RaiderZ Launcher v2 (checks ID/Pass)

[Aznkidd235]

RaiderZ Launcher v6 (Checks ID/Pass) / PHP Register/ Auto-update/ MD5 Check/ Online

Update 4: Player count added
Launcher v6 has player count. it gets how many players are online. For the launcher to run error free you must edit all the .ini to its correct settings.

Update 3: MD5 Check added
i just realized that there was an error in v4 release so here is the fix, and a new addition to the program is MD5 check the launcher will now check the MD5 on the Raiderz.exe before running it. if MD5 is different the launcher will not launch the game.

Update 2: Auto-update added
Launcher v4 is now released whats new? auto-update function. the launcher will detect if a new update is out if there is then it will download it then unpack the update file into the client folder. if you do not update then the launcher will not allow you to play. Also edited the launcher's designs.

How-to use Auto-Update:
in launcher.ini edit where
Patch =

You must be registered to see links

change it to where your patch files will be hosted example:
Patch =

You must be registered to see links

the launcher will grab the update1.rar from the patches folder.
now edit where
patchlink =

You must be registered to see links

make a new ver.txt open it in notepad and put in number 1 this file will tell your launcher to update. now put a working link to your ver.txt
patchlink =

You must be registered to see links

this is how it works launcher runs download ver.txt from

You must be registered to see links

then compare launcher version to ver.txt if ver.txt is higher then it will grab update1.rar
if ver.txt has the number 3 in it and launcher version is 1 (cver.txt) then it will grab update1.rar, and update2.rar and then update cver.txt to 3 after downloading update1, update2.rar it will then extract and overwrite in client folder.
The launcher will only grab the files update1.rar and up example you set ver.txt to 100 then it will grab update99.rar

Making patch files:
say you want to replace the Raiderz.exe in the client folder, and the Data folder inside the Raiderz folder then pack Raiderz.exe, and Data folder together in a .rar format you can pack it. pack the files like you would normally do, but do not set a password or the launcher will not be able to unpack it into the client folder. rename the .rar to Update1.rar set ver.txt to 2 if cver.txt is 1 then it will download and unpack into the client folder.

How to set-up the launcher:
First download TCPView this will be used to identify the ports that your MSSQL is using.

You must be registered to see links

Download, extract, run now search for the process sqlserver if it is not running then start > all programs > Microsoft SQL 2008 > Configuration Tools > SQL Server Configuration Manager and start it from there. once u find sqlserver look at its local port copy it down. now open sql.ini and replace SQLPort = 51844 replace it with yours.

SQLHost = 192.168.1.2
replace this with your WAN IP.

You must be registered to see links

Driver = SQL Server
leave this alone unless you are using SQL Native client then change it to its exact name

NetworkLib = DBMSSOCN
leave this alone its for networking. connecting to your database.

and the rest should be easy enough.



The launcher is like any normal launcher. It checks news, register etc.
when you click the start game button it will connect using ODBC to the host's MSSQL and check the table where USER_ID is and check if the password for that account matches if it does then it will run the game using kyhoh's method if not it will return the message box wrong id or pass and will not run the game. if there are any bugs/errors report it here. The download included the source so you can edit the launcher to how ever you like or even make it better.

Instructions:
1) Install the libraries first. if you don't you might get an error when trying to run it.
2) Setup the .ini files (launcher.ini, sql.ini, sqlpath.ini)
the sql.ini and sqlpath.ini is for those who don't have VB6 you can edit your launcher without the need of VB6, but it is unsafe since your SQLPass and etc will be viewable.

For ppl who have VB6:
Open up Project1.vbp double click form1 press CTRL + F search for "command1_click()" now look at the howto.jpg picture replace the highlighted text with your SQL settings and save, Make RaiderZLauncher.exe.
now all your SQL settings are compiled into the new RaiderZLauncher.exe you will not be needing sql.ini you can delete it or if you get an error leave a blank sql.ini

Features:
- News
- Register
- Auto-update
- Start Game (checks ID/Pass)
- MD5 Check (Prevent switch of Raider.exe)
- Players Online


credits:
kyhoh - for his bypass launcher. his method of launching the game was used in this

RZLauncher v6: (Latest)

You must be registered to see links

Older Downloads:
RZLauncher v5:

You must be registered to see links

RZLauncher v4:

You must be registered to see links

RZLauncher v3:

You must be registered to see links

RZLauncher v2:

You must be registered to see links

RZLauncher v1:

You must be registered to see links

Other Downloads:
Registration: (Credits to wesman2232 for the RegisterFix.sql)

You must be registered to see links

Resource Hacker
for those who wants to change the icon of the launcher, and don't have VB6 use ResHack. it allows you to open a .exe program and replace its icon with a different one.

You must be registered to see links

 

[cmb]

Re: RaiderZ Launcher (checks ID/Pass)

cool, but this doesn't solve the problem that I can just somehow figure out your account name, load up RaiderZ.exe with it and now boom i have access to your account. There is 0(ZERO) security on these files, what Kyhoh failed to realize is the username given to RaiderZ.exe (in his case LOL) is what is sent to the login server, so I can't just give it duck whatever, and expect things to work and be secure. You have taken a simple problem (no security) and complicated it (making this complicated launcher). Other than that, good work on it, im surprised you wrote it in VB6 and not something more modern (C#)

 

[Aznkidd235]

Re: RaiderZ Launcher (checks ID/Pass)

cool, but this doesn't solve the problem that I can just somehow figure out your account name, load up RaiderZ.exe with it and now boom i have access to your account. There is 0(ZERO) security on these files, what Kyhoh failed to realize is the username given to RaiderZ.exe (in his case LOL) is what is sent to the login server, so I can't just give it duck whatever, and expect things to work and be secure. You have taken a simple problem (no security) and complicated it (making this complicated launcher). Other than that, good work on it, im surprised you wrote it in VB6 and not something more modern (C#)

well it works if you have a noob who doesn't know how it works lol. but other than that your right someone can simply bypass this. i wrote it in VB6 because im more experience with it.

 

[cmb]

Re: RaiderZ Launcher (checks ID/Pass)

well it works if you have a noob who doesn't know how it works lol. but other than that your right someone can simply bypass this. i wrote it in VB6 because im more experience with it.

yes, but noobs won't be trying to gain access to accounts. The people with the needed knowledge will be doing so. It is not noobs who you should be afraid of, it is people like me, who are beginning to know RaiderZ's internals rather well. I must say though, im in no way shape or form interested in taking someone's gm account and causing ruckus. Nothing wrong with VB6 i was just slightly surprised to still see it alive and kicking lol, but i guess VB6 will never die

 

[Aznkidd235]

Re: RaiderZ Launcher (checks ID/Pass)

yes, but noobs won't be trying to gain access to accounts. The people with the needed knowledge will be doing so. It is not noobs who you should be afraid of, it is people like me, who are beginning to know RaiderZ's internals rather well. I must say though, im in no way shape or form interested in taking someone's gm account and causing ruckus.

LOL yea, but anyways the only way that i could think of at the time to secure the login issue is have the RaiderZ.exe run only by using the launcher to launch it, but thats a different subject since i don't know how to or even if its possible.

 

[Phant0m]

Re: RaiderZ Launcher (checks ID/Pass)

You can write a simple DLL and hook it to allow access to raiderz.exe only if it's executed by Launcher.exe and have a checksum or something on the DLL aswell.
After hooking, maybe you can pack the dll and exe together to prevent newbs from messing around with it.

 

[cmb]

Re: RaiderZ Launcher (checks ID/Pass)

You can write a simple DLL and hook it to allow access to raiderz.exe only if it's executed by Launcher.exe and have a checksum or something on the DLL aswell.
After hooking, maybe you can pack the dll and exe together to prevent newbs from messing around with it.

then I could just write a bologna Launcher.exe pad it until the needed checksum is equal, and go from there, i wouldn't even need to unpack the stuff

 

[MarcoTozzi]

Re: RaiderZ Launcher (checks ID/Pass)

But anw this will not help if you don't have a server side check, maybe a re-director on server that will check db and if success will re-direct to server port etc.

 

[Dell Honne]

Re: RaiderZ Launcher (checks ID/Pass)

It's a good start.

He's given you guys a stepping stone, maybe you should take it and continue?

 

[Phant0m]

Re: RaiderZ Launcher (checks ID/Pass)

then I could just write a bologna Launcher.exe pad it until the needed checksum is equal, and go from there, i wouldn't even need to unpack the stuff

Yes, like I said, to prevent newbs from messing around with it..

Edit: Check this post, maybe, if Aznkidd235 or someone else wants to edit the launcher, this might be one of the most secure ways of loging-in so far.
http://forum.ragezone.com/f696/help-open-password-login-758063/index2.html#post6385112

 

[Aznkidd235]

Re: RaiderZ Launcher (checks ID/Pass)

Updated the launcher fixed a mssql connection bug.

Yes, like I said, to prevent newbs from messing around with it..

Edit: Check this post, maybe, if Aznkidd235 or someone else wants to edit the launcher, this might be one of the most secure ways of loging-in so far.
http://forum.ragezone.com/f696/help-open-password-login-758063/index2.html#post6385112

I took a look at the link, and it sounds interesting. later on today i will see if i have the time then i'll get to work on it.

 

[esteniomaldade]

good thanks!!

 

[Phant0m]

Here is a slight change to the code.
This is still vulnerable to SQL Injection, so you must disallow the use of any characters that are not alphanumerical in the text boxes.
Also packing the launcher should help keep some people away from messing with it.

Old VB6 Code:

Private Sub Command1_Click()

       Dim MyConnObj As New ADODB.Connection 'ADODB Connection Object
       Dim myRecSet As New ADODB.Recordset 'Recordset Object
       Dim sqlStr As String ' String variable to store sql command

      MyConnObj.Open "DRIVER={" & Options.Driver & "};Server=" & Options.SQLHost & "," & Options.SQLPort & ";Network Library=" & Options.NetworkLib & ";Initial Catalog=" & Options.SQLDB & ";User ID=" & Options.SQLUserID & ";Password=" & Options.SQLPass & ";"

       sqlStr = "select [COLOR="Blue"]*[/COLOR] from RZ_ACCOUNT where ([COLOR="blue"]USER_ID[/COLOR] = '" & Text1.Text & "') and (PWD = '" & Text2.Text & "')"
     
      myRecSet.Open sqlStr, MyConnObj, adOpenKeyset

      Dim i As Integer 'variable to keep count
      i = 1

    
      If myRecSet.RecordCount = 1 Then
      Shell "cmd.exe /c Raiderz.exe login " & [COLOR="blue"]Text1.Text[/COLOR], vbHide
      Form1.WindowState = 1
      ElseIf myRecSet.RecordCount = 0 Then
      MsgBox "Incorrect User ID or Pass"
      End If
      MyConnObj.Close

  End Sub

New VB6 Code:

Private Sub Command1_Click()

       Dim MyConnObj As New ADODB.Connection 'ADODB Connection Object
       Dim myRecSet As New ADODB.Recordset 'Recordset Object
       Dim sqlStr As String ' String variable to store sql command

      MyConnObj.Open "DRIVER={" & Options.Driver & "};Server=" & Options.SQLHost & "," & Options.SQLPort & ";Network Library=" & Options.NetworkLib & ";Initial Catalog=" & Options.SQLDB & ";User ID=" & Options.SQLUserID & ";Password=" & Options.SQLPass & ";"

       sqlStr = "select [COLOR="Red"]USER_ID[/COLOR] from RZ_ACCOUNT where ([COLOR="red"]ACCOUNT_ID[/COLOR] = '" & Text1.Text & "') and (PWD = '" & Text2.Text & "')"
     
      myRecSet.Open sqlStr, MyConnObj, adOpenKeyset

      Dim i As Integer 'variable to keep count
      i = 1

    
      If myRecSet.RecordCount = 1 Then
      Shell "cmd.exe /c Raiderz.exe login " & [COLOR="red"]sqlStr[/COLOR], vbHide
      Form1.WindowState = 1
      ElseIf myRecSet.RecordCount = 0 Then
      MsgBox "Incorrect User ID or Pass"
      End If
      MyConnObj.Close

  End Sub

PHP Register Code:

You must be registered to see links

 

[Cain142]

well i know next launcher is going to be better.

 

[WireShark]

PHP Register Code:

You must be registered to see links

Phantom Registration Script was not working... it has a error at line 11

I Config & restart Apache after i modified the Php.ini

Dbhost:localhost or 127.0.0.1
Dbuser:sa
Dbpass:mypass

 

[Loki17]

madkilah28, also in Windows dir you must set in php.ini

 

[WireShark]

that's what i did?

 

[Phant0m]

I didn't edit the "register.view.php" file.
I only added support for md5 encrypting.

 

[Aznkidd235]

Register.php

<?php
$host = "SERVER/ip";
$user = "sa";
$pass = "pass";
$dbname = "RZ_ACCOUNTDB";

$connect = odbc_connect("Driver={SQL Server};Server={$host}; Database={$dbname}", $user, $pass) or die("Can't connect the MSSQL server.");

$userid = $_Post['username'];
$pass = $_Post['password'];
$login = md5($userid . ' ' . $pass);

$result = odbc_exec($connect, "SELECT USER_ID FROM RZ_ACCOUNTDB WHERE USER_ID = '$userid'");
$existing_users = num_rows($result);
if($existing_users >= 1) {
echo "Username in use.";
}

if (!$_POST['username'] )
{
die('You left User ID field blank');
}

if (!$_POST['password'] )
{
die('You left Password field blank');
}

odbc_exec($connect, "INSERT INTO RZ_ACCOUNT (USER_ID, SITE_CODE, SITE_USER_ID, PWD, ACC_PTM) VALUES ('$login', '$userid', '$login', '$pass', '0')");

?>

Register.html:

<head>
</head>
<html>
<body>
<form action='register.php' method='POST'>
<b>Username:</b>
<input type='text' name='username'>
<b>Password:</b>
<input type='password' name='password'>
<input type='submit' value='Register'>
</body>
</html>

this was from my head i did not test it, it might need some editing to work. This script combines userid, and pass into 1 string and md5 encrypt. you will need to edit launcher to work with this.

Launcher: (Form1) (text in red is new)

Private Sub Command1_Click()
[COLOR="Red"]dim userid as string
dim pass as string
userid = text1.text
pass = text2.text[/COLOR]

       Dim MyConnObj As New ADODB.Connection 'ADODB Connection Object
       Dim myRecSet As New ADODB.Recordset 'Recordset Object
       Dim sqlStr As String ' String variable to store sql command

      MyConnObj.Open "DRIVER={" & Options.Driver & "};Server=" & Options.SQLHost & "," & Options.SQLPort & ";Network Library=" & Options.NetworkLib & ";Initial Catalog=" & Options.SQLDB & ";User ID=" & Options.SQLUserID & ";Password=" & Options.SQLPass & ";"

       sqlStr = "select USER_ID from RZ_ACCOUNT where (SITE_CODE = '" & [COLOR="Red"]userid[/COLOR] & "') and (PWD = '" & [COLOR="Red"]pass[/COLOR] & "')"
     
      myRecSet.Open sqlStr, MyConnObj, adOpenKeyset

      Dim i As Integer 'variable to keep count
      i = 1

    
      If myRecSet.RecordCount = 1 Then
      Shell "cmd.exe /c Raiderz.exe login " & [COLOR="Red"]myRecSet(0)[/COLOR], vbHide
      End
      ElseIf myRecSet.RecordCount = 0 Then
      MsgBox "Incorrect User ID or Pass"
      End If
      MyConnObj.Close

  End Sub

Updated the register.php script to prevent players from leaving empty fields.

 

[WireShark]

nice thanks =)