Crack maintest.exe 1.04I (1.04.09)

[chris05]

Patch oficial - Mu Koreia - version 1.04I

1-Why crack the maintest.exe and not the main.exe?
If you look the properties of each of these files, which in the summer main.exe version is 1.04.08, while on the maintest.exe is 1.04.09.

2 - When the crackear maintest.bmd it should be noted that he will read the files * test.bmd. So, if they are not translated, make a copy of all the files in the folder location of the client and renomeiem these copies to test.bmd * (example: If the file is translated text.bmd, make a copy and rename the copy to texttest . bmd).
======================

[color="Red"]Guide - Edit maintest.exe (1.04i)/COLOR]

Programs: Olly and Hex Editor

1 - In Olly, look for mu.exe and then find the offsets below:

00648D2C |. 75 69 JNZ SHORT main.00648D97
00648D2E |. 68 20EA7700 PUSH main.0077EA20 ; /Arg2 = 0077EA20
00648D33 |. 68 90EAAF07 PUSH main.07AFEA90 ; |Arg1 = 07AFEA90
00648D38 |. E8 64DF0A00 CALL main.006F6CA1 ; \main.006F6CA1
00648D3D |. 83C4 08 ADD ESP,8
00648D40 |. 68 18E47700 PUSH main.0077E418 ; ASCII "mu.exe"

The first offset, replacing JNZ by JMP. This will disable the Mu.exe.

2 - Then look for "config.ini read error" and then find the offsets below:

00649076 . 74 1A JE SHORT main.00649092
00649078 . 8B0D 14E47700 MOV ECX,DWORD PTR DS:[77E414] ; main.0077E42C
0064907E . 51 PUSH ECX ; /Arg1 => 0077E42C ASCII "MuTest"
0064907F . 8B8D 34F2FFFF MOV ECX,DWORD PTR SS:[EBP-DCC] ; |
00649085 . E8 462E0000 CALL main.0064BED0 ; \main.0064BED0

The first offset, replacing JE by JMP. This will disable the GuameGuard.

3 - Look for "gg init error":

006490BF . 0F85 8A000000 JNZ main.0064914F
006490C5 . 68 F4EA7700 PUSH main.0077EAF4 ; /Arg2 = 0077EAF4 ASCII "gg init error"
006490CA . 68 90EAAF07 PUSH main.07AFEA90 ; |Arg1 = 07AFEA90
006490CF . E8 CDDB0A00 CALL main.006F6CA1 ; \main.006F6CA1

The first offset, replacing JNZ by JMP. This will disable the GuameGuard.

4 - Look for ResourceGuard Error:

00675D4A |. 74 43 JE SHORT main.00675D8F
00675D4C |. B9 D829B007 MOV ECX,main.07B029D8
00675D51 |. E8 1AC90200 CALL main.006A2670
00675D56 |. 8D9424 8009000>LEA EDX,DWORD PTR SS:[ESP+980]
00675D5D |. 52 PUSH EDX ; /Arg3
00675D5E |. 68 30F77700 PUSH main.0077F730 ; |Arg2 = 0077F730 ASCII "> ResourceGuard Error!!(%s)"
00675D63 |. 68 90EAAF07 PUSH main.07AFEA90 ; |Arg1 = 07AFEA90
00675D68 |. E8 340F0800 CALL main.006F6CA1 ; \main.006F6CA1

The first offset, replacing JE by JMP. This will disable the ResourceGuard.

5 - Save all changes.

6 - Open the main.exe with the Hex Editor. Find connect.muonline.co.kr and change by your IP server.

7 - Save and make copies of the file renaming to main.exe. OBS.: This maintest.exe (or the main.exe renamed) reads the files *test. bmd the client.

Version: 2274> (1.04.09)
Serial: G4gfi4Gs8liejDAa

credits: chris05 - DSTeam

Sorry my bad English.
__________________

[MentaL]

[Kudo^]

good job 10/10.

[DarkFuture]

is in this version something new?
P.s. Thx for guide, now i can remove GG msg :D

[muki2006]

plz make it coz i dont know how ^^ cya

[muki2006]

i dont know how to save in olly =S where are the option ?

[chris05]

muki2006,

1 -Makes an alteration of each time.

2 - To each alteration, selects with the right button option Copy Executable - > Selection. Later, selects the option Save File.

3 - Opens the Olly again and makes the following alteration. Follows this process until concluding all the alterations.

PS. Sorry my bad English...

[hugab]

how to change korean Language give

[chris05]

how to change korean Language give

This main is Korean.

[Saint]

That' s a great guide.

[noobies]

Good job ! 10/10

[sexy4life]

Very helpful guide thanks

[tranthuy]

Patch oficial - Mu Koreia - version 1.04I

1-Why crack the maintest.exe and not the main.exe?
If you look the properties of each of these files, which in the summer main.exe version is 1.04.08, while on the maintest.exe is 1.04.09.

2 - When the crackear maintest.bmd it should be noted that he will read the files * test.bmd. So, if they are not translated, make a copy of all the files in the folder location of the client and renomeiem these copies to test.bmd * (example: If the file is translated text.bmd, make a copy and rename the copy to texttest . bmd).
======================

[color="Red"]Guide - Edit maintest.exe (1.04i)/COLOR]

Programs: Olly and Hex Editor

1 - In Olly, look for mu.exe and then find the offsets below:

00648D2C |. 75 69 JNZ SHORT main.00648D97
00648D2E |. 68 20EA7700 PUSH main.0077EA20 ; /Arg2 = 0077EA20
00648D33 |. 68 90EAAF07 PUSH main.07AFEA90 ; |Arg1 = 07AFEA90
00648D38 |. E8 64DF0A00 CALL main.006F6CA1 ; \main.006F6CA1
00648D3D |. 83C4 08 ADD ESP,8
00648D40 |. 68 18E47700 PUSH main.0077E418 ; ASCII "mu.exe"

The first offset, replacing JNZ by JMP. This will disable the Mu.exe.

2 - Then look for "config.ini read error" and then find the offsets below:

00649076 . 74 1A JE SHORT main.00649092
00649078 . 8B0D 14E47700 MOV ECX,DWORD PTR DS:[77E414] ; main.0077E42C
0064907E . 51 PUSH ECX ; /Arg1 => 0077E42C ASCII "MuTest"
0064907F . 8B8D 34F2FFFF MOV ECX,DWORD PTR SS:[EBP-DCC] ; |
00649085 . E8 462E0000 CALL main.0064BED0 ; \main.0064BED0

The first offset, replacing JE by JMP. This will disable the GuameGuard.

3 - Look for "gg init error":

006490BF . 0F85 8A000000 JNZ main.0064914F
006490C5 . 68 F4EA7700 PUSH main.0077EAF4 ; /Arg2 = 0077EAF4 ASCII "gg init error"
006490CA . 68 90EAAF07 PUSH main.07AFEA90 ; |Arg1 = 07AFEA90
006490CF . E8 CDDB0A00 CALL main.006F6CA1 ; \main.006F6CA1

The first offset, replacing JNZ by JMP. This will disable the GuameGuard.

4 - Look for ResourceGuard Error:

00675D4A |. 74 43 JE SHORT main.00675D8F
00675D4C |. B9 D829B007 MOV ECX,main.07B029D8
00675D51 |. E8 1AC90200 CALL main.006A2670
00675D56 |. 8D9424 8009000>LEA EDX,DWORD PTR SS:[ESP+980]
00675D5D |. 52 PUSH EDX ; /Arg3
00675D5E |. 68 30F77700 PUSH main.0077F730 ; |Arg2 = 0077F730 ASCII "> ResourceGuard Error!!(%s)"
00675D63 |. 68 90EAAF07 PUSH main.07AFEA90 ; |Arg1 = 07AFEA90
00675D68 |. E8 340F0800 CALL main.006F6CA1 ; \main.006F6CA1

The first offset, replacing JE by JMP. This will disable the ResourceGuard.

5 - Save all changes.

6 - Open the main.exe with the Hex Editor. Find connect.muonline.co.kr and change by your IP server.

7 - Save and make copies of the file renaming to main.exe. OBS.: This maintest.exe (or the main.exe renamed) reads the files *test. bmd the client.

Version: 2274> (1.04.09)
Serial: G4gfi4Gs8liejDAa

credits: chris05 - DSTeam

Sorry my bad English.
__________________

Hi man!

How about for new version 1.07.08

After search "config.ini read error" then I cannot see:

00649076 . 74 1A JE SHORT main.00649092
00649078 . 8B0D 14E47700 MOV ECX,DWORD PTR DS:[77E414] ; main.0077E42C
0064907E . 51 PUSH ECX ; /Arg1 => 0077E42C ASCII "MuTest"
0064907F . 8B8D 34F2FFFF MOV ECX,DWORD PTR SS:[EBP-DCC] ; |
00649085 . E8 462E0000 CALL main.0064BED0 ; \main.0064BED0

The first offset, replacing JE by JMP. This will disable the GuameGuard.

00618B03 . 68 6CBA9100 PUSH main.0091BA6C ; /Arg2 = 0091BA6C ASCII "> To read config.ini.
"
00618B08 . 68 30731708 PUSH main.08177330 ; |Arg1 = 08177330
00618B0D . E8 537E0D00 CALL main.006F0965 ; \main.006F0965
00618B12 . 83C4 08 ADD ESP,8
00618B15 . E8 87EFFFFF CALL main.00617AA1
00618B1A . 85C0 TEST EAX,EAX
00618B1C . 75 32 JNZ SHORT main.00618B50
00618B1E . 68 84BA9100 PUSH main.0091BA84 ; /Arg2 = 0091BA84 ASCII "config.ini read error
"
00618B23 . 68 30731708 PUSH main.08177330 ; |Arg1 = 08177330
00618B28 . E8 387E0D00 CALL main.006F0965 ; \main.006F0965
00618B2D . 83C4 08 ADD ESP,8
00618B30 . C785 40F2FFFF>MOV DWORD PTR SS:[EBP-DC0],0
00618B3A . 8D8D 40FFFFFF LEA ECX,DWORD PTR SS:[EBP-C0]
00618B40 . E8 5B1A0000 CALL main.0061A5A0
00618B45 . 8B85 40F2FFFF MOV EAX,DWORD PTR SS:[EBP-DC0]
00618B4B . E9 9A120000 JMP main.00619DEA
00618B50 > 6A 01 PUSH 1
00618B52 . E8 79C42600 CALL main.00884FD0
00618B57 . 83C4 04 ADD ESP,4
00618B5A . 8985 38F2FFFF MOV DWORD PTR SS:[EBP-DC8],EAX
00618B60 . 83BD 38F2FFFF>CMP DWORD PTR SS:[EBP-DC8],0
00618B67 . EB 19 JMP SHORT main.00618B82
00618B69 . A1 F4B39100 MOV EAX,DWORD PTR DS:[91B3F4]
00618B6E . 50 PUSH EAX ; /Arg1 => 0091B40C ASCII "Mu"
00618B6F . 8B8D 38F2FFFF MOV ECX,DWORD PTR SS:[EBP-DC8] ; |
00618B75 . E8 E6190000 CALL main.0061A560 ; \main.0061A560
00618B7A . 8985 5CF1FFFF MOV DWORD PTR SS:[EBP-EA4],EAX
00618B80 . EB 0A JMP SHORT main.00618B8C

Thanks for help

[chris05]

For 1.07.08 the offsets are:

1 - mu.exe: 0061884D

2 - config.ini read error: 00618B67

3 - gg init error: 00618BB0

4 - ResourceGuard Error: 00634B17

[tranthuy]

For 1.07.08 the offsets are:

1 - mu.exe: 0061884D

2 - config.ini read error: 00618B67

3 - gg init error: 00618BB0

4 - ResourceGuard Error: 00634B17

Ok, I will try.

Thanks so much.

BTW, Can you tell me how to unpack main. Now, the version is 1.07X and I cannot crack

[chris05]

tranthuy,

The original main 1.07X doesnt pack. Dont need unpack (the original main).

[tranthuy]

tranthuy,

The original main 1.07X doesnt pack. Dont need unpack (the original main).

Oh, really! Could you tell me how to get this main 1.07X?

[chris05]

tranthuy,

ftp://218.50.7.137/pub/mupatch/ - In this link you have many originals KOR patch.

[tranthuy]

tranthuy,

ftp://218.50.7.137/pub/mupatch/ - In this link you have many originals KOR patch.

Very nice!
But some patch I need (01.07.51, 01.07.52, 01.08.00) still pack, so I cannot crack IP and serial. I ask you a question, if you don't like this question please forget about it. Can you advise me about how to unpack main?
Thanks so much indeed.

[chris05]

tranthuy,

Sorry.... i dont know how to unpack the new mains... i would like to know too...

[mauka]

U need learn unpacking and there is no such a think like unpack mains ^^
Use Peid to get packer info and folow some googles tutorial and try unpack it

I bet after year u will be flying on RZ as a pro unpacker xD