Newbie Spellweaver
- Joined
- Mar 9, 2010
- Messages
- 70
- Reaction score
- 11
You must be registered to see links
Fiel had cracked it and uploaded formulas, images, etc. a while back, feel free to check it out.
Diamondo already has a fully functional server emulator with most of the game coded and has reversed the packing algorithm for every single files. He was already able to modify textures, models, maps, sounds/musics and shaders. He already has 100% of all packets handled correctly and everything will be released within the next week.
i w0t m8
Yes, I did work on a server. The alpha one at least. I also tried unpacking the new files. They indeed changed the logic to also support 2 kinds of encryptions (which they both use). One of it is a XOR, the other one is AES. They use Crypto++ in combination with streams to decode the data. I've worked on this on my macbook while I was on holiday. Debuggers didn't work so most of the time I was busy RE-ing the client and testing. Sounds a bit disappointing, isn't it?
i w0t m8
Yes, I did work on a server. The alpha one at least. I also tried unpacking the new files. They indeed changed the logic to also support 2 kinds of encryptions (which they both use). One of it is a XOR, the other one is AES. They use Crypto++ in combination with streams to decode the data. I've worked on this on my macbook while I was on holiday. Debuggers didn't work so most of the time I was busy RE-ing the client and testing. Sounds a bit disappointing, isn't it?
Where did he say he would release something?
___:016D4628 00000049 C Cryptographic algorithms are disabled after a power-up self test failed. ___:016D4678 00000054 C Cryptographic algorithms are disabled before the power-up self tests are performed.
___:018C6CB8 00000015 C .?AVIBufferCrypter@@
___:018C6CD8 00000012 C .?AVCXORCrypter@@
___:018C6CF4 00000014 C .?AVCTableCrypter@@
___:018C6D10 00000018 C .?AVCRearrangeCrypter@@
___:018C6D30 0000002A C .?AV?$TSingleton@VCBufferCryptManager@@@@
___:018C6D64 0000001A C .?AVCBufferCryptManager@@
___:018D0A1C 00000019 C .?AVException@CryptoPP@@
___:018D0A40 0000001F C .?AVInvalidArgument@CryptoPP@@
___:018D0A68 00000038 C .?AVParameterNotUsed@AlgorithmParametersBase@CryptoPP@@
___:018D0AF8 00000027 C .?AVAlgorithmParametersBase@CryptoPP@@
___:018D0B28 00000063 C .?AV?$StringSinkTemplate@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@CryptoPP@@
___:018D0B94 0000002D C .?AV?$Bufferless@VSink@CryptoPP@@@CryptoPP@@
___:018D0BCC 00000014 C .?AVSink@CryptoPP@@
___:018D0BE8 00000026 C .?AVBufferedTransformation@CryptoPP@@
___:018D0C18 00000019 C .?AVAlgorithm@CryptoPP@@
___:018D0C3C 00000018 C .?AVClonable@CryptoPP@@
___:018D0C5C 00000018 C .?AVWaitable@CryptoPP@@
___:018D0C7C 0000001E C .?AVNotImplemented@CryptoPP@@
___:018D0D7C 0000002F C .?AV?$AlgorithmParametersTemplate@H@CryptoPP@@
___:018D0DB4 00000030 C .?AVValueTypeMismatch@NameValuePairs@CryptoPP@@
___:018D0DF8 00000031 C .?AV?$AlgorithmParametersTemplate@PBH@CryptoPP@@
___:018D0F00 00000051 C .?AV?$AlgorithmParametersTemplate@VConstByteArrayParameter@CryptoPP@@@CryptoPP@@
___:018D0F5C 0000001D C .?AVBaseN_Decoder@CryptoPP@@
___:018D0F84 00000030 C .?AV?$Unflushable@VFilter@CryptoPP@@@CryptoPP@@
___:018D0FBC 00000016 C .?AVFilter@CryptoPP@@
___:018D0FDC 0000001B C .?AVNotCopyable@CryptoPP@@
___:018D1000 0000001B C .?AVCannotFlush@CryptoPP@@
___:018D1024 0000001D C .?AVBase64Decoder@CryptoPP@@
___:018D104C 0000001B C .?AVStringStore@CryptoPP@@
___:018D1070 00000015 C .?AVStore@CryptoPP@@
___:018D1090 0000005F C .?AV?$AutoSignaling@V?$InputRejecting@VBufferedTransformation@CryptoPP@@@CryptoPP@@@CryptoPP@@
___:018D10F8 00000043 C .?AV?$InputRejecting@VBufferedTransformation@CryptoPP@@@CryptoPP@@
___:018D1148 00000051 C .?AUInputRejected@?$InputRejecting@VBufferedTransformation@CryptoPP@@@CryptoPP@@
___:018D11A4 00000027 C .?AVConstByteArrayParameter@CryptoPP@@
___:018D11D8 00000038 C .?AV?$SourceTemplate@VStringStore@CryptoPP@@@CryptoPP@@
___:018D1218 00000016 C .?AVSource@CryptoPP@@
___:018D1238 00000033 C .?AV?$InputRejecting@VFilter@CryptoPP@@@CryptoPP@@
___:018D1278 00000041 C .?AUInputRejected@?$InputRejecting@VFilter@CryptoPP@@@CryptoPP@@
___:018D12C4 0000001C C .?AVStringSource@CryptoPP@@
___:018D12E8 000000D2 C .?AV?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@
___:018D13C8 00000086 C .?AV?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@CryptoPP@@
___:018D1458 00000061 C .?AV?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@
___:018D14C4 0000001E C .?AVCTR_ModePolicy@CryptoPP@@
___:018D14F0 00000053 C .?AV?$ModePolicyCommonTemplate@UAdditiveCipherAbstractPolicy@CryptoPP@@@CryptoPP@@
___:018D154C 0000001E C .?AVCipherModeBase@CryptoPP@@
___:018D1574 0000001F C .?AVSymmetricCipher@CryptoPP@@
___:018D159C 00000025 C .?AVSimpleKeyingInterface@CryptoPP@@
___:018D15CC 00000024 C .?AVStreamTransformation@CryptoPP@@
___:018D15F8 0000002C C .?AUAdditiveCipherAbstractPolicy@CryptoPP@@
___:018D162C 00000025 C .?AVRandomNumberGenerator@CryptoPP@@
___:018D165C 00000015 C .?AVEmpty@CryptoPP@@
___:018D1680 0000003F C .?AV?$BlockCipherFinal@$0A@VEnc@Rijndael@CryptoPP@@@CryptoPP@@
___:018D16C8 0000006A C .?AV?$ClonableImpl@V?$BlockCipherFinal@$0A@VEnc@Rijndael@CryptoPP@@@CryptoPP@@VEnc@Rijndael@2@@CryptoPP@@
___:018D173C 0000001C C .?AVEnc@Rijndael@CryptoPP@@
___:018D1760 0000001D C .?AVBase@Rijndael@CryptoPP@@
___:018D1788 0000004A C .?AV?$BlockCipherImpl@URijndael_Info@CryptoPP@@VBlockCipher@2@@CryptoPP@@
___:018D17E0 0000008F C .?AV?$AlgorithmImpl@V?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@V12@@CryptoPP@@
___:018D1878 0000006F C .?AV?$SimpleKeyingInterfaceImpl@V?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@V12@@CryptoPP@@
___:018D18F0 00000043 C .?AV?$TwoBases@VBlockCipher@CryptoPP@@URijndael_Info@2@@CryptoPP@@
___:018D193C 0000001B C .?AVBlockCipher@CryptoPP@@
___:018D1960 00000023 C .?AVBlockTransformation@CryptoPP@@
___:018D198C 0000001D C .?AURijndael_Info@CryptoPP@@
___:018D19B4 00000026 C .?AV?$FixedBlockSize@$0BA@@CryptoPP@@
___:018D19E8 0000003D C .?AV?$VariableKeyLength@$0BA@$0BA@$0CA@$07$03$0A@@CryptoPP@@
___:018D1A58 00000138 C .?AV?$CipherModeFinalTemplate_CipherHolder@V?$BlockCipherFinal@$0A@VEnc@Rijndael@CryptoPP@@@CryptoPP@@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@2@@CryptoPP@@
___:018D1B98 0000005A C .?AV?$ObjectHolder@V?$BlockCipherFinal@$0A@VEnc@Rijndael@CryptoPP@@@CryptoPP@@@CryptoPP@@
___:018D1C00 0000021A C .?AV?$AlgorithmImpl@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@CryptoPP@@V?$CipherModeFinalTemplate_CipherHolder@V?$BlockCipherFinal@$0A@VEnc@Rijndael@CryptoPP@@@CryptoPP@@V?$ConcretePolicyHolder@VEmpty@CryptoPP@@V?$AdditiveCipherTemplate@V?$AbstractPolicyHolder@UAdditiveCipherAbstractPolicy@CryptoPP@@VCTR_ModePolicy@2@@CryptoPP@@@2@UAdditiveCipherAbstractPolicy@2@@2@@2@@CryptoPP@@
___:01911C50 0000001F C .?AVSelfTestFailure@CryptoPP@@
___:01911C78 00000037 C .?AUNoChannelSupport@BufferedTransformation@CryptoPP@@
___:01911CB8 00000020 C .?AVInvalidKeyLength@CryptoPP@@
___:01911CE0 00000021 C .?AVInvalidCiphertext@CryptoPP@@
___:01911D0C 00000021 C .?AVInvalidDataFormat@CryptoPP@@
___:01911D38 00000022 C .?AVByteArrayParameter@CryptoPP@@
___:01911D68 00000039 C .?AW4BlockPaddingScheme@BlockPaddingSchemeDef@CryptoPP@@
___:01911DB0 00000038 C .?AUBlockingInputOnly@BufferedTransformation@CryptoPP@@
Not that I have interest and knowledge for reversing the client, but there are lot of strings in the client referencing key areas like packets, mostly, I guess were used for logging during development. Eric
Eric Why don't you try releasing some of your stuff and see if people are interested?
Don't really want to risk it honestly.. Besides, I'd want to (at least get close to) finishing my MS2 emulator before I would release anything anyways. People can go memory dump the CBT client and start debugging it. Pretty sure Nexon just packed this client, I didn't find any virtualization in any of the important functions like they would be in MapleStory.
i think i just found packet encryption and packet creatorDon't really want to risk it honestly.. Besides, I'd want to (at least get close to) finishing my MS2 emulator before I would release anything anyways. People can go memory dump the CBT client and start debugging it. Pretty sure Nexon just packed this client, I didn't find any virtualization in any of the important functions like they would be in MapleStory.