Hey guys miss ya all <3
this is a small dll source code that i coded in the past when i was interesting in silkroad development.
What does the job: protecting from sniffing the BFK of the .PK2 files
How to use:
First of all you must get the push address from the client .exe files aka (sro_client.exe , replacer.exe , silkroad.exe)
i will provide here the vsro 188 address
sro_client.exe:
silkroad.exe:
replacer.exe:
now what i have to do after i got the address i will replace them in this function:
now i have to generate the xor key o.o this is example and change it in the dll source code
now what ?, you have to compile the dll, and add call to the dll in the exes by Import REConstructor 1.7e FINAL, remove the old bfk in the exe files like 169841 make it 90 90 90 90 90 90 or 00 00 00 00 00 00 cuz after you are importing this dll there is no use for the real bfk in the client anymore
note: i didnt provide how to generate the xor key, cuz i want this section to think how to do that, use your brain , and try to be more respectful in silkroad community, google is your friend
note2: this method have nothing to do with any other methods i used in any servers development i was in, for example Ludoworks
note3: after some days i will provide how to generate the xor key but like i said above i would like to see development instead of creating servers...
note4: you have to recompile the dll 3 times to change the address for every .exe file
source code in attachments, enjoy love ya guys , new hope, crayu , perry , pokemon man , synx , caipi , PowerPoint , and all of my friends and sro community
Greetings: MeGaMaX
this is a small dll source code that i coded in the past when i was interesting in silkroad development.
What does the job: protecting from sniffing the BFK of the .PK2 files

Code:
#include <windows.h>
#include <stdio.h>
#include <string.h>
#include "xorstr.h"
#include "detours.h"
#pragma comment(lib,"detours.lib")
#define ARRAYSIZE(x) sizeof(x)/sizeof(x[0])
DWORD g_ProtectAddress[] =
{
0x004978B8,
0x004CCC4A,
0x004CCE1F,
0x0083A84D,
0x0083A8B1,
0x0083A90D,
0x0083A9C5,
0x0083A969,
0x0083AE69
};
DWORD RandomKey;
char* pszKey;
DWORD GetRandomValue()
{
DWORD value;
__asm
{
rdtsc
mov value ,eax
}
return value;
}
DWORD GetJmpAddr(PBYTE pJmp)
{
DWORD m_Addr;
__asm
{
mov eax,pJmp
add eax,[eax+1]
add eax,5
mov m_Addr,eax
}
return m_Addr;
}
__declspec(naked) void _protectme()
{
__asm
{
pushfd
push edx
push eax
mov eax,RandomKey
not eax
xor eax,pszKey
not eax
mov edx,[esp+0xC]
mov [esp+0xC],eax
mov eax, edx
pop edx
push eax
mov eax, dword ptr [esp+0x8]
push eax
popfd
mov eax, dword ptr [esp+0x4]
retn 0x8
}
}
void Initialize()
{
RandomKey = GetRandomValue();
pszKey = new char[20];
strcpy(pszKey,/*MeGaMaX*/XorStr<0x7A,8,0x1F16EAF3>("\x37\x1E\x3B\x1C\x33\x1E\xD8"+0x1F16EAF3).s);
__asm
{
not pszKey
mov eax,RandomKey
not eax
xor pszKey,eax
}
DWORD oldProtect;
for(int i=0;i<ARRAYSIZE(g_ProtectAddress);i++)
{
DWORD oldAddress = g_ProtectAddress[i];
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach((void**)&g_ProtectAddress[i],&_protectme);
DetourTransactionCommit();
VirtualProtect((PVOID)oldAddress,4,PAGE_EXECUTE_READWRITE,&oldProtect);
((PBYTE)oldAddress)[0] = 0xE8;
}
}
BOOLEAN WINAPI DllMain(HINSTANCE hDllHandle,DWORD nReason,LPVOID Reserved )
{
switch(nReason)
{
case DLL_PROCESS_ATTACH:
Initialize();
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
How to use:
First of all you must get the push address from the client .exe files aka (sro_client.exe , replacer.exe , silkroad.exe)
i will provide here the vsro 188 address
sro_client.exe:
Code:
0x004978B8,
0x004CCC4A,
0x004CCE1F,
0x0083A84D,
0x0083A8B1,
0x0083A90D,
0x0083A9C5,
0x0083A969,
0x0083AE69
silkroad.exe:
Code:
0x00430FD3,
0x00408C15,
0x00408A17
replacer.exe:
Code:
0x00403B23
now what i have to do after i got the address i will replace them in this function:
Code:
DWORD g_ProtectAddress[] =
{
};
now i have to generate the xor key o.o this is example and change it in the dll source code
Code:
/*MeGaMaX*/XorStr<0x7A,8,0x1F16EAF3>("\x37\x1E\x3B\x1C\x33\x1E\xD8"+0x1F16EAF3).s
now what ?, you have to compile the dll, and add call to the dll in the exes by Import REConstructor 1.7e FINAL, remove the old bfk in the exe files like 169841 make it 90 90 90 90 90 90 or 00 00 00 00 00 00 cuz after you are importing this dll there is no use for the real bfk in the client anymore
note: i didnt provide how to generate the xor key, cuz i want this section to think how to do that, use your brain , and try to be more respectful in silkroad community, google is your friend
note2: this method have nothing to do with any other methods i used in any servers development i was in, for example Ludoworks
note3: after some days i will provide how to generate the xor key but like i said above i would like to see development instead of creating servers...
note4: you have to recompile the dll 3 times to change the address for every .exe file

source code in attachments, enjoy love ya guys , new hope, crayu , perry , pokemon man , synx , caipi , PowerPoint , and all of my friends and sro community

Greetings: MeGaMaX