Jump to content
  • Sign Up
Ind

Hercules WPE Free - June 14th Patch

By Ind, in Repository News

Recommended Posts

jaBote    438

jaBote
Posted

Yeah, this works on a client basis, not on a server setting basis (unless you deactivate it server-side).

 

I mean, if you use a fairly recent client that is supported and enable it on the server, you'll be using it.

Share this post

Link to post
Share on other sites

adam62    0

adam62
Posted

 

for anyone who requires, the 3 keys are hardcoded to each client, you can search the keys in hex editor and modify for something unique.

for those with IDA / OllyDBG, the keys are pushed just before the PACKET_CZ_ENTER reference (not the actual string)

 

.text:007962A7 0F 84 77 FC FF FF                       jz      loc_795F24.text:007962AD 8B 0D 04 0F 98 00                       mov     ecx, dword_980F04.text:007962B3 68 05 22 05 22                          push    22052205h // key 3.text:007962B8 68 05 22 05 22                          push    22052205h // key 2.text:007962BD 68 05 22 05 76                          push    76052205h // key 1.text:007962C2 E8 A9 64 E3 FF                          call    sub_5CC770.text:007962C7 68 6C 30 89 00                          push    offset aPacket_cz_ente ; "PACKET_CZ_ENTER".text:007962CC E8 6F 19 C7 FF                          call    nullsub_1.text:007962D1 B9 2D 02 00 00                          mov     ecx, 22Dh.text:007962D6 83 C4 04                                add     esp, 4.text:007962D9 66 89 4C 24 48                          mov     word ptr [esp+3ECh+cp+2], cx

how about this?

___:0084CE64 6A 04                                   push    4               ; cbData___:0084CE66 8D 85 DC FB FF FF                       lea     eax, [ebp+Data]___:0084CE6C 50                                      push    eax             ; lpData___:0084CE6D 6A 04                                   push    4               ; dwType___:0084CE6F 53                                      push    ebx             ; Reserved___:0084CE70 68 C8 FD 96 00                          push    offset aCash_category ; "CASH_CATEGORY"___:0084CE75 51                                      push    ecx             ; hKey___:0084CE76 FF 15 14 20 96 00                       call    RegSetValueExA___:0084CE7C 8B 95 70 FC FF FF                       mov     edx, [ebp+hKey+2]___:0084CE82 52                                      push    edx             ; hKey___:0084CE83 FF 15 0C 20 96 00                       call    RegCloseKey___:0084CE89___:0084CE89                         loc_84CE89:                             ; CODE XREF: sub_84B8E0+157Cj___:0084CE89 68 E8 2C 9A 00                          push    offset aPacket_cz_ente ; "PACKET_CZ_ENTER"

Share this post

Link to post
Share on other sites

Yommy    265

Yommy
Posted

 

Just an update the structure is a bit different in the new clients. The 3 key pushes comes up a lot of instructions before

push PACKET_CZ_ENTER.

 

so just scroll up a bit once you find 

 

68 6C 30 89 00 (push offset aPacket_cz_ente)

then read more of this :)

adam62 reacted to this

Share this post

Link to post
Share on other sites

adam62    0

adam62
Posted

@Yommy

 

Thank you Yommy  :D

 

Sorry my bad  :P

 

Yommy, you know how to add new packets and Encryption keys to hercules server?

 

Sorry my english really really bad  :( 

Share this post

Link to post
Share on other sites

Shikamaru    1

Shikamaru
Posted

 

for anyone who requires, the 3 keys are hardcoded to each client, you can search the keys in hex editor and modify for something unique.

for those with IDA / OllyDBG, the keys are pushed just before the PACKET_CZ_ENTER reference (not the actual string)

 

.text:007962A7 0F 84 77 FC FF FF                       jz      loc_795F24.text:007962AD 8B 0D 04 0F 98 00                       mov     ecx, dword_980F04.text:007962B3 68 05 22 05 22                          push    22052205h // key 3.text:007962B8 68 05 22 05 22                          push    22052205h // key 2.text:007962BD 68 05 22 05 76                          push    76052205h // key 1.text:007962C2 E8 A9 64 E3 FF                          call    sub_5CC770.text:007962C7 68 6C 30 89 00                          push    offset aPacket_cz_ente ; "PACKET_CZ_ENTER".text:007962CC E8 6F 19 C7 FF                          call    nullsub_1.text:007962D1 B9 2D 02 00 00                          mov     ecx, 22Dh.text:007962D6 83 C4 04                                add     esp, 4.text:007962D9 66 89 4C 24 48                          mov     word ptr [esp+3ECh+cp+2], cx

 

I'm trying to use OllyDbg but it seems that oly does not load all the hex
 
Appears this error:
 
bhp.png
 
after press Shift+F7 appears unable to process exception
 
I'm using Hex 2013/08/07 and want to make my own keys  :mellow:

Share this post

Link to post
Share on other sites

Neo-Mind    264

Neo-Mind
Posted

 

 

 

 

for anyone who requires, the 3 keys are hardcoded to each client, you can search the keys in hex editor and modify for something unique.

for those with IDA / OllyDBG, the keys are pushed just before the PACKET_CZ_ENTER reference (not the actual string)

 

.text:007962A7 0F 84 77 FC FF FF                       jz      loc_795F24.text:007962AD 8B 0D 04 0F 98 00                       mov     ecx, dword_980F04.text:007962B3 68 05 22 05 22                          push    22052205h // key 3.text:007962B8 68 05 22 05 22                          push    22052205h // key 2.text:007962BD 68 05 22 05 76                          push    76052205h // key 1.text:007962C2 E8 A9 64 E3 FF                          call    sub_5CC770.text:007962C7 68 6C 30 89 00                          push    offset aPacket_cz_ente ; "PACKET_CZ_ENTER".text:007962CC E8 6F 19 C7 FF                          call    nullsub_1.text:007962D1 B9 2D 02 00 00                          mov     ecx, 22Dh.text:007962D6 83 C4 04                                add     esp, 4.text:007962D9 66 89 4C 24 48                          mov     word ptr [esp+3ECh+cp+2], cx

 

I'm trying to use OllyDbg but it seems that oly does not load all the hex
 
Appears this error:
 
bhp.png
 
after press Shift+F7 appears unable to process exception
 
I'm using Hex 2013/08/07 and want to make my own keys  :mellow:

 

 

 

I believe these are the packet keys for 2013-08-07 => 3D807D80 , 5E805580 , 7E241DE0

 

You can look for "68807D803D688055805E68E01D247E" in ollydbg to find them.

 

Remember to put the client in your RO folder and open it in ollydbg from there only and olly needs admin rights. 

Share this post

Link to post
Share on other sites

anacondaq    55

anacondaq
Posted

 

 

 

 

for anyone who requires, the 3 keys are hardcoded to each client, you can search the keys in hex editor and modify for something unique.

for those with IDA / OllyDBG, the keys are pushed just before the PACKET_CZ_ENTER reference (not the actual string)

 

.text:007962A7 0F 84 77 FC FF FF                       jz      loc_795F24.text:007962AD 8B 0D 04 0F 98 00                       mov     ecx, dword_980F04.text:007962B3 68 05 22 05 22                          push    22052205h // key 3.text:007962B8 68 05 22 05 22                          push    22052205h // key 2.text:007962BD 68 05 22 05 76                          push    76052205h // key 1.text:007962C2 E8 A9 64 E3 FF                          call    sub_5CC770.text:007962C7 68 6C 30 89 00                          push    offset aPacket_cz_ente ; "PACKET_CZ_ENTER".text:007962CC E8 6F 19 C7 FF                          call    nullsub_1.text:007962D1 B9 2D 02 00 00                          mov     ecx, 22Dh.text:007962D6 83 C4 04                                add     esp, 4.text:007962D9 66 89 4C 24 48                          mov     word ptr [esp+3ECh+cp+2], cx

 

I'm trying to use OllyDbg but it seems that oly does not load all the hex
 
Appears this error:
 
bhp.png
 
after press Shift+F7 appears unable to process exception
 
I'm using Hex 2013/08/07 and want to make my own keys  :mellow:

 

 

 

I believe these are the packet keys for 2013-08-07 => 3D807D80 , 5E805580 , 7E241DE0

 

You can look for "68807D803D688055805E68E01D247E" in ollydbg to find them.

 

Remember to put the client in your RO folder and open it in ollydbg from there only and olly needs admin rights. 

 

yes, but this packet keys do not work, i can still spam with WPE & other toolz.

Share this post

Link to post
Share on other sites

Haru    290

Haru
Posted

yes, but this packet keys do not work, i can still spam with WPE & other toolz.

This is because:

Yes, the 2012-04 clients (and possibly a few others) have their keys chosen in such a way that makes the client effectively always use the same encryption key for each sent packet (thus allowing you to replay a packet as much as you want in WPE.)

 

You can either use a newer client, or edit the keys yourself in both client (you'll have to hex-edit it) and server (edit the appropriate packetKeys line for your PACKETVER in src/map/packets.h and recompile.)

 

Share this post

Link to post
Share on other sites

Mhalicot    392

Mhalicot
Posted

can use for eAthena also?

possible if you can manually apply the commits, but I think it will be hard for you because of the huge changes..

Share this post

Link to post
Share on other sites

Jedzkie    58

Jedzkie
Posted

I just want to ask what Client is the best and Working with this system.

Share this post

Link to post
Share on other sites

jaBote    438

jaBote
Posted

Did the WPE Free modification also affect bots?

 

Nope, since as far as I knor (not really good on client side) the bots act on the client side sending the same packets an actual user would.

 

 

I just want to ask what Client is the best and Working with this system.

 

Not quite good on this, but it's been said on the topic that any supported client will work, provided you change the encription keys (some client have default encryption keys that are the only combination that allow using WPE) and set your own, and also make your server work with these new packet keys.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go To Topic Listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept