Welcome!

Join our community of MMORPG enthusiasts and private server developers! By registering, you'll gain access to in-depth discussions on source codes, binaries, and the latest developments in MMORPG server files. Collaborate with like-minded individuals, explore tutorials, and share insights on building and optimizing private servers. Join us today and unlock the full potential of MMORPG server development!

Join Today!

Research into HKO

zhongtiao1 If I remember correctly, the client needs to know the content of:


On the latest client version is located at:


I remember I couldn't enter the game if hkopatch server was down. That's why later they moved it directly on hellokittyonline

It moves automatically beyond the autoupdate screen if you just wait for about 30 seconds. It just gives up and moves on
 
Launch hko.exe with the execute_by_leading argument and it will skip the auto update process completely.
Other arguments are windowed_mode, no_change_color_depth & special
On older client "special" makes the window big and mostly black, on newer clients it doesn't seem to do anything.
 
here is the full original leak's db

it has some extra accounts / and players and im not sure but it looks like the npc server is logging into accounts to play the game, but i have found after a bit of this
i have found that
1. the ip is in a file named lobby_info.txt
2. lobby_info.txt is inside tables\client_table.sdb
3. the game is written in delphi and i dont know shit bout delphi

so here we go on what i found
so its doin some weird stuff to call wsock connect but i could probably make a hook but the problem is ive tried forcing the ip and its getting weird results im not sure its using the right port tho now that i think about it ill have to check that next. if i follow the structure here
then that should be the port
but assuming its not and that its using their default ports i just change the ip tho and this is what i see

i change it to this

i probably didnt need to go that overkill since the second one before last is the "edx" register and edx -16 is passed to connect which is done here

this goes to here which calls the wsock connect i think if i made a hook i would jack the shit here its a sexy spot




from what i have seen it looks like we need a sdb packer/unpacker to be made first since the put the connect info in there and the reason a hook is little hard is cause its got some weird calls thru the delphi library stuff and also when i just change the ip manually it some how corupts the shit and im zero terminating my string and its smaller than the string im replacing and ipaddr should be char[15] otherwise i have no idea why its padded with 0's so it should be fine but some how it has a problem. but im gunna test if its the port now i just noticed that shit



i really want this game working haha



i got the client to connect now the port was actually not in the place i expected it it was a bit above the area there

doing that got this on the server




well its connecting now then logging out after doing nothing.
so ill be working on it a bit more now dam thot i was close ha
 
Last edited:
here is the full original leak's db

it has some extra accounts / and players and im not sure but it looks like the npc server is logging into accounts to play the game, but i have found after a bit of this
i have found that
1. the ip is in a file named lobby_info.txt
2. lobby_info.txt is inside tables\client_table.sdb
3. the game is written in delphi and i dont know shit bout delphi

so here we go on what i found
so its doin some weird stuff to call wsock connect but i could probably make a hook but the problem is ive tried forcing the ip and its getting weird results im not sure its using the right port tho now that i think about it ill have to check that next. if i follow the structure here
then that should be the port
but assuming its not and that its using their default ports i just change the ip tho and this is what i see

i change it to this

i probably didnt need to go that overkill since the second one before last is the "edx" register and edx -16 is passed to connect which is done here

this goes to here which calls the wsock connect i think if i made a hook i would jack the shit here its a sexy spot




from what i have seen it looks like we need a sdb packer/unpacker to be made first since the put the connect info in there and the reason a hook is little hard is cause its got some weird calls thru the delphi library stuff and also when i just change the ip manually it some how corupts the shit and im zero terminating my string and its smaller than the string im replacing and ipaddr should be char[15] otherwise i have no idea why its padded with 0's so it should be fine but some how it has a problem. but im gunna test if its the port now i just noticed that shit



i really want this game working haha



i got the client to connect now the port was actually not in the place i expected it it was a bit above the area there

doing that got this on the server




well its connecting now then logging out after doing nothing.
so ill be working on it a bit more now dam thot i was close ha

This is awesome man! Thanks for looking into it!

Just a note, you don't have to switch the ip if you set the server port to 25000. The founders beta automatically looks to see if 25000 is open and will connect locally, giving the same notice. I'll check out the database too, nice find!

We all want this game working again :) I look forward to any progress you make!

EDIT: one thing I notice is that the database you linked has a couple more player values. I think this db will work better with the NPC_SERVER. Shouldn't change the ability to login, but it is a better version than what I had :)
 
Last edited:
ok im making a hook.



the hook will allow setting ip and port manually until we get a sdb packer
after looking thru the shit it looks like H;Y might be the key for the encryption and it looks like its just xor i can probably write a unpacker / decryptor /packer / encryptor for this haha



ill probably have the hook done by tonight then i can use it to start figuring out why the client doesnt continue past this point would make it easier to debug the server too since i wouldnt have to debug the client just to proc a connect but yeah i could do the port thing but im lazy and wanna do it my way lol



http://prntscr.com/xqs2v7 some progress for the night i got a hook goin : )
 
ok im making a hook.



the hook will allow setting ip and port manually until we get a sdb packer
after looking thru the shit it looks like H;Y might be the key for the encryption and it looks like its just xor i can probably write a unpacker / decryptor /packer / encryptor for this haha



ill probably have the hook done by tonight then i can use it to start figuring out why the client doesnt continue past this point would make it easier to debug the server too since i wouldnt have to debug the client just to proc a connect but yeah i could do the port thing but im lazy and wanna do it my way lol



some progress for the night i got a hook goin : )

Awesome! Could this hook be extended to support different database versions? Even just a newer version of MySQL would fix a lot of security flaws. Maybe hook into both the server and the client?
 
i finished the hook for ip/port writing


the launcher is just used to inject the dll you can edit the pe to load the dll directly or use another injector you only need the dll and the ini

1. copy all 3 files to hko client folder
2. edit port / ip in the HelloPussy.ini
3. start hellopussylauncher
4. figure out how to get the client to login past this point haha thats next goal. debug server /client for whats preventing it to login.


injector VT
dll hook VT

took me 1 day to make all this it was pretty nasty T.T i was wrong about that key stuff i was actually seeing the pointer to a function i think its how the delphi shit is proxying the calls or w/e its doin its gross they have jmps everywhere to functions that should be called by the code i feel like its some sort of wrapper type of shit cause every call thats outside the game is passed thru a function and its doing a call based on a parameter as if some thing like

void callfunction ( void* address)
{
call address();
}
 
i finished the hook for ip/port writing


the launcher is just used to inject the dll you can edit the pe to load the dll directly or use another injector you only need the dll and the ini

1. copy all 3 files to hko client folder
2. edit port / ip in the HelloPussy.ini
3. start hellopussylauncher
4. figure out how to get the client to login past this point haha thats next goal. debug server /client for whats preventing it to login.


injector VT
dll hook VT

took me 1 day to make all this it was pretty nasty T.T i was wrong about that key stuff i was actually seeing the pointer to a function i think its how the delphi shit is proxying the calls or w/e its doin its gross they have jmps everywhere to functions that should be called by the code i feel like its some sort of wrapper type of shit cause every call thats outside the game is passed thru a function and its doing a call based on a parameter as if some thing like

void callfunction ( void* address)
{
call address();
}

Would I just drag and drop the dll into the install folder?



Something interesting, when I use the new hko.sql file you posted, I get this error:

Assertion failed: 0 && "Cannot load FuncTable!!", file C:\Project\Kitty\src-last\_projects\hko_server\main.cpp, line 254

Any idea why? Also, we now know what the source code layout is like, so a small win?
 
oh i got a good understanding this shit is wide open in the asm the only nasty stuff is delphi but if you open this up in ida 6.8 + its nice also im using the new x96dbg when i am used to using olly and its actually pretty crazy.
just put all the shit in my zip into your hko folder like this
 
oh i got a good understanding this shit is wide open in the asm the only nasty stuff is delphi but if you open this up in ida 6.8 + its nice also im using the new x96dbg when i am used to using olly and its actually pretty crazy.
just put all the shit in my zip into your hko folder like this
Alright, thanks. Any idea why the assert error occurred with your hko.sql?



Maybe it's not actually the new hko.sql file...

Ugh, time to reinstall MySQL again

EDIT: Nope, I'm just an idiot and deleted the FuncTable file. Don't mess with the Func guys



Look What I found!

zhongtiao1 - Research into HKO - RaGEZONE Forums


I had no idea this menu in the server even existed. If you press enter twice quickly after all of the zones are created, you can input commands.

The only working commands are:
help
TotalUser
shutdown
show
list

These are all case-sensitive. Also, Show and List expect a second option, but I don't know what that would be

One more thing, there are 76 NPCs and 3 Angels in the NPC Server.


rezashouse How did you get the HelloPussy Hook cmd screen to show up? When I launch it, it just goes into the game, no cmd window like you have
 
Last edited:
dbg=1 in the ini



http://prntscr.com/xrvhk1



these servers dont have shit implemented lol
i think this servers are junk actually since its like some pre beta version when i was looking thru ida it was really easy to do the server changes i needed beause .... there is nothing there.... so i think this is one of those cases since we have a client and a sorta working server ..... we probably need to make a emulator.



would just need to use the servers as a example for some things and its not too bad with ida's asm -> c interpreter the delphi shit is kinda in the way but we could make a emulator using like c++ or c# fk delphi



since the servers run we can do live runtime debugging which gave me alot more info than just using ida with the binary thats how i found how i found where the functions do their jumps to the library calls
 
dbg=1 in the ini







these servers dont have shit implemented lol
i think this servers are junk actually since its like some pre beta version when i was looking thru ida it was really easy to do the server changes i needed beause .... there is nothing there.... so i think this is one of those cases since we have a client and a sorta working server ..... we probably need to make a emulator.



would just need to use the servers as a example for some things and its not too bad with ida's asm -> c interpreter the delphi shit is kinda in the way but we could make a emulator using like c++ or c# fk delphi



since the servers run we can do live runtime debugging which gave me alot more info than just using ida with the binary thats how i found how i found where the functions do their jumps to the library calls

One thing I did notice is that you aren't using the Founder's Beta client. Maybe that has something to do with it?
 
well I guess we will have to wait for another one helping us with HKO server/client :*:
 
zhongtiao1 - Research into HKO - RaGEZONE Forums


We got past the login screen! Thanks to the help of redcrafter, we managed to make it past the login screen. However, now the rest of the server needs to be reimplemented.

For this, we need another person to continue where Redcrafter left off.

If you know of anyone with the skills to help reimplement the server, let me know and I can hook them up with more information.
 
zhongtiao1 - Research into HKO - RaGEZONE Forums


We got past the login screen! Thanks to the help of redcrafter, we managed to make it past the login screen. However, now the rest of the server needs to be reimplemented.

For this, we need another person to continue where Redcrafter left off.

If you know of anyone with the skills to help reimplement the server, let me know and I can hook them up with more information.


yeeeeeeeeeeeees!!! that super news!! awesome!
 
zhongtiao1 - Research into HKO - RaGEZONE Forums


We got past the login screen! Thanks to the help of redcrafter, we managed to make it past the login screen. However, now the rest of the server needs to be reimplemented.

For this, we need another person to continue where Redcrafter left off.

If you know of anyone with the skills to help reimplement the server, let me know and I can hook them up with more information.
What great news!! I'm looking forward to hopefully being able to play the game again!
 
zhongtiao1 - Research into HKO - RaGEZONE Forums
We got past the login screen! Thanks to the help of redcrafter, we managed to make it past the login screen. However, now the rest of the server needs to be reimplemented. For this, we need another person to continue where Redcrafter left off. If you know of anyone with the skills to help reimplement the server, let me know and I can hook them up with more information.
I'm so glad! I hope one day we can get this working! I've been wanting to play this again for so long!
 
Back