Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

KalOnline Extended Module v2

Status
Not open for further replies.
Junior Spellweaver
Joined
Sep 8, 2006
Messages
166
Reaction score
82
About KOEM V2

KOEM V2 is an add-on for the Kal Online Server and Client. The Project is split in two parts, first the ‘Core API’ on Server and Client, and second Plug-Ins for each Core. The idea in KOEM V2 was only for the future, so can everyone with knowhow in C++ and Kal Online write any powerful Plug-Ins for the KOEM V2. The Core alone can nothing, only with Plug-Ins can KOEM V2 strong. Current I want redevelop all features from KOEM V1 as Plug-Ins for KOEM V2 and that’s the current progress.

The Core comes current without any SDK, so you can only use the current features of the java script engine. The full project is in beta; only people with skills should use this file. As information, with using this files you are accept the terms.

Some information about KOEM v2 and available plug-ins you can take from the Guide of the Core package.

About news you can follow me on my blog:

Download:


Installation

Msvcp100.dll is a Visual c++ 2010 Runtime library file. This file is needed for a c++ application built with Visual C++ 2010. Also you must get and install the Visual c++ 2010 Runtime library file before you can use KOEM v2.

Important, I think on this point you had already a full working server and client!

Global:

1. Before we can begin with the installation of KOEM v2 you need a clean (unpacked) file of Server (MainSvrT.exe) and Client (engine.exe).

2. Now we need to patch the Server and Client, so we need only a hex editor. Too the ‘MainSvrT.exe’ and ‘engine.exe’ must be unpacked; otherwise KOEM v2 can’t work correctly.

3. Start now you favor hex editor and open the binary file of the Server (MainSvrT.exe). Now search to all strings equal with “ADVAPI32.dll” and replace it with “Main.dll”. Saves the changes and close the file. Retry same this with client (engine.exe), but replace “ADVAPI32.dll” with “Client.dll” instead “Main.dll”.

Server:

4. Extract now the core “Server\Main.dll” from the installation archive, and copy the file into the Server directory where is the “MainSvrT.exe” located.

5. Some plug-ins need a license, so we need to copy now the server license file “data.lzs” too into the Server directory where is the ‘MainSvrT.exe’ located.

6. For a quick check we want now to start the server. To see KOEM v2 is started you can check it with a) on the menu point “KOEM”, or about extended loading information in the log window. With any fault try again the steps above?

7. The core is now ready, so we want now to install the available plug-ins. So extract now the complete “Server\PlugIns” directory from the installation archive, and copy the directory into the server directory where is “MainSvrT.exe” located. The plug-in directory is the base directory where KOEM v2 will load plug-ins. The plug-in directory can too include any configuration files of any plug-ins.

8. The core and some plug-ins need some settings, so we want now to extract the “server\config.cfg” file from the installation archive, and copy the file into the server directory where is the “MainSvrT.exe” located.

9. Some plug-ins need maybe game specific configuration files, so we want now to extract all configuration files from the „Server\Config“ directory of the installation archive, and copy the files into the „Config“ directory where is the „MainSvrT.exe“ located.

10. The last step is a quick check, so we want now start again the server. We know the core is started without any problems, but now we want to know all known plug-ins is loaded with KOEM v2. So without any fault you can find for each plug-in a menu entry under “KOEM”, “Plug-ins”. So if we missed any plug-in, so check the steps above again. As information, use all the times the plug-ins with the core you have got.

Client:

11. Now we want to setup the client, so we want now to extract the core “Client\Client.dll” from the installation archive, and copy the file into the directory where is the “engine.exe” located.

12. Some plug-ins need a license, so we need to copy now the server license file “data.lzc” too into the client directory where is the ‘engine.exe’ located.

13. The core is now ready, so we want now to install the available plug-ins. So extract now the complete “Client\PlugIns” directory from the installation archive, and copy the directory into the client directory where is “engine.exe” located. The plug-in directory is the base directory where KOEM v2 will load plug-ins. The difference to the server is here, the client core want only load defined plug-ins from the “plugin.dat” in the Config.pk. In the “plugin.dat” is defining first one the plugin we want to load, second the md5 hash of the plugin file. Only defined plug-ins with the correct md5 hash will be load with the client start. Here below is a example file format.

Format:
Code:
(plugin (file Summon.cpln) (hash 3034a025efeaffcd3de2290b10b1106b))
(plugin (file Protect.cpln) (hash e28f919af7a5bfe66c67adcfe8e7f93d))
14. Now is the time to create the KOEM v2 encoded pk files. To do encode a pk file we need the KOEM v2 command line tool with the name “crypt.exe”. This tool you can find in the installation archive. But before we can use this encoder tool we need before to copy the server license file “datal.lzs” into the directory where is the “crypt.exe” located. We have now two ways to use this encoder tool; one of the ways is to execute the “crypt.exe” via double click. The second way I think is the best and fastest way via drag and drop to the “crypt.exe”. The KOEM v2 encoder tool want few information like the file path to the pk file, too the password of the pk file. Now we can the ‘swordcrypted’ file “config.pk” and “e.pk” encode with the KOEM v2 encoder. If the KOEM v2 encoded pk files a different directory of the client pk location, so we must now copy the KOEM v2 encoded file to the client.

As quick information, some people want maybe to create a batch file to use the KOEM v2 encoder, here a little example.

Code:
@echo off
crypt.exe config.pk JKSYEHAB#9052
crypt.exe e.pk JKSYEHAB#9052
pause
Don’t forget to create the “plugin.dat”; this file is needed to load plug-ins on client!

15. The last step is a quick test, so we want now to start the client to check. If you get a null error message, so try again the steps above. The null error message can have many reasons; begin with wrong password over wrong patched client. The important reason can be a wrong md5 hash in the “plugin.dat” of each plug-in.

Protection

Everyone knows nothing is safe, so you should know this Protect Plug-In has a base of protection, but this alone don’t say your server are is safe with it. It’s alone on the hand of the admin to setup this protect features to a powerful protection. All protection is default disabled! Details about each protection you can take below.

1. Packet En- and Decoding between Server and Client

Sword crypt is the base packets de and encoding between server and client. This protect alone gave in additional a second packets de and encoding to sword crypt.

2. Send Packet from Client to the Server

The client is an old school and some function is known, so too the send function. This protect gave in addition to the core an own send base. This is maybe helpful to block few injects is using the send function.

3. PK En- and Decode of the Client


Thatis I think a favor bypass for something to change or get out from the e.pk or config.pk. This is a must point for using koem v2, without the client will start only with null error. So it’s in additional encoding to sword crypt. KOEM V2 include an own encoder ‘crypt.exe’ to bring the sword crypt encoded ‘e.pk’ and ‘config.pk’ into the koem v2 own encryption.

4. Load KOEM V2 Plug-In

On server site we known koem v2 load all plug-ins in the ‘PlugIns’ directory. That is okay, but I had search a protection to suppress this on the client. The way is easy; some PlugIns must be defined with the filename and md5 hash in a ‘plugin.dat’ in ‘config.pk’. Only Plug-ins will be loaded with the correct hash on client start.

Format:
Code:
(plugin (file Summon.cpln) (hash 3034a025efeaffcd3de2290b10b1106b))
(plugin (file Protect.cpln) (hash e28f919af7a5bfe66c67adcfe8e7f93d))
5. Load Library

On server site we known koem v2 load all libraries in the ‘Libraries’ directory. That is okay, but I had search a protection to suppress this on the client. The way is easy; some libraries must be defined with the filename and md5 hash in a ‘library.dat’ in ‘config.pk’. Only libraries will be loaded with the correct hash on client start.

Format:
Code:
(library (file some.dll) (hash 371b737f19cef75ef02e99c3b62b9df3))
(library (file other.dll) (hash 631b6a98418a6109192cd14436fe98a3))
6. MD5

The md5 protection can be helpful to detect any changes on the own files on the client. This is a two way protection, means definition on server and client sites. With add the ‘md5.dat’ and valid entry’s is the protection active on client. So you can add an md5 hash protection on some file (excluded the ‘config.pk’) in the client directory and must have the format below. Default to own protection you should add the ‘engine.exe’, ‘e.pk’ and ‘client.dll’. The md5 hash is a configuration part of the server and must set in the ‘Protect.txt’. Default you should use this protection, but with ‘false’ instead of the md5 hash you can deactivate this protection.

Format: (md5.dat on client)
Code:
(md5 (file PlugIns\Summon.cpln) (hash 3034a025efeaffcd3de2290b10b1106b))
(md5 (file PlugIns\Protect.cpln) (hash e28f919af7a5bfe66c67adcfe8e7f93d))
Format: (Protect.txt on server)
Code:
[Protect]
MD5OfConfig = 9ef8d02f1263ba3add37b32928352713

7. Account Block System

The account block system is more a feature as protection. Since we know the main server include the ‘block’ command without any function it’s a nice to have feature. So you can manage via in game command ‘/block’ and ‘/unblock’ the blocked accounts in koem v2. This system is comes with three basic feature, 1) permanent block, 2) time block and 3) hardware block. The last feature we know it’s not a solution for the future. You can take few examples below from the list.

Example 1: To block a Player Account permanent use the follow Command:

‘/block –p <player> -n <note>’

Example 2: To block a Player Account and too the active Compute of the Player then use the follow Command:

‘/block –p <player> -c –n <note>’

Example 3: To block a Player Account until defined time (in seconds) use the follow command:

‘/block –p <player> -t <time> –n <note>’

For commands above must be the player online!

Example 4: To get a information about blocked player use the follow Command:

‘/block –info –p <player>’

Example 5: To unblock a Player Account use follow Command:

‘/unblock –p <player>’

8. Console Detect on client

Some easy hack injection use a console as input prompt for the hack. So is the console detection only a little protection with few words.

9. Debugger Detect

The debugger detect has only one purpose, and who is only detect a debugger in the process to protect primary koem files.

10. Inix Hack Shield Bypass Detect

We known the own hack shield of the client is out of date but include much other maybe protection there are not include in koem v2 protection. The Inix Hack Shield Bypass detect do exactly that’s as the title say. The client must start so with the own hack shield of the client.

11. Skill Cool Down

In all my projects before include too a skill cool down protection, and I think that’s one of the powerful protection of koem v2. That’s a must activate protection! The configuration file is the ‘InitSkill.txt’ of the main server. There are you can find each skill the ‘delay’ tag and only the second parameter is of interesting for us. There are you can define the cool down times each skill. I think some people don’t use this protection because it’s maybe to hard calculate the exactly cool down value and will got a kick with use any skills. But I say that’s not a reason to disable this protection! Few skills have a formula and with it we know it’s not a fix cool down value. So take the formula from the client and put the max skill level into the formula to get the lowest skill cool down value. My suggestion is add a little margin in the cool down value. In the last step you must activate this protection in the ‘PlugIns\Protect.txt’. An fast and easy way to get the fix value of each plug-in is the learn mode. Is the protection in learn mode, so will get the protection automatic the lowest cool down value. The command ‘/learnon will turn on the cool down learn mode, and only the skills are used from the admin can have an effect in learn mode. What’s we want to know is, the admin should be have all skills with the max level. So try few times (like while three minutes) an skill, so you will get a information about found a new cool down value. Try this for each skill and each class. The last step is to turn off the learn mode with the command ‘/learnoff’. With the server shutdown will protect write a new ‘InitSkill.txt’ file.

12. Max Attack Points

The main server has few bugs where you can do a buffer overflow to get with it a max attack point’s overflow. This is then an abnormal condition in the game, and the player can do one hit on a monster. This protection will detect the above described problem. In the ‘Protect.txt’ you can define the max allowed attack points. The special cases are the admin in the game, because this protection applies only on normal players. Here again, this protection is a must to activate.

13. Invalid state at CSocket

We should know the message ‘Invalid state at CSocket’ is an abnormal condition on the server. I can only report about this message in combine with injects (using the send function on client) hacks on client site. So will this protect kick every client where caused this message. This is a no adjustable protection and is permanent activated.

14. Underground or Fly

Where don’t know about this problem where a player is in game underground or in the air. The fact is only player there want to hide something use this way. So this protection will check constant with a little difference the z coordinates between server and client.

15. Move

The move hack is too an old school hack, and we know all about it. I know two ways to change the movement speed on the client, 1) over the hack injection and 2) via memory tool (like UCE). With both ways can change the movement speed. This protection will compare the movement speed between server and client.

16. Force Emotion

The force emotion (known as force dance) hack is a bug of the main server, but more a programming conception error in my eyes. Most here too is an injection hack, where collect the object ids of all players around and send then a force emotion packet with the object id of each player in around. This protect will compare the sending objection id with the own object id of the player where are sending the emotion.

17. Put On Item

One of the first kal online hack is the fast sword change between one and two hand sword. With the put on item protection is a delay between change weapon and equipment. This protection is permanent active and can’t turn off.

18. Mix System

I think the interest of inixsoft was to done fast the mix system at their time without any checks. The mix system concept is not really thought through. The check of items is the job of the client and the server don’t check the items. Really a bad idea! That is a permanent bug and can’t fix with remove the mix master from the server, or remove the mix items. Primary known is the imperial hack with the mix system where is send a mix packet with wrong low worth items. This protection check now each grades all items is needed for mixing. The second bug in the mix system is important, and with it a reason to activate this protection. With sending a wrong mix packet, means main item is too a part of the mix items like stone or secondary weapon, then will crash the server with successfully mixing. This bug is too solved with the mix system protection.

19. Secondary Password (separate)

The secondary password is a new protect feature, and include now with koem v2 protect Plug-in. To use this feature you need an extra license for the secondary password system, so it’s not a part of the base of protection. The concept is easy, after successfully login with primary login id and password, will prompt the input window for the secondary password. With the first login with this system will prompt then create secondary password windows. The secondary password can change too on the client. All secondary passwords are stored in the koem v2 own text base database (database.dat). On client site are follow files is needed in ‘e.pk’: ‘login2_create.dat’, ‘login2_replace.dat’ and ‘login2.dat’. These three files you can take from the archive.

20. Connection Flooding

The connection flooding protection can help to detect a flooding of connection. In the ‘protect.txt’ you can define any values, like fast connection time or max allowed connection per ip and more. All times are in milliseconds.


I hope I can help this community with this release.

Good luck.

UPDATE 2011-09-18:

A new update is now available to download as package , or over the update function in KOEM menu. This update include follow bug fixes; 1) the java script engine crash the server until shutdown progress, this is now fixed and should solved the bug with losing data in the database, 2) each database object had normal a auto sort by child count, this was the problem like in the instance level order, this should now solved too with this release, 3) and the last known bug I had found in the script manager on the client Core, that’s is the reason why the engine got crashed until use custom scripts like Recall or Secondary Password, this bug is now also solved.

But the primary change is on the base of the Core and Plug-ins. The Core and each Plug-in use now two new shared libraries, first the Runtime (Runtime.dll); its share objects each for server and client, second the Public (Public.dll); its shared objects can be used from Server and Client. This is a step forward to the SDK release. Please read the installation instruction in the guide!

Also I want to inform about the current status of the SDK for KOEM v2. I know the current SDK include some stuff to develop own Plug-ins, only as example the stuff I use for my own Plug-ins, but the SDK is still under develop. I think I want to release in the next days the first base of the SDK with an all-in-one example for server and client, but the SDK will don’t include documentation about the API. That’s is then only a release for people with knowhow, or for people with fast understand or so …

UPDATE 2011-09-25:

A new update is now available to download as package only , I had stopped the update support over update server. This update includes some bug fixes, some changes and also I removed few features. More about the update changes you can take from the change history from the release package.
 
Last edited:
Initiate Mage
Joined
May 5, 2011
Messages
14
Reaction score
1
nice to see ;) very good work, but, what we can do with it? How secure he our server? And it gives any new commands like /block -p - bla bla bla xD



but rly very nice work
 
Initiate Mage
Joined
Jun 18, 2010
Messages
86
Reaction score
147
Wee~ Toys to play with!

EDIT: Install or crack, install or crack ? Wait, I have to install it before I try to tamper with it! FFS (屮゜Д゜)屮

AyleN, I've got a few questions for you.
Why do you still use MD5 ? As you probably know, md5 has been deprecated for a long time now.. I'd say SHA-1 is more secure..
And I'm curious about your packet encryption, does it match up with SSL ? (regardless of the hackers) =]

EDIT2:
Only libraries will be loaded with the correct hash on client start.
What if I don't want the client to start at all when the hash is wrong ?

EDIT3: In my opinion, you should make a little SDK with a header file linked to your plugins (for both client and server), so it becomes possible to use some functions of them, like sending our own packets, or accessing the blocklist by ourselves (I wanted to make a MB_OK box appear with the reason of the block inside, when logging in).
 
Last edited:
Junior Spellweaver
Joined
Sep 8, 2006
Messages
166
Reaction score
82
Very well done, to what extent can the server be modified using the plugins? As I recall you could pretty much do mem editing, packet sending/receiving, etc?

These are current only the Core files and I think before I can release the SDK of KOEM v2 I need some more time. Current I had add all own stuff into the core I had needed in my own plug-ins. So you can observer some stuff of the main server, like begin with catch packets, modify packets, add u own packet en- and decoder and much more.

Here as example all current available observers on Server:

Code:
kServerStartedObserver, kServerReadyObserver, kPacketEncoderObserver, kPacketDecoderObserver, kNewMonsterObserver, kCommandObserver, kPacketObserver, kPlayerCreateObserver, kPlayerRemoveObserver, kRemoveMonsterObserver, kItemHandlerObserver, kShutdownStartedObserver, kMonsterRealAfterDamageObserver, kPlayerDeathByMonsterObserver, kPlayerEnterWorldObserver, kPlayerLeaveWorldObserver, kPlayerQuitRequestdObserver, kPlayerRelogRequestdObserver, kLoadingObserver, kQuestRequestObserver, kTeleportObserver, kSaveLocationRequestObserver, kStartFromVillageObserver, kLoginObserver, kLoggedInObserver, kLogoutObserver, kInvalidStateAtCSocketObserver, kPlayerSaveAllPropertyObserver, kPlayerPutOffItemObserver, kPlayerPutOnItemObserver, kCreateMixItemObserver, kUpgradeMixItemObserver, kConnectObserver, kDisconnectObserver, kItemTransformUpdateExpObserver, kPlayerUpdatePropertyObserver, kDropChanceObserver, kProcessMsgObserver, kStatusObserver, kFinalDamageObserver, kFatalDamageObserver, kPlayerDamageObserver


Wee~ Toys to play with!

EDIT: Install or crack, install or crack ? Wait, I have to install it before I try to tamper with it! FFS (屮゜Д゜)屮

AyleN, I've got a few questions for you.
Why do you still use MD5 ? As you probably know, md5 has been deprecated for a long time now.. I'd say SHA-1 is more secure..
And I'm curious about your packet encryption, does it match up with SSL ? (regardless of the hackers) =]

Yes I’m agreeing you, but md5 is the base since beginning with koem, so I think this is the primary reason. I see you are done with the inspection of the released files? I never said my protection is the best protection, but I think good enough to block some poop. The packet encryption, it’s don’t do something with ssl.

hat wer auch den fehler "Ordnungszahl 5 wurde in der Main.dll nicht gefunden" ???

Bisher hat keiner meiner Tester so einen Fehler bekommen. Hast du die Visual c++ 2010 Runtime library installiert?
 
Initiate Mage
Joined
Jun 18, 2010
Messages
86
Reaction score
147
Yes I’m agreeing you, but md5 is the base since beginning with koem, so I think this is the primary reason. I see you are done with the inspection of the released files? I never said my protection is the best protection, but I think good enough to block some poop. The packet encryption, it’s don’t do something with ssl.

Hm, I see, will there be any way to upgrade it ourselves ?
And I didn't complain about it o:
I did look at the files of KalSage, but not these yet.
And it is indeed good enough to block most of the crap out there =]
And yeah, okay, but would you say it's secure enough to handle confidential data ?
 
Junior Spellweaver
Joined
Sep 8, 2006
Messages
166
Reaction score
82
Hm, I see, will there be any way to upgrade it ourselves ?
And I didn't complain about it o:
I did look at the files of KalSage, but not these yet.
And it is indeed good enough to block most of the crap out there =]
And yeah, okay, but would you say it's secure enough to handle confidential data ?

That is the reason why I had changed the development from Borland to Visual Studio, stopped the development on the first version of koem, and had rewrites some stuff of koem v1 to v2. The reason is only when I quick the KalOnline Community, can everyone develop own stuff. But I don’t know about the C++ skills, and I hope with the coming SDK soon it’s easy enough to develop with it. That’s was as example to a reason to add a java script engine into the core. This script engine core is too available in this release here.

About you last question, I don’t have really an answer to this question; maybe or maybe not. But I want add some stuff into the protection, if someone explain me about not available protections.
 
Skilled Illusionist
Joined
Feb 25, 2007
Messages
342
Reaction score
70
Seriously, noobs wont understand it anyway & guys who are familar with this kind of stuff will rather use their own base.

Not true, there are quite a few people here who can code websites in PHP and Javascript but do not have C++ knowledge. Javascript is also very easy to pick up and doesn't require any extra programs or compilers to use.
 
Experienced Elementalist
Joined
Apr 1, 2007
Messages
236
Reaction score
61
Not true, there are quite a few people here who can code websites in PHP and Javascript but do not have C++ knowledge. Javascript is also very easy to pick up and doesn't require any extra programs or compilers to use.

I know PHP, but not C++ lol. But that's because I haven't seen a purpose to learn to it yet, but it's on my to-do list.

Nice release AyleN :)
 
Skilled Illusionist
Joined
Feb 25, 2007
Messages
342
Reaction score
70
If you can code PHP then Javascript should be very easy for you.

I'm working on an extension for my config editor now that crypt.exe has been released.

It will basically just convert any files inside a specific folder to a .pk with SwordCrypt and from there crypt.exe will convert to the .pk needed for KOEM v2.
 
Helper for everyone
[VIP] Member
Joined
Oct 30, 2010
Messages
1,181
Reaction score
228
Thanks Aylen but why u didnt sell it? not for free xD
 
Experienced Elementalist
Joined
Dec 19, 2008
Messages
268
Reaction score
2
Hmm i got problem with skill cooldown protect when i put to true i can't attack mobs on game any one can help?
 
Elite Diviner
Joined
Sep 3, 2008
Messages
443
Reaction score
142
Bug found:

When you wear example full g32/g42 your attack become lower and if you take off your armor its back normal.

Maybe someone else find out what wrong?

- bd0rk's
 
Status
Not open for further replies.
Back
Top