[Tutorial] Patch your GunzLauncher v2

[purpleCRAYON]

Here is a few ways you can patch your GunzLauncher. (:

1) Download GunZLauncher from here.
2) Open it in a hex editor, and edit:
@SKIP_UPDATE to something like @00000000000 (Make sure it is 11 characters)
3) Edit:
@TEST_LAUNCH to the same thing as above, 11 characters.
Note: The above can be ANYTHING as long as it is 11 characters!
4) Now, save it and make sure it still works properly.
5) Open it in OllyDbg which can be found here.
6) Click this button:

And type in:

Code:

00406601

Now, double click it and you will get this code:

Code:

PUSH 43C648

Change "PUSH" to "JMP". So it looks like this:

Code:

00406601   . 68 48C64300    JMP GunzLaun.0043C648                   ;  ASCII "@00000000000"

Now, find a good obfuscater like Themida, or something similiar, pack your executable and find a way to MD5 check your launcher, to make sure people don't make a new one, and you are on your way to making a very secure server.

[MentaL]

[Guy]

Themida isn't an obfuscation tool, it's a packer/protector.

The only "secure" way of having a check on the launcher would to have another tool running, or to have the client send in a salted hash of the launcher, salting it against an identifiable piece of information from the user, such as the account they login with. Even at that, anyone could modify the hash being sent to be a static one, matching their specific account.

Also, a tool such as Themida can be unpacked - ideally, you should just remove the @SKIP_PATCH routine entirely a la disassembly then reassemble the binary, and lastly, use a protection technique such as virtualization, or even polymorphism, for protecting the launcher.

[purpleCRAYON]

Themida isn't an obfuscation tool, it's a packer/protector.

The only "secure" way of having a check on the launcher would to have another tool running, or to have the client send in a salted hash of the launcher, salting it against an identifiable piece of information from the user, such as the account they login with. Even at that, anyone could modify the hash being sent to be a static one, matching their specific account.

Also, a tool such as Themida can be unpacked - ideally, you should just remove the @SKIP_PATCH routine entirely a la disassembly then reassemble the binary, and lastly, use a protection technique such as virtualization, or even polymorphism, for protecting the launcher.

They need a +1 button on this forum.

[JusticeDK]

This is still good but i want another new tut for auto update =]
i know this is for securing the gunzlauncher...

[Chanel]

This is still good but i want another new tut for auto update =]
i know this is for securing the gunzlauncher...

OMG, CAPTIAN OBVIOUS!
thats exactly what he said!

[purpleCRAYON]

OMG, CAPTIAN OBVIOUS!
thats exactly what he said!

Haha! Thanks.