About KOEM V2
KOEM V2 is an add-on for the Kal Online Server and Client. The Project is split in two parts, first the ‘Core API’ on Server and Client, and second Plug-Ins for each Core. The idea in KOEM V2 was only for the future, so can everyone with knowhow in C++ and Kal Online write any powerful Plug-Ins for the KOEM V2. The Core alone can nothing, only with Plug-Ins can KOEM V2 strong. Current I want redevelop all features from KOEM V1 as Plug-Ins for KOEM V2 and that’s the current progress.
The Core comes current without any SDK, so you can only use the current features of the java script engine. The full project is in beta; only people with skills should use this file. As information, with using this files you are accept the terms.
Some information about KOEM v2 and available plug-ins you can take from the Guide of the Core package.
About news you can follow me on my blog: KalOnline Extended Module V2
Download: Full_Package
Installation
Msvcp100.dll is a Visual c++ 2010 Runtime library file. This file is needed for a c++ application built with Visual C++ 2010. Also you must get and install the Visual c++ 2010 Runtime library file before you can use KOEM v2.
Important, I think on this point you had already a full working server and client!
Global:
1. Before we can begin with the installation of KOEM v2 you need a clean (unpacked) file of Server (MainSvrT.exe) and Client (engine.exe).
2. Now we need to patch the Server and Client, so we need only a hex editor. Too the ‘MainSvrT.exe’ and ‘engine.exe’ must be unpacked; otherwise KOEM v2 can’t work correctly.
3. Start now you favor hex editor and open the binary file of the Server (MainSvrT.exe). Now search to all strings equal with “ADVAPI32.dll” and replace it with “Main.dll”. Saves the changes and close the file. Retry same this with client (engine.exe), but replace “ADVAPI32.dll” with “Client.dll” instead “Main.dll”.
Server:
4. Extract now the core “Server\Main.dll” from the installation archive, and copy the file into the Server directory where is the “MainSvrT.exe” located.
5. Some plug-ins need a license, so we need to copy now the server license file “data.lzs” too into the Server directory where is the ‘MainSvrT.exe’ located.
6. For a quick check we want now to start the server. To see KOEM v2 is started you can check it with a) on the menu point “KOEM”, or about extended loading information in the log window. With any fault try again the steps above?
7. The core is now ready, so we want now to install the available plug-ins. So extract now the complete “Server\PlugIns” directory from the installation archive, and copy the directory into the server directory where is “MainSvrT.exe” located. The plug-in directory is the base directory where KOEM v2 will load plug-ins. The plug-in directory can too include any configuration files of any plug-ins.
8. The core and some plug-ins need some settings, so we want now to extract the “server\config.cfg” file from the installation archive, and copy the file into the server directory where is the “MainSvrT.exe” located.
9. Some plug-ins need maybe game specific configuration files, so we want now to extract all configuration files from the „Server\Config“ directory of the installation archive, and copy the files into the „Config“ directory where is the „MainSvrT.exe“ located.
10. The last step is a quick check, so we want now start again the server. We know the core is started without any problems, but now we want to know all known plug-ins is loaded with KOEM v2. So without any fault you can find for each plug-in a menu entry under “KOEM”, “Plug-ins”. So if we missed any plug-in, so check the steps above again. As information, use all the times the plug-ins with the core you have got.
Client:
11. Now we want to setup the client, so we want now to extract the core “Client\Client.dll” from the installation archive, and copy the file into the directory where is the “engine.exe” located.
12. Some plug-ins need a license, so we need to copy now the server license file “data.lzc” too into the client directory where is the ‘engine.exe’ located.
13. The core is now ready, so we want now to install the available plug-ins. So extract now the complete “Client\PlugIns” directory from the installation archive, and copy the directory into the client directory where is “engine.exe” located. The plug-in directory is the base directory where KOEM v2 will load plug-ins. The difference to the server is here, the client core want only load defined plug-ins from the “plugin.dat” in the Config.pk. In the “plugin.dat” is defining first one the plugin we want to load, second the md5 hash of the plugin file. Only defined plug-ins with the correct md5 hash will be load with the client start. Here below is a example file format.
Format:
14. Now is the time to create the KOEM v2 encoded pk files. To do encode a pk file we need the KOEM v2 command line tool with the name “crypt.exe”. This tool you can find in the installation archive. But before we can use this encoder tool we need before to copy the server license file “datal.lzs” into the directory where is the “crypt.exe” located. We have now two ways to use this encoder tool; one of the ways is to execute the “crypt.exe” via double click. The second way I think is the best and fastest way via drag and drop to the “crypt.exe”. The KOEM v2 encoder tool want few information like the file path to the pk file, too the password of the pk file. Now we can the ‘swordcrypted’ file “config.pk” and “e.pk” encode with the KOEM v2 encoder. If the KOEM v2 encoded pk files a different directory of the client pk location, so we must now copy the KOEM v2 encoded file to the client.Code:(plugin (file Summon.cpln) (hash 3034a025efeaffcd3de2290b10b1106b)) (plugin (file Protect.cpln) (hash e28f919af7a5bfe66c67adcfe8e7f93d))
As quick information, some people want maybe to create a batch file to use the KOEM v2 encoder, here a little example.
Don’t forget to create the “plugin.dat”; this file is needed to load plug-ins on client!Code:@echo off crypt.exe config.pk JKSYEHAB#9052 crypt.exe e.pk JKSYEHAB#9052 pause
15. The last step is a quick test, so we want now to start the client to check. If you get a null error message, so try again the steps above. The null error message can have many reasons; begin with wrong password over wrong patched client. The important reason can be a wrong md5 hash in the “plugin.dat” of each plug-in.
Protection
Everyone knows nothing is safe, so you should know this Protect Plug-In has a base of protection, but this alone don’t say your server are is safe with it. It’s alone on the hand of the admin to setup this protect features to a powerful protection. All protection is default disabled! Details about each protection you can take below.
1. Packet En- and Decoding between Server and Client
Sword crypt is the base packets de and encoding between server and client. This protect alone gave in additional a second packets de and encoding to sword crypt.
2. Send Packet from Client to the Server
The client is an old school and some function is known, so too the send function. This protect gave in addition to the core an own send base. This is maybe helpful to block few injects is using the send function.
3. PK En- and Decode of the Client
Thatis I think a favor bypass for something to change or get out from the e.pk or config.pk. This is a must point for using koem v2, without the client will start only with null error. So it’s in additional encoding to sword crypt. KOEM V2 include an own encoder ‘crypt.exe’ to bring the sword crypt encoded ‘e.pk’ and ‘config.pk’ into the koem v2 own encryption.
4. Load KOEM V2 Plug-In
On server site we known koem v2 load all plug-ins in the ‘PlugIns’ directory. That is okay, but I had search a protection to suppress this on the client. The way is easy; some PlugIns must be defined with the filename and md5 hash in a ‘plugin.dat’ in ‘config.pk’. Only Plug-ins will be loaded with the correct hash on client start.
Format:
5. Load LibraryCode:(plugin (file Summon.cpln) (hash 3034a025efeaffcd3de2290b10b1106b)) (plugin (file Protect.cpln) (hash e28f919af7a5bfe66c67adcfe8e7f93d))
On server site we known koem v2 load all libraries in the ‘Libraries’ directory. That is okay, but I had search a protection to suppress this on the client. The way is easy; some libraries must be defined with the filename and md5 hash in a ‘library.dat’ in ‘config.pk’. Only libraries will be loaded with the correct hash on client start.
Format:
6. MD5Code:(library (file some.dll) (hash 371b737f19cef75ef02e99c3b62b9df3)) (library (file other.dll) (hash 631b6a98418a6109192cd14436fe98a3))
The md5 protection can be helpful to detect any changes on the own files on the client. This is a two way protection, means definition on server and client sites. With add the ‘md5.dat’ and valid entry’s is the protection active on client. So you can add an md5 hash protection on some file (excluded the ‘config.pk’) in the client directory and must have the format below. Default to own protection you should add the ‘engine.exe’, ‘e.pk’ and ‘client.dll’. The md5 hash is a configuration part of the server and must set in the ‘Protect.txt’. Default you should use this protection, but with ‘false’ instead of the md5 hash you can deactivate this protection.
Format: (md5.dat on client)
Format: (Protect.txt on server)Code:(md5 (file PlugIns\Summon.cpln) (hash 3034a025efeaffcd3de2290b10b1106b)) (md5 (file PlugIns\Protect.cpln) (hash e28f919af7a5bfe66c67adcfe8e7f93d))
Code:[Protect] MD5OfConfig = 9ef8d02f1263ba3add37b32928352713
7. Account Block System
The account block system is more a feature as protection. Since we know the main server include the ‘block’ command without any function it’s a nice to have feature. So you can manage via in game command ‘/block’ and ‘/unblock’ the blocked accounts in koem v2. This system is comes with three basic feature, 1) permanent block, 2) time block and 3) hardware block. The last feature we know it’s not a solution for the future. You can take few examples below from the list.
Example 1: To block a Player Account permanent use the follow Command:
‘/block –p <player> -n <note>’
Example 2: To block a Player Account and too the active Compute of the Player then use the follow Command:
‘/block –p <player> -c –n <note>’
Example 3: To block a Player Account until defined time (in seconds) use the follow command:
‘/block –p <player> -t <time> –n <note>’
For commands above must be the player online!
Example 4: To get a information about blocked player use the follow Command:
‘/block –info –p <player>’
Example 5: To unblock a Player Account use follow Command:
‘/unblock –p <player>’
8. Console Detect on client
Some easy hack injection use a console as input prompt for the hack. So is the console detection only a little protection with few words.
9. Debugger Detect
The debugger detect has only one purpose, and who is only detect a debugger in the process to protect primary koem files.
10. Inix Hack Shield Bypass Detect
We known the own hack shield of the client is out of date but include much other maybe protection there are not include in koem v2 protection. The Inix Hack Shield Bypass detect do exactly that’s as the title say. The client must start so with the own hack shield of the client.
11. Skill Cool Down
In all my projects before include too a skill cool down protection, and I think that’s one of the powerful protection of koem v2. That’s a must activate protection! The configuration file is the ‘InitSkill.txt’ of the main server. There are you can find each skill the ‘delay’ tag and only the second parameter is of interesting for us. There are you can define the cool down times each skill. I think some people don’t use this protection because it’s maybe to hard calculate the exactly cool down value and will got a kick with use any skills. But I say that’s not a reason to disable this protection! Few skills have a formula and with it we know it’s not a fix cool down value. So take the formula from the client and put the max skill level into the formula to get the lowest skill cool down value. My suggestion is add a little margin in the cool down value. In the last step you must activate this protection in the ‘PlugIns\Protect.txt’. An fast and easy way to get the fix value of each plug-in is the learn mode. Is the protection in learn mode, so will get the protection automatic the lowest cool down value. The command ‘/learnon will turn on the cool down learn mode, and only the skills are used from the admin can have an effect in learn mode. What’s we want to know is, the admin should be have all skills with the max level. So try few times (like while three minutes) an skill, so you will get a information about found a new cool down value. Try this for each skill and each class. The last step is to turn off the learn mode with the command ‘/learnoff’. With the server shutdown will protect write a new ‘InitSkill.txt’ file.
12. Max Attack Points
The main server has few bugs where you can do a buffer overflow to get with it a max attack point’s overflow. This is then an abnormal condition in the game, and the player can do one hit on a monster. This protection will detect the above described problem. In the ‘Protect.txt’ you can define the max allowed attack points. The special cases are the admin in the game, because this protection applies only on normal players. Here again, this protection is a must to activate.
13. Invalid state at CSocket
We should know the message ‘Invalid state at CSocket’ is an abnormal condition on the server. I can only report about this message in combine with injects (using the send function on client) hacks on client site. So will this protect kick every client where caused this message. This is a no adjustable protection and is permanent activated.
14. Underground or Fly
Where don’t know about this problem where a player is in game underground or in the air. The fact is only player there want to hide something use this way. So this protection will check constant with a little difference the z coordinates between server and client.
15. Move
The move hack is too an old school hack, and we know all about it. I know two ways to change the movement speed on the client, 1) over the hack injection and 2) via memory tool (like UCE). With both ways can change the movement speed. This protection will compare the movement speed between server and client.
16. Force Emotion
The force emotion (known as force dance) hack is a bug of the main server, but more a programming conception error in my eyes. Most here too is an injection hack, where collect the object ids of all players around and send then a force emotion packet with the object id of each player in around. This protect will compare the sending objection id with the own object id of the player where are sending the emotion.
17. Put On Item
One of the first kal online hack is the fast sword change between one and two hand sword. With the put on item protection is a delay between change weapon and equipment. This protection is permanent active and can’t turn off.
18. Mix System
I think the interest of inixsoft was to done fast the mix system at their time without any checks. The mix system concept is not really thought through. The check of items is the job of the client and the server don’t check the items. Really a bad idea! That is a permanent bug and can’t fix with remove the mix master from the server, or remove the mix items. Primary known is the imperial hack with the mix system where is send a mix packet with wrong low worth items. This protection check now each grades all items is needed for mixing. The second bug in the mix system is important, and with it a reason to activate this protection. With sending a wrong mix packet, means main item is too a part of the mix items like stone or secondary weapon, then will crash the server with successfully mixing. This bug is too solved with the mix system protection.
19. Secondary Password (separate)
The secondary password is a new protect feature, and include now with koem v2 protect Plug-in. To use this feature you need an extra license for the secondary password system, so it’s not a part of the base of protection. The concept is easy, after successfully login with primary login id and password, will prompt the input window for the secondary password. With the first login with this system will prompt then create secondary password windows. The secondary password can change too on the client. All secondary passwords are stored in the koem v2 own text base database (database.dat). On client site are follow files is needed in ‘e.pk’: ‘login2_create.dat’, ‘login2_replace.dat’ and ‘login2.dat’. These three files you can take from the archive.
20. Connection Flooding
The connection flooding protection can help to detect a flooding of connection. In the ‘protect.txt’ you can define any values, like fast connection time or max allowed connection per ip and more. All times are in milliseconds.
I hope I can help this community with this release.
Good luck.
UPDATE 2011-09-18:
A new update is now available to download as package here, or over the update function in KOEM menu. This update include follow bug fixes; 1) the java script engine crash the server until shutdown progress, this is now fixed and should solved the bug with losing data in the database, 2) each database object had normal a auto sort by child count, this was the problem like in the instance level order, this should now solved too with this release, 3) and the last known bug I had found in the script manager on the client Core, that’s is the reason why the engine got crashed until use custom scripts like Recall or Secondary Password, this bug is now also solved.
But the primary change is on the base of the Core and Plug-ins. The Core and each Plug-in use now two new shared libraries, first the Runtime (Runtime.dll); its share objects each for server and client, second the Public (Public.dll); its shared objects can be used from Server and Client. This is a step forward to the SDK release. Please read the installation instruction in the guide!
Also I want to inform about the current status of the SDK for KOEM v2. I know the current SDK include some stuff to develop own Plug-ins, only as example the stuff I use for my own Plug-ins, but the SDK is still under develop. I think I want to release in the next days the first base of the SDK with an all-in-one example for server and client, but the SDK will don’t include documentation about the API. That’s is then only a release for people with knowhow, or for people with fast understand or so …
UPDATE 2011-09-25:
A new update is now available to download as package only here, I had stopped the update support over update server. This update includes some bug fixes, some changes and also I removed few features. More about the update changes you can take from the change history from the release package.
Originally Posted by AyleN
