Any suggestion to solve this problem

[acidstar]

Hello,

Good Day, currently I am having a problem where few player like to impose as GM and scam a lot of people (They change their IGN to [GM]xxxxxx) even I already block the usage of %[GM]% string.

This is possible to be done with CE and tested myself.
Even this is client side, this rule can be broken if they PM the target in game. The client will send the false IGN (change with CE) to the target.

Currently my client is protected with :
1. Xtrap
Still can be bypassed if the user using cabalmain without xtrap. Hence, the use of CE is possible.

2. TDP.dll
If they are using their own cabalmain, the client will not be protected with TDP.dll

3. Packer (pack my language.enc together with cabalmain)
They still able to get the server ip/port via netstat and set the information in their internal.txt which running cabalmain without xtrap.

4. XOR changed
This will only encrypt your enc file. If they are using their own cabalmain, they dont need to use our encrypted enc file.

5. Magic Key
This will only protect the player from hitting mob in game. Login server will not block the user if using different magic key (only will block user with different client version).

Is there any solution or suggestion to solve this problem?
Please support.

Thank you.
BR

[MentaL]

[LocaSimon]

LOL Just Change The XORS... if you Change the XORS (In Allocen CabalMain Maybe) And add a Launcher They Wont Be Able to Use Any Other CabalMain To Log Ingame ! Change the XORS in CabalMain and All Enc's... This Will Protect It From Nubs With CE Etc... But Strong People From Here Can Easly Get Your XOR's ... But i am not sure anyone here would like to heart other memebers ... So Just Change Your XOR's ;)! (Only 2 XORS Max not ALL)

[Xc0deRed93]

LOL Just Change The XORS... if you Change the XORS (In Allocen CabalMain Maybe) And add a Launcher They Wont Be Able to Use Any Other CabalMain To Log Ingame ! Change the XORS in CabalMain and All Enc's... This Will Protect It From Nubs With CE Etc... But Strong People From Here Can Easly Get Your XOR's ... But i am not sure anyone here would like to heart other memebers ... So Just Change Your XOR's ;)! (Only 2 XORS Max not ALL)

Do you have any Idea what your telling, do not keep answering peoples question if you dont know what exactly their point.
check his post he already have the modified XOR's. and changing xor's is not totally your secured cause a theres a lot of way. just find the main version and use your own CabalMain and client, and for ports and IP's its easy to netsat that and simply put into internal.txt.
Now do you think your modified xor will be used then?

and about the magic key, yes hes right, it only prevent players from hitting the mobs and result all to miss, but they can still enter into your server using their CabalMain.

the best thing to do is to have a md5 checker from server to client or wright a modified log-in procedure. but i dont know how.

[Yamachi]

As I have suggested multiple times to people, you can prevent a lot of hackers by changing the XOR key used to encrypt the header of packets sent from the server. Look in Ostara's source if you need to know more.

[acidstar]

As I have suggested multiple times to people, you can prevent a lot of hackers by changing the XOR key used to encrypt the header of packets sent from the server. Look in Ostara's source if you need to know more.

Dear Yamachi,

Thank you for your feedback.
Is it the changes must be made at the server side?

Thank you.

[Yamachi]

In all server bins and the client.

[ARPANET]

Yamachi, would it be a security threat for servers if you lead us the way how this is properly done? sorry for asking if that is the case or if the answer is already right under my nose - maybe i need glasses :)

[Yamachi]

The information you need is in Ostara.
Ostara - /PacketLogger/Cryption/Server.cs - The Divinity Project Redmine
You can see here that the first 4 bytes of packets sent from the server are XOR'd with a static key. All you need to do is find and change that key in your client and server bins.

[ARPANET]

**nose bleed**

can't find it in cabalmain.exe or maybe i found the wrong key or i might be looking the wrong way :(

[Yamachi]

Try flipping the bytes around when you search.

[ARPANET]

aha! i found 2 results from the search not sure if i got the right key though.

---------- Post added at 02:57 PM ---------- Previous post was at 02:50 PM ----------

holy cow! i think i was right with the key - WELL I HOPE.

you're right Yama every bin has the same key EXCEPT GlobalDBAgent (no match found), now i will try to change this key in the cabalmain.exe and to all the bins and see if it works.

[Yamachi]

There are 2 instances in cabalmain.exe, yes. First, CABAL XOR's only the first 4 bytes and compares the packet size to the size value in the header bytes (the 4 bytes that were just XOR'd). If the values match, it then XOR's the original bytes again (I know, redundant, right?), and uses that to decrypt the rest of the packet.

[ARPANET]

hmmm thanks Yama but howcome i found no match of the key in the GlobalDBAgent bin?

[Yamachi]

CashDBAgent, GlobalDBAgent, and DBAgent_XX are all symlinks to /usr/bin/DBAgent

[ARPANET]

so that's it, makes sense, only thing left now is to test.

thankeeeeyouuuu!

EDIT: confirmed working! Yamachi you're the man! you saved us as usual THANK YOU :)

[acidstar]

ARPANET : yes it is.
1 more solution to increase your server security :P
Thanks Yama for the tips.

[ARPANET]

yup! cheers!

[inickme]

yup! cheers!

Can you share this tips ? i really can't do it :(

[PX2000]

My server was made to play cabal in easy way but now my server becomes a training field of noob hackers.. I think this packet changing is the only way to stop the mess but OMG headache, Nose bleed! I don't know where to start... >.<

[Xc0deRed93]

This is very helpful and the most powerful way to secure, but I think only Pro can made this. Same on PX2000 don't know where to start, where files should I edit in server and address in cabalmain. I try for few hours but same thing I don't know ;P

[BreadedPork]

This will not totally solve your problem as MOVZX (Ragezoner) a.k.a TheNoobCheater (EPVP) can easily find your custom packet encryptions. And he makes updated bypasses for every Private Server in the world. :p

Send me a PM, If you still want to know what to edit for your custom packets. But know the sad truth that this will not solve your problem.

[MOVZX]

Move the whole routine and scramble/obfuscate the ASM code to some DLLs (4 is enough) then hook it to Main. Pack with Themida, VMProtect, Enigma, Molebox, whatever and include the DLLs inside it so it won't be physically appeared on Cabal folder. This way will prevent some reversers from being analysing Your protected code.
Posted via Mobile Device