Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Research into HKO

Initiate Mage
Joined
Jul 20, 2020
Messages
48
Reaction score
40
zhongtiao1 If I remember correctly, the client needs to know the content of:


On the latest client version is located at:


I remember I couldn't enter the game if hkopatch server was down. That's why later they moved it directly on hellokittyonline

It moves automatically beyond the autoupdate screen if you just wait for about 30 seconds. It just gives up and moves on
 
Initiate Mage
Joined
Dec 8, 2020
Messages
1
Reaction score
4
Launch hko.exe with the execute_by_leading argument and it will skip the auto update process completely.
Other arguments are windowed_mode, no_change_color_depth & special
On older client "special" makes the window big and mostly black, on newer clients it doesn't seem to do anything.
 
Joined
Nov 17, 2010
Messages
34
Reaction score
21
here is the full original leak's db

it has some extra accounts / and players and im not sure but it looks like the npc server is logging into accounts to play the game, but i have found after a bit of this
i have found that
1. the ip is in a file named lobby_info.txt
2. lobby_info.txt is inside tables\client_table.sdb
3. the game is written in delphi and i dont know poop bout delphi

so here we go on what i found
so its doin some weird stuff to call wsock connect but i could probably make a hook but the problem is ive tried forcing the ip and its getting weird results im not sure its using the right port tho now that i think about it ill have to check that next. if i follow the structure here
then that should be the port
but assuming its not and that its using their default ports i just change the ip tho and this is what i see

i change it to this

i probably didnt need to go that overkill since the second one before last is the "edx" register and edx -16 is passed to connect which is done here

this goes to here which calls the wsock connect i think if i made a hook i would jack the poop here its a sexy spot




from what i have seen it looks like we need a sdb packer/unpacker to be made first since the put the connect info in there and the reason a hook is little hard is cause its got some weird calls thru the delphi library stuff and also when i just change the ip manually it some how corupts the poop and im zero terminating my string and its smaller than the string im replacing and ipaddr should be char[15] otherwise i have no idea why its padded with 0's so it should be fine but some how it has a problem. but im gunna test if its the port now i just noticed that poop



i really want this game working haha



i got the client to connect now the port was actually not in the place i expected it it was a bit above the area there

doing that got this on the server




well its connecting now then logging out after doing nothing.
so ill be working on it a bit more now dam thot i was close ha
 
Last edited:
Initiate Mage
Joined
Jul 20, 2020
Messages
48
Reaction score
40
here is the full original leak's db

it has some extra accounts / and players and im not sure but it looks like the npc server is logging into accounts to play the game, but i have found after a bit of this
i have found that
1. the ip is in a file named lobby_info.txt
2. lobby_info.txt is inside tables\client_table.sdb
3. the game is written in delphi and i dont know poop bout delphi

so here we go on what i found
so its doin some weird stuff to call wsock connect but i could probably make a hook but the problem is ive tried forcing the ip and its getting weird results im not sure its using the right port tho now that i think about it ill have to check that next. if i follow the structure here
then that should be the port
but assuming its not and that its using their default ports i just change the ip tho and this is what i see

i change it to this

i probably didnt need to go that overkill since the second one before last is the "edx" register and edx -16 is passed to connect which is done here

this goes to here which calls the wsock connect i think if i made a hook i would jack the poop here its a sexy spot




from what i have seen it looks like we need a sdb packer/unpacker to be made first since the put the connect info in there and the reason a hook is little hard is cause its got some weird calls thru the delphi library stuff and also when i just change the ip manually it some how corupts the poop and im zero terminating my string and its smaller than the string im replacing and ipaddr should be char[15] otherwise i have no idea why its padded with 0's so it should be fine but some how it has a problem. but im gunna test if its the port now i just noticed that poop



i really want this game working haha



i got the client to connect now the port was actually not in the place i expected it it was a bit above the area there

doing that got this on the server




well its connecting now then logging out after doing nothing.
so ill be working on it a bit more now dam thot i was close ha

This is awesome man! Thanks for looking into it!

Just a note, you don't have to switch the ip if you set the server port to 25000. The founders beta automatically looks to see if 25000 is open and will connect locally, giving the same notice. I'll check out the database too, nice find!

We all want this game working again :) I look forward to any progress you make!

EDIT: one thing I notice is that the database you linked has a couple more player values. I think this db will work better with the NPC_SERVER. Shouldn't change the ability to login, but it is a better version than what I had :)
 
Last edited:
Joined
Nov 17, 2010
Messages
34
Reaction score
21
ok im making a hook.



the hook will allow setting ip and port manually until we get a sdb packer
after looking thru the poop it looks like H;Y might be the key for the encryption and it looks like its just xor i can probably write a unpacker / decryptor /packer / encryptor for this haha



ill probably have the hook done by tonight then i can use it to start figuring out why the client doesnt continue past this point would make it easier to debug the server too since i wouldnt have to debug the client just to proc a connect but yeah i could do the port thing but im lazy and wanna do it my way lol



http://prntscr.com/xqs2v7 some progress for the night i got a hook goin : )
 
Initiate Mage
Joined
Jul 20, 2020
Messages
48
Reaction score
40
ok im making a hook.



the hook will allow setting ip and port manually until we get a sdb packer
after looking thru the poop it looks like H;Y might be the key for the encryption and it looks like its just xor i can probably write a unpacker / decryptor /packer / encryptor for this haha



ill probably have the hook done by tonight then i can use it to start figuring out why the client doesnt continue past this point would make it easier to debug the server too since i wouldnt have to debug the client just to proc a connect but yeah i could do the port thing but im lazy and wanna do it my way lol



some progress for the night i got a hook goin : )

Awesome! Could this hook be extended to support different database versions? Even just a newer version of MySQL would fix a lot of security flaws. Maybe hook into both the server and the client?
 
Joined
Nov 17, 2010
Messages
34
Reaction score
21
i finished the hook for ip/port writing


the launcher is just used to inject the dll you can edit the pe to load the dll directly or use another injector you only need the dll and the ini

1. copy all 3 files to hko client folder
2. edit port / ip in the HelloPussy.ini
3. start hellopussylauncher
4. figure out how to get the client to login past this point haha thats next goal. debug server /client for whats preventing it to login.


injector VT
dll hook VT

took me 1 day to make all this it was pretty nasty T.T i was wrong about that key stuff i was actually seeing the pointer to a function i think its how the delphi poop is proxying the calls or w/e its doin its gross they have jmps everywhere to functions that should be called by the code i feel like its some sort of wrapper type of poop cause every call thats outside the game is passed thru a function and its doing a call based on a parameter as if some thing like

void callfunction ( void* address)
{
call address();
}
 
Initiate Mage
Joined
Jul 20, 2020
Messages
48
Reaction score
40
i finished the hook for ip/port writing


the launcher is just used to inject the dll you can edit the pe to load the dll directly or use another injector you only need the dll and the ini

1. copy all 3 files to hko client folder
2. edit port / ip in the HelloPussy.ini
3. start hellopussylauncher
4. figure out how to get the client to login past this point haha thats next goal. debug server /client for whats preventing it to login.


injector VT
dll hook VT

took me 1 day to make all this it was pretty nasty T.T i was wrong about that key stuff i was actually seeing the pointer to a function i think its how the delphi poop is proxying the calls or w/e its doin its gross they have jmps everywhere to functions that should be called by the code i feel like its some sort of wrapper type of poop cause every call thats outside the game is passed thru a function and its doing a call based on a parameter as if some thing like

void callfunction ( void* address)
{
call address();
}

Would I just drag and drop the dll into the install folder?



Something interesting, when I use the new hko.sql file you posted, I get this error:

Assertion failed: 0 && "Cannot load FuncTable!!", file C:\Project\Kitty\src-last\_projects\hko_server\main.cpp, line 254

Any idea why? Also, we now know what the source code layout is like, so a small win?
 
Joined
Nov 17, 2010
Messages
34
Reaction score
21
oh i got a good understanding this poop is wide open in the asm the only nasty stuff is delphi but if you open this up in ida 6.8 + its nice also im using the new x96dbg when i am used to using olly and its actually pretty crazy.
just put all the poop in my zip into your hko folder like this
 
Initiate Mage
Joined
Jul 20, 2020
Messages
48
Reaction score
40
oh i got a good understanding this poop is wide open in the asm the only nasty stuff is delphi but if you open this up in ida 6.8 + its nice also im using the new x96dbg when i am used to using olly and its actually pretty crazy.
just put all the poop in my zip into your hko folder like this
Alright, thanks. Any idea why the assert error occurred with your hko.sql?



Maybe it's not actually the new hko.sql file...

Ugh, time to reinstall MySQL again

EDIT: Nope, I'm just an idiot and deleted the FuncTable file. Don't mess with the Func guys



Look What I found!

zhongtiao1 - Research into HKO - RaGEZONE Forums


I had no idea this menu in the server even existed. If you press enter twice quickly after all of the zones are created, you can input commands.

The only working commands are:
help
TotalUser
shutdown
show
list

These are all case-sensitive. Also, Show and List expect a second option, but I don't know what that would be

One more thing, there are 76 NPCs and 3 Angels in the NPC Server.


rezashouse How did you get the HelloPussy Hook cmd screen to show up? When I launch it, it just goes into the game, no cmd window like you have
 
Last edited:
Joined
Nov 17, 2010
Messages
34
Reaction score
21
dbg=1 in the ini



http://prntscr.com/xrvhk1



these servers dont have poop implemented lol
i think this servers are junk actually since its like some pre beta version when i was looking thru ida it was really easy to do the server changes i needed beause .... there is nothing there.... so i think this is one of those cases since we have a client and a sorta working server ..... we probably need to make a emulator.



would just need to use the servers as a example for some things and its not too bad with ida's asm -> c interpreter the delphi poop is kinda in the way but we could make a emulator using like c++ or c# fk delphi



since the servers run we can do live runtime debugging which gave me alot more info than just using ida with the binary thats how i found how i found where the functions do their jumps to the library calls
 
Initiate Mage
Joined
Jul 20, 2020
Messages
48
Reaction score
40
dbg=1 in the ini







these servers dont have poop implemented lol
i think this servers are junk actually since its like some pre beta version when i was looking thru ida it was really easy to do the server changes i needed beause .... there is nothing there.... so i think this is one of those cases since we have a client and a sorta working server ..... we probably need to make a emulator.



would just need to use the servers as a example for some things and its not too bad with ida's asm -> c interpreter the delphi poop is kinda in the way but we could make a emulator using like c++ or c# fk delphi



since the servers run we can do live runtime debugging which gave me alot more info than just using ida with the binary thats how i found how i found where the functions do their jumps to the library calls

One thing I did notice is that you aren't using the Founder's Beta client. Maybe that has something to do with it?
 
Initiate Mage
Joined
May 4, 2018
Messages
12
Reaction score
3
well I guess we will have to wait for another one helping us with HKO server/client :*:
 
Initiate Mage
Joined
Jul 20, 2020
Messages
48
Reaction score
40
zhongtiao1 - Research into HKO - RaGEZONE Forums


We got past the login screen! Thanks to the help of redcrafter, we managed to make it past the login screen. However, now the rest of the server needs to be reimplemented.

For this, we need another person to continue where Redcrafter left off.

If you know of anyone with the skills to help reimplement the server, let me know and I can hook them up with more information.
 
Initiate Mage
Joined
May 4, 2018
Messages
12
Reaction score
3
zhongtiao1 - Research into HKO - RaGEZONE Forums


We got past the login screen! Thanks to the help of redcrafter, we managed to make it past the login screen. However, now the rest of the server needs to be reimplemented.

For this, we need another person to continue where Redcrafter left off.

If you know of anyone with the skills to help reimplement the server, let me know and I can hook them up with more information.


yeeeeeeeeeeeees!!! that super news!! awesome!
 
Initiate Mage
Joined
Oct 21, 2018
Messages
10
Reaction score
1
zhongtiao1 - Research into HKO - RaGEZONE Forums


We got past the login screen! Thanks to the help of redcrafter, we managed to make it past the login screen. However, now the rest of the server needs to be reimplemented.

For this, we need another person to continue where Redcrafter left off.

If you know of anyone with the skills to help reimplement the server, let me know and I can hook them up with more information.
What great news!! I'm looking forward to hopefully being able to play the game again!
 
Initiate Mage
Joined
Mar 10, 2021
Messages
1
Reaction score
0
zhongtiao1 - Research into HKO - RaGEZONE Forums
We got past the login screen! Thanks to the help of redcrafter, we managed to make it past the login screen. However, now the rest of the server needs to be reimplemented. For this, we need another person to continue where Redcrafter left off. If you know of anyone with the skills to help reimplement the server, let me know and I can hook them up with more information.
I'm so glad! I hope one day we can get this working! I've been wanting to play this again for so long!
 
Back
Top