Caligo Bellum / Dark Reign unreleased MMO files.

[msgdim]

Now I want to extract game.rot to localize the game, but unluckily I don't have their file-system. :O
I searched and get that developers have 'scpconvert.exe' and 'packfile.exe' for doing these works, but no ideas how to get it (maybe their SVN).

 

[balika011]

Now I want to extract game.rot to localize the game, but unluckily I don't have their file-system. :O
I searched and get that developers have 'scpconvert.exe' and 'packfile.exe' for doing these works, but no ideas how to get it (maybe their SVN).

You need the data/maindata.dat, not game.rot.

Server is up and running, just we need the official website because of this:

(Game is stated form website, whit an Internet Explorer add-on @

You must be registered to see links

)

 

[MeGaMaX]

You need the data/maindata.dat, not game.rot.

Server is up and running, just we need the official website because of this:

(Game is stated form website, whit an Internet Explorer add-on @

You must be registered to see links

)

you dont need to run the GameUpdate.exe anymore from the website

no more

here is the patched GameUpdate.exe working fine without this msg, GameUpdate.exe dont send any special args for the game.exe its just open it like double click and about changing the server ip look into config.ini change it to what ever you want.

here is what i did if anyone want to do to it him self.

and then nop the call after that's it lazy way but working xD

#Edit

looks like you just bypassed the failed module msg and msg website in game.exe that's why you cant see the gui for login well i can help if someone give me account xD

here is what i did for the game.exe to load

if any one have account post it or pm me with the account so i can know what is the client missing to be fully loaded.

#Edit 2

client waiting those args to work fine as far as i know 4 int each 4 bytes args (int this, int a2, int a3, int a4, int a5);

Address Hex dump Command Comments
004070EA /$ 55 PUSH EBP ; game.004070EA(guessed Arg1,Arg2,Arg3,Arg4)
004070EB |. 8BEC MOV EBP,ESP
004070ED |. 51 PUSH ECX
004070EE |. 894D FC MOV DWORD PTR SS:[LOCAL.1],ECX
004070F1 |. 8B45 FC MOV EAX,DWORD PTR SS:[LOCAL.1]
004070F4 |. 8B4D 08 MOV ECX,DWORD PTR SS:[ARG.1]
004070F7 |. 8948 04 MOV DWORD PTR DS:[EAX+4],ECX
004070FA |. 8B55 FC MOV EDX,DWORD PTR SS:[LOCAL.1]
004070FD |. 8B45 0C MOV EAX,DWORD PTR SS:[ARG.2]
00407100 |. 8942 08 MOV DWORD PTR DS:[EDX+8],EAX
00407103 |. FF15 0C535200 CALL DWORD PTR DS:[<&MSVCRT.__p___argc>] ; [msvcrt.__p___argc
00407109 |. 8338 03 CMP DWORD PTR DS:[EAX],3

Greetings MeGaMaX.

 

[msgdim]

KR's game.exe and GameUpdate.exe require "id=USER_ID|token=USER_TOKEN|ch=1" parameter.
If you have server running, try it to see how the token authentication works.

 

[balika011]

you dont need to run the GameUpdate.exe anymore from the website

no more

here is the patched GameUpdate.exe working fine without this msg, GameUpdate.exe dont send any special args for the game.exe its just open it like double click and about changing the server ip look into config.ini change it to what ever you want.

here is what i did if anyone want to do to it him self.

and then nop the call after that's it lazy way but working xD

#Edit

looks like you just bypassed the failed module msg and msg website in game.exe that's why you cant see the gui for login well i can help if someone give me account xD

here is what i did for the game.exe to load

if any one have account post it or pm me with the account so i can know what is the client missing to be fully loaded.

#Edit 2

client waiting those args to work fine as far as i know 4 int each 4 bytes args (int this, int a2, int a3, int a4, int a5);



Greetings MeGaMaX.

As you can see, we are at same state...

KR's game.exe and GameUpdate.exe require "id=USER_ID|token=USER_TOKEN|ch=1" parameter.
If you have server running, try it to see how the token authentication works.

I know. What i don't know yet is token how generated.
I will reverse it.

 

[msgdim]

OK, I found something helpful.

- User_ID is a name of Login ID like 'msgdim'

- Examples of USER_TOKEN (how it looks like):
4c5b30ae605e2a27c6c5df3a48be9891
14ed5be7d89f34ad101af4d235060208

For official website, all of tokens are generated by the web part (_call/_startgame.asp),
and they will be added into somewhere of DB for server to check.
One token is used only for one-time login. If you login again, new token will be generated.

Let's find it out.

 

[lastfun]

my thoughts ....
1. Start with the following parameters: "id = USER_ID | token = USER_TOKEN | ch = 1" (token - blah blah blah)
1a. include mssql profiler (see where and what passes requests and in what form, see statement to the database)
2. server error log to see (login server)
3. ida (olly) seek error
4. from mistakes, watch that receives and processes the packet login
ps need a working server for what to say more accurately.
----UPD-------------------------------------------------------------------------------------

rdata:00418874                 dd offset ?IsRunning@CLoginServerApp@@UAEHXZ ; CLoginServerApp::IsRunning(void)
.rdata:00418878                 dd offset ?Login@CLoginServerApp@@UAEHPAVCLoginUser@@@Z ; CLoginServerApp::Login(CLoginUser *)
.rdata:0041887C                 dd offset ?LoginOut@CLoginServerApp@@UAEXPAVCLoginUser@@@Z ; CLoginServerApp::LoginOut(CLoginUser *)
.rdata:00418880                 dd offset ?SetListStartNum@CLoginServerApp@@UAEXH@Z ; CLoginServerApp::SetListStartNum(int)
.rdata:00418884                 dd offset ?SetListLen@CLoginServerApp@@UAEXH@Z ; CLoginServerApp::SetListLen(int)
.rdata:00418888                 dd offset ?RequestDB@CLoginServerApp@@UAEHPAVCLoginUser@@HHPADH@Z ; CLoginServerApp::RequestDB(CLoginUser *,int,int,char *,int)
.rdata:0041888C                 dd offset ?OnActorLoginOut@CLoginServerApp@@UAEXJJHPAD@Z ; CLoginServerApp::OnActorLoginOut(long,long,int,char *)
.rdata:00418890                 dd offset ?GetCurrentListNum@CLoginServerApp@@UAEHXZ ; CLoginServerApp::GetCurrentListNum(void)
.rdata:00418894                 dd offset ?GetCSOnlineNum@CLoginServerApp@@UAEHXZ ; CLoginServerApp::GetCSOnlineNum(void)
.r

around here, if you are using the correct client
--------------upd3-----------------------------------------------
int __thiscall CLoginServerApp::RequestDB(CLoginServerApp *this, CLoginUser *pUser, int nRequestID, int nDBType, char *pData, int nLen)
-----------------------last upd----------------------------------
guys give working server release, we will deal with the client (no server running something hard to understand)
ps I do not need this game, I coach in the disassembler)

 

[MeGaMaX]

my thoughts ....
1. Start with the following parameters: "id = USER_ID | token = USER_TOKEN | ch = 1" (token - blah blah blah)
1a. include mssql profiler (see where and what passes requests and in what form, see statement to the database)
2. server error log to see (login server)
3. ida (olly) seek error
4. from mistakes, watch that receives and processes the packet login
ps need a working server for what to say more accurately.
----UPD-------------------------------------------------------------------------------------

rdata:00418874                 dd offset ?IsRunning@CLoginServerApp@@UAEHXZ ; CLoginServerApp::IsRunning(void)
.rdata:00418878                 dd offset ?Login@CLoginServerApp@@UAEHPAVCLoginUser@@@Z ; CLoginServerApp::Login(CLoginUser *)
.rdata:0041887C                 dd offset ?LoginOut@CLoginServerApp@@UAEXPAVCLoginUser@@@Z ; CLoginServerApp::LoginOut(CLoginUser *)
.rdata:00418880                 dd offset ?SetListStartNum@CLoginServerApp@@UAEXH@Z ; CLoginServerApp::SetListStartNum(int)
.rdata:00418884                 dd offset ?SetListLen@CLoginServerApp@@UAEXH@Z ; CLoginServerApp::SetListLen(int)
.rdata:00418888                 dd offset ?RequestDB@CLoginServerApp@@UAEHPAVCLoginUser@@HHPADH@Z ; CLoginServerApp::RequestDB(CLoginUser *,int,int,char *,int)
.rdata:0041888C                 dd offset ?OnActorLoginOut@CLoginServerApp@@UAEXJJHPAD@Z ; CLoginServerApp::OnActorLoginOut(long,long,int,char *)
.rdata:00418890                 dd offset ?GetCurrentListNum@CLoginServerApp@@UAEHXZ ; CLoginServerApp::GetCurrentListNum(void)
.rdata:00418894                 dd offset ?GetCSOnlineNum@CLoginServerApp@@UAEHXZ ; CLoginServerApp::GetCSOnlineNum(void)
.r

around here, if you are using the correct client
--------------upd3-----------------------------------------------
int __thiscall CLoginServerApp::RequestDB(CLoginServerApp *this, CLoginUser *pUser, int nRequestID, int nDBType, char *pData, int nLen)
-----------------------last upd----------------------------------
guys give working server release, we will deal with the client (no server running something hard to understand)
ps I do not need this game, I coach in the disassembler)

why not fake the token xD ? well i didnt get my self involved in this game much but as i can see there is no token in the db or nothing to generate it so that's maybe only something for the website database like the company want to keep the user and passwords not login and have to get the token or the token for the security i dont know but fake it with asm or emulate the _startgame.asp or hack it lol

my thoughts ....
1. Start with the following parameters: "id = USER_ID | token = USER_TOKEN | ch = 1" (token - blah blah blah)
1a. include mssql profiler (see where and what passes requests and in what form, see statement to the database)
2. server error log to see (login server)
3. ida (olly) seek error
4. from mistakes, watch that receives and processes the packet login
ps need a working server for what to say more accurately.
----UPD-------------------------------------------------------------------------------------

rdata:00418874                 dd offset ?IsRunning@CLoginServerApp@@UAEHXZ ; CLoginServerApp::IsRunning(void)
.rdata:00418878                 dd offset ?Login@CLoginServerApp@@UAEHPAVCLoginUser@@@Z ; CLoginServerApp::Login(CLoginUser *)
.rdata:0041887C                 dd offset ?LoginOut@CLoginServerApp@@UAEXPAVCLoginUser@@@Z ; CLoginServerApp::LoginOut(CLoginUser *)
.rdata:00418880                 dd offset ?SetListStartNum@CLoginServerApp@@UAEXH@Z ; CLoginServerApp::SetListStartNum(int)
.rdata:00418884                 dd offset ?SetListLen@CLoginServerApp@@UAEXH@Z ; CLoginServerApp::SetListLen(int)
.rdata:00418888                 dd offset ?RequestDB@CLoginServerApp@@UAEHPAVCLoginUser@@HHPADH@Z ; CLoginServerApp::RequestDB(CLoginUser *,int,int,char *,int)
.rdata:0041888C                 dd offset ?OnActorLoginOut@CLoginServerApp@@UAEXJJHPAD@Z ; CLoginServerApp::OnActorLoginOut(long,long,int,char *)
.rdata:00418890                 dd offset ?GetCurrentListNum@CLoginServerApp@@UAEHXZ ; CLoginServerApp::GetCurrentListNum(void)
.rdata:00418894                 dd offset ?GetCSOnlineNum@CLoginServerApp@@UAEHXZ ; CLoginServerApp::GetCSOnlineNum(void)
.r

around here, if you are using the correct client
--------------upd3-----------------------------------------------
int __thiscall CLoginServerApp::RequestDB(CLoginServerApp *this, CLoginUser *pUser, int nRequestID, int nDBType, char *pData, int nLen)
-----------------------last upd----------------------------------
guys give working server release, we will deal with the client (no server running something hard to understand)
ps I do not need this game, I coach in the disassembler)

why not fake the token xD ? well i didnt get my self involved in this game much but as i can see there is no token in the db or nothing to generate it so that's maybe only something for the website database like the company want to keep the user and passwords not login and have to get the token or the token for the security i dont know but fake it with asm or emulate the _startgame.asp or hack it lol

#Edit
look in CEGUI.log you will find this

28/11/2013 01:16:18 (InfL1) CEGUI::System singleton created.
28/11/2013 01:16:18 (InfL1) ---- CEGUI System initialisation completed ----
28/11/2013 01:16:18 (InfL1) ---- Version 0.5.0 ----
28/11/2013 01:16:18 (InfL1) ---- Renderer module is: Unknown renderer (vendor did not set the ID string!) ----
28/11/2013 01:16:18 (InfL1) ---- XML Parser module is: CEGUI::ExpatParser - Official expat based parser module for CEGUI ----
28/11/2013 01:16:18 (InfL1) ---- Scripting module is: None ----
28/11/2013 01:16:22 (Error) Exception: There is no Property named 'BackgroundEnabled' available in the set.
28/11/2013 01:16:22 (Error) Exception: There is no Property named 'BackgroundEnabled' available in the set.


there is something missing to enable the gui for login idk what is the vendor id its want -.-

 

[balika011]

OK, I found something helpful.

- User_ID is a name of Login ID like 'msgdim'

- Examples of USER_TOKEN (how it looks like):
4c5b30ae605e2a27c6c5df3a48be9891
14ed5be7d89f34ad101af4d235060208

For official website, all of tokens are generated by the web part (_call/_startgame.asp),
and they will be added into somewhere of DB for server to check.
One token is used only for one-time login. If you login again, new token will be generated.

Let's find it out.

Can you give me and account in PM? (I don't have KSSN )

All others i know, i can make a fake client which i can log in. I have and idea how token is works, but not 100%. If you can give me an account this will much more easier. If you want we can chat on skype too. My skype name is same as here.

 

[msgdim]

Can you give me and account in PM? (I don't have KSSN )

All others i know, i can make a fake client which i can log in. I have and idea how token is works, but not 100%. If you can give me an account this will much more easier. If you want we can chat on skype too. My skype name is same as here.

Sorry, but I don't have any account at caligo.kr too.
I try to login at caligoonline.com instead (unfinished Global website), just to see how '_call/_startgame.asp' works.

When I started the game with that Global account (through Korea server IP),
of course error log says Account not found or token is invalid. [계정이 존재하지 않거나 인증 중입니다. 잠시 후 다시 시도하세요. (12)]

 

[balika011]

 

[MentaL]

amazing armour.

 

[balika011]

gamedb_mgr database is missing. I unable to log in to the map, because SvrMgrs not starts up.

 

[geger009]

did someone has manual patch for 1.1.0.0 to 1.1.1.5 ??
i just has Caligo-1.1.0.0.exe..
or maybe i can just use autopatch from gameupdate.exe??

 

[balika011]

did someone has manual patch for 1.1.0.0 to 1.1.1.5 ??
i just has Caligo-1.1.0.0.exe..
or maybe i can just use autopatch from gameupdate.exe??

GameUpdate.exe id=balika011^|token=00000000000000000000000000000000^|ch=1

 

[Mehti]

Any update? I want play in P Server.

 

[str8killa]

did you guys stop making progress on this?

 

[msgdim]

Just waiting for gamedb_mgr database fixing.
I think balika011 should release a quick guide about how to setup now, to let others participate working on this.

 

[randym]

@geger009: Full kr-folder (including all manual patches) of ftp:

You must be registered to see links

 

[balika011]

@geger009: Full kr-folder (including all manual patches) of ftp:

You must be registered to see links

database?