Dear community, it’s already a long time ago since my last post, but now I had any news about the current status of my new project. I think most people known my project, like KalOnline server and client protect, and my last project was KalOnline extended module. At end of the last year I had stopped all development on the KalOnline extended module, and that’s was too the born hour of the new project KalOnline extended module v2. The first version of KalOnline extended module was write complete in C/C++ with the Borland C++ Builder, and that’s was the primary reason why I had stop the development on this project. The second reason is; the project includes only all features, so you can’t get separate features. So is the second version of the KalOnline module I hope much better as before. The KalOnline extended module v2 was now complete rewrite in C++ with the Visual Studio C++ 2010 Express Edition. The second version of KalOnline extended module is now really based on modules, mean this project has on server and client a core API, this loads all modules (plug-ins). Too as information; the second version of KalOnline extended module based on SDK, the reason is easy, and so I can write fast any plug-ins for the KalOnline server or client. About the current status take the information below or try my blog.
As information; the second version of KalOnline extended module is not for free, thats is the reason why i want release a KalOnline extende module v2 lite. Primary include the lite version the protection. More about the different between lite and full version take from my blog.
The Current Status:
CoreNameQuick descriptionStatus
The API between Core and Plug-Ins.
Basic~63%
The basic like rates on Server.
Summon~99%
The Summon Controller.
Instance~99%
The Instance Controller.
Reward~99%
The Reward Controller.
Cash~99%
The Cash Controller.
Recall~99%
The Recall Controller.
Protect~99%
The Protection on Server and Client.
~88%
Plug-Ins:
A Plug-In is an Add-On for the Kal Online Extended Module Core V2. Here is a List about my own developed Plug-Ins for the Kal Online Extended Module Core V2. What’s for interesting is, few Plug-Ins works with own configuration file (like Summon, Instance ...), normal storage in the Plug-In directory.
Basic:
The Basic Plug-In is a small Plug-In includes few features. All little features are not equal for other Plug-Ins you can find here. Primary you can find follow features in this Plug-In: a) Players with admin access will auto hide with enter into the world, b) you can define a enter into the world message for the players (to disable this feature set ‘false’ as string instead the message), c) you can define the animal and player experiences rate, d) you can define the mix and enchant rates e) you can define the drop chance rate, f) you can turn on or off the logger for the chat and or for commands (1), g) the party player slot limit on server and client is changed from 6 to 8 players (1), h) the last feature is the item block system in defined areas (1). All the values of each feature you can set in the ‘PlugIns\Basic.txt’, or the area information for block items in ‘Config\Area.txt’. All rate are multiplication of the base, means like the values are already set on server. What do you should know about primary player experiences, the base is on 64 bit, that’s good, but all add values are 32 bit. So as example you can get damage on the player, mean buffer overflow in 32 bit, so will get the player decrease experiences as increase. On this setting you should know what you do.
Summon:
The Summon Plug-In is the base Controller for the in game command ‘/summon’ (1), and for summoning monster via using a scroll. With command summoning you can define features with parameters. The index is a must to use the summon command (1). The summon items must be defined as ‘use item’ in the ‘InitItem.txt’ on server. All information about the parameter takes below of the list. The summon system include much more features for summoning monster via configuration. So you can define an individual summoning monster, but too with the server start (1) or the second way is summoning via scroll. With the KOEM V2 is now the child (1) and hp percent (1) summon available, so you can define a parent summon with children (1). The child (1) monsters will then summon with the death of the parent (1). Too you can define a child (1) of the child (1). The last way of setting is the hp percent (1) summoning. This allowed a child (1) summon from the parent (1) with a defined hp percent (1). You can see it’s a nice and powerful feature in combination.
Instance:
The Instance Plug-In includes the Controller for Summon Monster in an instance. Most of the tags in the configuration are self-explanatory and has only one value, but the tag ‘mode’ is a special case and can have three different values, first ‘normal’ an instance where can join any party, second ‘hero’ (1) where can only join hero members in a party, and last ‘castle’ where can join a party where is the castle owner (1) (depends of the gate status).
For combine summon like child (1) and hp summon (1) look above in summon example!
The 'reward' parameter is now implemented and need the Reward Plug-In.
Reward:
This Reward Plug-In is a small but a nice to have Plug-In. It’s managing the rewards of each player. In combine with the Instance Plug-In can take the players in an Instance reward points. You can define items (1) in a reward NPC with reward points as price. The player can then trade the reward points with the items on reward NPC. That’s only one way to get reward points. The second way is share reward points via command ‘addreward’ see below.
Cash:
The Cash Plug-In has the same base as the Reward Plug-In. The player can’t collect cash points in the game, only an admin can share via command ‘/addcash’ the cash points to the target player. You can define items (1) in cash NPC with cash points as price. The player can then trade the cash points with the items on cash NPC.
Recall:
The Recall Plug-In is now a nice to have feature. The base concept is the same as before. You can recall a single player(1), players in a party (1) and guild (1). In the configuration you can set the valid target location (1) specified by min and max level. Three indexes must be defined as recall items, one for single player recall, one for party (1) recall and one for guild (1) recall. The recall items must be defined as ‘use item’ in the ‘InitItem.txt’ on server. With using a recall item will pop up an input window. There you must input depending system a player name, or leader player name of the party, or the guild leader player name. The recall request is then send in an individual recall to the target player, in a party to the party leader, and guild only to the guild leader. This listen player must accept the recall request before recalling. For the request is a recall item needed and will only removed with accept the recall request. If the recall item not available after accept a recall request, so is the recall request no longer valid. With accept the recall request is starting the checking player information with the valid target location, and got then a teleport or an information message about the problem. On the client site are three files needed in the ‘e.pk’, ‘recall.dat’, ‘recall_party.dat’ for party and ‘recall_guild.dat’.
Protect:
Everyone knows nothing is safe, so you should know this Protect Plug-In has a base of protection, but this alone don’t say your server are is safe with it. It’s alone on the hand of the admin to setup this protect features to a powerful protection. All protection is default disabled! Details about each protection you can take below.
1. Packet En- and Decoding between Server and Client
Sword crypt is the base packets de and encoding between server and client. This protect alone gave in additional a second packets de and encoding to sword crypt.
2. Send Packet from Client to the Server
The client is an old school and some function is known, so too the send function. This protect gave in addition to the core an own send base. This is maybe helpful to block few injects is using the send function.
3. PK En- and Decode of the Client
Thatis I think a favor bypass for something to change or get out from the e.pk or config.pk. This is a must point for using koem v2, without the client will start only with null error. So it’s in additional encoding to sword crypt. KOEM V2 include an own encoder ‘crypt.exe’ to bring the sword crypt encoded ‘e.pk’ and ‘config.pk’ into the koem v2 own encryption.
4. Load KOEM V2 Plug-In
On server site we known koem v2 load all plug-ins in the ‘PlugIns’ directory. That is okay, but I had search a protection to suppress this on the client. The way is easy; some PlugIns must be defined with the filename and md5 hash in a ‘plugin.dat’ in ‘config.pk’. Only Plug-ins will be loaded with the correct hash on client start.
5. MD5
The md5 protection can be helpful to detect any changes on the own files on the client (1). This is a two way protection, means definition on server and client sites (1). With add the ‘md5.dat’ (1) and valid entry’s is the protection active on client. So you can add an md5 hash protection on some file (excluded the ‘config.pk’) in the client directory and must have the format below. Default to own protection you should add the ‘engine.exe’, ‘e.pk’ and ‘client.dll’. The md5 hash is a configuration part of the server and must set in the ‘Protect.txt’. Default you should use this protection, but with ‘false’ instead of the md5 hash you can deactivate this protection.
6. Account Block System
The account block system is more a feature as protection. Since we know the main server include the ‘block’ command without any function it’s a nice to have feature. So you can manage via in game command ‘/block’ and ‘/unblock’ the blocked accounts in koem v2. This system is comes with three basic feature, 1) permanent block, 2) time block (1) and 3) hardware block (1). The last feature we know it’s not a solution for the future. You can take few examples below from the list.
7. Console Detect on client
Some easy hack injection use a console as input prompt for the hack. So is the console detection only a little protection with few words.
8. Debugger Detect
The debugger detect has only one purpose, and who is only detect a debugger in the process to protect primary koem files.
9. Inix Hack Shield Bypass Detect
We known the own hack shield of the client is out of date but include much other maybe protection there are not include in koem v2 protection. The Inix Hack Shield Bypass detect do exactly that’s as the title say. The client must start so with the own hack shield of the client.
10. Skill Cool Down
In all my projects before include too a skill cool down protection, and I think that’s one of the powerful protection of koem v2. That’s a must activate protection! The configuration file is the ‘InitSkill.txt’ of the main server. There are you can find each skill the ‘delay’ tag and only the second parameter is of interesting for us. There are you can define the cool down times each skill. I think some people don’t use this protection because it’s maybe to hard calculate the exactly cool down value and will got a kick with use any skills. But I say that’s not a reason to disable this protection! Few skills have a formula and with it we know it’s not a fix cool down value. So take the formula from the client and put the max skill level into the formula to get the lowest skill cool down value. My suggestion is add a little margin in the cool down value. In the last step you must activate this protection in the ‘PlugIns\Protect.txt’.
11. Max Attack Points
The main server has few bugs where you can do a buffer overflow to get with it a max attack point’s overflow. This is then an abnormal condition in the game, and the player can do one hit on a monster. This protection will detect the above described problem. In the ‘Protect.txt’ you can define the max allowed attack points. The special cases are the admin in the game, because this protection applies only on normal players. Here again, this protection is a must to activate.
12. Invalid state at CSocket
We should know the message ‘Invalid state at CSocket’ is an abnormal condition on the server. I can only report about this message in combine with injects (using the send function on client) hacks on client site. So will this protect kick every client where caused this message. This is a no adjustable protection and is permanent activated.
13. Underground or Fly
Where don’t know about this problem where a player is in game underground or in the air. The fact is only player there want to hide something use this way. So this protection will check constant with a little difference the z coordinates between server and client.
14. Move
The move hack is too an old school hack, and we know all about it. I know two ways to change the movement speed on the client, 1) over the hack injection and 2) via memory tool (like UCE). With both ways can change the movement speed. This protection will compare the movement speed between server and client.
15. Force Emotion
The force emotion (known as force dance) hack is a bug of the main server, but more a programming conception error in my eyes. Most here too is an injection hack, where collect the object ids of all players around and send then a force emotion packet with the object id of each player in around. This protect will compare the sending objection id with the own object id of the player where are sending the emotion.
16. Put On Item
One of the first kal online hack is the fast sword change between one and two hand sword. With the put on item protection is a delay between change weapon and equipment. This protection is permanent active and can’t turn off.
17. Mix System
I think the interest of inixsoft was to done fast the mix system at their time without any checks. The mix system concept is not really thought through. The check of items is the job of the client and the server don’t check the items. Really a bad idea! That is a permanent bug and can’t fix with remove the mix master from the server, or remove the mix items. Primary known is the imperial hack with the mix system where is send a mix packet with wrong low worth items. This protection check now each grades all items is needed for mixing. The second bug in the mix system is important, and with it a reason to activate this protection. With sending a wrong mix packet, means main item is too a part of the mix items like stone or secondary weapon, then will crash the server with successfully mixing. This bug is too solved with the mix system protection.
18. Secondary Password (separate) (1)
The secondary password is a new protect feature, and include now with koem v2 protect Plug-in. To use this feature you need an extra license for the secondary password system, so it’s not a part of the base of protection. The concept is easy, after successfully login with primary login id and password, will prompt the input window for the secondary password. With the first login with this system will prompt then create secondary password windows. The secondary password can change too on the client. All secondary passwords are stored in the koem v2 own text base database (database.dat). On client site are follow files is needed in ‘e.pk’: ‘login2_create.dat’, ‘login2_replace.dat’ and ‘login2.dat’. These three files you can take from the archive.
19. Connection Flooding (1)
The connection flooding protection can help to detect a flooding of connection. In the ‘protect.txt’ you can define any values, like fast connection time or max allowed connection per ip and more. All times are in milliseconds.
Reply With Quote
Originally Posted by AyleN
