hey KillerStefan,
tried pming you but its full ;) so i guess I'll try you here. if you still need a host for files and what not, i can dedicate part of my server to you and a subdomain if you'd like. pm me if your interested.
I finally know how to get all indexed pages from a website. I found something that might help abit (I think)
I modified the loadbalanceserver to pass the hash check every time, and now it prints outOf course the 192.168.0.12 is my local ip. So I'm thinking it's trying to get the min users from the database? Or one of the other servers?Code:GET_MINUSERS_SERVER_REQ : 192.168.0.12:30850(:0) onClosed:index=131073, closeType=2 Client disconnected : 65536
Any thoughts would be great :)
EDIT: attached screenshot of current progress... Not nearly as far as halloween. agentserver and roomserver were running, but the gui isn't coming up like most people here.
I'm still getting that updateUserCount error, even after I ran the procedure from manneke: forum.ragezone.com/f111/tales-runner-server-setup-823928/index3.html#post6876286
![]()
Last edited by speedtouch; 08-07-12 at 05:51 AM.
help me!!
I can't open roomserver and agentserver but i see in task manager
Seeing as how the host is dead, and after asking KillerStefan to send me the file, and having him not send it, or even acknowledge that I asked for it.. I decided to do it without the old file.
I ripped the IDA generated C function and tried getting it working.. the signedness was off I think, so after a bit of help from KG and Fatalis, we got the decryption function working in C#.
This will outputCode:byte[] buffer = new byte[] {0xB5, 0X9C, 0x19, 0xAE, 0x0C, 0xDC, 0x9F, 0x81, 0xE0, 0x24, 0xD2, 0x5D, 0x33, 0xC1, 0x86, 0x4B, 0x0A, 0x57, 0x5F, 0x3B}; int s = 1; for (int i = 0; i < buffer.Length; i++) { byte b = buffer[i]; buffer[i] = (byte)(((buffer[i] << (7 - s % 7)) | (byte)(buffer[i] >> (8 - (7 - s % 7)))) - s % 255 - 1); s = (b + s + 1) % 1785; } Console.WriteLine(Encoding.ASCII.GetString(buffer));
The byte buffer is simply the dbsetting.ini in hex values. From reading the code it should be fairly clear what is happening here (compared to if you were to use the assembly functions). It should be possible to create an encoding function based on this.Code:korea sa talesrunner
Here's also a quick compiled version if anyone wants to just run it on other files: talesrunnerdecrypt.exe
Enjoy, I hope more information will be released...
Last edited by speedtouch; 24-07-12 at 12:29 AM.
Well, since I'm a newbie at this and C# I should just go and leave it to you guys. I hope you have fun when you are making all the servers for the rooms. *More disk space* (8D)
So I gave a shot at reversing the decoding function into an encoding function. I hit a small block and my roommate helped me out haha. Shoutout to TB.
So it's pretty cool that the strings can be encoded, making it now possible to change the database name to essentially anything we want (or change any other encrypted file(s)).
Normally I would share the source code/compiled binaries for it, but seeing as how nobody else is working on this (or at least not talking about it, or sharing what they've found), I won't be posting this.
If someone is interested they can PM me and I will share both the source and the binaries.
If you want proof that I'm able to encode strings, just convert these hexadecimal characters through the decoder to get the message.
Alternatively, download the file I've attached and run it through the decoder.Code:D51205B284CF4DEF3DF05C26894D521E6D1C9C1AF9770BDA32C59D8E3E
Hopefully this will inspire some people to talk to me, everyone that seems to know what they're talking about is so tight lipped about it.
we need to emulate the billing server
Please keep this in mind (also attached for convenience):
I'm not working on Tales Runner though, or anything at the moment for that matter since I'm really busy IRL, but it's still nice to see people helping the community. Since my version is based solely upon your posted decryption code, and not the executables (which means that there might be bugs in mine), you can still have the honors of sharing it if you change your mind ;).Code:51DA5E3DE8134E01E95CB183F7822875B0A8AEA6AD7C1440D09916DAB6D6502D3E8764BA9B408A889904E70783FD778EF60B0776F175E96E1A6BBC42C4125A6EA68E0F0E345A110E3E4EDFD6C74D82BF29DDBF8B87734585FDFFDE29B02DE4ADBC99C4272EFF67878F3C77B7BF9984DBAAA27E09BDF964D43ED8C8EA1112260945E8F397D2528BCD3702301D21647A3BCE22A888F6EB7530B870707DC78973FCC5DB0DCD60854E8BA851CE099A8AF6F016DAAA3DBDFEFBA64BF2DAB6F0B5F12C236CFD4C41AC00C360277A6C83C35CFBBDE624C6E76B832BD97AC3CAB2BCDDC2E2F0A37F2FAA2BBCF045CC9AA7AC397EBB57A0539D46864DAB03B146C5C737F892B2663FA013DE45E71BEBF0048F4B26B991520C16E4F11B6577E28279B048BF60E05D2CA34772BBDBDCCCAB99670E222D889B1E36A25B8153DC1F386720BA4C8A70D6BBD28CA8F8D186493CE0404F86915DF4EE6BE21071F7E65837A8F8D6DA84E8E0B7A6A8E77F85143501E5C0158F200A635030CC59D813D4F3E5BA04E0603684D0971C
Good luck!
I appreciate the sentiment, and I think I will post the code now.
My intended goal was not to keep it all to myself, but to draw out the people that are still working on it and hopefully be able to get help from them.
Looking back at what other people posted 3-4 months ago (such as Halloween's post: http://forum.ragezone.com/f111/tales...ml#post6931032), there isn't any information provided to get to where they were. They aren't sharing anything anymore it seems.
So I can continue walking over where they've been and carving my own path, taking up more of my time, or if they just shared how they got so far, I could be jumpstarted up to that level.
Sigh...
Anyway, here's the source for the encryption:
Here's the project file and binary for a quick GUI I made: talesrunnerdecrypt.zipCode:private byte[] encoder1(byte[] b) { int s = 1; for (int i = 0; i < b.Length; i++) { b[i] = encode(b[i], s); s = (b[i] + s + 1) % 1785; } return b; } static byte encode(byte b, int s) { b = (byte)(b + (s % 255) + 1); byte templeftside = (byte)(b >> (7 - (s % 7))); byte temprightside = (byte)(b << (8 - (7 - (s % 7)))); b = (byte)(templeftside | temprightside); return b; }
![]()
Yea, that's how most of these projects go. A lot of projects build up momentum, then die out due to inactivity or people moving on to do things privately. The project remains dormant until the next set of devs come and revive it or a new set of files is released for people to work with.
If you enjoy reverse engineering or are interested in it though, nothing you do is ever wasted, even if the end results for the project are never reached. There will always be opportunities for people with RE skills here, so don't feel dissuaded. I've spent 6 years now reverse engineering stuff and it's been a ton of fun and challenges, even though most of the things I've done it for never worked out with the original goal in mind.
Since I used your decoding logic, I approached the problem from a bitwise perspective. E.g., start at the output, look at the binary values going through the entire decoding process, then represent the actions taken, in reverse order. From there, I think I was able to make sense of the algorithm they were using to swap the bits.
p1 builds the high portion value from the high bitmask.Code:var buffer = Encoding.ASCII.GetBytes("<text here>"); int s = 1; for (int i = 0; i < buffer.Length; i++) { byte b = buffer[i]; buffer[i] += (byte)(s % 255 + 1); int highShift = (7 - s % 7); var p1 = (buffer[i] >> highShift) << highShift; // mask off lower bits var p2 = (((0xFF >> highShift) << highShift) ^ 0xFF) & buffer[i]; // mask off higher bits byte p = (byte)((p1 >> highShift) | (p2 << (8 - highShift))); // swap bits and merge buffer[i] = p; s = (buffer[i] + s + 1) % 1785; }
p2 builds the low portion value from the low bitmask.
p is the final value based on the actual bit swapping process.
I think our logic ends up being the same, and I might have redundant logic when it comes to the masking then combining, but it should still provide the same results. I might setup some test vectors later to compare our algos just to make sure though.
So I was able to figure out why my agentserver wasn't working. I had set up my database incorrectly, and I hadn't enable sql connections through the "sa" login.
So now I'm trying to get past gameguard/xtrap on either the korean or usa client. I hear the Gameguard server can be emulated, and I tried emulating it with my apache server, but had no luck.. I can't figure out what should be inside the update.cfg on the server.
Would be great if someone could give some info to how to bypass xtrap or gameguard.
Like always I'll keep trying to figure it out....
Cool update today.
I managed to get to the login screen on the korean client, but when I try to log in, I get an error and the only option is one button that exits the program. I'm not sure what exactly is going on..
I've also tried running it with microsoft applocale, but it gives me an error every time I try.
After hashing/launching the loadbalanceserver says the client disconnected and the usernum stays at 0.
When I try logging in, the agentserver (which apparently handles logins?) doesn't have any new messages come up. Maybe this has to do with how the korean client stores some of the connection information in the pkg? And so it's just not connecting to my server?Code:_DEBUG @@ updateServerUserNum : ServerNum(19), UserNum(0) Connect Client : 917504 GET_MINUSERSERVER_REQ : 127.0.0.1:19219(127.0.0.1:9153) onClosed:index=131086, closeType=2 Client disconnected : 917504 _DEBUG @@ updateServerUserNum : ServerNum(19), UserNum(0)
Anyway, I suspect that the USA client will have similar results (with perhaps a more readable error) IF I can get past gameguard... gameguard.des that came with the original client throws up an error, but that's due to me running windows 7 I think. When I tried it with someone elses custom gameguard.des I can see the little update nprotect gameguard window at the top left, but of course it won't update. It would be great if someone could upload a custom gameguard.des or maybe if I had a usa client with an already updated gameguard, I could emulate the gameguard server (as there are a few tutorials for).
Also how do the loginkeys work in the dbo.UserInfoLogin database? Is the account name/password hashed together into a loginkey? Anyone know how this works? I suspect this is similar to how other games do it?
Hope I'm not the only one working on this now lol...
Finally someone who tries to get further instead of relying on others.
When I shared this, I was hoping that some serious dev got started but sadly, this was not the case.
My friend Nayr is no longer working on TR but he managed to get in-game a while ago tho.
Since I'm working with someone else now, we aren't really to happy with spoon feeding the majority of people who come in this thread since we don't even have a server up.
I used to work with pushedx last year but at the time we bumped into the same issues like you do now.
Tales Runner is way more complicated then the other games I've worked on and several people I had high hopes of ran into issues pretty quickly as well so I hope you understand my decision to not share all the progress made by me and someone who wishes to remain anonymous.