patch is 1.04.17,why main is 1.14.17?
Printable View
patch is 1.04.17,why main is 1.14.17?
I think this is webzens error :)
U can stay online in GMO to check stability ;) for 5 ~ 10.mins without gameguard auth.. mather of fact for thous who are intresting in GG - CS auth, here is one of my old GG emulator source code:
part of it*Code:unit uGameGuard;
interface
uses
Windows,SysUtils,Dialogs; {TBytes}
type
Pkey = ^TGG_key;
TGG_Key = array[0..3] of Cardinal;
PCtx = ^TBlowFish_CTX;
TBlowFish_CTX = record
P: array[0..17] of Cardinal;
S: array[0..3,0..$FF] of Cardinal;
end;
const
ORIG_P: array [0..17] of Cardinal =
($243F6A88, $85A308D3, $13198A2E, $03707344, $A4093822, $299F31D0,
$082EFA98, $EC4E6C89, $452821E6, $38D01377, $BE5466CF, $34E90C6C,
$C0AC29B7, $C97C50DD, $3F84D5B5, $B5470917, $9216D5D9, $8979FB1B);
ORIG_S: array [0..3,0..$FF] of Cardinal =
(($D1310BA6, $98DFB5AC, $2FFD72DB, $D01ADFB7, $B8E1AFED, $6A267E96,
$BA7C9045, $F12C7F99, $24A19947, $B3916CF7, $0801F2E2, $858EFC16,
$636920D8, $71574E69, $A458FEA3, $F4933D7E, $0D95748F, $728EB658,
$718BCD58, $82154AEE, $7B54A41D, $C25A59B5, $9C30D539, $2AF26013,
$C5D1B023, $286085F0, $CA417918, $B8DB38EF, $8E79DCB0, $603A180E,
$6C9E0E8B, $B01E8A3E, $D71577C1, $BD314B27, $78AF2FDA, $55605C60,
$E65525F3, $AA55AB94, $57489862, $63E81440, $55CA396A, $2AAB10B6,
$B4CC5C34, $1141E8CE, $A15486AF, $7C72E993, $B3EE1411, $636FBC2A,
$2BA9C55D, $741831F6, $CE5C3E16, $9B87931E, $AFD6BA33, $6C24CF5C,
$7A325381, $28958677, $3B8F4898, $6B4BB9AF, $C4BFE81B, $66282193,
$61D809CC, $FB21A991, $487CAC60, $5DEC8032, $EF845D5D, $E98575B1,
$DC262302, $EB651B88, $23893E81, $D396ACC5, $0F6D6FF3, $83F44239,
$2E0B4482, $A4842004, $69C8F04A, $9E1F9B5E, $21C66842, $F6E96C9A,
$670C9C61, $ABD388F0, $6A51A0D2, $D8542F68, $960FA728, $AB5133A3,
$6EEF0B6C, $137A3BE4, $BA3BF050, $7EFB2A98, $A1F1651D, $39AF0176,
$66CA593E, $82430E88, $8CEE8619, $456F9FB4, $7D84A5C3, $3B8B5EBE,
$E06F75D8, $85C12073, $401A449F, $56C16AA6, $4ED3AA62, $363F7706,
$1BFEDF72, $429B023D, $37D0D724, $D00A1248, $DB0FEAD3, $49F1C09B,
$075372C9, $80991B7B, $25D479D8, $F6E8DEF7, $E3FE501A, $B6794C3B,
$976CE0BD, $04C006BA, $C1A94FB6, $409F60C4, $5E5C9EC2, $196A2463,
$68FB6FAF, $3E6C53B5, $1339B2EB, $3B52EC6F, $6DFC511F, $9B30952C,
$CC814544, $AF5EBD09, $BEE3D004, $DE334AFD, $660F2807, $192E4BB3,
$C0CBA857, $45C8740F, $D20B5F39, $B9D3FBDB, $5579C0BD, $1A60320A,
$D6A100C6, $402C7279, $679F25FE, $FB1FA3CC, $8EA5E9F8, $DB3222F8,
$3C7516DF, $FD616B15, $2F501EC8, $AD0552AB, $323DB5FA, $FD238760,
$53317B48, $3E00DF82, $9E5C57BB, $CA6F8CA0, $1A87562E, $DF1769DB,
$D542A8F6, $287EFFC3, $AC6732C6, $8C4F5573, $695B27B0, $BBCA58C8,
$E1FFA35D, $B8F011A0, $10FA3D98, $FD2183B8, $4AFCB56C, $2DD1D35B,
$9A53E479, $B6F84565, $D28E49BC, $4BFB9790, $E1DDF2DA, $A4CB7E33,
$62FB1341, $CEE4C6E8, $EF20CADA, $36774C01, $D07E9EFE, $2BF11FB4,
$95DBDA4D, $AE909198, $EAAD8E71, $6B93D5A0, $D08ED1D0, $AFC725E0,
$8E3C5B2F, $8E7594B7, $8FF6E2FB, $F2122B64, $8888B812, $900DF01C,
$4FAD5EA0, $688FC31C, $D1CFF191, $B3A8C1AD, $2F2F2218, $BE0E1777,
$EA752DFE, $8B021FA1, $E5A0CC0F, $B56F74E8, $18ACF3D6, $CE89E299,
$B4A84FE0, $FD13E0B7, $7CC43B81, $D2ADA8D9, $165FA266, $80957705,
$93CC7314, $211A1477, $E6AD2065, $77B5FA86, $C75442F5, $FB9D35CF,
$EBCDAF0C, $7B3E89A0, $D6411BD3, $AE1E7E49, $00250E2D, $2071B35E,
$226800BB, $57B8E0AF, $2464369B, $F009B91E, $5563911D, $59DFA6AA,
$78C14389, $D95A537F, $207D5BA2, $02E5B9C5, $83260376, $6295CFA9,
$11C81968, $4E734A41, $B3472DCA, $7B14A94A, $1B510052, $9A532915,
$D60F573F, $BC9BC6E4, $2B60A476, $81E67400, $08BA6FB5, $571BE91F,
$F296EC6B, $2A0DD915, $B6636521, $E7B9F9B6, $FF34052E, $C5855664,
$53B02D5D, $A99F8FA1, $08BA4799, $6E85076A),
($4B7A70E9, $B5B32944,
$DB75092E, $C4192623, $AD6EA6B0, $49A7DF7D, $9CEE60B8, $8FEDB266,
$ECAA8C71, $699A17FF, $5664526C, $C2B19EE1, $193602A5, $75094C29,
$A0591340, $E4183A3E, $3F54989A, $5B429D65, $6B8FE4D6, $99F73FD6,
$A1D29C07, $EFE830F5, $4D2D38E6, $F0255DC1, $4CDD2086, $8470EB26,
$6382E9C6, $021ECC5E, $09686B3F, $3EBAEFC9, $3C971814, $6B6A70A1,
$687F3584, $52A0E286, $B79C5305, $AA500737, $3E07841C, $7FDEAE5C,
$8E7D44EC, $5716F2B8, $B03ADA37, $F0500C0D, $F01C1F04, $0200B3FF,
$AE0CF51A, $3CB574B2, $25837A58, $DC0921BD, $D19113F9, $7CA92FF6,
$94324773, $22F54701, $3AE5E581, $37C2DADC, $C8B57634, $9AF3DDA7,
$A9446146, $0FD0030E, $ECC8C73E, $A4751E41, $E238CD99, $3BEA0E2F,
$3280BBA1, $183EB331, $4E548B38, $4F6DB908, $6F420D03, $F60A04BF,
$2CB81290, $24977C79, $5679B072, $BCAF89AF, $DE9A771F, $D9930810,
$B38BAE12, $DCCF3F2E, $5512721F, $2E6B7124, $501ADDE6, $9F84CD87,
$7A584718, $7408DA17, $BC9F9ABC, $E94B7D8C, $EC7AEC3A, $DB851DFA,
$63094366, $C464C3D2, $EF1C1847, $3215D908, $DD433B37, $24C2BA16,
$12A14D43, $2A65C451, $50940002, $133AE4DD, $71DFF89E, $10314E55,
$81AC77D6, $5F11199B, $043556F1, $D7A3C76B, $3C11183B, $5924A509,
$F28FE6ED, $97F1FBFA, $9EBABF2C, $1E153C6E, $86E34570, $EAE96FB1,
$860E5E0A, $5A3E2AB3, $771FE71C, $4E3D06FA, $2965DCB9, $99E71D0F,
$803E89D6, $5266C825, $2E4CC978, $9C10B36A, $C6150EBA, $94E2EA78,
$A5FC3C53, $1E0A2DF4, $F2F74EA7, $361D2B3D, $1939260F, $19C27960,
$5223A708, $F71312B6, $EBADFE6E, $EAC31F66, $E3BC4595, $A67BC883,
$B17F37D1, $018CFF28, $C332DDEF, $BE6C5AA5, $65582185, $68AB9802,
$EECEA50F, $DB2F953B, $2AEF7DAD, $5B6E2F84, $1521B628, $29076170,
$ECDD4775, $619F1510, $13CCA830, $EB61BD96, $0334FE1E, $AA0363CF,
$B5735C90, $4C70A239, $D59E9E0B, $CBAADE14, $EECC86BC, $60622CA7,
$9CAB5CAB, $B2F3846E, $648B1EAF, $19BDF0CA, $A02369B9, $655ABB50,
$40685A32, $3C2AB4B3, $319EE9D5, $C021B8F7, $9B540B19, $875FA099,
$95F7997E, $623D7DA8, $F837889A, $97E32D77, $11ED935F, $16681281,
$0E358829, $C7E61FD6, $96DEDFA1, $7858BA99, $57F584A5, $1B227263,
$9B83C3FF, $1AC24696, $CDB30AEB, $532E3054, $8FD948E4, $6DBC3128,
$58EBF2EF, $34C6FFEA, $FE28ED61, $EE7C3C73, $5D4A14D9, $E864B7E3,
$42105D14, $203E13E0, $45EEE2B6, $A3AAABEA, $DB6C4F15, $FACB4FD0,
$C742F442, $EF6ABBB5, $654F3B1D, $41CD2105, $D81E799E, $86854DC7,
$E44B476A, $3D816250, $CF62A1F2, $5B8D2646, $FC8883A0, $C1C7B6A3,
$7F1524C3, $69CB7492, $47848A0B, $5692B285, $095BBF00, $AD19489D,
$1462B174, $23820E00, $58428D2A, $0C55F5EA, $1DADF43E, $233F7061,
$3372F092, $8D937E41, $D65FECF1, $6C223BDB, $7CDE3759, $CBEE7460,
$4085F2A7, $CE77326E, $A6078084, $19F8509E, $E8EFD855, $61D99735,
$A969A7AA, $C50C06C2, $5A04ABFC, $800BCADC, $9E447A2E, $C3453484,
$FDD56705, $0E1E9EC9, $DB73DBD3, $105588CD, $675FDA79, $E3674340,
$C5C43465, $713E38D8, $3D28F89E, $F16DFF20, $153E21E7, $8FB03D4A,
$E6E39F2B, $DB83ADF7),
($E93D5A68, $948140F7, $F64C261C, $94692934,
$411520F7, $7602D4F7, $BCF46B2E, $D4A20068, $D4082471, $3320F46A,
$43B7D4B7, $500061AF, $1E39F62E, $97244546, $14214F74, $BF8B8840,
$4D95FC1D, $96B591AF, $70F4DDD3, $66A02F45, $BFBC09EC, $03BD9785,
$7FAC6DD0, $31CB8504, $96EB27B3, $55FD3941, $DA2547E6, $ABCA0A9A,
$28507825, $530429F4, $0A2C86DA, $E9B66DFB, $68DC1462, $D7486900,
$680EC0A4, $27A18DEE, $4F3FFEA2, $E887AD8C, $B58CE006, $7AF4D6B6,
$AACE1E7C, $D3375FEC, $CE78A399, $406B2A42, $20FE9E35, $D9F385B9,
$EE39D7AB, $3B124E8B, $1DC9FAF7, $4B6D1856, $26A36631, $EAE397B2,
$3A6EFA74, $DD5B4332, $6841E7F7, $CA7820FB, $FB0AF54E, $D8FEB397,
$454056AC, $BA489527, $55533A3A, $20838D87, $FE6BA9B7, $D096954B,
$55A867BC, $A1159A58, $CCA92963, $99E1DB33, $A62A4A56, $3F3125F9,
$5EF47E1C, $9029317C, $FDF8E802, $04272F70, $80BB155C, $05282CE3,
$95C11548, $E4C66D22, $48C1133F, $C70F86DC, $07F9C9EE, $41041F0F,
$404779A4, $5D886E17, $325F51EB, $D59BC0D1, $F2BCC18F, $41113564,
$257B7834, $602A9C60, $DFF8E8A3, $1F636C1B, $0E12B4C2, $02E1329E,
$AF664FD1, $CAD18115, $6B2395E0, $333E92E1, $3B240B62, $EEBEB922,
$85B2A20E, $E6BA0D99, $DE720C8C, $2DA2F728, $D0127845, $95B794FD,
$647D0862, $E7CCF5F0, $5449A36F, $877D48FA, $C39DFD27, $F33E8D1E,
$0A476341, $992EFF74, $3A6F6EAB, $F4F8FD37, $A812DC60, $A1EBDDF8,
$991BE14C, $DB6E6B0D, $C67B5510, $6D672C37, $2765D43B, $DCD0E804,
$F1290DC7, $CC00FFA3, $B5390F92, $690FED0B, $667B9FFB, $CEDB7D9C,
$A091CF0B, $D9155EA3, $BB132F88, $515BAD24, $7B9479BF, $763BD6EB,
$37392EB3, $CC115979, $8026E297, $F42E312D, $6842ADA7, $C66A2B3B,
$12754CCC, $782EF11C, $6A124237, $B79251E7, $06A1BBE6, $4BFB6350,
$1A6B1018, $11CAEDFA, $3D25BDD8, $E2E1C3C9, $44421659, $0A121386,
$D90CEC6E, $D5ABEA2A, $64AF674E, $DA86A85F, $BEBFE988, $64E4C3FE,
$9DBC8057, $F0F7C086, $60787BF8, $6003604D, $D1FD8346, $F6381FB0,
$7745AE04, $D736FCCC, $83426B33, $F01EAB71, $B0804187, $3C005E5F,
$77A057BE, $BDE8AE24, $55464299, $BF582E61, $4E58F48F, $F2DDFDA2,
$F474EF38, $8789BDC2, $5366F9C3, $C8B38E74, $B475F255, $46FCD9B9,
$7AEB2661, $8B1DDF84, $846A0E79, $915F95E2, $466E598E, $20B45770,
$8CD55591, $C902DE4C, $B90BACE1, $BB8205D0, $11A86248, $7574A99E,
$B77F19B6, $E0A9DC09, $662D09A1, $C4324633, $E85A1F02, $09F0BE8C,
$4A99A025, $1D6EFE10, $1AB93D1D, $0BA5A4DF, $A186F20F, $2868F169,
$DCB7DA83, $573906FE, $A1E2CE9B, $4FCD7F52, $50115E01, $A70683FA,
$A002B5C4, $0DE6D027, $9AF88C27, $773F8641, $C3604C06, $61A806B5,
$F0177A28, $C0F586E0, $006058AA, $30DC7D62, $11E69ED7, $2338EA63,
$53C2DD94, $C2C21634, $BBCBEE56, $90BCB6DE, $EBFC7DA1, $CE591D76,
$6F05E409, $4B7C0188, $39720A3D, $7C927C24, $86E3725F, $724D9DB9,
$1AC15BB4, $D39EB8FC, $ED545578, $08FCA5B5, $D83D7CD3, $4DAD0FC4,
$1E50EF5E, $B161E6F8, $A28514D9, $6C51133C, $6FD5C7E7, $56E14EC4,
$362ABFCE, $DDC6C837, $D79A3234, $92638212, $670EFA8E, $406000E0),
($3A39CE37, $D3FAF5CF, $ABC27737, $5AC52D1B, $5CB0679E, $4FA33742,
$D3822740, $99BC9BBE, $D5118E9D, $BF0F7315, $D62D1C7E, $C700C47B,
$B78C1B6B, $21A19045, $B26EB1BE, $6A366EB4, $5748AB2F, $BC946E79,
$C6A376D2, $6549C2C8, $530FF8EE, $468DDE7D, $D5730A1D, $4CD04DC6,
$2939BBDB, $A9BA4650, $AC9526E8, $BE5EE304, $A1FAD5F0, $6A2D519A,
$63EF8CE2, $9A86EE22, $C089C2B8, $43242EF6, $A51E03AA, $9CF2D0A4,
$83C061BA, $9BE96A4D, $8FE51550, $BA645BD6, $2826A2F9, $A73A3AE1,
$4BA99586, $EF5562E9, $C72FEFD3, $F752F7DA, $3F046F69, $77FA0A59,
$80E4A915, $87B08601, $9B09E6AD, $3B3EE593, $E990FD5A, $9E34D797,
$2CF0B7D9, $022B8B51, $96D5AC3A, $017DA67D, $D1CF3ED6, $7C7D2D28,
$1F9F25CF, $ADF2B89B, $5AD6B472, $5A88F54C, $E029AC71, $E019A5E6,
$47B0ACFD, $ED93FA9B, $E8D3C48D, $283B57CC, $F8D56629, $79132E28,
$785F0191, $ED756055, $F7960E44, $E3D35E8C, $15056DD4, $88F46DBA,
$03A16125, $0564F0BD, $C3EB9E15, $3C9057A2, $97271AEC, $A93A072A,
$1B3F6D9B, $1E6321F5, $F59C66FB, $26DCF319, $7533D928, $B155FDF5,
$03563482, $8ABA3CBB, $28517711, $C20AD9F8, $ABCC5167, $CCAD925F,
$4DE81751, $3830DC8E, $379D5862, $9320F991, $EA7A90C2, $FB3E7BCE,
$5121CE64, $774FBE32, $A8B6E37E, $C3293D46, $48DE5369, $6413E680,
$A2AE0810, $DD6DB224, $69852DFD, $09072166, $B39A460A, $6445C0DD,
$586CDECF, $1C20C8AE, $5BBEF7DD, $1B588D40, $CCD2017F, $6BB4E3BB,
$DDA26A7E, $3A59FF45, $3E350A44, $BCB4CDD5, $72EACEA8, $FA6484BB,
$8D6612AE, $BF3C6F47, $D29BE463, $542F5D9E, $AEC2771B, $F64E6370,
$740E0D8D, $E75B1357, $F8721671, $AF537D5D, $4040CB08, $4EB4E2CC,
$34D2466A, $0115AF84, $E1B00428, $95983A1D, $06B89FB4, $CE6EA048,
$6F3F3B82, $3520AB82, $011A1D4B, $277227F8, $611560B1, $E7933FDC,
$BB3A792B, $344525BD, $A08839E1, $51CE794B, $2F32C9B7, $A01FBAC9,
$E01CC87E, $BCC7D1F6, $CF0111C3, $A1E8AAC7, $1A908749, $D44FBD9A,
$D0DADECB, $D50ADA38, $0339C32A, $C6913667, $8DF9317C, $E0B12B4F,
$F79E59B7, $43F5BB3A, $F2D519FF, $27D9459C, $BF97222C, $15E6FC2A,
$0F91FC71, $9B941525, $FAE59361, $CEB69CEB, $C2A86459, $12BAA8D1,
$B6C1075E, $E3056A0C, $10D25065, $CB03A442, $E0EC6E0E, $1698DB3B,
$4C98A0BE, $3278E964, $9F1F9532, $E0D392DF, $D3A0342B, $8971F21E,
$1B0A7441, $4BA3348C, $C5BE7120, $C37632D8, $DF359F8D, $9B992F2E,
$E60B6F47, $0FE3F11D, $E54CDA54, $1EDAD891, $CE6279CF, $CD3E7E6F,
$1618B166, $FD2C1D05, $848FD2C5, $F6FB2299, $F523F357, $A6327623,
$93A83531, $56CCCD02, $ACF08162, $5A75EBB5, $6E163697, $88D273CC,
$DE966292, $81B949D0, $4C50901B, $71C65614, $E6C6C7BD, $327A140A,
$45E1D006, $C3F27B9A, $C9AA53FD, $62A80F00, $BB25BFE2, $35BDD2F6,
$71126905, $B2040222, $B6CBCF7C, $CD769C2B, $53113EC0, $1640E3D3,
$38ABBD60, $2547ADF0, $BA38209C, $F746CE76, $77AFA1C5, $20756060,
$85CBFE4E, $8AE88DD8, $7AAAF9B0, $4CF9AA7E, $1948C25C, $02FB8A8C,
$01C36AE4, $D6EBE1F9, $90D4F869, $A65CDEA0, $3F09252D, $C208E69F,
$B74E6132, $CE77E25B, $578FDFE3, $3AC372E6));
const
N = 16;
IncaKey = '@SAU^T2*KY';
procedure BlowFish_Init(Ctx: PCtx; Key: TBytes; KeyLen: integer);
procedure GameGuard_Decrypt(InKey: Pkey);
procedure GameGuard_Encrypt(InKey: Pkey);
procedure GameGuard_ShiftBits(inKey: Pkey; var Key: TGG_Key);
function GG_KeyGen(KeyIn,KeyOut: Pkey): Integer;
procedure GenerateGG(Data:PByteArray);
var
MyBlowShit: TBlowFish_CTX;
FirstCall: Boolean = True;
Key:TBytes;
GameGuardPacket : TBytes;
implementation
uses
uMainFrm;
procedure GenerateGG(Data:PByteArray);
var
GGKey,SendGameGuard:TGG_Key;
begin
SetLength(GameGuardPacket,20);
GGKey[0] := PDWord(@Data[4])^;
GGKey[1] := PDWord(@Data[8])^;
GGKey[2] := PDWord(@Data[12])^;
GGKey[3] := PDWord(@Data[16])^;
GG_KeyGen(@GGKey,@SendGameGuard);
Move(SendGameGuard[0],GameGuardPacket[4],16);
GameGuardPacket[0]:=$C3;
GameGuardPacket[1]:=$14;
GameGuardPacket[2]:=$73;
GameGuardPacket[3]:=$00;
MainFrm.SendC3C4(MainFrm.Client,GameGuardPacket,$14);
MainFrm.LogMessage('aa '+ IntToHex(GGKey[0],4));
end;
function F(Ctx: PCtx; x: Cardinal): Cardinal;
var
a,b,c,d : Byte;
y: Cardinal;
begin
d := Byte(x and $FF);
x := x shr 8;
c := Byte(x and $FF);
x := x shr 8;
b := Byte(x and $FF);
x := x shr 8;
a := Byte(x and $FF);
y := Ctx.S[0,a] + Ctx.S[1,b];
Result := y xor Ctx.S[2,c] + Ctx.S[3,d];
end;
procedure BlowFish_Encrypt(Ctx: PCtx; var Xl, Xr: Cardinal);
var
i: Byte;
Tmp: Cardinal;
begin
for I := 0 to N - 1 do
begin
Xl := Xl xor Ctx.P[i];
Xr := F(Ctx,Xl) xor Xr;
Tmp := Xl;
Xl := Xr;
Xr := Tmp;
end;
Tmp := Xl;
Xl := Xr;
Xr := Tmp;
Xr := Xr xor Ctx.P[n]; //n
Xl := Xl xor Ctx.P[n + 1]; //n
end;
procedure BlowFish_Decrypt(Ctx: PCtx; var Xl,Xr: Cardinal);
var
I: Byte;
Tmp: Cardinal;
begin
for I := n +1 downto 2 do
begin
Xl := Xl xor Ctx.P[i];
Xr := F(Ctx,Xl) xor Xr;
Tmp := Xl;
Xl := Xr;
Xr := Tmp;
end;
Tmp := Xl;
Xl := Xr;
Xr := Tmp;
Xr := Xr xor Ctx.P[1];
Xl := Xl xor Ctx.P[0];
end;
procedure BlowFish_Init(Ctx: PCtx; Key: TBytes; KeyLen: integer);
var
i,j,k: Integer;
Data,LData,RData: Cardinal;
begin
for I := 0 to 4 - 1 do
for j := 0 to $FF do
Ctx.S[i,j] := Orig_S[i,j];
J := 0;
for i := 0 to 18 - 1 do
begin
Data := $00000000;
for k := 0 to 4 - 1 do
begin
Data := (Data shl 8) or Key[j];
Inc(J,1);
if J >= KeyLen then
J := 0;
end;
Ctx.P[i] := ORIG_P[i] xor Data;
end;
LData := $00000000;
RData := $00000000;
i := 0;
while i < 18 do
begin
BlowFish_Encrypt(Ctx,LData,RData);
Ctx.P[i] := LData;
Ctx.P[i + 1] := RData;
Inc(i,2);
end;
for I := 0 to 4 - 1 do
begin
j := 0;
while j < $FF do
begin
BlowFish_Encrypt(Ctx,LData,RData);
Ctx.S[i,j] := LData;
Ctx.S[i,j + 1] := RData;
Inc(j,2);
end;
end;
end;
procedure GameGuard_Encrypt(InKey: Pkey);
begin
InKey[0] := InKey[0] xor $AFD349D;
InKey[1] := InKey[1] xor $9D28B918;
BlowFish_Encrypt(@MyBlowShit,InKey[0],InKey[2]);
InKey[2] := InKey[2] xor $B64D24A;
InKey[3] := InKey[3] xor $F674C8B9;
BlowFish_Encrypt(@MyBlowShit,InKey[1],InKey[3]);
end;
procedure GameGuard_Decrypt(InKey: Pkey);
begin
BlowFish_Decrypt(@MyBlowShit,InKey[1],InKey[3]);
InKey[2] := InKey[2] xor $64D84A;
InKey[3] := InKey[3] xor $F0F4C802;
BlowFish_Decrypt(@MyBlowShit,InKey[0],InKey[2]);
InKey[0] := InKey[0] xor $FD3A9D;
InKey[1] := InKey[1] xor $9D2DB902;
end;
procedure GameGuard_ShiftBits(inKey: Pkey; var Key: TGG_Key);
var
i: Integer;
begin
for I := 0 to 4 - 1 do
begin
Key[i] := ($FF000000 and (InKey[i] shl 24))
or ($00FF0000 and (InKey[i] shl 8))
or ($0000FF00 and (InKey[i] shr 8))
or ($000000FF and (InKey[i] shr 24));
end;
end;
function GG_KeyGen(KeyIn,KeyOut: Pkey): integer;
var
i:Integer;
iIndex: Integer;
begin
if(FirstCall)then
begin
SetLength(Key,10);
for I := 0 to 10 do
Key[I]:=Ord(IncaKey[I+1]);
Blowfish_Init(@MyBlowShit,Key,10);
FirstCall:=False;
end;
GameGuard_Decrypt(KeyIn);
iIndex := KeyIn[0];
if iIndex <= 500 then
begin
case iIndex of
0: begin
KeyOut[0] := $00010060;
KeyOut[1] := $0410E304;
KeyOut[2] := $77C06F45;
KeyOut[3] := $0E0BD7B4;
GameGuard_Encrypt(KeyOut);
end;
01: begin
KeyOut[0] := $00010060;
KeyOut[1] := KeyIn[1];
KeyOut[2] := ((((KeyIn[3] - $4AF0A78E) + $6DB3A822) + $54C358B3) + $0C05DFA0);
KeyOut[3] := KeyIn[3];
GameGuard_Encrypt(KeyOut);
end;
03: begin
KeyOut[0] := $00010060;
KeyOut[1] := KeyIn[1];
KeyOut[2] := KeyIn[2];
KeyOut[3] := ((((KeyIn[3] xor $52D4C400) xor $211CA524) xor $9EAE3439) + $8D7D61C9);
GameGuard_Encrypt(KeyOut);
end;
05: begin
KeyOut[0] := $00010060;
KeyOut[1] := KeyIn[1];
KeyOut[2] := ((((KeyIn[3] + $2CA95285) - $5F558F46) xor $879CDAC8) + $3737F6EE);
KeyOut[3] := KeyIn[3];
GameGuard_Encrypt(KeyOut);
end;
07: begin
KeyOut[0] := $00010060;
KeyOut[1] := KeyIn[1];
KeyOut[2] := ((((KeyIn[3] + $22C53062) xor $12790E01) + $02D97EA5) + $A97E0973);
KeyOut[3] := KeyIn[3];
GameGuard_Encrypt(KeyOut);
end;
09: begin
KeyOut[0] := $00010060;
KeyOut[1] := KeyIn[1];
KeyOut[2] := KeyIn[2];
KeyOut[3] := ((((KeyIn[3] + $5F8B1DF5) xor $F9D66339) - $669E8117) + $CB54D4BB);
GameGuard_Encrypt(KeyOut);
end;
10: begin
KeyOut[0] := $00010060;
KeyOut[1] := ((((KeyIn[3] + $4A859AD7) - $30256CD6) xor $1A09017C) + $B2680BF0);
KeyOut[2] := KeyIn[2];
KeyOut[3] := KeyIn[3];
GameGuard_Encrypt(KeyOut);
end;
11: begin
KeyOut[0] := $00010060;
KeyOut[1] := ((((KeyIn[3] - $0FC0E2A1) - $6DF0C485) + $4282BD92) + $03607D06);
KeyOut[2] := KeyIn[2];
KeyOut[3] := KeyIn[3];
GameGuard_Encrypt(KeyOut);
end;
450: begin
KeyOut[0] := $00010060;
KeyOut[1] := KeyIn[1];
KeyOut[2] := ((((KeyIn[3] + $4602E424) + $1BB854E5) xor $C41C332B) + $660C213C);
KeyOut[3] := KeyIn[3];
GameGuard_Encrypt(KeyOut);
end;
448: begin
KeyOut[0] := $00010060;
KeyOut[1] := KeyIn[1];
KeyOut[2] := ((((KeyIn[3] - $3FE1DA99) - $7E9676CE) xor $CFC9FF27) + $8D7D61C9);
KeyOut[3] := KeyIn[3];
GameGuard_Encrypt(KeyOut);
end;
$129: begin
KeyOut[0] := $00010060;
KeyOut[1] := ((((KeyIn[3] xor $F79E0778) xor $A26B7D49) - $7B9F0B7E) + $33460E9E);
KeyOut[2] := KeyIn[2];
KeyOut[3] := KeyIn[3];
GameGuard_Encrypt(KeyOut);
end;
$1F0: begin
KeyOut[0] := $00010060;
KeyOut[1] := KeyIn[1];
KeyOut[2] := ((((KeyIn[3] + $37AB126A) - $7A417C81) - $20142580) + $1DAC94F9);
KeyOut[3] := KeyIn[3];
GameGuard_Encrypt(KeyOut);
end;
end;
Result := iIndex;
end
else
Result := iIndex;
end;
end.
Can you share sv for you :S i want test it :((
Shore: Official MU Online ;)
use titan tech or scf :(
Thanks, this main is very stable :) But I think there's 1 more RG offset to crack, after char selection.Quote:
Originally Posted by SmallHabit
It's the game client that disconnects, not game server. I fix main checksum reply to a valid checksum (in proxy), and I can see a DC from client side. Do you have any solution to this? :)Code:[...]
[Connect to Server] ip address = connect.muonline.webzen.com, port = 44405
> Login Scene init success.
Send Request Server List.
Success Receive Server List.
Success Receive Server List.
[ReceiveServerConnect][Socket Closed][Clear PacketQueue]
[Connect to Server] ip address = 211.43.146.195, port = 55901
> Login Request.
> Try to Login "00031XXXXX"
> Login Request.
> Try to Login "00031XXXXX"
> Request Character list
> Character scene init success.
> Character selected <1> "adf3dds"
> Main Scene init success. 2012/10/12 16:45
À妽º¸¦ °øÀ¯Çϰųª Delete¾øÀÌ »ç¿ëÇÏ¿´À½Data\World1\leaf01.tga(0x00007695)->Data\World1\leaf01.jpg
[ResourceGuard] Check Integrity... : data\local\Gameguard.csr
[ResourceGuard] Error: main.exe file is modified.
[ResourceGuard] Stop checking integrity.
[Socket Closed][Clear PacketQueue]
> ResourceGuard Error!!
Strange packet
0x0012DFE9 : C147F303 938F0000 00000000 00004A80
: 00000000 00005E88 00004E00 14001900
: 0A008200 82001900 1900A600 A6001000
: 21001200 45040000 03000000 04000000
: 00000400 00973A
> Connection closed. 2012/10/12 16:45
[Socket Closed][Clear PacketQueue]
Destroy
How can u fix checksum replay in client, if its stored in GameGuard.crs file.. ))
Actualy its simply check GameGuard.crs checksum of main.exe with binnary file (main.exe) but checksum send by client to server is like in "OLD" dayz, but its generated from gameguard.crs instead of main.exe
and its definetly strange packet..Code:Strange packet
0x0012DFE9 : C147F303 938F0000 00000000 00004A80
: 00000000 00005E88 00004E00 14001900
: 0A008200 82001900 1900A600 A6001000
: 21001200 45040000 03000000 04000000
: 00000400 00973A
PS. habits main.exe works very smooth.. :ott1:
http://imageshack.us/a/img141/8437/habit.png
All these "crashes" and "errors" are caused by protection system from packer (destroy function calls, prologs etc.)
Later I'll post some fixes.
I didn't fix it in client. I have a file with 1024 valid replies. I use proxy to block checksum request, so that main doesn't see it. I use my file to send a checksum reply from proxy. I tested it with main not cracked, so I'm sure it works fine. I only mentioned it to prove, disconnect is not because of wrong checksum.Quote:
Originally Posted by mauka
WTH is strange packet? :)Quote:
and its definetly strange packet..
@Dudi2
Great :)
if u tal about this: ( i dint even research it, when its changed) [Release] [Source Delphi] MultiCore checksum generator - RaGEZONE forums But this 4kb are not valid anymore on gmo )))
Mather of fact, i start think some "PIG" start share my work with their best friend and their best friend to "their best friends".. untill infinity. ))
I think this error was called when Decrypt packet was failed ;) look around EncDec in main.exeQuote:
Originally Posted by jansonbuton
@mauka
Yes, this version uses 1 more byte in checksum reply packet. Before that byte was always 0, now is not. I don't know how they calculate it, I simply use main.exe as a generator, and now my file is 1024 x 5 bytes :)
Hm.. Call me in msn i wanna ask u something ))
the main auto close after loading .what's client work witt main ?
http://failiem.lv/down.php?i=ejpocoa...-0000.jpg&view
Finally got it working, need to fix viewport, and attack protocols
Hello all.
Here is viewport for Players
And this is for monsters and NPCQuote:
#pragma pack(1)
struct PMSG_VIEWPORTCREATE
{
BYTE NumberH;
BYTE NumberL;
BYTE X;
BYTE Y;
BYTE CharSet[18];
char Id[10];
BYTE TX;
BYTE TY;
BYTE DirAndPkLevel;
BYTE ElementIcon;
WORD Level;
DWORD iHealth;
DWORD iMaxHealth;
BYTE btViewSkillStateCount;
BYTE btViewSkillState[MAX_STATE_COUNT];
};
#pragma pack()
http://clip2net.com/clip/m0/1350087888-clip-396kb.jpgQuote:
#pragma pack(1)
struct PMSG_MONSTER_VIEWPORTCREATE
{
BYTE NumberH;
BYTE NumberL;
BYTE Type_HI;
BYTE Type_LO;
BYTE X;
BYTE Y;
BYTE TX;
BYTE TY;
BYTE Path;
BYTE ElementIcon;
WORD Level;
DWORD iHealth;
DWORD iMaxHealth;
BYTE btViewSkillStateCount;
BYTE btViewSkillState[MAX_STATE_COUNT];
};
#pragma pack()
Thanks!Quote:
Originally Posted by SmallHabit
So now you can also see the health of other players (only with packet sniffer i guess...)?
I have no words habbit is the best of the best !!!!!!!!! Always great work !Quote:
Originally Posted by SmallHabit
I think, the main idea of WZ was - health in party. And health bar for mobs. Thats why they added it. +)Quote:
Thanks!
So now you can also see the health of other players (only with packet sniffer i guess...)?
Hi . It can use on Private Servers? on or Titanstech files?Quote:
Originally Posted by SmallHabit
I use it in my test emulator. To test on tt files you need to restore old encdec. Or reverse new encdec. Ex700 will not work at normal tt files.
What need to be the MAX_STATE_COUNT?
I test in GMO, and for me, your main.exe can't process the packet with map info:Quote:
Originally Posted by SmallHabit
If I block it, then char selection is succesfull (but, of course, I don't see the map I'm into ;p). Otherwise, I get ResourceGuard error + strange packet error.Code:C3 53 87 33 47 57 A3 7E 98 67 04 6E 0D 78 1F C0 DB 25 AB F6 91 92 72 60 9D 62 F9 9E 71 74 BF 74 FF 37 21 6D 64 DA 12 3A 73 81 7C E6 92 B8 CA 46 CD ED 28 93 E7 98 44 A7 63 0A 26 13 9A 23 4C 22 B8 B8 B0 C3 46 21 3C AE C5 95 09 11 30 D0 B0 DA 64 4B 09
decrypts as:
C3 49 00 F3 03 93 7B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 64 00 00 12 00 12 00 0F 00 1E 00 3C 00 3C 00 3C 00 3C 00 63 00 63 00 0A 00 15 00 12 00 DD E9 FA 02 03 00 00 00 02 00 00 00 00 00 02 00 00 97 3A 00
Edit: ok, after some talk with mauka, I think that this error is most likely because of my windows version, XP 32 bit. Must be some nasty trick of the packer, that shows up there. (And C3 packet ID is 0, because this is the very first C3 server --> client).Code:> Character selected <2> "Wizard791"
> Main Scene init success. 2012/10/13 15:37
À妽º¸¦ °øÀ¯Çϰųª Delete¾øÀÌ »ç¿ëÇÏ¿´À½Data\World1\leaf01.tga(0x00007695)->Data\World1\leaf01.jpg
[ResourceGuard] Check Integrity... : data\local\Gameguard.csr
[ResourceGuard] Error: main.exe file is modified.
[ResourceGuard] Stop checking integrity.
[Socket Closed][Clear PacketQueue]
> ResourceGuard Error!!
Strange packet
0x0012DFE9 : C147F303 937B0000 00000000 00000000
: 00000000 00000064 00001200 12000F00
: 1E003C00 3C003C00 3C006300 63000A00
: 15001200 DDE9FA02 03000000 02000000
: 00000200 00973A
> Connection closed. 2012/10/13 15:37
[Socket Closed][Clear PacketQueue]
Destroy
My EncDec decrypt it 100% same as yours.. The magic is EncDec needs counter for correct Encdec
Encrypted data.. Looks to be wrong as Decrypted data dont contains PACKET ID ( counter )Code:C3 49 00 F3 0E 93 D4 BA A3 CA 33 C1 CC 66 67 21 F3 32 12 15 35 29 FF FE 79 20 EF DF 53 34 2E 41 42 B5 0F F1 C2 24 1F F9 9F F6 0F A2 AF 05 04 2B F9 27 07 07 27 F4 CB ED E5 45 EC CD 41 24 3E 4E 4D AB 11 CF FC 18 B4 68 99
MuOnline crypt always enrypt all content of packet and counter is part of it ;)
ContentSize := PktSize - PktHdrSize;
Post original packet u got before u Re-Encrypt it manualy
Code:function GetHdrSize(lpSource: Pointer): Byte;
begin
case PByte(lpSource)^ of
$C1, $C3: Result := 2;
$C2, $C4: Result := 3;
else
Result := 0;
end;
end;
function GetHdr(lpSource: Pointer): Byte;
begin
Result := PByte(lpSource)^
end;
function GetPacketSize (lpSource: Pointer): Word;
var
Hdr: Byte;
begin
Hdr := GetHdr(lpSource);
case Hdr of
$C1, $C3: Result := PByte(Integer(lpSource) + 1)^;
$C2, $C4: Result := (PByte(Integer(lpSource) + 1)^ shl 8) + PByte(Integer(lpSource) + 2)^;
else
Result := 0;
end;
end;
function GetContentSize (lpSource: Pointer): Word;
begin
Result := GetPacketSize(lpSource) - GetHdrSize(lpSource)
end;
As I promised...
If you have some questions, crashes etc. write in this topic, I'll try to help.Code:1) Init function (allow to run main via Olly):
004ECDCB 55 PUSH EBP
004ECDCC 8BEC MOV EBP,ESP
004ECDCE 81EC 600F0000 SUB ESP,0F60
004ECDD4 EB 26 JMP SHORT main.004ECDFC
004ECDD6 90 NOP
004ECDD7 90 NOP
004ECDD8 90 NOP
004ECDD9 90 NOP
004ECDDA 90 NOP
004ECDDB 90 NOP
004ECDDC 90 NOP
004ECDDD 90 NOP
004ECDDE 90 NOP
004ECDDF 90 NOP
004ECDE0 90 NOP
004ECDE1 90 NOP
004ECDE2 90 NOP
004ECDE3 90 NOP
004ECDE4 90 NOP
004ECDE5 90 NOP
004ECDE6 90 NOP
004ECDE7 90 NOP
004ECDE8 90 NOP
004ECDE9 90 NOP
004ECDEA 90 NOP
004ECDEB 90 NOP
004ECDEC 90 NOP
004ECDED 90 NOP
004ECDEE 90 NOP
004ECDEF 90 NOP
004ECDF0 90 NOP
004ECDF1 90 NOP
004ECDF2 90 NOP
004ECDF3 90 NOP
004ECDF4 90 NOP
004ECDF5 90 NOP
004ECDF6 90 NOP
004ECDF7 90 NOP
004ECDF8 90 NOP
004ECDF9 90 NOP
004ECDFA 90 NOP
004ECDFB 90 NOP
2) Fix Call to function (crash when progress bar is full)
004F22A5 E8 78606E09 CALL main.09BD8322
004F2523 E8 FA5D6E09 CALL main.09BD8322
3) Fix Calls (Crash on login, select character, join game etc.)
004F1F48 E8 DAE56E09 CALL main.09BE0527
004F2344 E8 3B606E09 CALL main.09BD8384
004F2626 E8 FCDE6E09 CALL main.09BE0527
004F1ACE E8 B1686E09 CALL main.09BD8384
004F1D37 E8 E6656E09 CALL main.09BD8322
004F44D3 E8 4A3E6E09 CALL main2.09BD8322
004F4476 E8 093F6E09 CALL main2.09BD8384
004F447B E8 4C816E09 CALL main2.09BDC5CC
004F42AA E8 33606E09 CALL main2.09BDA2E2
004F42AF E8 DA626E09 CALL main2.09BDA58E
4) Resource Guard
09BF14BB -E9 275BA4F6 JMP main2.00636FE7
09BF14C0 90 NOP
5) Crashes in-game (rewrite functions module (packer shit))
0065DC21 E8 28495909 CALL main2.09BF254E // Loading Game
0065F282 E8 331D5F09 CALL main2.09C50FBA // Chaos Machine
009BD443 E8 53A92209 CALL main2.09BE7D9B // Magic Attack (BK)
009BD46B E8 10AD2209 CALL main2.09BE8180 // Magic Attack (SM)
009BD484 E8 3FB02209 CALL main2.09BE84C8 // Magic Attack (Elf)
009BD49D E8 CEB02209 CALL main2.09BE8570 // Magic Attack (SU)
009BD4B6 E8 4DB12209 CALL main2.09BE8608 // Magic Attack (RF)
0065EAD4 E8 FC8B5909 CALL main2.09BF76D5 // Kanturu Crash
6) Packet Recv Function Calls Fix (crashes, etc)
0065E476 E8 10885909 CALL main2.09BF6C8B - INSANE_APPLY messagebox shit and client closes (with OllyDBG) (Packet 0xF6)
0065E5C9 E8 AF875909 CALL main2.09BF6D7D - same issue, but packet 0xF8
0065E5AD E8 9C875909 CALL main2.09BF6D4E - Gens NPC (Join to Gens)
0065E5BB E8 A4875909 CALL main2.09BF6D64 - Gens NPC (Leave)
09C22BFB B8 01000000 MOV EAX,1
09C22C00 C3 RETN
09C22C01 90 NOP
09C22C02 90 NOP
09C22C03 90 NOP
09C22C04 90 NOP
0065E460 E8 E6875909 CALL main2.09BF6C4B <- prevent corrupt player data (late crash) (packet 0xF3)
09C225CF B8 01000000 MOV EAX,1
09C225D4 C3 RETN
09C225D5 90 NOP
09C225D6 90 NOP
09C225D7 90 NOP
09C225D8 90 NOP
004F4911 E8 11BC6E09 CALL main2.09BE0527 <- prevent character disappear after some time