Research into HKO

Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 40
  1. #16
    Member zhongtiao1 is offline
    MemberRank
    Jul 2020 Join Date
    Jan MayenLocation
    33Posts

    Re: Research into HKO

    Research into HKO
    Quote Originally Posted by damidesu View Post
    Well done @zhongtiao1 ! I knew you will figure it out! thank you for sharing the SQL file and updating the guide to run HKO server. Now based on what I know so far, the next step will be connect the client? it looks NPC server is working too
    Thanks!

    Yes, the client is the next step. It doesn't seem to recognize the server is running for some reason and nothing shows up in wireshark or fiddler when it tries to connect.

    The NPC Server works as far as we can tell. It registers with the database and it looks like all the NPCs initiate fine. Based on the names though, some might be Japanese NPCs.

  2. #17
    Member zhongtiao1 is offline
    MemberRank
    Jul 2020 Join Date
    Jan MayenLocation
    33Posts

    Re: Research into HKO

    Big news! We got the server to recognize the client!

    If you set the port to 35000 instead of 5500, the client locks on to the local server and connects. Unfortunately, we can't get any further than that yet. The client still doesn't load in.

    Huge props to u/goddamnitgusty over on reddit for helping figure this out.

    @PyroSamurai did you ever manage to get the server and client running yourself back when it was first released? It seems like the server and client are constantly fighting each other. Is there any evidence it was working previously?

  3. #18
    Registered damidesu is offline
    MemberRank
    May 2018 Join Date
    12Posts

    Re: Research into HKO

    @zhongtiao1 That's very good news!, so next step will be locate a client compatible with the server, hmm there aren't much clients around so in that case maybe something to trick the server to accept an old client. I can't remember the way to enable debug mode on the client. I'll let you know if I can figure that. Which client and server version are you using?

  4. #19
    Member zhongtiao1 is offline
    MemberRank
    Jul 2020 Join Date
    Jan MayenLocation
    33Posts

    Re: Research into HKO

    Quote Originally Posted by damidesu View Post
    @zhongtiao1 That's very good news!, so next step will be locate a client compatible with the server, hmm there aren't much clients around so in that case maybe something to trick the server to accept an old client. I can't remember the way to enable debug mode on the client. I'll let you know if I can figure that. Which client and server version are you using?
    We're already using the earliest available client, the founders beta, and the latest available server, 092404. The founders beta was released over 3 years after the latest server version.

  5. #20
    Registered damidesu is offline
    MemberRank
    May 2018 Join Date
    12Posts

    Re: Research into HKO

    @zhongtiao1 If I remember correctly, the client needs to know the content of:
    http://hkopatch.hellokittyonline.com/single/leading.txt

    On the latest client version is located at:
    http://www.hellokittyonline.com/single_st/leading.txt

    I remember I couldn't enter the game if hkopatch server was down. That's why later they moved it directly on hellokittyonline

  6. #21
    Member zhongtiao1 is offline
    MemberRank
    Jul 2020 Join Date
    Jan MayenLocation
    33Posts

    Re: Research into HKO

    Quote Originally Posted by damidesu View Post
    @zhongtiao1 If I remember correctly, the client needs to know the content of:
    http://hkopatch.hellokittyonline.com/single/leading.txt

    On the latest client version is located at:
    http://www.hellokittyonline.com/single_st/leading.txt

    I remember I couldn't enter the game if hkopatch server was down. That's why later they moved it directly on hellokittyonline
    It moves automatically beyond the autoupdate screen if you just wait for about 30 seconds. It just gives up and moves on

  7. #22
    Newbie PrawnCocktail is offline
    MemberRank
    Dec 2020 Join Date
    1Posts

    Re: Research into HKO

    Launch hko.exe with the execute_by_leading argument and it will skip the auto update process completely.
    Other arguments are windowed_mode, no_change_color_depth & special
    On older client "special" makes the window big and mostly black, on newer clients it doesn't seem to do anything.

  8. #23
    Member rezashouse is offline
    MemberRank
    Nov 2010 Join Date
    32Posts

    Re: Research into HKO

    here is the full original leak's db
    https://drive.google.com/file/d/1kan...ew?usp=sharing
    it has some extra accounts / and players and im not sure but it looks like the npc server is logging into accounts to play the game, but i have found after a bit of this Screenshot by Lightshot
    i have found that
    1. the ip is in a file named lobby_info.txt
    2. lobby_info.txt is inside tables\client_table.sdb
    3. the game is written in delphi and i dont know shit bout delphi

    so here we go on what i found
    so its doin some weird stuff to call wsock connect but i could probably make a hook but the problem is ive tried forcing the ip and its getting weird results im not sure its using the right port tho now that i think about it ill have to check that next. if i follow the structure here https://docs.microsoft.com/en-us/win...ef-sockaddr_in
    then Screenshot by Lightshot that should be the port
    but assuming its not and that its using their default ports i just change the ip tho and this is what i see
    Screenshot by Lightshot
    i change it to this
    Screenshot by Lightshot
    i probably didnt need to go that overkill since the second one before last is the "edx" register and edx -16 is passed to connect which is done here
    http://prntscr.com/xqg985
    this goes to here which calls the wsock connect i think if i made a hook i would jack the shit here its a sexy spot
    http://prntscr.com/xqgauq
    http://prntscr.com/xqgcg4
    http://prntscr.com/xqgiwg

    from what i have seen it looks like we need a sdb packer/unpacker to be made first since the put the connect info in there and the reason a hook is little hard is cause its got some weird calls thru the delphi library stuff and also when i just change the ip manually it some how corupts the shit and im zero terminating my string and its smaller than the string im replacing and ipaddr should be char[15] otherwise i have no idea why its padded with 0's so it should be fine but some how it has a problem. but im gunna test if its the port now i just noticed that shit

    - - - Updated - - -

    i really want this game working haha

    - - - Updated - - -

    i got the client to connect now the port was actually not in the place i expected it it was a bit above the area there
    http://prntscr.com/xqhkzb
    doing that got this on the server
    http://prntscr.com/xqhmlq

    - - - Updated - - -

    well its connecting now then logging out after doing nothing.
    so ill be working on it a bit more now dam thot i was close ha
    Last edited by rezashouse; 28-01-21 at 03:04 AM.

  9. #24
    Member zhongtiao1 is offline
    MemberRank
    Jul 2020 Join Date
    Jan MayenLocation
    33Posts

    Re: Research into HKO

    Quote Originally Posted by rezashouse View Post
    here is the full original leak's db
    https://drive.google.com/file/d/1kan...ew?usp=sharing
    it has some extra accounts / and players and im not sure but it looks like the npc server is logging into accounts to play the game, but i have found after a bit of this Screenshot by Lightshot
    i have found that
    1. the ip is in a file named lobby_info.txt
    2. lobby_info.txt is inside tables\client_table.sdb
    3. the game is written in delphi and i dont know shit bout delphi

    so here we go on what i found
    so its doin some weird stuff to call wsock connect but i could probably make a hook but the problem is ive tried forcing the ip and its getting weird results im not sure its using the right port tho now that i think about it ill have to check that next. if i follow the structure here https://docs.microsoft.com/en-us/win...ef-sockaddr_in
    then Screenshot by Lightshot that should be the port
    but assuming its not and that its using their default ports i just change the ip tho and this is what i see
    Screenshot by Lightshot
    i change it to this
    Screenshot by Lightshot
    i probably didnt need to go that overkill since the second one before last is the "edx" register and edx -16 is passed to connect which is done here
    http://prntscr.com/xqg985
    this goes to here which calls the wsock connect i think if i made a hook i would jack the shit here its a sexy spot
    http://prntscr.com/xqgauq
    http://prntscr.com/xqgcg4
    http://prntscr.com/xqgiwg

    from what i have seen it looks like we need a sdb packer/unpacker to be made first since the put the connect info in there and the reason a hook is little hard is cause its got some weird calls thru the delphi library stuff and also when i just change the ip manually it some how corupts the shit and im zero terminating my string and its smaller than the string im replacing and ipaddr should be char[15] otherwise i have no idea why its padded with 0's so it should be fine but some how it has a problem. but im gunna test if its the port now i just noticed that shit

    - - - Updated - - -

    i really want this game working haha

    - - - Updated - - -

    i got the client to connect now the port was actually not in the place i expected it it was a bit above the area there
    http://prntscr.com/xqhkzb
    doing that got this on the server
    http://prntscr.com/xqhmlq

    - - - Updated - - -

    well its connecting now then logging out after doing nothing.
    so ill be working on it a bit more now dam thot i was close ha
    This is awesome man! Thanks for looking into it!

    Just a note, you don't have to switch the ip if you set the server port to 25000. The founders beta automatically looks to see if 25000 is open and will connect locally, giving the same notice. I'll check out the database too, nice find!

    We all want this game working again :) I look forward to any progress you make!

    EDIT: one thing I notice is that the database you linked has a couple more player values. I think this db will work better with the NPC_SERVER. Shouldn't change the ability to login, but it is a better version than what I had :)
    Last edited by zhongtiao1; 28-01-21 at 03:48 AM.

  10. #25
    Member rezashouse is offline
    MemberRank
    Nov 2010 Join Date
    32Posts

    Re: Research into HKO

    ok im making a hook.

    - - - Updated - - -

    the hook will allow setting ip and port manually until we get a sdb packer
    after looking thru the shit it looks like H;Y might be the key for the encryption and it looks like its just xor i can probably write a unpacker / decryptor /packer / encryptor for this haha

    - - - Updated - - -

    ill probably have the hook done by tonight then i can use it to start figuring out why the client doesnt continue past this point would make it easier to debug the server too since i wouldnt have to debug the client just to proc a connect but yeah i could do the port thing but im lazy and wanna do it my way lol

    - - - Updated - - -

    http://prntscr.com/xqs2v7 some progress for the night i got a hook goin : )

  11. #26
    Member zhongtiao1 is offline
    MemberRank
    Jul 2020 Join Date
    Jan MayenLocation
    33Posts

    Re: Research into HKO

    Quote Originally Posted by rezashouse View Post
    ok im making a hook.

    - - - Updated - - -

    the hook will allow setting ip and port manually until we get a sdb packer
    after looking thru the shit it looks like H;Y might be the key for the encryption and it looks like its just xor i can probably write a unpacker / decryptor /packer / encryptor for this haha

    - - - Updated - - -

    ill probably have the hook done by tonight then i can use it to start figuring out why the client doesnt continue past this point would make it easier to debug the server too since i wouldnt have to debug the client just to proc a connect but yeah i could do the port thing but im lazy and wanna do it my way lol

    - - - Updated - - -

    Screenshot by Lightshot some progress for the night i got a hook goin : )
    Awesome! Could this hook be extended to support different database versions? Even just a newer version of MySQL would fix a lot of security flaws. Maybe hook into both the server and the client?

  12. #27
    Member rezashouse is offline
    MemberRank
    Nov 2010 Join Date
    32Posts

    Re: Research into HKO

    i finished the hook for ip/port writing
    https://drive.google.com/file/d/1fvM...ew?usp=sharing

    the launcher is just used to inject the dll you can edit the pe to load the dll directly or use another injector you only need the dll and the ini

    1. copy all 3 files to hko client folder
    2. edit port / ip in the HelloPussy.ini
    3. start hellopussylauncher
    4. figure out how to get the client to login past this point haha thats next goal. debug server /client for whats preventing it to login.


    injector VT https://www.virustotal.com/gui/file/...8e15/detection
    dll hook VT https://www.virustotal.com/gui/file-...MQ==/detection

    took me 1 day to make all this it was pretty nasty T.T i was wrong about that key stuff i was actually seeing the pointer to a function i think its how the delphi shit is proxying the calls or w/e its doin its gross they have jmps everywhere to functions that should be called by the code i feel like its some sort of wrapper type of shit cause every call thats outside the game is passed thru a function and its doing a call based on a parameter as if some thing like

    void callfunction ( void* address)
    {
    call address();
    }

  13. #28
    Member zhongtiao1 is offline
    MemberRank
    Jul 2020 Join Date
    Jan MayenLocation
    33Posts

    Re: Research into HKO

    Quote Originally Posted by rezashouse View Post
    i finished the hook for ip/port writing
    https://drive.google.com/file/d/1fvM...ew?usp=sharing

    the launcher is just used to inject the dll you can edit the pe to load the dll directly or use another injector you only need the dll and the ini

    1. copy all 3 files to hko client folder
    2. edit port / ip in the HelloPussy.ini
    3. start hellopussylauncher
    4. figure out how to get the client to login past this point haha thats next goal. debug server /client for whats preventing it to login.


    injector VT https://www.virustotal.com/gui/file/...8e15/detection
    dll hook VT https://www.virustotal.com/gui/file-...MQ==/detection

    took me 1 day to make all this it was pretty nasty T.T i was wrong about that key stuff i was actually seeing the pointer to a function i think its how the delphi shit is proxying the calls or w/e its doin its gross they have jmps everywhere to functions that should be called by the code i feel like its some sort of wrapper type of shit cause every call thats outside the game is passed thru a function and its doing a call based on a parameter as if some thing like

    void callfunction ( void* address)
    {
    call address();
    }
    Would I just drag and drop the dll into the install folder?

    - - - Updated - - -

    Something interesting, when I use the new hko.sql file you posted, I get this error:

    Assertion failed: 0 && "Cannot load FuncTable!!", file C:\Project\Kitty\src-last\_projects\hko_server\main.cpp, line 254

    Any idea why? Also, we now know what the source code layout is like, so a small win?

  14. #29
    Member rezashouse is offline
    MemberRank
    Nov 2010 Join Date
    32Posts

    Re: Research into HKO

    oh i got a good understanding this shit is wide open in the asm the only nasty stuff is delphi but if you open this up in ida 6.8 + its nice also im using the new x96dbg when i am used to using olly and its actually pretty crazy.
    just put all the shit in my zip into your hko folder like this
    https://prnt.sc/xrs58d

  15. #30
    Member zhongtiao1 is offline
    MemberRank
    Jul 2020 Join Date
    Jan MayenLocation
    33Posts

    Re: Research into HKO

    Quote Originally Posted by rezashouse View Post
    oh i got a good understanding this shit is wide open in the asm the only nasty stuff is delphi but if you open this up in ida 6.8 + its nice also im using the new x96dbg when i am used to using olly and its actually pretty crazy.
    just put all the shit in my zip into your hko folder like this
    https://prnt.sc/xrs58d
    Alright, thanks. Any idea why the assert error occurred with your hko.sql?

    - - - Updated - - -

    Maybe it's not actually the new hko.sql file...

    Ugh, time to reinstall MySQL again

    EDIT: Nope, I'm just an idiot and deleted the FuncTable file. Don't mess with the Func guys

    - - - Updated - - -

    Look What I found!



    I had no idea this menu in the server even existed. If you press enter twice quickly after all of the zones are created, you can input commands.

    The only working commands are:
    help
    TotalUser
    shutdown
    show
    list

    These are all case-sensitive. Also, Show and List expect a second option, but I don't know what that would be

    One more thing, there are 76 NPCs and 3 Angels in the NPC Server.

    - - - Updated - - -
    @rezashouse How did you get the HelloPussy Hook cmd screen to show up? When I launch it, it just goes into the game, no cmd window like you have
    Last edited by zhongtiao1; 28-01-21 at 08:36 PM. Reason: I'm an idiot



Page 2 of 3 FirstFirst 123 LastLast

Advertisement