-
Re: Main 1.08.20 (cracked,working)
Bad news, even 1.08a have new crypt protocol, I think that problem maybe in GameGuard.csr, but this is just in my opinion ;)
For now I know that from 1.07Y+ till teh latest Mains WebZen has new proto crypt, so waiting for someone who will help with that crappy enc/dec things. Because for me this protocol encode/decode stuff is like the dark-dark-forest :D
-
Re: Main 1.08.20 (cracked,working)
im very happy that finnaly webzen changed protocol now all copy/paste coders will be gone fast ^^
by the way old EncDec of mu is crapy shit.. simply shifting bits T_T
i hope new one have better ^^
-
Re: Main 1.08.20 (cracked,working)
Webzen changed in 1.08F,look at:
Code:
mov byte ptr [ebp-0x828], 0x8D
mov byte ptr [ebp-0x827], 0x12
mov byte ptr [ebp-0x826], 0x3C
mov byte ptr [ebp-0x825], 0x0DE
mov byte ptr [ebp-0x824], 0x0C9
mov byte ptr [ebp-0x823], 0x3E
mov byte ptr [ebp-0x822], 0x0E4
mov byte ptr [ebp-0x821], 0x0FF
mov byte ptr [ebp-0x820], 0x0FE
mov byte ptr [ebp-0x81F], 0x0E4
mov byte ptr [ebp-0x81E], 0x0C9
mov byte ptr [ebp-0x81D], 0x0B2
mov byte ptr [ebp-0x81C], 0x18
mov byte ptr [ebp-0x81B], 0x16
mov byte ptr [ebp-0x81A], 0x39
mov byte ptr [ebp-0x819], 0x0F2
mov byte ptr [ebp-0x818], 0x0F7
mov byte ptr [ebp-0x817], 0x4D
mov byte ptr [ebp-0x816], 0x0F1
mov byte ptr [ebp-0x815], 0x0C3
mov byte ptr [ebp-0x814], 0x3E
mov byte ptr [ebp-0x813], 0x6C
mov byte ptr [ebp-0x812], 0x0EE
mov byte ptr [ebp-0x811], 0x0AA
mov byte ptr [ebp-0x810], 0x77
mov byte ptr [ebp-0x80F], 0x3D
mov byte ptr [ebp-0x80E], 0x0F2
mov byte ptr [ebp-0x80D], 0x0BF
mov byte ptr [ebp-0x80C], 0x0BB
mov byte ptr [ebp-0x80B], 0x2
mov byte ptr [ebp-0x80A], 0x31
mov byte ptr [ebp-0x809], 0x3F
And in 1.08.20 change again,I'm not yet find :)
-
Re: Main 1.08.20 (cracked,working)
I realy hope they dont change only xor keys T_T
PS. tomate send me unpacked main.exe i will check main.exe encdec :) wanna see if they realy are lame coders - if after all they dont bother change cript algo this game is RIP`d
Edited:
nwm i checked and all is same only xor keys changes T_T
Encrypt 8 to 11
Code:
008B2CF0 51 PUSH ECX
008B2CF1 55 PUSH EBP
008B2CF2 8B6C24 14 MOV EBP,DWORD PTR SS:[ESP+14]
008B2CF6 894C24 04 MOV DWORD PTR SS:[ESP+4],ECX
008B2CFA 57 PUSH EDI
008B2CFB 8D45 07 LEA EAX,DWORD PTR SS:[EBP+7]
008B2CFE 8B7C24 10 MOV EDI,DWORD PTR SS:[ESP+10]
008B2D02 99 CDQ
008B2D03 83E2 07 AND EDX,7
008B2D06 03C2 ADD EAX,EDX
008B2D08 C1F8 03 SAR EAX,3
008B2D0B 85FF TEST EDI,EDI
008B2D0D 8D0C80 LEA ECX,DWORD PTR DS:[EAX+EAX*4]
008B2D10 8D0448 LEA EAX,DWORD PTR DS:[EAX+ECX*2]
008B2D13 894424 18 MOV DWORD PTR SS:[ESP+18],EAX
008B2D17 74 3C JE SHORT 008B2D55
008B2D19 56 PUSH ESI
008B2D1A 33F6 XOR ESI,ESI
008B2D1C 85ED TEST EBP,EBP
008B2D1E 7E 34 JLE SHORT 008B2D54
008B2D20 53 PUSH EBX
008B2D21 8BDD MOV EBX,EBP
008B2D23 83FB 08 CMP EBX,8
008B2D26 8BC3 MOV EAX,EBX
008B2D28 7C 05 JL SHORT 008B2D2F
008B2D2A B8 08000000 MOV EAX,8
008B2D2F 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C]
008B2D33 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
008B2D37 50 PUSH EAX
008B2D38 8D0416 LEA EAX,DWORD PTR DS:[ESI+EDX]
008B2D3B 50 PUSH EAX
008B2D3C 57 PUSH EDI
008B2D3D E8 9E000000 CALL 008B2DE0
008B2D42 83C6 08 ADD ESI,8
008B2D45 83EB 08 SUB EBX,8
008B2D48 83C7 0B ADD EDI,0B
008B2D4B 3BF5 CMP ESI,EBP
008B2D4D ^7C D4 JL SHORT 008B2D23
008B2D4F 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+20]
008B2D53 5B POP EBX
008B2D54 5E POP ESI
008B2D55 5F POP EDI
008B2D56 5D POP EBP
008B2D57 59 POP ECX
008B2D58 C2 0C00 RETN 0C
:mad:
Encrypt block
Code:
008B2DE0 83EC 14 SUB ESP,14
008B2DE3 33C0 XOR EAX,EAX
008B2DE5 33D2 XOR EDX,EDX
008B2DE7 53 PUSH EBX
008B2DE8 55 PUSH EBP
008B2DE9 8BE9 MOV EBP,ECX
008B2DEB 56 PUSH ESI
008B2DEC 8B4C24 24 MOV ECX,DWORD PTR SS:[ESP+24]
008B2DF0 57 PUSH EDI
008B2DF1 8B7C24 2C MOV EDI,DWORD PTR SS:[ESP+2C]
008B2DF5 8D7424 14 LEA ESI,DWORD PTR SS:[ESP+14]
008B2DF9 8901 MOV DWORD PTR DS:[ECX],EAX
008B2DFB BB 04000000 MOV EBX,4
008B2E00 8941 04 MOV DWORD PTR DS:[ECX+4],EAX
008B2E03 66:8941 08 MOV WORD PTR DS:[ECX+8],AX
008B2E07 8841 0A MOV BYTE PTR DS:[ECX+A],AL
008B2E0A 8D4D 14 LEA ECX,DWORD PTR SS:[EBP+14]
008B2E0D 66:8B07 MOV AX,WORD PTR DS:[EDI]
008B2E10 C74424 10 00000000 MOV DWORD PTR SS:[ESP+10],0
008B2E18 66:894424 10 MOV WORD PTR SS:[ESP+10],AX
008B2E1D 8B41 20 MOV EAX,DWORD PTR DS:[ECX+20]
008B2E20 334424 10 XOR EAX,DWORD PTR SS:[ESP+10]
008B2E24 83C1 04 ADD ECX,4
008B2E27 83C6 04 ADD ESI,4
008B2E2A 83C7 02 ADD EDI,2
008B2E2D 33C2 XOR EAX,EDX
008B2E2F 33D2 XOR EDX,EDX
008B2E31 0FAF41 FC IMUL EAX,DWORD PTR DS:[ECX-4]
008B2E35 F771 EC DIV DWORD PTR DS:[ECX-14]
008B2E38 8956 FC MOV DWORD PTR DS:[ESI-4],EDX
008B2E3B 81E2 FFFF0000 AND EDX,0FFFF
008B2E41 4B DEC EBX
008B2E42 ^75 C9 JNZ SHORT 008B2E0D
008B2E44 8B7424 20 MOV ESI,DWORD PTR SS:[ESP+20]
008B2E48 8D5424 1C LEA EDX,DWORD PTR SS:[ESP+1C]
008B2E4C 81E6 FFFF0000 AND ESI,0FFFF
008B2E52 8D7D 3C LEA EDI,DWORD PTR SS:[EBP+3C]
008B2E55 BB 03000000 MOV EBX,3
008B2E5A 8B02 MOV EAX,DWORD PTR DS:[EDX]
008B2E5C 83EF 04 SUB EDI,4
008B2E5F 8BC8 MOV ECX,EAX
008B2E61 3347 04 XOR EAX,DWORD PTR DS:[EDI+4]
008B2E64 81E1 FFFF0000 AND ECX,0FFFF
008B2E6A 83EA 04 SUB EDX,4
008B2E6D 33C6 XOR EAX,ESI
008B2E6F 4B DEC EBX
008B2E70 8942 04 MOV DWORD PTR DS:[EDX+4],EAX
008B2E73 8BF1 MOV ESI,ECX
008B2E75 ^75 E3 JNZ SHORT 008B2E5A
008B2E77 33C0 XOR EAX,EAX
008B2E79 8D7424 14 LEA ESI,DWORD PTR SS:[ESP+14]
008B2E7D BB 04000000 MOV EBX,4
008B2E82 8B7C24 28 MOV EDI,DWORD PTR SS:[ESP+28]
008B2E86 6A 10 PUSH 10
008B2E88 6A 00 PUSH 0
008B2E8A 56 PUSH ESI
008B2E8B 50 PUSH EAX
008B2E8C 57 PUSH EDI
008B2E8D 8BCD MOV ECX,EBP
008B2E8F E8 BC010000 CALL 008B3050
008B2E94 6A 02 PUSH 2
008B2E96 6A 16 PUSH 16
008B2E98 56 PUSH ESI
008B2E99 50 PUSH EAX
008B2E9A 57 PUSH EDI
008B2E9B 8BCD MOV ECX,EBP
008B2E9D E8 AE010000 CALL 008B3050
008B2EA2 83C6 04 ADD ESI,4
008B2EA5 4B DEC EBX
008B2EA6 ^75 DA JNZ SHORT 008B2E82
008B2EA8 8A5C24 30 MOV BL,BYTE PTR SS:[ESP+30]
008B2EAC B2 F8 MOV DL,0F8
008B2EAE 80F3 3D XOR BL,3D
008B2EB1 33C9 XOR ECX,ECX
008B2EB3 8B7424 2C MOV ESI,DWORD PTR SS:[ESP+2C]
008B2EB7 321431 XOR DL,BYTE PTR DS:[ECX+ESI]
008B2EBA 41 INC ECX
008B2EBB 83F9 08 CMP ECX,8
008B2EBE ^7C F3 JL SHORT 008B2EB3
008B2EC0 6A 10 PUSH 10
008B2EC2 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
008B2EC6 885424 15 MOV BYTE PTR SS:[ESP+15],DL
008B2ECA 32DA XOR BL,DL
008B2ECC 8B5424 2C MOV EDX,DWORD PTR SS:[ESP+2C]
008B2ED0 6A 00 PUSH 0
008B2ED2 51 PUSH ECX
008B2ED3 50 PUSH EAX
008B2ED4 52 PUSH EDX
008B2ED5 8BCD MOV ECX,EBP
008B2ED7 885C24 24 MOV BYTE PTR SS:[ESP+24],BL
008B2EDB E8 70010000 CALL 008B3050
008B2EE0 5F POP EDI
008B2EE1 5E POP ESI
008B2EE2 5D POP EBP
008B2EE3 5B POP EBX
008B2EE4 83C4 14 ADD ESP,14
008B2EE7 C2 0C00 RETN 0C
shift bits
Code:
008B3050 83EC 08 SUB ESP,8
008B3053 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C]
008B3057 53 PUSH EBX
008B3058 55 PUSH EBP
008B3059 56 PUSH ESI
008B305A 8B7424 24 MOV ESI,DWORD PTR SS:[ESP+24]
008B305E 57 PUSH EDI
008B305F 03C6 ADD EAX,ESI
008B3061 8BE9 MOV EBP,ECX
008B3063 894424 14 MOV DWORD PTR SS:[ESP+14],EAX
008B3067 48 DEC EAX
008B3068 50 PUSH EAX
008B3069 E8 C2010000 CALL 008B3230
008B306E 56 PUSH ESI
008B306F 8BCD MOV ECX,EBP
008B3071 8BD8 MOV EBX,EAX
008B3073 E8 B8010000 CALL 008B3230
008B3078 B9 01000000 MOV ECX,1
008B307D 2BC8 SUB ECX,EAX
008B307F 03D9 ADD EBX,ECX
008B3081 8D7B 01 LEA EDI,DWORD PTR DS:[EBX+1]
008B3084 57 PUSH EDI
008B3085 E8 20E30100 CALL 008D13AA
008B308A 8BD0 MOV EDX,EAX
008B308C 8BCF MOV ECX,EDI
008B308E 895424 14 MOV DWORD PTR SS:[ESP+14],EDX
008B3092 8BFA MOV EDI,EDX
008B3094 8BD1 MOV EDX,ECX
008B3096 33C0 XOR EAX,EAX
008B3098 C1E9 02 SHR ECX,2
008B309B F3:AB REP STOS DWORD PTR ES:[EDI]
008B309D 8BCA MOV ECX,EDX
008B309F 83C4 04 ADD ESP,4
008B30A2 83E1 03 AND ECX,3
008B30A5 F3:AA REP STOS BYTE PTR ES:[EDI]
008B30A7 56 PUSH ESI
008B30A8 8BCD MOV ECX,EBP
008B30AA E8 81010000 CALL 008B3230
008B30AF 8B4C24 24 MOV ECX,DWORD PTR SS:[ESP+24]
008B30B3 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
008B30B7 8BF0 MOV ESI,EAX
008B30B9 8BFA MOV EDI,EDX
008B30BB 03F1 ADD ESI,ECX
008B30BD 8BCB MOV ECX,EBX
008B30BF 8BC1 MOV EAX,ECX
008B30C1 C1E9 02 SHR ECX,2
008B30C4 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
008B30C6 8BC8 MOV ECX,EAX
008B30C8 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
008B30CC 83E1 03 AND ECX,3
008B30CF 25 07000080 AND EAX,80000007
008B30D4 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
008B30D6 79 05 JNS SHORT 008B30DD
008B30D8 48 DEC EAX
008B30D9 83C8 F8 OR EAX,FFFFFFF8
008B30DC 40 INC EAX
008B30DD 74 0F JE SHORT 008B30EE
008B30DF B9 08000000 MOV ECX,8
008B30E4 2BC8 SUB ECX,EAX
008B30E6 0C FF OR AL,0FF
008B30E8 D2E0 SHL AL,CL
008B30EA 20441A FF AND BYTE PTR DS:[EDX+EBX-1],AL
008B30EE 8B7424 28 MOV ESI,DWORD PTR SS:[ESP+28]
008B30F2 81E6 07000080 AND ESI,80000007
008B30F8 79 05 JNS SHORT 008B30FF
008B30FA 4E DEC ESI
008B30FB 83CE F8 OR ESI,FFFFFFF8
008B30FE 46 INC ESI
008B30FF 8B7C24 20 MOV EDI,DWORD PTR SS:[ESP+20]
008B3103 81E7 07000080 AND EDI,80000007
008B3109 79 05 JNS SHORT 008B3110
008B310B 4F DEC EDI
008B310C 83CF F8 OR EDI,FFFFFFF8
008B310F 47 INC EDI
008B3110 8BCE MOV ECX,ESI
008B3112 F7D9 NEG ECX
008B3114 51 PUSH ECX
008B3115 53 PUSH EBX
008B3116 52 PUSH EDX
008B3117 8BCD MOV ECX,EBP
008B3119 E8 72000000 CALL 008B3190
008B311E 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
008B3122 8D43 01 LEA EAX,DWORD PTR DS:[EBX+1]
008B3125 57 PUSH EDI
008B3126 50 PUSH EAX
008B3127 52 PUSH EDX
008B3128 8BCD MOV ECX,EBP
008B312A E8 61000000 CALL 008B3190
008B312F 33C0 XOR EAX,EAX
008B3131 3BFE CMP EDI,ESI
008B3133 8B7C24 20 MOV EDI,DWORD PTR SS:[ESP+20]
008B3137 8BCD MOV ECX,EBP
008B3139 0F9FC0 SETG AL
008B313C 03C3 ADD EAX,EBX
008B313E 57 PUSH EDI
008B313F 8BF0 MOV ESI,EAX
008B3141 E8 EA000000 CALL 008B3230
008B3146 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+1C]
008B314A 03C1 ADD EAX,ECX
008B314C 85F6 TEST ESI,ESI
008B314E 7E 13 JLE SHORT 008B3163
008B3150 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
008B3154 2BC8 SUB ECX,EAX
008B3156 8A1401 MOV DL,BYTE PTR DS:[ECX+EAX]
008B3159 8A18 MOV BL,BYTE PTR DS:[EAX]
008B315B 0ADA OR BL,DL
008B315D 8818 MOV BYTE PTR DS:[EAX],BL
008B315F 40 INC EAX
008B3160 4E DEC ESI
008B3161 ^75 F3 JNZ SHORT 008B3156
008B3163 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10]
008B3167 50 PUSH EAX
008B3168 E8 F2DC0100 CALL 008D0E5F
008B316D 8B4C24 30 MOV ECX,DWORD PTR SS:[ESP+30]
008B3171 83C4 04 ADD ESP,4
008B3174 8D040F LEA EAX,DWORD PTR DS:[EDI+ECX]
008B3177 5F POP EDI
008B3178 5E POP ESI
008B3179 5D POP EBP
008B317A 5B POP EBX
008B317B 83C4 08 ADD ESP,8
008B317E C2 1400 RETN 14
32 bytes xor
Code:
0067E994 8D8404 BA010000 LEA EAX,DWORD PTR SS:[ESP+EAX+1BA]
0067E99B C64424 40 AB MOV BYTE PTR SS:[ESP+40],0AB
0067E9A0 C64424 41 11 MOV BYTE PTR SS:[ESP+41],11
0067E9A5 C64424 42 CD MOV BYTE PTR SS:[ESP+42],0CD
0067E9AA 8808 MOV BYTE PTR DS:[EAX],CL
0067E9AC 8B8424 B8010000 MOV EAX,DWORD PTR SS:[ESP+1B8]
0067E9B3 25 FFFF0000 AND EAX,0FFFF
0067E9B8 C64424 43 FE MOV BYTE PTR SS:[ESP+43],0FE
0067E9BD C64424 44 18 MOV BYTE PTR SS:[ESP+44],18
0067E9C2 C64424 45 23 MOV BYTE PTR SS:[ESP+45],23
0067E9C7 8D48 01 LEA ECX,DWORD PTR DS:[EAX+1]
0067E9CA C64424 46 C5 MOV BYTE PTR SS:[ESP+46],0C5
0067E9CF 3BC1 CMP EAX,ECX
0067E9D1 C64424 47 A3 MOV BYTE PTR SS:[ESP+47],0A3
0067E9D6 C64424 48 CA MOV BYTE PTR SS:[ESP+48],0CA
0067E9DB C64424 49 33 MOV BYTE PTR SS:[ESP+49],33
0067E9E0 C64424 4A C1 MOV BYTE PTR SS:[ESP+4A],0C1
0067E9E5 C64424 4B CC MOV BYTE PTR SS:[ESP+4B],0CC
0067E9EA C64424 4C 66 MOV BYTE PTR SS:[ESP+4C],66
0067E9EF C64424 4D 67 MOV BYTE PTR SS:[ESP+4D],67
0067E9F4 C64424 4E 21 MOV BYTE PTR SS:[ESP+4E],21
0067E9F9 C64424 4F F3 MOV BYTE PTR SS:[ESP+4F],0F3
0067E9FE C64424 50 32 MOV BYTE PTR SS:[ESP+50],32
0067EA03 C64424 51 12 MOV BYTE PTR SS:[ESP+51],12
0067EA08 C64424 52 15 MOV BYTE PTR SS:[ESP+52],15
0067EA0D C64424 53 35 MOV BYTE PTR SS:[ESP+53],35
0067EA12 C64424 54 29 MOV BYTE PTR SS:[ESP+54],29
0067EA17 C64424 55 FF MOV BYTE PTR SS:[ESP+55],0FF
0067EA1C C64424 56 FE MOV BYTE PTR SS:[ESP+56],0FE
0067EA21 C64424 57 1D MOV BYTE PTR SS:[ESP+57],1D
0067EA26 C64424 58 44 MOV BYTE PTR SS:[ESP+58],44
0067EA2B C64424 59 EF MOV BYTE PTR SS:[ESP+59],0EF
0067EA30 C64424 5A CD MOV BYTE PTR SS:[ESP+5A],0CD
0067EA35 C64424 5B 41 MOV BYTE PTR SS:[ESP+5B],41
0067EA3A C64424 5C 26 MOV BYTE PTR SS:[ESP+5C],26
0067EA3F C64424 5D 3C MOV BYTE PTR SS:[ESP+5D],3C
0067EA44 C64424 5E 4E MOV BYTE PTR SS:[ESP+5E],4E
0067EA49 C64424 5F 4D MOV BYTE PTR SS:[ESP+5F],4D
0067EA4E 74 31 JE SHORT 0067EA81
0067EA50 8BD0 MOV EDX,EAX
0067EA52 81E2 1F000080 AND EDX,8000001F
0067EA58 79 05 JNS SHORT 0067EA5F
0067EA5A 4A DEC EDX
0067EA5B 83CA E0 OR EDX,FFFFFFE0
0067EA5E 42 INC EDX
0067EA5F 8A5414 40 MOV DL,BYTE PTR SS:[ESP+EDX+40]
0067EA63 8A9C04 B9010000 MOV BL,BYTE PTR SS:[ESP+EAX+1B9]
0067EA6A 32D3 XOR DL,BL
0067EA6C 8A9C04 BA010000 MOV BL,BYTE PTR SS:[ESP+EAX+1BA]
0067EA73 32DA XOR BL,DL
0067EA75 889C04 BA010000 MOV BYTE PTR SS:[ESP+EAX+1BA],BL
0067EA7C 40 INC EAX
0067EA7D 3BC1 CMP EAX,ECX
0067EA7F ^75 CF JNZ SHORT 0067EA50
all 100% same so i gues its simply do reXor keys ^^ need check
-
Re: Main 1.08.20 (cracked,working)
Quote:
all 100% same so i gues its simply do reXor keys ^^ need check
:lol: I think you are right, changed in GS to this keys, and now can login, will fix viewchar and test other stuff ^_^
-
Re: Main 1.08.20 (cracked,working)
Quote:
Originally Posted by
mauka
I realy hope they dont change only xor keys T_T
PS. tomate send me unpacked main.exe i will check main.exe encdec :) wanna see if they realy are lame coders - if after all they dont bother change cript algo this game is RIP`d
Edited:
nwm i checked and all is same only xor keys changes T_T
Encrypt 8 to 11
Code:
008B2CF0 51 PUSH ECX
008B2CF1 55 PUSH EBP
008B2CF2 8B6C24 14 MOV EBP,DWORD PTR SS:[ESP+14]
008B2CF6 894C24 04 MOV DWORD PTR SS:[ESP+4],ECX
008B2CFA 57 PUSH EDI
008B2CFB 8D45 07 LEA EAX,DWORD PTR SS:[EBP+7]
008B2CFE 8B7C24 10 MOV EDI,DWORD PTR SS:[ESP+10]
008B2D02 99 CDQ
008B2D03 83E2 07 AND EDX,7
008B2D06 03C2 ADD EAX,EDX
008B2D08 C1F8 03 SAR EAX,3
008B2D0B 85FF TEST EDI,EDI
008B2D0D 8D0C80 LEA ECX,DWORD PTR DS:[EAX+EAX*4]
008B2D10 8D0448 LEA EAX,DWORD PTR DS:[EAX+ECX*2]
008B2D13 894424 18 MOV DWORD PTR SS:[ESP+18],EAX
008B2D17 74 3C JE SHORT 008B2D55
008B2D19 56 PUSH ESI
008B2D1A 33F6 XOR ESI,ESI
008B2D1C 85ED TEST EBP,EBP
008B2D1E 7E 34 JLE SHORT 008B2D54
008B2D20 53 PUSH EBX
008B2D21 8BDD MOV EBX,EBP
008B2D23 83FB 08 CMP EBX,8
008B2D26 8BC3 MOV EAX,EBX
008B2D28 7C 05 JL SHORT 008B2D2F
008B2D2A B8 08000000 MOV EAX,8
008B2D2F 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C]
008B2D33 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
008B2D37 50 PUSH EAX
008B2D38 8D0416 LEA EAX,DWORD PTR DS:[ESI+EDX]
008B2D3B 50 PUSH EAX
008B2D3C 57 PUSH EDI
008B2D3D E8 9E000000 CALL 008B2DE0
008B2D42 83C6 08 ADD ESI,8
008B2D45 83EB 08 SUB EBX,8
008B2D48 83C7 0B ADD EDI,0B
008B2D4B 3BF5 CMP ESI,EBP
008B2D4D ^7C D4 JL SHORT 008B2D23
008B2D4F 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+20]
008B2D53 5B POP EBX
008B2D54 5E POP ESI
008B2D55 5F POP EDI
008B2D56 5D POP EBP
008B2D57 59 POP ECX
008B2D58 C2 0C00 RETN 0C
:mad:
Encrypt block
Code:
008B2DE0 83EC 14 SUB ESP,14
008B2DE3 33C0 XOR EAX,EAX
008B2DE5 33D2 XOR EDX,EDX
008B2DE7 53 PUSH EBX
008B2DE8 55 PUSH EBP
008B2DE9 8BE9 MOV EBP,ECX
008B2DEB 56 PUSH ESI
008B2DEC 8B4C24 24 MOV ECX,DWORD PTR SS:[ESP+24]
008B2DF0 57 PUSH EDI
008B2DF1 8B7C24 2C MOV EDI,DWORD PTR SS:[ESP+2C]
008B2DF5 8D7424 14 LEA ESI,DWORD PTR SS:[ESP+14]
008B2DF9 8901 MOV DWORD PTR DS:[ECX],EAX
008B2DFB BB 04000000 MOV EBX,4
008B2E00 8941 04 MOV DWORD PTR DS:[ECX+4],EAX
008B2E03 66:8941 08 MOV WORD PTR DS:[ECX+8],AX
008B2E07 8841 0A MOV BYTE PTR DS:[ECX+A],AL
008B2E0A 8D4D 14 LEA ECX,DWORD PTR SS:[EBP+14]
008B2E0D 66:8B07 MOV AX,WORD PTR DS:[EDI]
008B2E10 C74424 10 00000000 MOV DWORD PTR SS:[ESP+10],0
008B2E18 66:894424 10 MOV WORD PTR SS:[ESP+10],AX
008B2E1D 8B41 20 MOV EAX,DWORD PTR DS:[ECX+20]
008B2E20 334424 10 XOR EAX,DWORD PTR SS:[ESP+10]
008B2E24 83C1 04 ADD ECX,4
008B2E27 83C6 04 ADD ESI,4
008B2E2A 83C7 02 ADD EDI,2
008B2E2D 33C2 XOR EAX,EDX
008B2E2F 33D2 XOR EDX,EDX
008B2E31 0FAF41 FC IMUL EAX,DWORD PTR DS:[ECX-4]
008B2E35 F771 EC DIV DWORD PTR DS:[ECX-14]
008B2E38 8956 FC MOV DWORD PTR DS:[ESI-4],EDX
008B2E3B 81E2 FFFF0000 AND EDX,0FFFF
008B2E41 4B DEC EBX
008B2E42 ^75 C9 JNZ SHORT 008B2E0D
008B2E44 8B7424 20 MOV ESI,DWORD PTR SS:[ESP+20]
008B2E48 8D5424 1C LEA EDX,DWORD PTR SS:[ESP+1C]
008B2E4C 81E6 FFFF0000 AND ESI,0FFFF
008B2E52 8D7D 3C LEA EDI,DWORD PTR SS:[EBP+3C]
008B2E55 BB 03000000 MOV EBX,3
008B2E5A 8B02 MOV EAX,DWORD PTR DS:[EDX]
008B2E5C 83EF 04 SUB EDI,4
008B2E5F 8BC8 MOV ECX,EAX
008B2E61 3347 04 XOR EAX,DWORD PTR DS:[EDI+4]
008B2E64 81E1 FFFF0000 AND ECX,0FFFF
008B2E6A 83EA 04 SUB EDX,4
008B2E6D 33C6 XOR EAX,ESI
008B2E6F 4B DEC EBX
008B2E70 8942 04 MOV DWORD PTR DS:[EDX+4],EAX
008B2E73 8BF1 MOV ESI,ECX
008B2E75 ^75 E3 JNZ SHORT 008B2E5A
008B2E77 33C0 XOR EAX,EAX
008B2E79 8D7424 14 LEA ESI,DWORD PTR SS:[ESP+14]
008B2E7D BB 04000000 MOV EBX,4
008B2E82 8B7C24 28 MOV EDI,DWORD PTR SS:[ESP+28]
008B2E86 6A 10 PUSH 10
008B2E88 6A 00 PUSH 0
008B2E8A 56 PUSH ESI
008B2E8B 50 PUSH EAX
008B2E8C 57 PUSH EDI
008B2E8D 8BCD MOV ECX,EBP
008B2E8F E8 BC010000 CALL 008B3050
008B2E94 6A 02 PUSH 2
008B2E96 6A 16 PUSH 16
008B2E98 56 PUSH ESI
008B2E99 50 PUSH EAX
008B2E9A 57 PUSH EDI
008B2E9B 8BCD MOV ECX,EBP
008B2E9D E8 AE010000 CALL 008B3050
008B2EA2 83C6 04 ADD ESI,4
008B2EA5 4B DEC EBX
008B2EA6 ^75 DA JNZ SHORT 008B2E82
008B2EA8 8A5C24 30 MOV BL,BYTE PTR SS:[ESP+30]
008B2EAC B2 F8 MOV DL,0F8
008B2EAE 80F3 3D XOR BL,3D
008B2EB1 33C9 XOR ECX,ECX
008B2EB3 8B7424 2C MOV ESI,DWORD PTR SS:[ESP+2C]
008B2EB7 321431 XOR DL,BYTE PTR DS:[ECX+ESI]
008B2EBA 41 INC ECX
008B2EBB 83F9 08 CMP ECX,8
008B2EBE ^7C F3 JL SHORT 008B2EB3
008B2EC0 6A 10 PUSH 10
008B2EC2 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
008B2EC6 885424 15 MOV BYTE PTR SS:[ESP+15],DL
008B2ECA 32DA XOR BL,DL
008B2ECC 8B5424 2C MOV EDX,DWORD PTR SS:[ESP+2C]
008B2ED0 6A 00 PUSH 0
008B2ED2 51 PUSH ECX
008B2ED3 50 PUSH EAX
008B2ED4 52 PUSH EDX
008B2ED5 8BCD MOV ECX,EBP
008B2ED7 885C24 24 MOV BYTE PTR SS:[ESP+24],BL
008B2EDB E8 70010000 CALL 008B3050
008B2EE0 5F POP EDI
008B2EE1 5E POP ESI
008B2EE2 5D POP EBP
008B2EE3 5B POP EBX
008B2EE4 83C4 14 ADD ESP,14
008B2EE7 C2 0C00 RETN 0C
shift bits
Code:
008B3050 83EC 08 SUB ESP,8
008B3053 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C]
008B3057 53 PUSH EBX
008B3058 55 PUSH EBP
008B3059 56 PUSH ESI
008B305A 8B7424 24 MOV ESI,DWORD PTR SS:[ESP+24]
008B305E 57 PUSH EDI
008B305F 03C6 ADD EAX,ESI
008B3061 8BE9 MOV EBP,ECX
008B3063 894424 14 MOV DWORD PTR SS:[ESP+14],EAX
008B3067 48 DEC EAX
008B3068 50 PUSH EAX
008B3069 E8 C2010000 CALL 008B3230
008B306E 56 PUSH ESI
008B306F 8BCD MOV ECX,EBP
008B3071 8BD8 MOV EBX,EAX
008B3073 E8 B8010000 CALL 008B3230
008B3078 B9 01000000 MOV ECX,1
008B307D 2BC8 SUB ECX,EAX
008B307F 03D9 ADD EBX,ECX
008B3081 8D7B 01 LEA EDI,DWORD PTR DS:[EBX+1]
008B3084 57 PUSH EDI
008B3085 E8 20E30100 CALL 008D13AA
008B308A 8BD0 MOV EDX,EAX
008B308C 8BCF MOV ECX,EDI
008B308E 895424 14 MOV DWORD PTR SS:[ESP+14],EDX
008B3092 8BFA MOV EDI,EDX
008B3094 8BD1 MOV EDX,ECX
008B3096 33C0 XOR EAX,EAX
008B3098 C1E9 02 SHR ECX,2
008B309B F3:AB REP STOS DWORD PTR ES:[EDI]
008B309D 8BCA MOV ECX,EDX
008B309F 83C4 04 ADD ESP,4
008B30A2 83E1 03 AND ECX,3
008B30A5 F3:AA REP STOS BYTE PTR ES:[EDI]
008B30A7 56 PUSH ESI
008B30A8 8BCD MOV ECX,EBP
008B30AA E8 81010000 CALL 008B3230
008B30AF 8B4C24 24 MOV ECX,DWORD PTR SS:[ESP+24]
008B30B3 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
008B30B7 8BF0 MOV ESI,EAX
008B30B9 8BFA MOV EDI,EDX
008B30BB 03F1 ADD ESI,ECX
008B30BD 8BCB MOV ECX,EBX
008B30BF 8BC1 MOV EAX,ECX
008B30C1 C1E9 02 SHR ECX,2
008B30C4 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
008B30C6 8BC8 MOV ECX,EAX
008B30C8 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
008B30CC 83E1 03 AND ECX,3
008B30CF 25 07000080 AND EAX,80000007
008B30D4 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
008B30D6 79 05 JNS SHORT 008B30DD
008B30D8 48 DEC EAX
008B30D9 83C8 F8 OR EAX,FFFFFFF8
008B30DC 40 INC EAX
008B30DD 74 0F JE SHORT 008B30EE
008B30DF B9 08000000 MOV ECX,8
008B30E4 2BC8 SUB ECX,EAX
008B30E6 0C FF OR AL,0FF
008B30E8 D2E0 SHL AL,CL
008B30EA 20441A FF AND BYTE PTR DS:[EDX+EBX-1],AL
008B30EE 8B7424 28 MOV ESI,DWORD PTR SS:[ESP+28]
008B30F2 81E6 07000080 AND ESI,80000007
008B30F8 79 05 JNS SHORT 008B30FF
008B30FA 4E DEC ESI
008B30FB 83CE F8 OR ESI,FFFFFFF8
008B30FE 46 INC ESI
008B30FF 8B7C24 20 MOV EDI,DWORD PTR SS:[ESP+20]
008B3103 81E7 07000080 AND EDI,80000007
008B3109 79 05 JNS SHORT 008B3110
008B310B 4F DEC EDI
008B310C 83CF F8 OR EDI,FFFFFFF8
008B310F 47 INC EDI
008B3110 8BCE MOV ECX,ESI
008B3112 F7D9 NEG ECX
008B3114 51 PUSH ECX
008B3115 53 PUSH EBX
008B3116 52 PUSH EDX
008B3117 8BCD MOV ECX,EBP
008B3119 E8 72000000 CALL 008B3190
008B311E 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
008B3122 8D43 01 LEA EAX,DWORD PTR DS:[EBX+1]
008B3125 57 PUSH EDI
008B3126 50 PUSH EAX
008B3127 52 PUSH EDX
008B3128 8BCD MOV ECX,EBP
008B312A E8 61000000 CALL 008B3190
008B312F 33C0 XOR EAX,EAX
008B3131 3BFE CMP EDI,ESI
008B3133 8B7C24 20 MOV EDI,DWORD PTR SS:[ESP+20]
008B3137 8BCD MOV ECX,EBP
008B3139 0F9FC0 SETG AL
008B313C 03C3 ADD EAX,EBX
008B313E 57 PUSH EDI
008B313F 8BF0 MOV ESI,EAX
008B3141 E8 EA000000 CALL 008B3230
008B3146 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+1C]
008B314A 03C1 ADD EAX,ECX
008B314C 85F6 TEST ESI,ESI
008B314E 7E 13 JLE SHORT 008B3163
008B3150 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
008B3154 2BC8 SUB ECX,EAX
008B3156 8A1401 MOV DL,BYTE PTR DS:[ECX+EAX]
008B3159 8A18 MOV BL,BYTE PTR DS:[EAX]
008B315B 0ADA OR BL,DL
008B315D 8818 MOV BYTE PTR DS:[EAX],BL
008B315F 40 INC EAX
008B3160 4E DEC ESI
008B3161 ^75 F3 JNZ SHORT 008B3156
008B3163 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10]
008B3167 50 PUSH EAX
008B3168 E8 F2DC0100 CALL 008D0E5F
008B316D 8B4C24 30 MOV ECX,DWORD PTR SS:[ESP+30]
008B3171 83C4 04 ADD ESP,4
008B3174 8D040F LEA EAX,DWORD PTR DS:[EDI+ECX]
008B3177 5F POP EDI
008B3178 5E POP ESI
008B3179 5D POP EBP
008B317A 5B POP EBX
008B317B 83C4 08 ADD ESP,8
008B317E C2 1400 RETN 14
32 bytes xor
Code:
0067E994 8D8404 BA010000 LEA EAX,DWORD PTR SS:[ESP+EAX+1BA]
0067E99B C64424 40 AB MOV BYTE PTR SS:[ESP+40],0AB
0067E9A0 C64424 41 11 MOV BYTE PTR SS:[ESP+41],11
0067E9A5 C64424 42 CD MOV BYTE PTR SS:[ESP+42],0CD
0067E9AA 8808 MOV BYTE PTR DS:[EAX],CL
0067E9AC 8B8424 B8010000 MOV EAX,DWORD PTR SS:[ESP+1B8]
0067E9B3 25 FFFF0000 AND EAX,0FFFF
0067E9B8 C64424 43 FE MOV BYTE PTR SS:[ESP+43],0FE
0067E9BD C64424 44 18 MOV BYTE PTR SS:[ESP+44],18
0067E9C2 C64424 45 23 MOV BYTE PTR SS:[ESP+45],23
0067E9C7 8D48 01 LEA ECX,DWORD PTR DS:[EAX+1]
0067E9CA C64424 46 C5 MOV BYTE PTR SS:[ESP+46],0C5
0067E9CF 3BC1 CMP EAX,ECX
0067E9D1 C64424 47 A3 MOV BYTE PTR SS:[ESP+47],0A3
0067E9D6 C64424 48 CA MOV BYTE PTR SS:[ESP+48],0CA
0067E9DB C64424 49 33 MOV BYTE PTR SS:[ESP+49],33
0067E9E0 C64424 4A C1 MOV BYTE PTR SS:[ESP+4A],0C1
0067E9E5 C64424 4B CC MOV BYTE PTR SS:[ESP+4B],0CC
0067E9EA C64424 4C 66 MOV BYTE PTR SS:[ESP+4C],66
0067E9EF C64424 4D 67 MOV BYTE PTR SS:[ESP+4D],67
0067E9F4 C64424 4E 21 MOV BYTE PTR SS:[ESP+4E],21
0067E9F9 C64424 4F F3 MOV BYTE PTR SS:[ESP+4F],0F3
0067E9FE C64424 50 32 MOV BYTE PTR SS:[ESP+50],32
0067EA03 C64424 51 12 MOV BYTE PTR SS:[ESP+51],12
0067EA08 C64424 52 15 MOV BYTE PTR SS:[ESP+52],15
0067EA0D C64424 53 35 MOV BYTE PTR SS:[ESP+53],35
0067EA12 C64424 54 29 MOV BYTE PTR SS:[ESP+54],29
0067EA17 C64424 55 FF MOV BYTE PTR SS:[ESP+55],0FF
0067EA1C C64424 56 FE MOV BYTE PTR SS:[ESP+56],0FE
0067EA21 C64424 57 1D MOV BYTE PTR SS:[ESP+57],1D
0067EA26 C64424 58 44 MOV BYTE PTR SS:[ESP+58],44
0067EA2B C64424 59 EF MOV BYTE PTR SS:[ESP+59],0EF
0067EA30 C64424 5A CD MOV BYTE PTR SS:[ESP+5A],0CD
0067EA35 C64424 5B 41 MOV BYTE PTR SS:[ESP+5B],41
0067EA3A C64424 5C 26 MOV BYTE PTR SS:[ESP+5C],26
0067EA3F C64424 5D 3C MOV BYTE PTR SS:[ESP+5D],3C
0067EA44 C64424 5E 4E MOV BYTE PTR SS:[ESP+5E],4E
0067EA49 C64424 5F 4D MOV BYTE PTR SS:[ESP+5F],4D
0067EA4E 74 31 JE SHORT 0067EA81
0067EA50 8BD0 MOV EDX,EAX
0067EA52 81E2 1F000080 AND EDX,8000001F
0067EA58 79 05 JNS SHORT 0067EA5F
0067EA5A 4A DEC EDX
0067EA5B 83CA E0 OR EDX,FFFFFFE0
0067EA5E 42 INC EDX
0067EA5F 8A5414 40 MOV DL,BYTE PTR SS:[ESP+EDX+40]
0067EA63 8A9C04 B9010000 MOV BL,BYTE PTR SS:[ESP+EAX+1B9]
0067EA6A 32D3 XOR DL,BL
0067EA6C 8A9C04 BA010000 MOV BL,BYTE PTR SS:[ESP+EAX+1BA]
0067EA73 32DA XOR BL,DL
0067EA75 889C04 BA010000 MOV BYTE PTR SS:[ESP+EAX+1BA],BL
0067EA7C 40 INC EAX
0067EA7D 3BC1 CMP EAX,ECX
0067EA7F ^75 CF JNZ SHORT 0067EA50
all 100% same so i gues its simply do reXor keys ^^ need check
WHY!!!! :thumbdown::<: :blink: :*:
-
Re: Main 1.08.20 (cracked,working)
i was thinking they change at last 4 dword xor keys T_T but webzen are even worst they do change only 32 byte`s xor keys this become ridiclous! Mather of fact even theze keys are still constant T_T
i wanna se webzen coder hands 0_o
-
Re: Main 1.08.20 (cracked,working)
Quote:
Originally Posted by
mauka
i was thinking they change at last 4 dword xor keys T_T but webzen are even worst they do change only 32 byte`s xor keys this become ridiclous! Mather of fact even theze keys are still constant T_T
i wanna se webzen coder hands 0_o
haha WebZen !!!!
private coders is better then urs coders
fuck off ur fucking opengl buyed engine from jesus
-
Re: Main 1.08.20 (cracked,working)
-
Re: Main 1.08.20 (cracked,working)
Quote:
Originally Posted by
mauka
I realy hope they dont change only xor keys T_T
PS. tomate send me unpacked main.exe i will check main.exe encdec :) wanna see if they realy are lame coders - if after all they dont bother change cript algo this game is RIP`d
Edited:
nwm i checked and all is same only xor keys changes T_T
Encrypt 8 to 11
Code:
008B2CF0 51 PUSH ECX
008B2CF1 55 PUSH EBP
008B2CF2 8B6C24 14 MOV EBP,DWORD PTR SS:[ESP+14]
008B2CF6 894C24 04 MOV DWORD PTR SS:[ESP+4],ECX
008B2CFA 57 PUSH EDI
008B2CFB 8D45 07 LEA EAX,DWORD PTR SS:[EBP+7]
008B2CFE 8B7C24 10 MOV EDI,DWORD PTR SS:[ESP+10]
008B2D02 99 CDQ
008B2D03 83E2 07 AND EDX,7
008B2D06 03C2 ADD EAX,EDX
008B2D08 C1F8 03 SAR EAX,3
008B2D0B 85FF TEST EDI,EDI
008B2D0D 8D0C80 LEA ECX,DWORD PTR DS:[EAX+EAX*4]
008B2D10 8D0448 LEA EAX,DWORD PTR DS:[EAX+ECX*2]
008B2D13 894424 18 MOV DWORD PTR SS:[ESP+18],EAX
008B2D17 74 3C JE SHORT 008B2D55
008B2D19 56 PUSH ESI
008B2D1A 33F6 XOR ESI,ESI
008B2D1C 85ED TEST EBP,EBP
008B2D1E 7E 34 JLE SHORT 008B2D54
008B2D20 53 PUSH EBX
008B2D21 8BDD MOV EBX,EBP
008B2D23 83FB 08 CMP EBX,8
008B2D26 8BC3 MOV EAX,EBX
008B2D28 7C 05 JL SHORT 008B2D2F
008B2D2A B8 08000000 MOV EAX,8
008B2D2F 8B5424 1C MOV EDX,DWORD PTR SS:[ESP+1C]
008B2D33 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
008B2D37 50 PUSH EAX
008B2D38 8D0416 LEA EAX,DWORD PTR DS:[ESI+EDX]
008B2D3B 50 PUSH EAX
008B2D3C 57 PUSH EDI
008B2D3D E8 9E000000 CALL 008B2DE0
008B2D42 83C6 08 ADD ESI,8
008B2D45 83EB 08 SUB EBX,8
008B2D48 83C7 0B ADD EDI,0B
008B2D4B 3BF5 CMP ESI,EBP
008B2D4D ^7C D4 JL SHORT 008B2D23
008B2D4F 8B4424 20 MOV EAX,DWORD PTR SS:[ESP+20]
008B2D53 5B POP EBX
008B2D54 5E POP ESI
008B2D55 5F POP EDI
008B2D56 5D POP EBP
008B2D57 59 POP ECX
008B2D58 C2 0C00 RETN 0C
:mad:
Encrypt block
Code:
008B2DE0 83EC 14 SUB ESP,14
008B2DE3 33C0 XOR EAX,EAX
008B2DE5 33D2 XOR EDX,EDX
008B2DE7 53 PUSH EBX
008B2DE8 55 PUSH EBP
008B2DE9 8BE9 MOV EBP,ECX
008B2DEB 56 PUSH ESI
008B2DEC 8B4C24 24 MOV ECX,DWORD PTR SS:[ESP+24]
008B2DF0 57 PUSH EDI
008B2DF1 8B7C24 2C MOV EDI,DWORD PTR SS:[ESP+2C]
008B2DF5 8D7424 14 LEA ESI,DWORD PTR SS:[ESP+14]
008B2DF9 8901 MOV DWORD PTR DS:[ECX],EAX
008B2DFB BB 04000000 MOV EBX,4
008B2E00 8941 04 MOV DWORD PTR DS:[ECX+4],EAX
008B2E03 66:8941 08 MOV WORD PTR DS:[ECX+8],AX
008B2E07 8841 0A MOV BYTE PTR DS:[ECX+A],AL
008B2E0A 8D4D 14 LEA ECX,DWORD PTR SS:[EBP+14]
008B2E0D 66:8B07 MOV AX,WORD PTR DS:[EDI]
008B2E10 C74424 10 00000000 MOV DWORD PTR SS:[ESP+10],0
008B2E18 66:894424 10 MOV WORD PTR SS:[ESP+10],AX
008B2E1D 8B41 20 MOV EAX,DWORD PTR DS:[ECX+20]
008B2E20 334424 10 XOR EAX,DWORD PTR SS:[ESP+10]
008B2E24 83C1 04 ADD ECX,4
008B2E27 83C6 04 ADD ESI,4
008B2E2A 83C7 02 ADD EDI,2
008B2E2D 33C2 XOR EAX,EDX
008B2E2F 33D2 XOR EDX,EDX
008B2E31 0FAF41 FC IMUL EAX,DWORD PTR DS:[ECX-4]
008B2E35 F771 EC DIV DWORD PTR DS:[ECX-14]
008B2E38 8956 FC MOV DWORD PTR DS:[ESI-4],EDX
008B2E3B 81E2 FFFF0000 AND EDX,0FFFF
008B2E41 4B DEC EBX
008B2E42 ^75 C9 JNZ SHORT 008B2E0D
008B2E44 8B7424 20 MOV ESI,DWORD PTR SS:[ESP+20]
008B2E48 8D5424 1C LEA EDX,DWORD PTR SS:[ESP+1C]
008B2E4C 81E6 FFFF0000 AND ESI,0FFFF
008B2E52 8D7D 3C LEA EDI,DWORD PTR SS:[EBP+3C]
008B2E55 BB 03000000 MOV EBX,3
008B2E5A 8B02 MOV EAX,DWORD PTR DS:[EDX]
008B2E5C 83EF 04 SUB EDI,4
008B2E5F 8BC8 MOV ECX,EAX
008B2E61 3347 04 XOR EAX,DWORD PTR DS:[EDI+4]
008B2E64 81E1 FFFF0000 AND ECX,0FFFF
008B2E6A 83EA 04 SUB EDX,4
008B2E6D 33C6 XOR EAX,ESI
008B2E6F 4B DEC EBX
008B2E70 8942 04 MOV DWORD PTR DS:[EDX+4],EAX
008B2E73 8BF1 MOV ESI,ECX
008B2E75 ^75 E3 JNZ SHORT 008B2E5A
008B2E77 33C0 XOR EAX,EAX
008B2E79 8D7424 14 LEA ESI,DWORD PTR SS:[ESP+14]
008B2E7D BB 04000000 MOV EBX,4
008B2E82 8B7C24 28 MOV EDI,DWORD PTR SS:[ESP+28]
008B2E86 6A 10 PUSH 10
008B2E88 6A 00 PUSH 0
008B2E8A 56 PUSH ESI
008B2E8B 50 PUSH EAX
008B2E8C 57 PUSH EDI
008B2E8D 8BCD MOV ECX,EBP
008B2E8F E8 BC010000 CALL 008B3050
008B2E94 6A 02 PUSH 2
008B2E96 6A 16 PUSH 16
008B2E98 56 PUSH ESI
008B2E99 50 PUSH EAX
008B2E9A 57 PUSH EDI
008B2E9B 8BCD MOV ECX,EBP
008B2E9D E8 AE010000 CALL 008B3050
008B2EA2 83C6 04 ADD ESI,4
008B2EA5 4B DEC EBX
008B2EA6 ^75 DA JNZ SHORT 008B2E82
008B2EA8 8A5C24 30 MOV BL,BYTE PTR SS:[ESP+30]
008B2EAC B2 F8 MOV DL,0F8
008B2EAE 80F3 3D XOR BL,3D
008B2EB1 33C9 XOR ECX,ECX
008B2EB3 8B7424 2C MOV ESI,DWORD PTR SS:[ESP+2C]
008B2EB7 321431 XOR DL,BYTE PTR DS:[ECX+ESI]
008B2EBA 41 INC ECX
008B2EBB 83F9 08 CMP ECX,8
008B2EBE ^7C F3 JL SHORT 008B2EB3
008B2EC0 6A 10 PUSH 10
008B2EC2 8D4C24 14 LEA ECX,DWORD PTR SS:[ESP+14]
008B2EC6 885424 15 MOV BYTE PTR SS:[ESP+15],DL
008B2ECA 32DA XOR BL,DL
008B2ECC 8B5424 2C MOV EDX,DWORD PTR SS:[ESP+2C]
008B2ED0 6A 00 PUSH 0
008B2ED2 51 PUSH ECX
008B2ED3 50 PUSH EAX
008B2ED4 52 PUSH EDX
008B2ED5 8BCD MOV ECX,EBP
008B2ED7 885C24 24 MOV BYTE PTR SS:[ESP+24],BL
008B2EDB E8 70010000 CALL 008B3050
008B2EE0 5F POP EDI
008B2EE1 5E POP ESI
008B2EE2 5D POP EBP
008B2EE3 5B POP EBX
008B2EE4 83C4 14 ADD ESP,14
008B2EE7 C2 0C00 RETN 0C
shift bits
Code:
008B3050 83EC 08 SUB ESP,8
008B3053 8B4424 1C MOV EAX,DWORD PTR SS:[ESP+1C]
008B3057 53 PUSH EBX
008B3058 55 PUSH EBP
008B3059 56 PUSH ESI
008B305A 8B7424 24 MOV ESI,DWORD PTR SS:[ESP+24]
008B305E 57 PUSH EDI
008B305F 03C6 ADD EAX,ESI
008B3061 8BE9 MOV EBP,ECX
008B3063 894424 14 MOV DWORD PTR SS:[ESP+14],EAX
008B3067 48 DEC EAX
008B3068 50 PUSH EAX
008B3069 E8 C2010000 CALL 008B3230
008B306E 56 PUSH ESI
008B306F 8BCD MOV ECX,EBP
008B3071 8BD8 MOV EBX,EAX
008B3073 E8 B8010000 CALL 008B3230
008B3078 B9 01000000 MOV ECX,1
008B307D 2BC8 SUB ECX,EAX
008B307F 03D9 ADD EBX,ECX
008B3081 8D7B 01 LEA EDI,DWORD PTR DS:[EBX+1]
008B3084 57 PUSH EDI
008B3085 E8 20E30100 CALL 008D13AA
008B308A 8BD0 MOV EDX,EAX
008B308C 8BCF MOV ECX,EDI
008B308E 895424 14 MOV DWORD PTR SS:[ESP+14],EDX
008B3092 8BFA MOV EDI,EDX
008B3094 8BD1 MOV EDX,ECX
008B3096 33C0 XOR EAX,EAX
008B3098 C1E9 02 SHR ECX,2
008B309B F3:AB REP STOS DWORD PTR ES:[EDI]
008B309D 8BCA MOV ECX,EDX
008B309F 83C4 04 ADD ESP,4
008B30A2 83E1 03 AND ECX,3
008B30A5 F3:AA REP STOS BYTE PTR ES:[EDI]
008B30A7 56 PUSH ESI
008B30A8 8BCD MOV ECX,EBP
008B30AA E8 81010000 CALL 008B3230
008B30AF 8B4C24 24 MOV ECX,DWORD PTR SS:[ESP+24]
008B30B3 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
008B30B7 8BF0 MOV ESI,EAX
008B30B9 8BFA MOV EDI,EDX
008B30BB 03F1 ADD ESI,ECX
008B30BD 8BCB MOV ECX,EBX
008B30BF 8BC1 MOV EAX,ECX
008B30C1 C1E9 02 SHR ECX,2
008B30C4 F3:A5 REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS>
008B30C6 8BC8 MOV ECX,EAX
008B30C8 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
008B30CC 83E1 03 AND ECX,3
008B30CF 25 07000080 AND EAX,80000007
008B30D4 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
008B30D6 79 05 JNS SHORT 008B30DD
008B30D8 48 DEC EAX
008B30D9 83C8 F8 OR EAX,FFFFFFF8
008B30DC 40 INC EAX
008B30DD 74 0F JE SHORT 008B30EE
008B30DF B9 08000000 MOV ECX,8
008B30E4 2BC8 SUB ECX,EAX
008B30E6 0C FF OR AL,0FF
008B30E8 D2E0 SHL AL,CL
008B30EA 20441A FF AND BYTE PTR DS:[EDX+EBX-1],AL
008B30EE 8B7424 28 MOV ESI,DWORD PTR SS:[ESP+28]
008B30F2 81E6 07000080 AND ESI,80000007
008B30F8 79 05 JNS SHORT 008B30FF
008B30FA 4E DEC ESI
008B30FB 83CE F8 OR ESI,FFFFFFF8
008B30FE 46 INC ESI
008B30FF 8B7C24 20 MOV EDI,DWORD PTR SS:[ESP+20]
008B3103 81E7 07000080 AND EDI,80000007
008B3109 79 05 JNS SHORT 008B3110
008B310B 4F DEC EDI
008B310C 83CF F8 OR EDI,FFFFFFF8
008B310F 47 INC EDI
008B3110 8BCE MOV ECX,ESI
008B3112 F7D9 NEG ECX
008B3114 51 PUSH ECX
008B3115 53 PUSH EBX
008B3116 52 PUSH EDX
008B3117 8BCD MOV ECX,EBP
008B3119 E8 72000000 CALL 008B3190
008B311E 8B5424 10 MOV EDX,DWORD PTR SS:[ESP+10]
008B3122 8D43 01 LEA EAX,DWORD PTR DS:[EBX+1]
008B3125 57 PUSH EDI
008B3126 50 PUSH EAX
008B3127 52 PUSH EDX
008B3128 8BCD MOV ECX,EBP
008B312A E8 61000000 CALL 008B3190
008B312F 33C0 XOR EAX,EAX
008B3131 3BFE CMP EDI,ESI
008B3133 8B7C24 20 MOV EDI,DWORD PTR SS:[ESP+20]
008B3137 8BCD MOV ECX,EBP
008B3139 0F9FC0 SETG AL
008B313C 03C3 ADD EAX,EBX
008B313E 57 PUSH EDI
008B313F 8BF0 MOV ESI,EAX
008B3141 E8 EA000000 CALL 008B3230
008B3146 8B4C24 1C MOV ECX,DWORD PTR SS:[ESP+1C]
008B314A 03C1 ADD EAX,ECX
008B314C 85F6 TEST ESI,ESI
008B314E 7E 13 JLE SHORT 008B3163
008B3150 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
008B3154 2BC8 SUB ECX,EAX
008B3156 8A1401 MOV DL,BYTE PTR DS:[ECX+EAX]
008B3159 8A18 MOV BL,BYTE PTR DS:[EAX]
008B315B 0ADA OR BL,DL
008B315D 8818 MOV BYTE PTR DS:[EAX],BL
008B315F 40 INC EAX
008B3160 4E DEC ESI
008B3161 ^75 F3 JNZ SHORT 008B3156
008B3163 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10]
008B3167 50 PUSH EAX
008B3168 E8 F2DC0100 CALL 008D0E5F
008B316D 8B4C24 30 MOV ECX,DWORD PTR SS:[ESP+30]
008B3171 83C4 04 ADD ESP,4
008B3174 8D040F LEA EAX,DWORD PTR DS:[EDI+ECX]
008B3177 5F POP EDI
008B3178 5E POP ESI
008B3179 5D POP EBP
008B317A 5B POP EBX
008B317B 83C4 08 ADD ESP,8
008B317E C2 1400 RETN 14
32 bytes xor
Code:
0067E994 8D8404 BA010000 LEA EAX,DWORD PTR SS:[ESP+EAX+1BA]
0067E99B C64424 40 AB MOV BYTE PTR SS:[ESP+40],0AB
0067E9A0 C64424 41 11 MOV BYTE PTR SS:[ESP+41],11
0067E9A5 C64424 42 CD MOV BYTE PTR SS:[ESP+42],0CD
0067E9AA 8808 MOV BYTE PTR DS:[EAX],CL
0067E9AC 8B8424 B8010000 MOV EAX,DWORD PTR SS:[ESP+1B8]
0067E9B3 25 FFFF0000 AND EAX,0FFFF
0067E9B8 C64424 43 FE MOV BYTE PTR SS:[ESP+43],0FE
0067E9BD C64424 44 18 MOV BYTE PTR SS:[ESP+44],18
0067E9C2 C64424 45 23 MOV BYTE PTR SS:[ESP+45],23
0067E9C7 8D48 01 LEA ECX,DWORD PTR DS:[EAX+1]
0067E9CA C64424 46 C5 MOV BYTE PTR SS:[ESP+46],0C5
0067E9CF 3BC1 CMP EAX,ECX
0067E9D1 C64424 47 A3 MOV BYTE PTR SS:[ESP+47],0A3
0067E9D6 C64424 48 CA MOV BYTE PTR SS:[ESP+48],0CA
0067E9DB C64424 49 33 MOV BYTE PTR SS:[ESP+49],33
0067E9E0 C64424 4A C1 MOV BYTE PTR SS:[ESP+4A],0C1
0067E9E5 C64424 4B CC MOV BYTE PTR SS:[ESP+4B],0CC
0067E9EA C64424 4C 66 MOV BYTE PTR SS:[ESP+4C],66
0067E9EF C64424 4D 67 MOV BYTE PTR SS:[ESP+4D],67
0067E9F4 C64424 4E 21 MOV BYTE PTR SS:[ESP+4E],21
0067E9F9 C64424 4F F3 MOV BYTE PTR SS:[ESP+4F],0F3
0067E9FE C64424 50 32 MOV BYTE PTR SS:[ESP+50],32
0067EA03 C64424 51 12 MOV BYTE PTR SS:[ESP+51],12
0067EA08 C64424 52 15 MOV BYTE PTR SS:[ESP+52],15
0067EA0D C64424 53 35 MOV BYTE PTR SS:[ESP+53],35
0067EA12 C64424 54 29 MOV BYTE PTR SS:[ESP+54],29
0067EA17 C64424 55 FF MOV BYTE PTR SS:[ESP+55],0FF
0067EA1C C64424 56 FE MOV BYTE PTR SS:[ESP+56],0FE
0067EA21 C64424 57 1D MOV BYTE PTR SS:[ESP+57],1D
0067EA26 C64424 58 44 MOV BYTE PTR SS:[ESP+58],44
0067EA2B C64424 59 EF MOV BYTE PTR SS:[ESP+59],0EF
0067EA30 C64424 5A CD MOV BYTE PTR SS:[ESP+5A],0CD
0067EA35 C64424 5B 41 MOV BYTE PTR SS:[ESP+5B],41
0067EA3A C64424 5C 26 MOV BYTE PTR SS:[ESP+5C],26
0067EA3F C64424 5D 3C MOV BYTE PTR SS:[ESP+5D],3C
0067EA44 C64424 5E 4E MOV BYTE PTR SS:[ESP+5E],4E
0067EA49 C64424 5F 4D MOV BYTE PTR SS:[ESP+5F],4D
0067EA4E 74 31 JE SHORT 0067EA81
0067EA50 8BD0 MOV EDX,EAX
0067EA52 81E2 1F000080 AND EDX,8000001F
0067EA58 79 05 JNS SHORT 0067EA5F
0067EA5A 4A DEC EDX
0067EA5B 83CA E0 OR EDX,FFFFFFE0
0067EA5E 42 INC EDX
0067EA5F 8A5414 40 MOV DL,BYTE PTR SS:[ESP+EDX+40]
0067EA63 8A9C04 B9010000 MOV BL,BYTE PTR SS:[ESP+EAX+1B9]
0067EA6A 32D3 XOR DL,BL
0067EA6C 8A9C04 BA010000 MOV BL,BYTE PTR SS:[ESP+EAX+1BA]
0067EA73 32DA XOR BL,DL
0067EA75 889C04 BA010000 MOV BYTE PTR SS:[ESP+EAX+1BA],BL
0067EA7C 40 INC EAX
0067EA7D 3BC1 CMP EAX,ECX
0067EA7F ^75 CF JNZ SHORT 0067EA50
all 100% same so i gues its simply do reXor keys ^^ need check
My credits for OEP? =/ bitch you now dont remember me hahahaha :lol:
Anyway like always dissapointed from WZ what else you can expect from them...
-
Re: Main 1.08.20 (cracked,working)
post main.exe unpack plz!!!
-
Re: Main 1.08.20 (cracked,working)
excellent work guys. straight to the webzens ass
-
Re: Main 1.08.20 (cracked,working)
For what you need unpacked main? :DD
-
Re: Main 1.08.20 (cracked,working)
I just dump and Fix IAT,so I must repair code VM,may be I will finish on tomorrow.
-
Re: Main 1.08.20 (cracked,working)
server files 10.07.35 SCF work main?
-
Re: Main 1.08.20 (cracked,working)
If there is changed XorKey's to new one, then - Yes :)
Here is new XorKey's
Code:
byXorFilter[0] = 0xAB;
byXorFilter[1] = 0x11;
byXorFilter[2] = 0xCD;
byXorFilter[3] = 0xFE;
byXorFilter[4] = 0x18;
byXorFilter[5] = 0x23;
byXorFilter[6] = 0xC5;
byXorFilter[7] = 0xA3;
byXorFilter[8] = 0xCA;
byXorFilter[9] = 0x33;
byXorFilter[10] = 0xC1;
byXorFilter[11] = 0xCC;
byXorFilter[12] = 0x66;
byXorFilter[13] = 0x67;
byXorFilter[14] = 0x21;
byXorFilter[15] = 0xF3;
byXorFilter[16] = 0x32;
byXorFilter[17] = 0x12;
byXorFilter[18] = 0x15;
byXorFilter[19] = 0x35;
byXorFilter[20] = 0x29;
byXorFilter[21] = 0xFF;
byXorFilter[22] = 0xFE;
byXorFilter[23] = 0x1D;
byXorFilter[24] = 0x44;
byXorFilter[25] = 0xEF;
byXorFilter[26] = 0xCD;
byXorFilter[27] = 0x41;
byXorFilter[28] = 0x26;
byXorFilter[29] = 0x3C;
byXorFilter[30] = 0x4E;
byXorFilter[31] = 0x4D;
-
Re: Main 1.08.20 (cracked,working)
Quote:
Originally Posted by
tomatoes
I just dump and Fix IAT,so I must repair code VM,may be I will finish on tomorrow.
Theres no IAT at all for fix... Themida new technique delete IAT. By removing CALL DWORD PTR DS:[IAT] to CALL OFFSET API_ADDR.
This way there is no IAT at all to fix, you need to create the whole IAT again and made a soft for found and fix every CALL OFFSET API_ADDR to the original call to IAT.
-
Re: Main 1.08.20 (cracked,working)
-
Re: Main 1.08.20 (cracked,working)
release main.exe 1.08.20 work SCF SERVER 1.07.35....
-
Re: Main 1.08.20 (cracked,working)
Quote:
Originally Posted by
SmallHabit
For what you need unpacked main? :DD
How we can add dll's antihack, 3D, etc. in a packed main? so if I need to change limits for more items in main, i can't? if you have unpacked main, please share, will be a freat release.
Thanks on advance, sorry my bad english.
-
Re: Main 1.08.20 (cracked,working)
Quote:
How we can add dll's antihack, 3D, etc. in a packed main? so if I need to change limits for more items in main, i can't? if you have unpacked main, please share, will be a freat release.
Thanks on advance, sorry my bad english.
You can still use in-line pathcing, same as I used to crack this main. Sorry I have no unpacked main.
-
Re: Main 1.08.20 (cracked,working)
Quote:
Originally Posted by
SmallHabit
You can still use in-line pathcing, same as I used to crack this main. Sorry I have no unpacked main.
Thanks, i don't have idea what are you talking about (in-line patching) but if you don't have! thanks for answer!
-
Re: Main 1.08.20 (cracked,working)
But .. if nobody contributes main.exe 1.08.20 unpacked, then as they expect us to set to work on appropriate changes?
-
Re: Main 1.08.20 (cracked,working)
There is no problem in that Main is packed, we still can edit main. =)
-
Re: Main 1.08.20 (cracked,working)
I have the following problem when wanting to enter the server I loaded all right but then I disconnected.
which will be the reason
http://img832.imageshack.us/img832/3828/errortfd.png
Uploaded with ImageShack.us
