Skilldata_enc ... Requesting Tutorial or Tools >.<

[pushedx]

you know guys the easy way for those damn files is to disable them from sro_client
but who can do ? only Chern0byl but he is not interested in i guess so

Disabling is an option, but then you lose the extra security it provides from people using specific edits to get an advantage. Ideally, no one should use the current system as-is, since there are already tools and code that shows how it work. Instead, they should modify the algo a lot to protect it more and keep the default tools. By modify, I don't mean change the constants or tables used, but to use a different method altogether.

If anyone wants a hint on where to get started for this (you will need to debug a non-xtrap client, version 1.188):

Spoiler:

Code:

004F50D0   .  8B4424 10     MOV EAX, DWORD PTR SS:[ESP+10]
004F50D4   .  8B4C24 0C     MOV ECX, DWORD PTR SS:[ESP+C]
004F50D8   .  57            PUSH EDI
004F50D9   .  8B7C24 0C     MOV EDI, DWORD PTR SS:[ESP+C]
004F50DD   .  03C8          ADD ECX, EAX
004F50DF   .  85FF          TEST EDI, EDI
004F50E1   .  76 4F         JBE SHORT sro_clie.004F5132
004F50E3   .  53            PUSH EBX
004F50E4   .  56            PUSH ESI
004F50E5   .  8B7424 10     MOV ESI, DWORD PTR SS:[ESP+10]
004F50E9   .  2BF1          SUB ESI, ECX
004F50EB   .  EB 03         JMP SHORT sro_clie.004F50F0
004F50ED      8D49 00       LEA ECX, DWORD PTR DS:[ECX]
004F50F0   >  B8 67571921   MOV EAX, 21195767
004F50F5   .  F7E1          MUL ECX
004F50F7   .  C1EA 06       SHR EDX, 6
004F50FA   .  69D2 EF010000 IMUL EDX, EDX, 1EF
004F5100   .  8BD9          MOV EBX, ECX
004F5102   .  2BDA          SUB EBX, EDX
004F5104   .  B8 C3971B62   MOV EAX, 621B97C3
004F5109   .  F7E1          MUL ECX
004F510B   .  C1EA 06       SHR EDX, 6
004F510E   .  69D2 A7000000 IMUL EDX, EDX, 0A7
004F5114   .  8BC1          MOV EAX, ECX
004F5116   .  2BC2          SUB EAX, EDX
004F5118   .  8A93 58E7EA00 MOV DL, BYTE PTR DS:[EBX+EAE758]
004F511E   .  2A90 48E9EA00 SUB DL, BYTE PTR DS:[EAX+EAE948]
004F5124   .  83C1 01       ADD ECX, 1
004F5127   .  00540E FF     ADD BYTE PTR DS:[ESI+ECX-1], DL
004F512B   .  83EF 01       SUB EDI, 1
004F512E   .^ 75 C0         JNZ SHORT sro_clie.004F50F0
004F5130   .  5E            POP ESI
004F5131   .  5B            POP EBX
004F5132   >  5F            POP EDI
004F5133   .  C3            RETN

Once you understand that function, you can write decrypt and encrypt code to make your own skilldata tools. There is one little catch to it, but you will come across it once you look at the decrypted files. From there, you can just keep everything decrypted and figure out a way to ensure the "decrypt" logic show above isn't called on the already decrypted buffer so the client can work with the decrypted only version. There's a lot of different ways to accomplish that, so happy hunting to anyone interested. ;)

[SnapPop]

Disabling is an option, but then you lose the extra security it provides from people using specific edits to get an advantage. Ideally, no one should use the current system as-is, since there are already tools and code that shows how it work. Instead, they should modify the algo a lot to protect it more and keep the default tools. By modify, I don't mean change the constants or tables used, but to use a different method altogether.

If anyone wants a hint on where to get started for this (you will need to debug a non-xtrap client, version 1.188):

Spoiler:

Code:

004F50D0   .  8B4424 10     MOV EAX, DWORD PTR SS:[ESP+10]
004F50D4   .  8B4C24 0C     MOV ECX, DWORD PTR SS:[ESP+C]
004F50D8   .  57            PUSH EDI
004F50D9   .  8B7C24 0C     MOV EDI, DWORD PTR SS:[ESP+C]
004F50DD   .  03C8          ADD ECX, EAX
004F50DF   .  85FF          TEST EDI, EDI
004F50E1   .  76 4F         JBE SHORT sro_clie.004F5132
004F50E3   .  53            PUSH EBX
004F50E4   .  56            PUSH ESI
004F50E5   .  8B7424 10     MOV ESI, DWORD PTR SS:[ESP+10]
004F50E9   .  2BF1          SUB ESI, ECX
004F50EB   .  EB 03         JMP SHORT sro_clie.004F50F0
004F50ED      8D49 00       LEA ECX, DWORD PTR DS:[ECX]
004F50F0   >  B8 67571921   MOV EAX, 21195767
004F50F5   .  F7E1          MUL ECX
004F50F7   .  C1EA 06       SHR EDX, 6
004F50FA   .  69D2 EF010000 IMUL EDX, EDX, 1EF
004F5100   .  8BD9          MOV EBX, ECX
004F5102   .  2BDA          SUB EBX, EDX
004F5104   .  B8 C3971B62   MOV EAX, 621B97C3
004F5109   .  F7E1          MUL ECX
004F510B   .  C1EA 06       SHR EDX, 6
004F510E   .  69D2 A7000000 IMUL EDX, EDX, 0A7
004F5114   .  8BC1          MOV EAX, ECX
004F5116   .  2BC2          SUB EAX, EDX
004F5118   .  8A93 58E7EA00 MOV DL, BYTE PTR DS:[EBX+EAE758]
004F511E   .  2A90 48E9EA00 SUB DL, BYTE PTR DS:[EAX+EAE948]
004F5124   .  83C1 01       ADD ECX, 1
004F5127   .  00540E FF     ADD BYTE PTR DS:[ESI+ECX-1], DL
004F512B   .  83EF 01       SUB EDI, 1
004F512E   .^ 75 C0         JNZ SHORT sro_clie.004F50F0
004F5130   .  5E            POP ESI
004F5131   .  5B            POP EBX
004F5132   >  5F            POP EDI
004F5133   .  C3            RETN

Once you understand that function, you can write decrypt and encrypt code to make your own skilldata tools. There is one little catch to it, but you will come across it once you look at the decrypted files. From there, you can just keep everything decrypted and figure out a way to ensure the "decrypt" logic show above isn't called on the already decrypted buffer so the client can work with the decrypted only version. There's a lot of different ways to accomplish that, so happy hunting to anyone interested. ;)

well actually i didn't understand well but my logic anyway is disabling the encrypted files will add another official feature to vsro
as you know ksro,isro,br basically all the official files doesn't have such these encrypted files ok whatever
Chern0byl added login no captcha well that's good and i added 2 official features too will finish soon and release
so the point is we need to make some features that will make vsro like the official files and wont be a TestIn files anymore

[egsro]

Disabling is an option, but then you lose the extra security it provides from people using specific edits to get an advantage. Ideally, no one should use the current system as-is, since there are already tools and code that shows how it work. Instead, they should modify the algo a lot to protect it more and keep the default tools. By modify, I don't mean change the constants or tables used, but to use a different method altogether.

If anyone wants a hint on where to get started for this (you will need to debug a non-xtrap client, version 1.188):

Spoiler:

Code:

004F50D0   .  8B4424 10     MOV EAX, DWORD PTR SS:[ESP+10]
004F50D4   .  8B4C24 0C     MOV ECX, DWORD PTR SS:[ESP+C]
004F50D8   .  57            PUSH EDI
004F50D9   .  8B7C24 0C     MOV EDI, DWORD PTR SS:[ESP+C]
004F50DD   .  03C8          ADD ECX, EAX
004F50DF   .  85FF          TEST EDI, EDI
004F50E1   .  76 4F         JBE SHORT sro_clie.004F5132
004F50E3   .  53            PUSH EBX
004F50E4   .  56            PUSH ESI
004F50E5   .  8B7424 10     MOV ESI, DWORD PTR SS:[ESP+10]
004F50E9   .  2BF1          SUB ESI, ECX
004F50EB   .  EB 03         JMP SHORT sro_clie.004F50F0
004F50ED      8D49 00       LEA ECX, DWORD PTR DS:[ECX]
004F50F0   >  B8 67571921   MOV EAX, 21195767
004F50F5   .  F7E1          MUL ECX
004F50F7   .  C1EA 06       SHR EDX, 6
004F50FA   .  69D2 EF010000 IMUL EDX, EDX, 1EF
004F5100   .  8BD9          MOV EBX, ECX
004F5102   .  2BDA          SUB EBX, EDX
004F5104   .  B8 C3971B62   MOV EAX, 621B97C3
004F5109   .  F7E1          MUL ECX
004F510B   .  C1EA 06       SHR EDX, 6
004F510E   .  69D2 A7000000 IMUL EDX, EDX, 0A7
004F5114   .  8BC1          MOV EAX, ECX
004F5116   .  2BC2          SUB EAX, EDX
004F5118   .  8A93 58E7EA00 MOV DL, BYTE PTR DS:[EBX+EAE758]
004F511E   .  2A90 48E9EA00 SUB DL, BYTE PTR DS:[EAX+EAE948]
004F5124   .  83C1 01       ADD ECX, 1
004F5127   .  00540E FF     ADD BYTE PTR DS:[ESI+ECX-1], DL
004F512B   .  83EF 01       SUB EDI, 1
004F512E   .^ 75 C0         JNZ SHORT sro_clie.004F50F0
004F5130   .  5E            POP ESI
004F5131   .  5B            POP EBX
004F5132   >  5F            POP EDI
004F5133   .  C3            RETN

Once you understand that function, you can write decrypt and encrypt code to make your own skilldata tools. There is one little catch to it, but you will come across it once you look at the decrypted files. From there, you can just keep everything decrypted and figure out a way to ensure the "decrypt" logic show above isn't called on the already decrypted buffer so the client can work with the decrypted only version. There's a lot of different ways to accomplish that, so happy hunting to anyone interested. ;)

it would be awesome if you just release new revolution of silkroad tools ( client edits ) for vsro stuff
like disable & enable & recreate new enc, xtrap & max level & the required exp for each level client side & server side ( as i understand its not only reflevel )

[LoCker]

it would be awesome if you just release new revolution of silkroad tools ( client edits ) for vsro stuff
like disable & enable & recreate new enc, xtrap & max level & the required exp for each level client side & server side ( as i understand its not only reflevel )

well i guess you asking for the impossible thing
reversing and cracking or compiling such things is so hard that's No1 and No2 no one interested on that

[Statiic]

1º i use xia skill_enc editor
2º if in game crash i create another skilldata like skilldata_40000enc.txt
3º if still crash in game (never happens) i check the dmp file ^^ for see what is wrong...