nProtect Kor GameGuard in any MU game client

[alpg07]

Hello guys,

I'm here for another unique release. I'll demonstrate how use Kor nProtect GameGuard in any client, any protocol, any version. :D

First of all, you need OllyDBG for edit main.exe. You can found it on google.
Now, open OllyDBG and select main.exe... in this tutorial, I'm using 1.03e Eng main_teste.exe.



Now you need to search for "gg init error" string and go to the referenced offset, in this case is 005F16F0.



Great. Now if your main in cracked, you need to code back the GameGuard System. If your main is an original one, go to next step.

To do this, change this commands lines:

Code:

005F1658   . 68 A8FE8B00    PUSH main_tes.008BFEA8                   ; /Arg2 = 008BFEA8 ASCII "config.ini read error
"
005F165D   . 68 50AC0808    PUSH main_tes.0808AC50                   ; |Arg1 = 0808AC50
005F1662   . E8 BA080C00    CALL main_tes.006B1F21                   ; \main_tes.006B1F21
005F1667   . 83C4 08        ADD ESP,8
005F166A   . C785 3CF2FFFF >MOV DWORD PTR SS:[EBP-DC4],0
005F1674   . 8D8D 40FFFFFF  LEA ECX,DWORD PTR SS:[EBP-C0]
005F167A   . E8 51140000    CALL main_tes.005F2AD0
005F167F   . 8B85 3CF2FFFF  MOV EAX,DWORD PTR SS:[EBP-DC4]
005F1685   . E9 BA120000    JMP main_tes.005F2944
005F168A   > 6A 01          PUSH 1
005F168C   . E8 79A02400    CALL main_tes.0083B70A
005F1691   . 83C4 04        ADD ESP,4
005F1694   . 8985 34F2FFFF  MOV DWORD PTR SS:[EBP-DCC],EAX
005F169A   . 83BD 34F2FFFF >CMP DWORD PTR SS:[EBP-DCC],0
005F16A1     75 19          JNZ SHORT main_tes.005F16BC
005F16A3   . A1 F8F78B00    MOV EAX,DWORD PTR DS:[8BF7F8]
005F16A8   . 50             PUSH EAX                                 ; /Arg1 => 008BF810 ASCII "MuEng"
005F16A9   . 8B8D 34F2FFFF  MOV ECX,DWORD PTR SS:[EBP-DCC]           ; |
005F16AF   . E8 EC220000    CALL main_tes.005F39A0                   ; \main_tes.005F39A0
005F16B4   . 8985 50F1FFFF  MOV DWORD PTR SS:[EBP-EB0],EAX
005F16BA   . EB 0A          JMP SHORT main_tes.005F16C6
005F16BC   > C785 50F1FFFF >MOV DWORD PTR SS:[EBP-EB0],0
005F16C6   > 8B8D 50F1FFFF  MOV ECX,DWORD PTR SS:[EBP-EB0]
005F16CC   . 898D 38F2FFFF  MOV DWORD PTR SS:[EBP-DC8],ECX
005F16D2   . 8B95 38F2FFFF  MOV EDX,DWORD PTR SS:[EBP-DC8]
005F16D8   . 8915 88B00808  MOV DWORD PTR DS:[808B088],EDX
005F16DE   . E8 BDE40B00    CALL main_tes.006AFBA0
005F16E3   . 25 FF000000    AND EAX,0FF
005F16E8   . 85C0           TEST EAX,EAX
005F16EA     E9 8A000000    JMP main_tes.005F1779
005F16EF     90             NOP
005F16F0   . 68 C0FE8B00    PUSH main_tes.008BFEC0                   ; /Arg2 = 008BFEC0 ASCII "gg init error"

Change to:

Code:

005F1658   . 68 A8FE8B00    PUSH main_tes.008BFEA8                   ; /Arg2 = 008BFEA8 ASCII "config.ini read error
"
005F165D   . 68 50AC0808    PUSH main_tes.0808AC50                   ; |Arg1 = 0808AC50
005F1662   . E8 BA080C00    CALL main_tes.006B1F21                   ; \main_tes.006B1F21
005F1667   . 83C4 08        ADD ESP,8
005F166A   . C785 3CF2FFFF >MOV DWORD PTR SS:[EBP-DC4],0
005F1674   . 8D8D 40FFFFFF  LEA ECX,DWORD PTR SS:[EBP-C0]
005F167A   . E8 51140000    CALL main_tes.005F2AD0
005F167F   . 8B85 3CF2FFFF  MOV EAX,DWORD PTR SS:[EBP-DC4]
005F1685   . E9 BA120000    JMP main_tes.005F2944
005F168A   > 6A 01          PUSH 1
005F168C     E8 79A02400    CALL main_tes.0083B70A
005F1691     83C4 04        ADD ESP,4
005F1694     8985 34F2FFFF  MOV DWORD PTR SS:[EBP-DCC],EAX
005F169A     83BD 34F2FFFF >CMP DWORD PTR SS:[EBP-DCC],0
005F16A1     74 19          JE SHORT main_tes.005F16BC
005F16A3     A1 F8F78B00    MOV EAX,DWORD PTR DS:[8BF7F8]
005F16A8     50             PUSH EAX                                 ; /Arg1 => 008BF810 ASCII "MuEng"
005F16A9     8B8D 34F2FFFF  MOV ECX,DWORD PTR SS:[EBP-DCC]           ; |
005F16AF     E8 EC220000    CALL main_tes.005F39A0                   ; \main_tes.005F39A0
005F16B4     8985 50F1FFFF  MOV DWORD PTR SS:[EBP-EB0],EAX
005F16BA     EB 0A          JMP SHORT main_tes.005F16C6
005F16BC     C785 50F1FFFF >MOV DWORD PTR SS:[EBP-EB0],0
005F16C6     8B8D 50F1FFFF  MOV ECX,DWORD PTR SS:[EBP-EB0]
005F16CC     898D 38F2FFFF  MOV DWORD PTR SS:[EBP-DC8],ECX
005F16D2     8B95 38F2FFFF  MOV EDX,DWORD PTR SS:[EBP-DC8]
005F16D8     8915 88B00808  MOV DWORD PTR DS:[808B088],EDX
005F16DE     E8 BDE40B00    CALL main_tes.006AFBA0
005F16E3     25 FF000000    AND EAX,0FF
005F16E8     85C0           TEST EAX,EAX
005F16EA     0F85 89000000  JNZ main_tes.005F1779
005F16F0     68 C0FE8B00    PUSH main_tes.008BFEC0                   ; /Arg2 = 008BFEC0 ASCII "gg init error"

Your main will be like this one:



The next step is go to the string "MuEng" and change it to "Mu".

Code:

005F16A3     A1 F8F78B00    MOV EAX,DWORD PTR DS:[8BF7F8]
005F16A8     50             PUSH EAX                                 ; /Arg1 => 008BF810 ASCII "MuEng"

Go to the 8BF7F8 offset, where MuEng is coded.



On there, right click on main thread window, "Follow in Dump" -> "Selection".



Now edit "MuEng" string to the "Mu" string.



Finaly save changes to the main.exe file.

--------------------------------------------------------------------------------------------------------------------------------

Now download my attached Kor nProtect GameGuard, put files on client folder... and magic happens!

Credits (Please respect it):
- HueyGTO (me) for all the work. :)

I hope you enjoy! See you..

[MentaL]

[freakmastersx]

is this work on any version of main.exe?

[alpg07]

I think so. I've tested it on Season 4 Phi, Eng, Kor and Jpn... Season6 Eng, Ko and Jpn... on all of this gg works.

[DarkMaster.]

nop, it wont work on all versions ;]
Im using it from 3-4 months (or maybe more), and for example it doesnt work on 1.03h, but it works on 1.03k and newer mains.

[buffon]

WOW amazing job. thx for release!!!!
I would be very grateful if you or somebody other make that operation with this main:
http://www.multiupload.com/HF62JQEJP1
Thx for advance

[Dudi2]

useless.

Eng Main - GG have IP Check (it's checking that ip address is valid, if not, you will be disconnected) so it will not work on private servers
Kor & Jpn Main - old version GG (can be easily bypassed with proxy)

also GameGuard Auth between GS<->Main not work, so any noob can crack this :F

[mirraseq]

Even crap anihack.dll with own proc dumps is better :P GG is carp as Dudi said (I mean illegal use of it)

[alpg07]

Eng Main - GG have IP Check (it's checking that ip address is valid, if not, you will be disconnected) so it will not work on private servers
Kor & Jpn Main - old version GG (can be easily bypassed with proxy)

also GameGuard Auth between GS<->Main not work, so any noob can crack this :F

Tested with Jpn and Eng Protocol for 3 months and work perfect. But I'm using my hooked dll for security reasons too.

P.S.: Any Proxy can be easily blocked by deleting some WZ fucking functions on main.exe.

[Dudi2]

it works on Eng Main because you changed "MuEng" to "Mu", so it's downloading GameGuard for Kor Main ^^

yea, "security reasons" xD

[alpg07]

Yes.

As you say, Eng GameGuard and Phi GameGuard dont work because have IP check.

[Bealex]

Can someone do this in my main pls becouse i don't know? pls...

[mirraseq]

P.S.: Any Proxy can be easily blocked by deleting some WZ fucking functions on main.exe.

Cause open source proxies for muo uses registry instead hooking connect function. Anyway you can just use main w/o gameguard with cracked checksum and voilà bypassed...

[Bealex]

up .......

[mauka]

Tested with Jpn and Eng Protocol for 3 months and work perfect. But I'm using my hooked dll for security reasons too.

P.S.: Any Proxy can be easily blocked by deleting some WZ fucking functions on main.exe.

just rofling

[theunknownguy]

What is gameguard except the lamest anti cheat in the history of game security?...

Still guide is appreciated. Thanks for the effort...

[[INDG]FeN$x]

What is gameguard except the lamest anti cheat in the history of game security?...

Still guide is appreciated. Thanks for the effort...

100% Agree

[Dudi2]

.....

[alpg07]

[Off]
If someone have and excellent GameGuard for Hard MuOnline server (like 10x exp), please talk with me by sending a message.

[mauka]

100% Agree

i agree 2

[Dudi2]

i agree 2

i agree 3

[Annaev]

[Off]
If someone have and excellent GameGuard for Hard MuOnline server (like 10x exp), please talk with me by sending a message.

Your PM Box is full

[alpg07]

Thanks, its not full anymore. :D

[Simp1e[BoR]]

thanks, Good Work!

[404]

Interesting.. cheers..

[mustx1]

Seu mu faliu huey ? ;O
O que aconteceu? riarairairairairiariaira