with PeCompact, Armadillo, Aspack/ASPr, UPX and some other packers.
2nd You can patch l2walker (outgame) in memory and change its default hash key (2 times in memory image) and play as normal as before. I know that this way works as i did it before.
3rd You forget the sounds in some bots like l2walker, so sending messages is not the way.
4rth You can code a proxy that enters into the second testing server where the bot cant and emulate the packets needed for the bot to operate (something hybrid like muhax - all you need is l2j code).

Sorry but these sollutions are for kids. What you need is a program that:
a) protects l2 files from editing by hex or memory editors
b) checks for debuggers,dumpers
c) checks for varius cheats
d) changes in memory the hash key
e) encrypts the packets in client (using hooks in winsock dll function to preserve the ip of the user) and decrypts them in server
f) reports back to server if found anything suspicious

and keep in mind of users' privacy!!!

[Bluffy]

thats why gameguard was bundled to l2 right?

[pipoulo]

for some parts yes. but gameguard can be disabled very easy.

[4pLay]

But Then Yet... The Fix That Has Been Released Has The Capability To Stop The Bot...

Tanx Again Guys For The Release... It Is Well Appreciated...

[^Master^Yoda^]

Tanx For The Boost...

[arkanoid]

thanks for the help

[nomoke]

and c3 stopping botting ?

[Teufeltek]

Que placer verte por aqu