*.enc unpacking & repacking..

[Vicio]

well.. i'm new at cabal developing lol..

get the server work fine.. so i advanced with client editing..

and i'm a reverse engineering lover so i started trying to get know how the enc files are encrypted.. well i localized where is the decrypt function.. the first 4 bytes of each enc file are the real file size of the extracted file.. they seems to make 2 tables with the file and later go shifting bytes for getting the chars... but isnt so easy how it sound lol.. its so much code for reverse -.-

so the first thing i did was unpack all encs before the game loads.. there is the pack.. they're some interesting things in.. like exp table, shops, quests, skills, etc.

You must be registered to see links

here the string "Please enter account name and password." changed . this will be usefull for those who wants translate the client to another language

the idea is make a dll that load those enc from a zip or something like it

i'll still testing

argentina r0x

 

[cypher]

So until you share your method to repack the files as you claim to got it done, i won`t believe it... IMO you just changed the string from the memory...

 

[chumpywumpy]

Decoding the encs from memory is simple enough as you say, but the files are encoded with a shared key encryption and working out the private key used for encryption is almost impossible i think. The best alternative is definitely an injection dll to load either plaintext enc data or better yet a custom encryption to prevent hackers messing around in the enc data. If you can manage that you will be giving us exactly what we need!

The most important bit for us is language.enc which contains the ip/port of the server. At the moment we start the client with a batch file which does 2 things. First it forces the client to read internal.txt instead of language.enc so we can use our own server ip and this is good, secondly it enables the client test mode which enables a bunch of test commands we really don't want players fiddling with and this is bad. If we can run the client without the "breaklee" command and still load internal.txt then test mode is off, but this is beyond my hexing skills.

I don't know if this will help at all but it seems to be along the same idea as your dll and i could never get it to work.
http://forum.ragezone.com/f459/small-client-sources-452889/

 

[cypher]

@Chumpy even if you edit the enc files, what can stop other players from using your client?

 

[maxgo1]

... hmm ... the some like its good buth ! ... Anybody know how to crypt it after modify?

 

[chumpywumpy]

@Chumpy even if you edit the enc files, what can stop other players from using your client?

If we have a custom encryption for the enc files where we can specify our own encryption keys for encrypting and an injection dll that only reads files encrypted with our own key you could make the enc files unique to each server. This would also stop your players being able to decrypt your files (well easily anyway).

If we can edit enc files we can then edit a few values (client and server) that we know will not match other servers and they will then crash if not using the right enc files. The big question is whether it would be possible to lock the cabalmain.exe to that unique dll (or the other way around) so exe + dll + enc must all match to work which would give us a way of preventing random exes being able to connect rather than our own ones.

I'm thinking way ahead with things i simply can't do myself that i would like to have

... hmm ... the some like its good buth ! ... Anybody know how to crypt it after modify?

That is what he is trying, either to re-encrypt (which i don't think is possible) or make a dll that can use different encryption we can use.

 

[Yamachi]

This is what Elite CABAL does. There's 2 main ENC-handling functions in cabalmain.exe: 1 to decrypt the ENC's, and 1 to load that decrypted data. Elite CABAL uses a DLL containing a replacement for the latter function. The DLL is injected on startup, and replaces the function that reads the decrypted ENC data so that they can load their own ENC data. I would have done this same thing, myself, but my ollydbg skills are next to none, so I can't find the offset and signature of the function I need to replace. If I can get that information, I could write a replacement function. I'm eager to add custom items

 

[mav3r1cksandy]

Waiting for Vicio to tell us what he did with the ..encs........... may be if we compare some known cabalmain.exe`s with ours we can find at least something.. I am sill waiting for chumpy`s reply. Once he gives me a green Signal i can go ahead with the comparisons!

 

[chumpywumpy]

Meh, do what you can and post results. That's all i'm doing at this point as injection dlls are beyond me or i would have done this already (played with s'rorre files enough lol). I don't want to just reverse engineer another server's methods and steal it unless it is based on code that is already public so i would rather somebody with better skills than me comes up with a "publicly released" method we can all use.

It sounds stupid knowing we use stolen server code i know. I'm just weird like that.

 

[maxgo1]

Try to not underestimate itself, you and cypher very good friends \assistants for our forum if these ways indeed cannot be stolen and used in private affairs I think, that all at us will be a method which will be personally used by us who is interested in such projects

P.S. I for the first time listen to such words from chympy

 

[mav3r1cksandy]

hehe that would probably be becoz of me eating his brainz out today! But anywayz i am trying to do something good ( i only think so ) But see there is nothing wrong to know about other servers! we improve from them!

 

[LostSpirit]

This is what Elite CABAL does. There's 2 main ENC-handling functions in cabalmain.exe: 1 to decrypt the ENC's, and 1 to load that decrypted data. Elite CABAL uses a DLL containing a replacement for the latter function. The DLL is injected on startup, and replaces the function that reads the decrypted ENC data so that they can load their own ENC data. I would have done this same thing, myself, but my ollydbg skills are next to none, so I can't find the offset and signature of the function I need to replace. If I can get that information, I could write a replacement function. I'm eager to add custom items

Perhaps phiber, be gentle and show how.
but he is not obliged to share it. Go to each person and their generosity.

hehe that would probably be becoz of me eating his brainz out today! But anywayz i am trying to do something good ( i only think so ) But see there is nothing wrong to know about other servers! we improve from them!

and really true, but always have each other to hide things that many here do not know.
Is it fear of competition? I 've no idea.
But nway someday becomes a divine help lol :O:

for example I'm working up a new patch for Cabal, I will send it to chumpy test and if it is as I predict poster with pleasure. :
​

​

 

[Yamachi]

Perhaps phiber, be gentle and show how.
but he is not obliged to share it. Go to each person and their generosity.

Phiber would share info, but it's not up to him. I've already asked him, and his development team almost killed him when he asked them about the info I wanted. XD

 

[mav3r1cksandy]

This is what Elite CABAL does. There's 2 main ENC-handling functions in cabalmain.exe: 1 to decrypt the ENC's, and 1 to load that decrypted data. Elite CABAL uses a DLL containing a replacement for the latter function. The DLL is injected on startup, and replaces the function that reads the decrypted ENC data so that they can load their own ENC data. I would have done this same thing, myself, but my ollydbg skills are next to none, so I can't find the offset and signature of the function I need to replace. If I can get that information, I could write a replacement function. I'm eager to add custom items

Correct! but how do u inject it? i can find the encs in ***** I am looking cabal loader...
I cant give much info over here! But pm me for more information!

 

[CrazyArcad]

injecting a DLL really is not that hard, just use a DLL hooking program and load the dll into the process
attached is a DLLInjector Written in VB6 That i have used for hooking a DLL into the cabalmain.exe process its crude, but it works.

 

[mav3r1cksandy]

injecting a DLL really is not that hard, just use a DLL hooking program and load the dll into the process
attached is a DLLInjector Written in VB6 That i have used for hooking a DLL into the cabalmain.exe process its crude, but it works.

Oh that was fast .. i will check and post the results! thanks

 

[Yamachi]

You could always google "detourslib". Providing a public injector with your server patch is not recommended. Why not just code the hooking straight into your launcher? This is what I'm doing, and I'll provide full source once I get the info I need. If anyone's interested in viewing a non-functional preview, here it is:

You must be registered to see links

 

[Dark AvaThar]

You could always google "detourslib". Providing a public injector with your server patch is not recommended. Why not just code the hooking straight into your launcher? This is what I'm doing, and I'll provide full source once I get the info I need. If anyone's interested in viewing a non-functional preview, here it is:

You must be registered to see links

Nice job! Let me know if I can help you, I believe this will be a great tool for all server developers/owners and I will be glad to help u with any information.

 

[mav3r1cksandy]

Its simple i wont provide a public injector with my patch.. i am gonna use a dll.......... same like elitecabal.. But i have to see to what extent it helps so i am still testing.. i will post or give out the cabal mains once i finish this!

 

[Darkcyde]

Good luck and god speed, this will be a huge advancement in Cabal Private Server development if you are successful. Ive been looking for ways to use a custom launcher and dll injection but it is way beyond my capabilities.