Cabal Checksum

[SheenBR]

Hello. I was looking the forum yestarda and it seems very people are having trouble with their servers because there is not a system that prevents the use of a non-oficial cabalmain in you server. I mean, using a cabalmain without x-trap to login in you server e.g

Well, what do you think about this:

*A dll to the client that is called when the cabalmain is started
*It will send the actual checksum to a host, in the cabal host
*The server compares and returns a OK CAN RUN and NO CANT RUN for example.

What do you guys think about it?

 

[phiber]

look's like what we do on eliteK xD

work nice to avoid noobs, but its not enough for a decent hexer/reverser.

 

[SheenBR]

Well, nothing is 100%. But a nice reverser/hexers knows how to hexer/reverser (obvious) so, it can avoid too. Knowing how its done, make it easir to protect.

 

[john_d]

as far as i know there two client verification built-in into cabal.

the client version and magic key.
while i never tested magic key. i know for a fact that client version does actually work.

the only problem with client version is it is easy to find in the client.
well if u can happen to encrypt the client in a good enough fashion that it is impossible to see what is the client version. it should work in theory.

 

[SheenBR]

I Know a packer that is almost impossible to unpack. If you want, i can send its name to you by MP and you can test.

 

[Fl0ryn]

How i can make cabal website ??:| [Pls Help Me]

 

[john_d]

I Know a packer that is almost impossible to unpack. If you want, i can send its name to you by MP and you can test.

go a head.

good timing since i was developing some stuff for cabal too.

 

[balmungx30]

users can easily know the version of the client...if you want to do this you must first hide the client version in order to prevent some users to use another main

 

[SheenBR]

The checksum will not be based on the client version oO

It generate a MD5 Hash of the exe.
If ANY byte is changed all the Hash changes, and then he will not able to start the game

 

[SheenBR]

Cabal Checksum Finished

Hello, i have finished developing the cabal checksum sistem.

Here you can see a screenshot from the SERVER.
Its a console, the language below is pt-br btw.

It has been developed in Visual Basic 2010.

Ant suggestions?

 

[balmungx30]

Re: Cabal Checksum Finished

what if the players use another main without your dll? players can easily recognize the cabalmain version and they can easily use and hex other main to bypass the checksum?

how do you prevent the players use another main ... or better how to do prevent the user to know the cabalmain version?

 

[balmungx30]

my point is they can easily use another hex cabalmain without your DLL if they know the version of your client...i hope you get what i mean >.<

 

[SheenBR]

No they cant. Its just remove some especial code from the exe, put in the dll. then, if its not the dll with the function pasted, the cabal main will crash.

 

[SheenBR]

Re: Cabal Checksum Finished

I said that in my other thread. Check it there.

 

[john_d]

No they cant. Its just remove some especial code from the exe, put in the dll. then, if its not the dll with the function pasted, the cabal main will crash.

verification program? will it be on windows or linux?

 

[Disconnect1]

Re: Cabal Checksum Finished

Hmm very easy to bypass even with this checksum..

 

[SheenBR]

Re: Cabal Checksum Finished

Yes, but not everyone has skills on reverser and assembly, and i think this is the best checksum system we have so far. (or not?)

 

[balmungx30]

Re: Cabal Checksum Finished

if you manage to hide the client version yes it is .... try some experimentation like what you did in internal.txt on your another thread
try to jump the version number inside the cabalmain using empty space then assign a new client version when the cabalmain is loaded...im not good in assembly but this is the way to prevent user to bypass your existing client

 

[phiber]

Re: Cabal Checksum Finished

i will give you 3 advices.

1) 90% of the people who post on this forum dont understand what are you trying to do or what you already do it. Thats means if you are searching for feedback this is not the place.

2) Its a good idea, we have something like that working on elitecabal and for more than a year or system was not bypassed. a good idea maibe is:

client: you will need find the protocol and include your checksun on the login packet.

server: make a proxy to work with the login server, when some login packet arrive, you will check what they send and allow or ignore the login.

protect your dll with some nice packer and its done.

3) you dont need use client's crc, its better if you use some nice cryptokey, all than you need if people dosnt use another exe and if your dll its the one who generate the cryptokey... well tha all.

happy codding.

en español hubiera sido mas facil pero no se si nos permiten postear en los dos lenguajes.

 

[SheenBR]

Re: Cabal Checksum Finished

Well, perhaps if i know where i change the clients version, maybe I can put it inside the cabalmain.