Change ".PK2" with a better encryption.

[blapanda]

Hey there folks.

I am doing atm my last updates and patches for my server. Going to release the server with the latest content (arabia, petra, skills lv 130, Fellow attack skills, etc).
The only thing I want is getting rid of the regular exploitable joymax package system.

I want a better package system, one with a higher or highest security.
E.g. Myth Online (Synx's server)
or any other kind of self made file cluster.

I know that I can easily use the Joymax PK2 tool to create a new password on it, but that one won't take long till it gets phished at the end.
The sro_client.exe reads the files, for sure. Ollydbg is necessary, but which strings are pointing to the files?
And which program could help me out packing those txt files, bsr files, etc. to a readable form for the sro_client?


Thanks in adv!

[MentaL]

[Molten]

A piece of advice : Don't bother packing your client, unless you got some decent asm experience and willing to forbid bots on your server. Otherwise, people will be able to find the blowfish key eventually.

Your best bet is to change the memory address that points to the blowfish key. Open Ollydbg ->Search all text reference->look for your current blowfish key and start from there.

[blapanda]

A piece of advice : Don't bother packing your client, unless you got some decent asm experience and willing to forbid bots on your server. Otherwise, people will be able to find the blowfish key eventually.

Your best bet is to change the memory address that points to the blowfish key. Open Ollydbg ->Search all text reference->look for your current blowfish key and start from there.

Well ok. Going to try that out.
The first idea was avoid data sniffing and limiting bots, but if the first one works without requiring assembly skills, it should work too.
Thx :)

[siyoteam]

only need 5 minutes to find the blowfish key in any SRO client

[MarcoTozzi]

Encrypting your pk2 and using old dll's and regular exe will result in fail.
SynX have some knowledge and time to play with this, but is not worth because someone will release a way to extract your files, same like was with Myth and the other server that try to do this.

[BadFist]

if you want a 100% no bot on server make on vsro 193.

[yorick671]

synx didn't even try to "encrypt" the pk2 files, it was never really packed decently (as in it took 5 minutes after the release to unpack it).

I don't really understand why you'd want to hide the things in the pk2 files, everything you list has already been done before and is released in public.

Blocking bots is something completely different, but you should not bother with this as anything you will make will be reversed in a couple of minutes

only need 5 minutes to find the blowfish key in any SRO client

Not true

[blapanda]

synx didn't even try to "encrypt" the pk2 files, it was never really packed decently (as in it took 5 minutes after the release to unpack it).

I don't really understand why you'd want to hide the things in the pk2 files, everything you list has already been done before and is released in public.

Blocking bots is something completely different, but you should not bother with this as anything you will make will be reversed in a couple of minutes



Not true

About bots: no. It will stay as it is. I was never a fan of bots and reached only lv 77 on iSRO. They will stay out of my server, that is for sure.
On the other side, I doubt that some of the current people are working on the lv 131-140 area between Baghdad East to Roc Mt. west (exit near Lost Town), This content needs to be saved and secured of idiots which are only copy and pasting the whole time.

There are a lot of server "developers", who didn't deserved the files. Asking for "shard and db plz me wants; where data and maps pls?; share account db and client!" and so on. You probably know what I mean. Those "developers" should stay out of the real server hosting and management.
Most of them wouldn't even know that the map.pk2 includes the actual map details (not on the minimap or map [M]) like surface, mountains, etc.

[siyoteam]

Not true

true

[yorick671]

You get 5 minutes to give me the venture v2 blowfish key

[blapanda]

Well then, try to sniff the blowfish key of Synx's new pack format.
I bet you won't get the key.

[siyoteam]

Well then, try to sniff the blowfish key of Synx's new pack format.
I bet you won't get the key.

[blapanda]

-snip-

That weren't 5 mins! ;)
And btw, nice try.
This isn't even your attempt getting the blowfish key.

http:// www.e*l*i*t*e*pvpers.com /forum/private-sro-exploits-hacks-bots-guides/2851828-release-myth-reborn-myr-pk2-editor-4.html#post26649414
-> " http://imgur.com/t0Cjk3e "

But as I said, it needs a better encryption, a whole new system like avoiding even the simpliest hex sniffing.
That is why I started this thread.

So, if you want to act like a wanna be, then do it in a time where google doesn't exist, ok? Thanks.
Since the 7000th version client has a password on its rar, you ain't able to open up the files in eitherway. No brute forcing -> no xor sniffing.
Thanks for wasting my time.

[siyoteam]

That weren't 5 mins! ;)
And btw, nice try.
This isn't even your attempt getting the blowfish key.

http:// www.e*l*i*t*e*pvpers.com /forum/private-sro-exploits-hacks-bots-guides/2851828-release-myth-reborn-myr-pk2-editor-4.html#post26649414
-> " http://imgur.com/t0Cjk3e "

But as I said, it needs a better encryption, a whole new system like avoiding even the simpliest hex sniffing.
That is why I started this thread.

So, if you want to act like a wanna be, then do it in a time where google doesn't exist, ok? Thanks.
Since the 7000th version client has a password on its rar, you ain't able to open up the files in eitherway. No brute forcing -> no xor sniffing.
Thanks for wasting my time.

lol
angelzeus my account
Rar PW:myrarabiannights

[blapanda]

lol
angelzeus my account
Rar PW:myrarabiannights

And where should I know who you are on which forum?
Some kinda useless "loling" there.