Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
MVVintage
It'd be good to note here this is an improper formula for it. Me and BlitzMK figured this was the most appropriate way of doing it. It'll give all users a unique HWID > 0, I doubt it's right though. Works per computer from the looks of it (disregards VPNs, mac spoofers, etc(?))
I still have to implement it myself. Surprised someone else actually knew about this, I made a thread about it a while ago LOL. You're correct, it is a unique SystemInfo MachineID. It is 16 bytes of data, and is initialized upon password select (and on SendViewAllCharPacket). It has some commands and I thought it got operating system information but in the end only got volume serial numbers.
Here is the client sub if you're interested:
PHP Code:
int __thiscall CSystemInfo::Init(void *this)
{
signed int v1; // ebx@1
int v2; // edx@13
signed int v3; // eax@13
int v4; // ecx@13
int v5; // esi@14
CSystemInfo *v6; // esi@15
int v7; // ecx@15
CSystemInfo *v8; // edx@15
int v9; // eax@15
int v10; // ecx@15
int result; // eax@16
int v12; // eax@21
int v13; // ecx@21
CSystemInfo *v14; // esi@21
int v15; // edx@21
__int64 v16; // kr08_8@22
CSystemInfo *v17; // esi@22
int v18; // eax@22
CSystemInfo *v19; // [sp+7Ch] [bp-9B8h]@1
char v20[9]; // [sp+80h] [bp-9B4h]@1
int v21; // [sp+89h] [bp-9ABh]@1
__int16 v22; // [sp+8Dh] [bp-9A7h]@1
char v23; // [sp+8Fh] [bp-9A5h]@1
int v24; // [sp+90h] [bp-9A4h]@11
char v25; // [sp+94h] [bp-9A0h]@11
struct _NCB pncb; // [sp+98h] [bp-99Ch]@1
char v27; // [sp+D8h] [bp-95Ch]@11
CSystemInfoVtbl *v28; // [sp+DCh] [bp-958h]@1
int v29; // [sp+E0h] [bp-954h]@21
int v30; // [sp+E4h] [bp-950h]@21
int v31; // [sp+E8h] [bp-94Ch]@21
int v32; // [sp+1DCh] [bp-858h]@3
__int16 v33; // [sp+1E0h] [bp-854h]@8
char v34; // [sp+1E4h] [bp-850h]@6
char v35; // [sp+434h] [bp-600h]@11
char v36; // [sp+437h] [bp-5FDh]@11
char v37; // [sp+634h] [bp-400h]@11
char v38; // [sp+834h] [bp-200h]@11
*(_QWORD *)&v20[1] = 0i64;
v19 = (CSystemInfo *)this;
v21 = 0;
v22 = 0;
memset(&pncb, 0, sizeof(pncb));
v20[0] = 0;
v23 = 0;
LOBYTE(v28) = 0;
pncb.ncb_command = 55;
pncb.ncb_buffer = (char *)&v28;
pncb.ncb_length = 256;
Netbios(&pncb);
v1 = 0;
if ( (_BYTE)v28 )
{
while ( 1 )
{
memset(&pncb, 0, sizeof(pncb));
pncb.ncb_command = 50;
pncb.ncb_lana_num = v1;
if ( !Netbios(&pncb) )
{
memset(&pncb, 0, sizeof(pncb));
strcpy(pncb.ncb_callname, "*");
pncb.ncb_command = 51;
pncb.ncb_lana_num = v1;
memset(&v32, 0, 0x258u);
pncb.ncb_buffer = (char *)&v32;
pncb.ncb_length = 600;
if ( !Netbios(&pncb) )
break;
}
++v1;
if ( v1 >= (unsigned __int8)v28 )
goto LABEL_11;
}
if ( v34 != -2 && v34 != -1 )
{
if ( v34 )
v20[0] = v34;
}
else
{
*(_DWORD *)v20 = v32;
*(_WORD *)&v20[4] = v33;
}
}
LABEL_11:
GetWindowsDirectoryA(&v35, 0x200u);
v36 = 0;
if ( GetVolumeInformationA(&v35, &v37, 0x200u, (LPDWORD)&v24, (LPDWORD)&v25, (LPDWORD)&v27, &v38, 0x200u) == 1 )
*(_DWORD *)&v20[6] = v24;
v2 = 0;
v3 = 0;
v4 = (int)v20;
do
{
v5 = v3 + 3;
LOWORD(v5) = *(_WORD *)v4 * (v3 + 3);
v2 += v5;
++v3;
v4 += 2;
}
while ( v3 < 6 );
v6 = v19;
v7 = *(_DWORD *)&v20[4];
*(__int16 *)((char *)&v22 + 1) = v2;
v8 = (CSystemInfo *)((char *)v19 + 20);
*(_DWORD *)&v19->MachineId[0] = *(_DWORD *)v20;
v9 = *(_DWORD *)&v20[8];
*(_DWORD *)&v8->SupportId[0] = v7;
v10 = *(int *)((char *)&v21 + 3);
*(_DWORD *)&v8->SupportId[4] = v9;
*(_DWORD *)&v8->SupportId[8] = v10;
RegOpenKeyExA(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", 0, 3u, (PHKEY)&v19);
if ( v19 )
{
v24 = 256;
if ( RegQueryValueExA((HKEY)v19, "CxSupportId", 0, (LPDWORD)&v25, (LPBYTE)&v28, (LPDWORD)&v24) || v24 != 16 )
{
CoCreateGuid((GUID *)v20);
RegSetValueExA((HKEY)v19, "CxSupportId", 0, 3u, v20, 0x10u);
v16 = *(_QWORD *)&v20[4];
v17 = (CSystemInfo *)((char *)v6 + 4);
v17->vfptr = *(CSystemInfoVtbl **)v20;
v18 = *(int *)((char *)&v21 + 3);
*(_QWORD *)&v17->SupportId[0] = v16;
*(_DWORD *)&v17->SupportId[8] = v18;
}
else
{
v12 = v29;
v13 = v30;
v14 = (CSystemInfo *)((char *)v6 + 4);
v14->vfptr = v28;
v15 = v31;
*(_DWORD *)&v14->SupportId[0] = v12;
*(_DWORD *)&v14->SupportId[4] = v13;
*(_DWORD *)&v14->SupportId[8] = v15;
}
result = RegCloseKey((HKEY)v19);
}
else
{
result = (int)v6->SupportId;
do
{
*(_BYTE *)result = *(_BYTE *)(result + 16);
++result;
}
while ( -4 - (signed int)v6 + result < 16 );
}
return result;
}
This is where it calls the GetVolumeInformation() and returns the serial number.
Code:
___:00B14114 ; BOOL __stdcall GetVolumeInformationA(LPCSTR lpRootPathName, LPSTR lpVolumeNameBuffer, DWORD nVolumeNameSize, LPDWORD lpVolumeSerialNumber, LPDWORD lpMaximumComponentLength, LPDWORD lpFileSystemFlags, LPSTR lpFileSystemNameBuffer, DWORD nFileSystemNameSize)
This is from the microsoft libraries though, but you could definitely find how everything being translated if you really care to. But, either way, just adding all the ints together generates a unique 16-byte MachineID. I have yet to test it on a mac spoofer, but iirc, using a VPN I had the same MachineID.
Nice job though, something you don't see in public sources. ;)
Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
Eric
I still have to implement it myself. Surprised someone else actually knew about this, I made a thread about it a while ago LOL. You're correct, it is a unique SystemInfo MachineID. It is 16 bytes of data, and is initialized upon password select (and on SendViewAllCharPacket). It has some commands and I thought it got operating system information but in the end only got volume serial numbers.
Here is the client sub if you're interested:
PHP Code:
int __thiscall CSystemInfo::Init(void *this)
{
signed int v1; // ebx@1
int v2; // edx@13
signed int v3; // eax@13
int v4; // ecx@13
int v5; // esi@14
CSystemInfo *v6; // esi@15
int v7; // ecx@15
CSystemInfo *v8; // edx@15
int v9; // eax@15
int v10; // ecx@15
int result; // eax@16
int v12; // eax@21
int v13; // ecx@21
CSystemInfo *v14; // esi@21
int v15; // edx@21
__int64 v16; // kr08_8@22
CSystemInfo *v17; // esi@22
int v18; // eax@22
CSystemInfo *v19; // [sp+7Ch] [bp-9B8h]@1
char v20[9]; // [sp+80h] [bp-9B4h]@1
int v21; // [sp+89h] [bp-9ABh]@1
__int16 v22; // [sp+8Dh] [bp-9A7h]@1
char v23; // [sp+8Fh] [bp-9A5h]@1
int v24; // [sp+90h] [bp-9A4h]@11
char v25; // [sp+94h] [bp-9A0h]@11
struct _NCB pncb; // [sp+98h] [bp-99Ch]@1
char v27; // [sp+D8h] [bp-95Ch]@11
CSystemInfoVtbl *v28; // [sp+DCh] [bp-958h]@1
int v29; // [sp+E0h] [bp-954h]@21
int v30; // [sp+E4h] [bp-950h]@21
int v31; // [sp+E8h] [bp-94Ch]@21
int v32; // [sp+1DCh] [bp-858h]@3
__int16 v33; // [sp+1E0h] [bp-854h]@8
char v34; // [sp+1E4h] [bp-850h]@6
char v35; // [sp+434h] [bp-600h]@11
char v36; // [sp+437h] [bp-5FDh]@11
char v37; // [sp+634h] [bp-400h]@11
char v38; // [sp+834h] [bp-200h]@11
*(_QWORD *)&v20[1] = 0i64;
v19 = (CSystemInfo *)this;
v21 = 0;
v22 = 0;
memset(&pncb, 0, sizeof(pncb));
v20[0] = 0;
v23 = 0;
LOBYTE(v28) = 0;
pncb.ncb_command = 55;
pncb.ncb_buffer = (char *)&v28;
pncb.ncb_length = 256;
Netbios(&pncb);
v1 = 0;
if ( (_BYTE)v28 )
{
while ( 1 )
{
memset(&pncb, 0, sizeof(pncb));
pncb.ncb_command = 50;
pncb.ncb_lana_num = v1;
if ( !Netbios(&pncb) )
{
memset(&pncb, 0, sizeof(pncb));
strcpy(pncb.ncb_callname, "*");
pncb.ncb_command = 51;
pncb.ncb_lana_num = v1;
memset(&v32, 0, 0x258u);
pncb.ncb_buffer = (char *)&v32;
pncb.ncb_length = 600;
if ( !Netbios(&pncb) )
break;
}
++v1;
if ( v1 >= (unsigned __int8)v28 )
goto LABEL_11;
}
if ( v34 != -2 && v34 != -1 )
{
if ( v34 )
v20[0] = v34;
}
else
{
*(_DWORD *)v20 = v32;
*(_WORD *)&v20[4] = v33;
}
}
LABEL_11:
GetWindowsDirectoryA(&v35, 0x200u);
v36 = 0;
if ( GetVolumeInformationA(&v35, &v37, 0x200u, (LPDWORD)&v24, (LPDWORD)&v25, (LPDWORD)&v27, &v38, 0x200u) == 1 )
*(_DWORD *)&v20[6] = v24;
v2 = 0;
v3 = 0;
v4 = (int)v20;
do
{
v5 = v3 + 3;
LOWORD(v5) = *(_WORD *)v4 * (v3 + 3);
v2 += v5;
++v3;
v4 += 2;
}
while ( v3 < 6 );
v6 = v19;
v7 = *(_DWORD *)&v20[4];
*(__int16 *)((char *)&v22 + 1) = v2;
v8 = (CSystemInfo *)((char *)v19 + 20);
*(_DWORD *)&v19->MachineId[0] = *(_DWORD *)v20;
v9 = *(_DWORD *)&v20[8];
*(_DWORD *)&v8->SupportId[0] = v7;
v10 = *(int *)((char *)&v21 + 3);
*(_DWORD *)&v8->SupportId[4] = v9;
*(_DWORD *)&v8->SupportId[8] = v10;
RegOpenKeyExA(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion", 0, 3u, (PHKEY)&v19);
if ( v19 )
{
v24 = 256;
if ( RegQueryValueExA((HKEY)v19, "CxSupportId", 0, (LPDWORD)&v25, (LPBYTE)&v28, (LPDWORD)&v24) || v24 != 16 )
{
CoCreateGuid((GUID *)v20);
RegSetValueExA((HKEY)v19, "CxSupportId", 0, 3u, v20, 0x10u);
v16 = *(_QWORD *)&v20[4];
v17 = (CSystemInfo *)((char *)v6 + 4);
v17->vfptr = *(CSystemInfoVtbl **)v20;
v18 = *(int *)((char *)&v21 + 3);
*(_QWORD *)&v17->SupportId[0] = v16;
*(_DWORD *)&v17->SupportId[8] = v18;
}
else
{
v12 = v29;
v13 = v30;
v14 = (CSystemInfo *)((char *)v6 + 4);
v14->vfptr = v28;
v15 = v31;
*(_DWORD *)&v14->SupportId[0] = v12;
*(_DWORD *)&v14->SupportId[4] = v13;
*(_DWORD *)&v14->SupportId[8] = v15;
}
result = RegCloseKey((HKEY)v19);
}
else
{
result = (int)v6->SupportId;
do
{
*(_BYTE *)result = *(_BYTE *)(result + 16);
++result;
}
while ( -4 - (signed int)v6 + result < 16 );
}
return result;
}
This is where it calls the GetVolumeInformation() and returns the serial number.
Code:
___:00B14114 ; BOOL __stdcall GetVolumeInformationA(LPCSTR lpRootPathName, LPSTR lpVolumeNameBuffer, DWORD nVolumeNameSize, LPDWORD lpVolumeSerialNumber, LPDWORD lpMaximumComponentLength, LPDWORD lpFileSystemFlags, LPSTR lpFileSystemNameBuffer, DWORD nFileSystemNameSize)
This is from the microsoft libraries though, but you could definitely find how everything being translated if you really care to. But, either way, just adding all the ints together generates a unique 16-byte MachineID. I have yet to test it on a mac spoofer, but iirc, using a VPN I had the same MachineID.
Nice job though, something you don't see in public sources. ;)
Not surprised you had posted a thread about this actually! You have a lot of good documentation/reference stuff in your posts about material regarding the BMS files. I had no clue at first how to go about it, and initially the 4 int's added together would result in a negative MachineID for some people which didn't seem right, so the next most sensible thing was to add 0x7FFFFFFF.
I thought originally it got some serials in relation to your Hard Drive and possibly motherboard, but I guess that wasn't the case after all.
Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
MVVintage
Not surprised you had posted a thread about this actually! You have a lot of good documentation/reference stuff in your posts about material regarding the BMS files. I had no clue at first how to go about it, and initially the 4 int's added together would result in a negative MachineID for some people which didn't seem right, so the next most sensible thing was to add 0x7FFFFFFF.
I thought originally it got some serials in relation to your Hard Drive and possibly motherboard, but I guess that wasn't the case after all.
Yep, I had the same problem with negative id's and was like wat. ;P I thought so too, it would make sense being other hardware cuz selecting chars is HWID.. :(
Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
Miltank
Holy shit there is HWID blocking in this source. Amazing release.
Quote:
Originally Posted by
MVVintage
It'd be good to note here this is an improper formula for it. Me and BlitzMK figured this was the most appropriate way of doing it. It'll give all users a unique HWID > 0, I doubt it's right though. Works per computer from the looks of it (disregards VPNs, mac spoofers, etc(?))
MapleSolaxia actually had HWID bans in the release as well, just was never announced. They used the volume serial number that was sent to the server in the char select packet for yet another method.
Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
Twdtwd
MapleSolaxia actually had HWID bans in the release as well, just was never announced. They used the volume serial number that was sent to the server in the char select packet for yet another method.
Correct me if I'm wrong but didn't you guys do it as a string? It seems to differ from the login one (from what I saw), and I couldn't find it in v62 for the character selection one, unless I glanced over it.
EDIT: I did miss it! Thank you for mentioning this.
Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
MVVintage
Correct me if I'm wrong but didn't you guys do it as a string? It seems to differ from the login one (from what I saw), and I couldn't find it in v62 for the character selection one, unless I glanced over it.
EDIT: I did miss it! Thank you for mentioning this.
They are two different things. Nexon has several IP/Mac/Machine data parsed. HWID's in OnSelectCharacter are parsed as Strings, yes.
1 -> MachineID, 16-byte ID on OnCheckPassword.
2 -> LocalSocketAddr, 4-byte Local IP Address on OnSelectWorld.
3 -> MacAddress, string on OnSelectCharacter.
4 -> MacAddressWithHDDSerial, string on OnSelectCharacter.
However, sMacAddressWithHDDSerial is newer. Is it actually in v62? I thought it was around when PIC came around as it isn't in v40b and isn't in any v20-v30 source I've ever checked. If it's in v62, I wonder if it was added in v49~v55, or if it's new to v60+.. Too lazy to check every version but interesting to see it is on v62 ;P
Re: [Release] MapleVintage (based on XiuzSource)
Legends use a HWID ban system as well (or I assume its HWID.. its diff then MAC) so can confirm (further) v0.62 supports it one way or another. I haven't checked if this source does it different than we do. However, pretty sure its called at character select only.
Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
Eric
They are two different things. Nexon has several IP/Mac/Machine data parsed. HWID's in OnSelectCharacter are parsed as Strings, yes.
1 -> MachineID, 16-byte ID on OnCheckPassword.
2 -> LocalSocketAddr, 4-byte Local IP Address on OnSelectWorld.
3 -> MacAddress, string on OnSelectCharacter.
4 -> MacAddressWithHDDSerial, string on OnSelectCharacter.
However, sMacAddressWithHDDSerial is newer. Is it actually in v62? I thought it was around when PIC came around as it isn't in v40b and isn't in any v20-v30 source I've ever checked. If it's in v62, I wonder if it was added in v49~v55, or if it's new to v60+.. Too lazy to check every version but interesting to see it is on v62 ;P
I couldn't find it in the BMS WvsGame IDB so I'd have to assume it's 'newer'. Maybe within 5-6 versions of v62? That's my guess.
Quote:
Originally Posted by
Kimberly
Legends use a HWID ban system as well (or I assume its HWID.. its diff then MAC) so can confirm (further) v0.62 supports it one way or another. I haven't checked if this source does it different than we do. However, pretty sure its called at character select only.
We did ours through the onCheckPassword function, but as @Eric mentioned it seems that there is one in both the character selection and on login functions, among others.
Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
Kimberly
Legends use a HWID ban system as well (or I assume its HWID.. its diff then MAC) so can confirm (further) v0.62 supports it one way or another. I haven't checked if this source does it different than we do. However, pretty sure its called at character select only.
You assume it's HWID? Let's ask Navi before we post :blushing::blushing:
Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
retard
You assume it's HWID? Let's ask Navi before we post :blushing::blushing:
I don't really care what it is called what we use, I refer the name by how we use them. They are different than MAC and they do the job properly, that's all that matters.
Also, this is going off-topic, so this is the last reply about this.
Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
Kimberly
I don't really care what it is called what we use, I refer the name by how we use them. They are different than MAC and they do the job properly, that's all that matters.
Also, this is going off-topic, so this is the last reply about this.
He wasn't wrong. I realize this is off topic and I apologize, but to boldly state something that you do not know is true or not is a bad rap for the image of maple legends. Other than that, you guys are doing great work.
Re: [Release] MapleVintage (based on XiuzSource)
Having some problems with the SQL. I removed gender (accounts table) from the source, but adding
Code:
ALTER TABLE accounts ADD hwid TEXT;
ALTER TABLE accounts ADD SessionIP TEXT AFTER loggedin;
Results in error 38 when logging in. I have no errors either. Did I miss something to add in the SQL?
Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
MorphMS2015
Having some problems with the SQL. I removed gender (accounts table) from the source, but adding
Code:
ALTER TABLE accounts ADD hwid TEXT;
ALTER TABLE accounts ADD SessionIP TEXT AFTER loggedin;
Results in error 38 when logging in. I have no errors either. Did I miss something to add in the SQL?
PlayerLoggedinHandler is still probably trying to send setGender if you didn't remove the packet in there, otherwise I couldn't tell you.
1 Attachment(s)
Re: [Release] MapleVintage (based on XiuzSource)
Re: [Release] MapleVintage (based on XiuzSource)
Quote:
Originally Posted by
arn0ldinyo
You're missing an opcode value in your sendops.properties (or recvops), and you're also missing two columns in your MySQL table for accounts -> gender, and hwid. Alter the table and add the new columns.
