Can someone post the ASM New XOR Function?
Can someone post the ASM New XOR Function?
Please don't turn this into an advertisment thread :)
well, i dint try debug it, but u can find protocol core and start BP on it and check what changes there is.Originally Posted by k2diablo
Search for string: "Send Request Server List"
and check from where this function is called -> function is called from protocol core
OK, this main.exe is badly wrong unpacked or shit is virtualized :/
@0115F05F offset u need set BP and on C3 r C4 packet u need check what it does do before decrypt it and push it into protocol core, but all opcodes are fucked up.. so its must be virtualized :/
unreadableCode:MOV EAX,DWORD PTR SS:[EBP+8h] JMP 9C345A2h JMP 06637CBh MOV DWORD PTR SS:[EBP-102Ch],EAX JMP 066391Ch SUB ESP,8h JMP 9CA59BEh MOV DWORD PTR SS:[EBP-102Ch],EAX JMP 066391Ch MOV ECX,DWORD PTR SS:[EBP+8h] MOV EDX,DWORD PTR DS:[ECX+4h] MOV DWORD PTR SS:[EBP-75Ch],EDX JMP 09FA507h MOV EAX,DWORD PTR SS:[EBP+8h] ADD EAX,4h MOV DWORD PTR SS:[EBP-75Ch],EAX JMP 09FA507h MOV EAX,DWORD PTR SS:[EBP-10h] MOVZX EAX,BYTE PTR DS:[EAX+2h] CMP EAX,0C2h JE 0439644h JMP 115F2CBh XOR EAX,EAX MOV WORD PTR SS:[EBP-4h],AX JMP 9CA704Ch PUSH 0FF6828h PUSH 119B180h JMP 0663B55h MOV EAX,DWORD PTR SS:[EBP-204h] MOVZX EAX,BYTE PTR DS:[EAX+669F66h] JMP DWORD PTR DS:[EAX*4h+4h669CEEh] MOV ECX,DWORD PTR SS:[EBP+8h] JMP 06637CEh MOV DWORD PTR SS:[EBP-1020h],1020h1h CMP DWORD PTR SS:[EBP-102Ch],102Ch0h JGE 06639A1h JMP 115F285h OR EAX,0FFFFFFFFh MOV EBX,DWORD PTR SS:[ESP] JMP 9CA59DDh NOP ADC BYTE PTR SS:[ECX+8DFC2474h],CL AND AL,0FCh
Last edited by mauka; 24-05-12 at 02:27 PM. Reason: wrong offset xD
Mu Developers should learn more from developers of private servers ,Hello Everyone, I bring you an announcement about the Ex700 of Mu Online!
Check it out on: Official MU Online
Why peoples prefer private and not official? Why are private server overcrowded ? Think a bit at that ?
but all opcodes are fucked up.. so its must be virtualized :/
unreadable
it's obfuscated
Ima not good in unpacking and never like it.. anoining. t4You says: needs use "CodeDoctor" to deobfuscate code
Code:Functions: 1) Deobfuscate Select instructions in disasm window and execute this command. It will try to clear the code from junk instructions. Example: Original: 00874372 57 PUSH EDI 00874373 BF 352AAF6A MOV EDI,6AAF2A35 00874378 81E7 0D152A41 AND EDI,412A150D 0087437E 81F7 01002A40 XOR EDI,402A0001 00874384 01FB ADD EBX,EDI 00874386 5F POP EDI Deobfuscated: 00874372 83C3 04 ADD EBX,4
Added: its works xD
Last edited by mauka; 25-05-12 at 11:58 AM.
well, it's not unpacking, it's deobfuscating, if you unpack main, you can leave the code obfuscated if you don't need to know how it works, otherwise need to deobfuscate, and CodeDoctor won't help you a lot =)
and i think, if you want to discuss main.exe, it's a bad thread :D and better create new one
Last edited by Gembrid; 25-05-12 at 12:08 PM.
If codedoctor not help, ima gonna cry fenix for do this shit for me xD
* whats the point of friends if u dont USE them (TROLOLOLOL)
nah, its related to x700
Added: deobfocusated not so hard i see.. u can easy folow calls untill u land where u need ;)
or manualy resolve all JMPs xD
Last edited by mauka; 25-05-12 at 12:34 PM.
mauka and did u found anything new about packets enc/dec?
Nope, the code is totlay fucked up and i need it deobfuscated to reverse func :/ not NOP it
How are private servers overcrowded ? 70% of servers have 0-30 on, 15% 30 - 100, 10% 100-200 and 5% 200+
While GMO easily has 2000+ online
now count all private servers in one ^_^
That is not a fair statement... it's like comparing the most powerfull country population to the population of the rest of the world
Anyway, sorry for offtopic guys, you can come back to ex700 now -.-
in mean time zhyper got more players then gmo ;) shore its be cause of k2 gays ^__^
What is this update? o_o
Reply With Quote
