[RELEASE] - V95 localhost (PDB leak version), early marry christmas

[br1337]

As the title says, its a localhost of the V95 version, which has the leaked PDB file.
Credits to @benjew for unpacking and unvirtualizing the client, and me for stripping checks and removing hackshield.

Looking foward for more members to release things for the community :, lets make Maple Story private server scene great again.

Features:

• Removed start up banner.
• CwvsApp::Setup starts the client correclty now.
• Removed IP checks that uses ZInetAddr::GetIPAddr.
• Removed checks in SetField.
• Removed etracer.
• Added Sleep function after d8inputcreate.
• Adjusted client to send plain username and password and removed LoginAuth.
• No more CRC checks.
• Debuggable in IDA / CheckEngine(with real function headers poiting exactly where parameters are in stack).

TODO:

• Fix /n problem for quests.
• Downgrade UI.wz to old V92 version, I would be thankful if someone implement and release it.
• Further testing in other plataforms, I tested it in a Windows 10 x64 environment.

Download:

You must be registered to see links

 

[Kyber]

Wow, Thank you so much for this release.
Oh and what's the reason for this??? -> "Downgrade UI.wz to old V92 version"

 

[br1337]

Wow, Thank you so much for this release.
Oh and what's the reason for this??? -> "Downgrade UI.wz to old V92 version"

The new UI sucks.

 

[Mapleleaf1]

The new UI sucks.

Its just for v95? Its work on v90?

 

[br1337]

Its just for v95? Its work on v90?

you have to update v90 to v95

 

[br1337]

Im investigating a issue with the client, it started to stop working for no reason.

edit:

Updated the Sleep function, it was pointing to wrong address which caused client to crash.

 

[izenook]

Im investigating a issue with the client, it started to stop working for no reason.

edit:

Updated the Sleep function, it was pointing to wrong address which caused client to crash.

wow this work thank for release

 

[Umbreon]

Were you able to log in? It appears only the password is sent on CheckPassword. Unless I'm missing something?

 

[br1337]

Were you able to log in? It appears only the password is sent on CheckPassword. Unless I'm missing something?

I will fix this bug in the weekend, the problem is the hook I created for getting the username.

 

[MechAviv]

Good work man thanks

 

[Artcro]

I will fix this bug in the weekend, the problem is the hook I created for getting the username.

You made that correction? Cuz i was 1hr in trying to open it then noticed user not beeing sent

 

[Darter]

just fyi the username patch is bugged and just writes \b\b

 

[warioburn]

thanks, Can you upload original unpacked or fix?

 

[oung]

a problem.when I type username and password on the login screen.the packet seems wrong because username can not be decode in right way.

 

[Expedia]

a problem.when I type username and password on the login screen.the packet seems wrong because username can not be decode in right way.

Username & password is swapped

 

[s4nta]

I kind of fixed it?

OllyDBG:

0066D329 -> PUSH 19E4FC

But it only works on the first login try LOL then the stack pointer offset changes and I'm not gud enough to figure it out

More context:
The localhost patches `CNMCOClientObject::GetNexonPassport` (called from 005DBA77) to directly copy login id using strcpy instead of going through Nexon's auth code. However, since the address is fixed, on the following tries, the stack has changed and directly writing to the offset no longer works. If someone actually knows how to RE, I think the fix is to make the strcpy destination the same as whatever address is referenced by the code at 005DBD09. The calculation is [ESP+6C], which just happens to be 0019E4FC (which points to login id on the stack) on the first run but doesn't hold true for later runs.

So basically you'd have to add an argument to push the stack pointer as the second argument to CNMCOClientObject::GetNexonPassport, then find the proper offset, and then change the argument in strcpy.

 

[SomeoneMs]

reupload please?

 

[ZerosNL]

anyone have a reupload for this?

 

[jdbzz]

Someone must have a copy they can reupload?