SOURCE CODE d3d8thk.dll

Partial translation table:

Code:

---

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  .
3F 38 39 3A 0B 04 05    07 00 01 02 33 0C 0D OE 0F 08 09 0A 1B 14          10 4C
                    06                                          13 12 11

---

I don't have confirmation on H, W, X and Y, those are guesses. And I haven't figured out the numbers yet, as we just have 0,1 and 4 (4E, 4F and 4A, respectively).

I was planning to plug in my guesses for the missing characters into the string and run it through oSpy to verify the values, but for some reason oSpy only wants to crash now when I try to launch it.

You are faster than me this time I just done the same.

Try to delete config.dat in your ospy folder?

Cool, that worked. Thanks.

Ummm, I don't know about running a server that can be accessed privately, but I just ran mine with no d3d8thk.dll at all and it worked fine. And I don't have any mapping in my hosts file at all. All I have is my local IP address set everywhere in the .properties, ipconfig.xml and the -ip parameter on the command line to launch the client.

Soooo, why do we need this dll again? :tongue:

For wan.

As I said in previous posts I never had to use any dll for my local network. (aka my own pc of course and other pcs on my local)

I never got why there is a localhost dll though.

Edit:
Here's the formula to decrypt a char:

((((0x3F ^ 0x13) - 1) ^ 0x77) + 5)

Will give you "a".

Code:

---

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  .  0  1  2  3  4  5  6  7  8  9  -
3F 38 39 3A 0B 04 05 06 07 00 01 02 33 0C 0D OE 0F 08 09 0A 1B 14 15 16 17 10 4C 4E 4F 48 49 4A 5B 54 55 56 57 73

---

Here is finally the full table.

Here is the complete table.

Code:

---

Translation table:

1  2  3  4  5  6  7  8  9  0
4F 48 49 4A 5B 54 55 56 57 4E
                         
a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  .
3F 38 39 3A 0B 04 05 06 07 00 01 02 33 0C 0D OE 0F 08 09 0A 1B 14 15 16 17 10 4C

---

I didn't bother mapping out the upper case letters.

Ya know, I need to refresh this thread more often.

There should be all we need in any url:

Code:

---

0  1  2  3  4  5  6  7  8  9
4E 4F 48 49 4A 5B 54 55 56 57

a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  .  -
3F 38 39 3A 0B 04 05 06 07 00 01 02 33 0C 0D OE 0F 08 09 0A 1B 14 15 16 17 10 4C 73

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z
5F 58 59 5A 2B 24 25 26 27 20 21 22 53 2C 2D 2E 2F 28 29 2A 3B 34 35 36 37 30

---

Going to sleep, it's 3:30 am here~

Groovy. I don't know if you're gonna make a tool for this. I can do it, but it probably won't be until later tomorrow as I've had enough hacking for one day.

Good work, pwet99 :thumbup1:

Quote:

---

Originally Posted by OldTimeDev

Groovy. I don't know if you're gonna make a tool for this. I can do it, but it probably won't be until later tomorrow as I've had enough hacking for one day.

Good work, pwet99 :thumbup1:

---

You two are the best. I'm really looking forward to inviting my friends to play over the internet. Thank you so much for figuring this out, we owe you a lot. Much love to you! :thumbup::thumbup:

Here's a little tuto I made quickly on u3j for peoples that don't want to wait for a tool/better tutorial because It's pretty late and I don't have much time.

I'll let you fix things up if I forgot something, going to bed~:

Quote:

---

All credits for the reverse go to:
OldTimeDev (ragezone)
qwertzpaul for some hints (ragezone)
me (pwet99 on ragezone)

First you need to know this will only work with an ipv4 or a domain name that takes up to 15 bytes.

1) Download a 120k dll (unpacked ones), I uploaded plenty from different sources there:
Download links for d3d8thkdlls.rar - Mirrorcreator - Upload files to multiple hosts I will take "conquestaion" dll as an example.
They use "qcai.zapto.org" as their domain name so it's 14 bytes if you count each character as 1 byte.

2) Open the dll in any good hexadecimal editor like HxD - Freeware Hex Editor and Disk Editor | mh-nexus

3) Go to offset 0x3C3E (with 16 bytes per line on HxD)

4) You will find a byte, 0x0E for conquest aion's dll, it's the length of the string you will use as an ip/dns so you have to count how many bytes you need to put here.

Example: 127.0.0.1 takes 9 bytes so "9" in hexadecimal is 0x09, you will need to replace 0x0E you found earlier by 0x09.

5) Go to offset 0x16C84 (with 16 bytes per line on HxD)
This is the start of the ip/dns that is encrypted and you will need to edit those bytes to put your own.
In conquest aion's dll you should have: 0F 39 3F 07 4C 10 3F 0E 0A 0D 4C 0D 08 05 00 00
It's 16 bytes and it means "qcai.zapto.org" (you will see why in part 6)

That string has to be terminated with a NULL byte and that's what the 16th byte (in red) is for.
Since "qcai.zapto.org" only takes 14 bytes the 15th byte is also NULL.

6) Since those bytes are crypted you will need the table to know what to write, here's the one we made:

Code:

---

0  1  2  3  4  5  6  7  8  9
4E 4F 48 49 4A 5B 54 55 56 57

a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z  .  -
3F 38 39 3A 0B 04 05 06 07 00 01 02 33 0C 0D OE 0F 08 09 0A 1B 14 15 16 17 10 4C 73

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z
5F 58 59 5A 2B 24 25 26 27 20 21 22 53 2C 2D 2E 2F 28 29 2A 3B 34 35 36 37 30

---

So as you can see any character has a corresponding hexadecimal code, that's what you will need to write in hxd at the offset you are.

Let's take 127.0.0.1 as an example again.

1 2 7 . 0 . 0 . 1
if you look at the table, should be
4F 48 55 4C 4E 4C 4E 4C 4F
which takes exactly 9 bytes.

So let's replace 0F 39 3F 07 4C 10 3F 0E 0A 0D 4C 0D 08 05 00 00
by 4F 48 55 4C 4E 4C 4E 4C 4F 00 00 00 00 00 00 00

7) There you go, save the file put in in aion's bin32 folder and your ip/dns won't be blocked

I won't make any support for this guide it's just something I wanted to write quickly to help you and share.

A better tutorial/tool which is more user friendly and easy to use will probably come on ragezone.

Regards.

Loxo/Pwet99

---

You are legendary. Everyone, remember to credit, we owe these great people. Never forget them. :) Can't wait for a tool!

Thank you all for the excellent work The congratulations

very very wonderful!!

Big thank you to OldTimeDev, qwertzpaul and pwet99. I've created 4 successful DLLs now. Will credit you all everywhere. :)

Good Work guys, that really show that there are not only leachers here and also some experienced ppl that work hard (im familiar with almost all "biggies" in the scene so i didnt except for many experienced ppl in a public forum). i will definitely share more stuff on this forum since it seems to worth it.

For the noobs we could make a quick hex tool that only let you edit these bytessequence. Could be a good over weekend project ;-)

I foresee that happening qwertzpaul, thank you for your infos!