Infiltration source code

Well... hi guys,


those files are rotting on my hard-drive... so I can in fact just give them out to people who actually DO something with them. ^^


If you don't like the way sending packets to the client works, then just check out the OverlappesPlus structure of official FlyFF and utilize PostQueuedCompletionStatus inside of the hack.
When I was coding infiltration back then I din't know enough about overlapped IO to implement this.
It would solve the problem of waiting for server packets.


File-Upload.net - bla.zip

There is one thing i'd like to mention:
The packets sent are using 0xFF as headermark... the FlyFF files appearently don't care WHICH byte leads the packets. This was just an easy bypass for earlier customer versions of my antihack which got released.

Anyways, in packet.cpp you can easily find the line and edit it so the packets will be generated with the respective headermark the server is using.

Oh... and I guess the 0xFFFFFFFF part of client packets also might be different... shouldn't cause any problems AT ALL though.
(You can still change it back in packetFactory.cpp)



Even though the code is WAAAAAAAY better than my antihack you can probably still find a considerable amount of things you don't like.
I warned you. ;)



Have fun with it, whatever you are going to do.


-Tom


PS:
You will have to embed the DIRECT-X SDK AND THE ANTTWEAKBAR SDK into the project or it won't compile!
Google should serve you with those. :D
(If you can't manage to get it to compile then the SRC isn't the right thing to work with for you. Try using your brain a bit.)

PPS:
You obviously should use MSVC2010.

PPPS:
The 'HACK_BACKDOOR' define in StdAfx.h obviously ISN'T the hash which was usilized in my older antihack backdoor. It's german and means 'you won't get it anyways'.

PPPPS:
Too many Ps.


○ ___ ○

But I have packet encryption.... ;-;

Quote:

---

Originally Posted by blur

ohh scheisse. u bist nazi?



i think it's not allowed releasing hack tools in this forum.

---

I guess it's a bit tricky here...
I didn't release binaries which could be used to hack. As this is a FlyFF development forum I thought about releasing the SRC more as baseline or help to do something on your own.

The hack itself is useless anyways as it's been fixed for a loooong time in public.

Let's wait for a moderator's statement.

Quote:

---

Originally Posted by blur

ohh scheisse. u bist nazi?



i think it's not allowed releasing hack tools in this forum.

---

He released it for people to see where some of the exploits are, and to prevent them in the future/find their own.

Quote:

---

Originally Posted by KrYpT0n

He released it for people to see where some of the exploits are, and to prevent them in the future/find their own.

---

I've been banned for 3months for doing the same.

Tbh this helps people too fix the hacks since the source got released. That mootie got banned for releasing a hack source is stuppid x.x proply was dell :o.
Posted via Mobile Device

Lawl i tought i share this xD
http://ompldr.org/vYjVoMA/flyff00005.jpg

o.o wtf? how'd the windows appear on the terrain?

Quote:

---

Originally Posted by ShadowDragon42

o.o wtf? how'd the windows appear on the terrain?

---

I dont know :/
Lol but noone will be able to load infiltrtion in my client without unpacking and remove some things.So its not something i have to fix o.o
I just turned on shadow after your post about the uint thing :)

Only thing that works after bypassing client is teleport.
I already found a way to fix that :D
Every gm command while hacking will show "Client Authorization is not high enough tried to cheat?" :)

Lol nice and glad I could help =P
I've had Infiltration blocked for some time now, although the way I did it could easily be bypassed with the source released and someone that knows how to use it. I should probably check this out and fix them permanently =P

Quote:

---

Originally Posted by MisterKid

I dont know :/
Every gm command while hacking will show "Client Authorization is not high enough tried to cheat?" :)

---

That's enough info to bypass your protection lol. Also, I don't assume your antihack blocks against pre-loaded user32 dlls, which is an extremely easy way to hook neuz before it runs.

Quote:

---

Originally Posted by xLethal

That's enough info to bypass your protection lol. Also, I don't assume your antihack blocks against pre-loaded user32 dlls, which is an extremely easy way to hook neuz before it runs.

---

You sure :ott1:?
You haz my source!?

Quote:

---

Originally Posted by MisterKid

You sure :ott1:?
You haz my source!?

---

if the "authorization" the message is referring to is exactly what it sounds like and I knew half as much as xLethal, then yeah it probably is enough lol

but if that message is technically lieing to them and trying to lead them off, then maybe not.

Quote:

---

Originally Posted by ShadowDragon42

if the "authorization" the message is referring to is exactly what it sounds like and I knew half as much as xLethal, then yeah it probably is enough lol

but if that message is technically lieing to them and trying to lead them off, then maybe not.

---

Its a lie you cant hook into world server from the client... lol. Should be server :p.
But on my old server no one bypassed the client sided checks means no one saw the msg
except me.
Owh eFlyff encrypted their packets ?... I was able to inject dlls. So i tought i try it on eFlyff
Posted via Mobile Device

Quote:

---

Originally Posted by MisterKid

Its a lie you cant hook into world server from the client... lol. Should be server :p.
But on my old server no one bypassed the client sided checks means no one saw the msg
except me.
Owh eFlyff encrypted their packets ?... I was able to inject dlls. So i tought i try it on eFlyff
Posted via Mobile Device

---

No one bypassed DemonFlyff's first res encryption which was:

Code:

---

for(int i=0;i<headersize;i++)
    header[i] ^= 96;

---

Doesn't mean it was secure.

Also, eFlyff's packet cipher is a simple bit table xor. It's pretty simple if you have the time to reverse it with a memory dump.

Quote:

---

Originally Posted by xLethal

No one bypassed DemonFlyff's first res encryption which was:

Code:

---

for(int i=0;i<headersize;i++)
    header[i] ^= 96;

---

Doesn't mean it was secure.

Also, eFlyff's packet cipher is a simple bit table xor. It's pretty simple if you have the time to reverse it with a memory dump.

---

Lol i still dont get why people wants to steal res files... too secure against cheaters you can use flyff.a and flyff.b. But everything can be bypasses/decrypted/unpacked. if you take time for it.
Posted via Mobile Device

Quote:

---

Originally Posted by MisterKid

Lol i still dont get why people wants to steal res files... too secure against cheaters you can use flyff.a and flyff.b. But everything can be bypasses/decrypted/unpacked. if you take time for it.
Posted via Mobile Device

---

sorry for this question

can i Encrypt .res file in flyff source?

:huh:

Quote:

---

Originally Posted by MisterKid

Lol i still dont get why people wants to steal res files... too secure against cheaters you can use flyff.a and flyff.b. But everything can be bypasses/decrypted/unpacked. if you take time for it.
Posted via Mobile Device

---

Clientsided file encryption is by far the easiest encryption to reverse engineer. Detour the decryption routine and dump the unencrypted data from memory.

You cannot reverse engineer (baliktad "utak ng" engineer) or even detour the decryption routine, because my neuz is resources friendly which means no memories are allocated. Hehehe.

@Mod Please don't banned me. T_T

Quote:

---

Originally Posted by rtosoftware

You cannot reverse engineer (baliktad "utak ng" engineer) or even detour the decryption routine, because my neuz is resources friendly which means no memories are allocated. Hehehe.

@Mod Please don't banned me. T_T

---

Bullshit and not possible.
If you can write a program using 0 memory then why are you here?

I think I don't understand what you are trying to say.
For what i can understand is that your neuz doesn't use any memory?

"Security is no more then a illusion."
A qoute from some guy.
Its true since everything can be cracked.
Even hash md5.But noone is smart enough. :S

Quote:

---

Originally Posted by MisterKid

Bullshit and not possible.
If you can write a program using 0 memory then why are you here?

---

Sorry, I only use baliktad "utak ng" engineer.

Quote:

---

Originally Posted by xLethal

Clientsided file encryption is by far the easiest encryption to reverse engineer. Detour the decryption routine and dump the unencrypted data from memory.

---

True, but only if you know how and I'd say at least 90% of the people who play flyff now have no idea how to do that, maybe more.

main reason I'd say for res file encryption is to prevent noobs from stealing your stuff for their servers.

Quote:

---

Originally Posted by rtosoftware

You cannot reverse engineer (baliktad "utak ng" engineer) or even detour the decryption routine, because my neuz is resources friendly which means no memories are allocated. Hehehe.

@Mod Please don't banned me. T_T

---

If it's not in memory, then how are the resources rendered on the screen? Your code is in memory at execution time as well, that is how I detour it.

I'm assuming when you say "no memories are allocated", you mean you deallocate it directly after it's read, which still is vulnerable to a detour and can be easily dumped.

Quote:

---

Originally Posted by ShadowDragon42

True, but only if you know how and I'd say at least 90% of the people who play flyff now have no idea how to do that, maybe more.

main reason I'd say for res file encryption is to prevent noobs from stealing your stuff for their servers.

---

I'd say around 10 reverse engineers currently in the Flyff scene can dump encrypted resources if they had the proper motivation. It's not a bad idea to encrypt resources, but don't rely on it otherwise you'll end up looking like a fool if someone does manage to dump them.

.... .res alreadt is encrypted why encrypt it twice? It makes it slower. Example.
You are sitting in the garden and want some tea.You do the following
Get a cup of tea and get back in the garden theb go back to the kitchen for sugar and then back in the garden.
While you could get them at the same time.
Its faster. Just improve the encryption.... you got the source.
Dont encrypt it like *.res.blah .... @ patcher it be like *.res.blah.gz
Make it directly *.blah

Posted via Mobile Device

Quote:

---

Originally Posted by MisterKid

.... .res alreadt is encrypted why encrypt it twice? It makes it slower. Example.
You are sitting in the garden and want some tea.You do the following
Get a cup of tea and get back in the garden theb go back to the kitchen for sugar and then back in the garden.
While you could get them at the same time.
Its faster.
Posted via Mobile Device

---

-.- don't take everything I say at face value..

I didn't mean encrypt them twice, but change the encryption so it can't be easily read.

owh :p
Posted via Mobile Device