CabalMain v22 Edit Addresses (OllyDbg)

[PX2000]

To those who wants to edit on their own here are the addresses I found in CabalSection.
This addresses can only be found in CabalMain ver.22 (US)

Since chumpy and cypher told me not to post information in removing XTrap & Test Commands.
Here's a CabalMain ver.22 (US) that only the TEST Commands was removed.

//Remove ENC Check
View Topic: N/A
(0x4E1A0D): JNZ SHORT 004E1A3E -> NOP

//Skip MCL crc check
View Topic: cabalmain.exe (FIXED) SIG-METAL EPAULET
(0x4E1C06): JE SHORT 4E1C24 -> JMP SHORT 4E1C24

//To load up man/woman(9.ech)
View Topic: Client/Server Updates (Regularly Updated)
(0x40F4F0): CMP EAX,07 -> CMP EAX,09
(0x40F690): CMP EAX,07 -> CMP EAX,09

//To load all GPS map.
View Topic: Client/Server Updates (Regularly Updated)
(0x5873B8): CMP EAX,5 -> CMP EAX,10
(0x58756D): CMP ESI,5 -> CMP ESI,10

//Alz Trade, Sell, Inventory & Locker to 999b
View Topic: cabalmain.exe (FIXED) SIG-METAL EPAULET
(0x56C275): CMP DWORD PTR DS:[ECX+4],2 -> CMP DWORD PTR DS:[ECX+4],17
(0x56C27D): CMP DWORD PTR DS:[ECX],540BE3FF -> CMP DWORD PTR DS:[ECX],4876E7FF
(0x56C3A7): CMP EDI,2 -> CMP EDI,17
(0x56C3B1): CMP ESI,540BE3FF -> CMP ESI,4876E7FF
(0x56C510): MOV DWORD PTR DS:[ESI+118],540BE3FF -> MOV DWORD PTR DS:[ESI+118],4876E7FF
(0x56C51A): MOV DWORD PTR DS:[ESI+11C],2 -> MOV DWORD PTR DS:[ESI+11C],17
(0x56CD45): MOV DWORD PTR DS:[EAX+118],540BE3FF -> MOV DWORD PTR DS:[EAX+118],4876E7FF
(0x56CD4F): MOV DWORD PTR DS:[EAX+11C],2 -> MOV DWORD PTR DS:[EAX+11C],17
(0x5BF124): CMP ESI,2 -> CMP ESI,17
(0x5BF12B): CMP EDI,540BE3FF -> CMP EDI,4876E7FF

//For SigMetal Epaulet (Buggy)
View Topic: cabalmain.exe (FIXED) SIG-METAL EPAULET
(0x466645): JE 4666D9 -> JMP 4666D9

//For custom encryption.
View Topic: Customizing your ENC's compression/decompression method
(0x42D470) XOR EAX,57 -> XOR EAX,?? // 4th XORKey
(0x42D482) XOR EAX,67 -> XOR EAX,?? // 3rd XORKey
(0x42D494) XOR EAX,65 -> XOR EAX,?? // 2nd XORKey
(0x42D4A5) XOR EAX,92 -> XOR EAX,?? // 1st XORKey

------

 

[Cabalseven]

i dont salve my modifications , plis i need help for salve

 

[chumpywumpy]

Please do not post details of removing xtrap. We did have a guide some time ago but we felt it best to remove it as people were using it on official exes to try and hack the official game. It wouldn't matter too much if the newer exes were different enough but they aren't unfortunately.

i dont salve my modifications , plis i need help for salve

That doesn't make any sense. If you mean how to save then you need to right-click and select Copy to executable.

 

[Cabalseven]

ocureed error karas2.dll?

---------- Post added at 08:04 PM ---------- Previous post was at 06:36 PM ----------

Good Post Thanks

 

[PX2000]

Please do not post details of removing xtrap. We did have a guide some time ago but we felt it best to remove it as people were using it on official exes to try and hack the official game. It wouldn't matter too much if the newer exes were different enough but they aren't unfortunately.

Ok sir... I understand.

 

[magraopb]

Originally Posted by Yamachi View Post

1. Copy the DDS files from EU's /Data/UI/Map.
2. Open cabalmain.exe in ollydbg.
3. Go to 0x004E1D72.
4. Right-click -> Edit -> Fill with NOPs
5. Go to 0x004E1D7E.
6. Right-click -> Edit -> Fill with NOPs
7. Go to 0x005873B8.
8. Change from CMP EAX,5 -> CMP EAX,10
9. Go to 0x0058756D.
10. Change from CMP EAX,5 -> CMP EAX,10
11. Change line 1673 in msg.enc from
Code:

<word id="254" cont="You are not allowed to view maps using the GPS." />

to
Code:

<word id="254" cont="" />

ido this modification, but my GPS "PL" dont work, im using client EU 445.1
OBS:
already exist 4_Max.dds in folder UI\Map

 

[snaiderz]

updates the download link that no longer work please

 

[MisterMinister]

ocureed error karas2.dll?

That means,you Opened the Cabalmain without having the karas2.dll in the Same Folder/Directory..

KCopy your karas2.dll to the same Folder as the Cabalmain.exe is,then Open again,you will see,it works ^^
The Other way is..Open your Cabalmain in Olly directly from your Main Cabal Folder.but if your edit is finished,save the Cabalmain to another place on your HDD.
And before you Edit any Files..
Backup those Files !!

Regards

 

[Yamachi]

ido this modification, but my GPS "PL" dont work, im using client EU 445.1
OBS:
already exist 4_Max.dds in folder UI\Map

I guess you haven't played CABAL much... You need to complete a story quest to get the PL map.

 

[magraopb]

I guess you haven't played CABAL much... You need to complete a story quest to get the PL map.

i have all quests, "full quests characters"

 

[PX2000]

i have all quests, "full quests characters"

hekhekhek

Read all the replies of Client/Server Updates (Regularly Updated) the solution of your problem is there.

 

[dordort]

How to disable the commands:

Open CabalMain with a Hex Editor.

Search for the command string by pressing Ctrl+F. (Type: Text String, Value: the command. [ex. /_6])

Now look...
Every single letter = 2 Hex strings.
We will need to replace every letter (the 2 Hex strings of it) by E7. If so, to disable the command /_6 for example we will do this:

The hex strings of the / = 2F
We will change the 2F to E7.

The hex strings of the _ = 5F
We will change the 5F to E7.

The hex strings of the 6 = 36
We will change the 36 to E7.


That's the only way to do it, and this is how everyone done it till now. (The people that released they're CabalMain's with disabled commands without giving any information on how to do it).
I dont know how they have disabled the Alt+Ctrl+Shift+Key commands, but that's how they have disabled the chat /_x commands.

 

[dordort]

It does not matter because you always can compress your main with Themida and etc. But do what you want, I don't need it anyway.

 

[Seaza]

I use the code ollydbg cabalmain v22 you, Did you know that. Character death is not the time to cancel cooltime.

 

[balmungx30]

well whether to pm it to me or not i can easily trace that thing...and i never said that pm it to me i said "US" (meaning the one who requested it)...i already know that thing... ^_^ by the way cath22 im not a member of a hacking forums so watch you mouth... thats why i never release my work here people are so lame...

 

[trungnt88]

ido this modification, but my GPS "PL" dont work, im using client EU 445.1
OBS:
already exist 4_Max.dds in folder UI\Map

I can't decode "msg.enc" using Yamachi encode/decode tool (when I dragged "msg.enc" on "cozip.exe", it became not responding.

 

[dordort]

Then use baiq Java tool.

 

[srtsut]

To those who wants to edit on their own here are the addresses I found in CabalSection.
This addresses can only be found in CabalMain ver.22 (US)

Since chumpy and cypher told me not to post information in removing XTrap & Test Commands.
Here's a CabalMain ver.22 (US) that only the TEST Commands was removed.

Download:

You must be registered to see links

- Use at your own risk!

//Remove ENC Check
View Topic: N/A
(0x4E1A0D): JNZ SHORT 004E1A3E -> NOP

//Skip MCL crc check
View Topic: cabalmain.exe (FIXED) SIG-METAL EPAULET
(0x4E1C06): JE SHORT 4E1C24 -> JMP SHORT 4E1C24

//To load up man/woman(9.ech)
View Topic: Client/Server Updates (Regularly Updated)
(0x40F4F0): CMP EAX,07 -> CMP EAX,09
(0x40F690): CMP EAX,07 -> CMP EAX,09

//To load all GPS map.
View Topic: Client/Server Updates (Regularly Updated)
(0x5873B8): CMP EAX,5 -> CMP EAX,10
(0x58756D): CMP ESI,5 -> CMP ESI,10

//Alz Trade, Sell, Inventory & Locker to 999b
View Topic: cabalmain.exe (FIXED) SIG-METAL EPAULET
(0x56C275): CMP DWORD PTR DS:[ECX+4],2 -> CMP DWORD PTR DS:[ECX+4],17
(0x56C27D): CMP DWORD PTR DS:[ECX],540BE3FF -> CMP DWORD PTR DS:[ECX],4876E7FF
(0x56C3A7): CMP EDI,2 -> CMP EDI,17
(0x56C3B1): CMP ESI,540BE3FF -> CMP ESI,4876E7FF
(0x56C510): MOV DWORD PTR DS:[ESI+118],540BE3FF -> MOV DWORD PTR DS:[ESI+118],4876E7FF
(0x56C51A): MOV DWORD PTR DS:[ESI+11C],2 -> MOV DWORD PTR DS:[ESI+11C],17
(0x56CD45): MOV DWORD PTR DS:[EAX+118],540BE3FF -> MOV DWORD PTR DS:[EAX+118],4876E7FF
(0x56CD4F): MOV DWORD PTR DS:[EAX+11C],2 -> MOV DWORD PTR DS:[EAX+11C],17
(0x5BF124): CMP ESI,2 -> CMP ESI,17
(0x5BF12B): CMP EDI,540BE3FF -> CMP EDI,4876E7FF

//For SigMetal Epaulet (Buggy)
View Topic: cabalmain.exe (FIXED) SIG-METAL EPAULET
(0x466645): JE 4666D9 -> JMP 4666D9

//For custom encryption.
View Topic: Customizing your ENC's compression/decompression method
(0x42D470) XOR EAX,57 -> XOR EAX,?? // 4th XORKey
(0x42D482) XOR EAX,67 -> XOR EAX,?? // 3rd XORKey
(0x42D494) XOR EAX,65 -> XOR EAX,?? // 2nd XORKey
(0x42D4A5) XOR EAX,92 -> XOR EAX,?? // 1st XORKey

------

Anyone can teach me,how to change those value by ollydbg?
i open cabalmain.exe with ollydbg,and found this string(ex:0x4E1C06:JE SHORT 4E1C24 -> JMP SHORT 4E1C24) and double klick the string "JE SHORT 004E1C24,it show a windows "Assemble" there are two options one is "keep size" and anyother is "Fill with NOPs",then i type new string "JMP SHORT 4E1C24" and kick "Assemble" bottom, and next what should i to do???

Sorry i don't know how to use ollydbg?

please help me @@"

 

[Daman2009]

Anyone can teach me,how to change those value by ollydbg?
i open cabalmain.exe with ollydbg,and found this string(ex:0x4E1C06:JE SHORT 4E1C24 -> JMP SHORT 4E1C24) and double klick the string "JE SHORT 004E1C24,it show a windows "Assemble" there are two options one is "keep size" and anyother is "Fill with NOPs",then i type new string "JMP SHORT 4E1C24" and kick "Assemble" bottom, and next what should i to do???

Sorry i don't know how to use ollydbg?

please help me @@"

You do what you have done then right click anywhere on the screen and choose 'Copy to Executable->All Modifications', then a dialog saying "Copy selection to executable file?" choose 'Copy All'.
Then appears a new window, right click and choose 'Save File' then select a filename to save to. Thats it.

 

[srtsut]

I got two problems :

1: Why my FS and FA the style of SIGMetal Orb or SIGMetal Crystal does not show like the style of mithril orb and Mithril Crystal when i use it? :$:
(PIC 1~4)

2.When i wear my Epaulet of Fighter+8 or Sage+8,the surface it's all look like Epaulet Guardian +8,so i try to test another Epaulet of Fighter+7 or Sage+7 the surface is OK why?? :$:
(PIC 5)