Jump to content


Popular Content

Showing content with the highest reputation since 11/10/18 in all areas

  1. 3 points
    This. You could probably find people with similar interests but don't fully rely on socializing as a way of 'learning'. There were a lot of forums that had good resources in the past but many of them got shutdown or are no longer fully active since. https://www.ownedcore.com/ <- Lot of three letter agencies members were hired off here. Good dated tutorials but mostly dead. https://www.unknowncheats.me/forum/index.php <- Is still a historically good place to research past releases and some what dated source code. https://progamercity.net/index.php <- Has some good old and dated information by dwar n friends. http://www.antigameprotect.com/ <- We had a huge collection of resources. Lots of great developments. A lot have been leaked and passed around since. https://bbs.pediy.com/ <- Good threads but dated and are mostly in chinese. A lot of low level assembly questions and guides can be found here. <- Very dated but has always had good assembly references and ideas before being shutdown. http://www.woaidaima.com/forum.php <- Currently the new best hub for anti-hack bypasses and drivers. Lots of AGP members and old friends are on here. Anyways, read a book, or paper and spend time personally developing yourself rather than looking for a social environment for support. Find a ongoing CTF if you are interested in that kind of thing; be careful many of those are dumbed down / pretty lame / no hype / no skill. Crackmes are an okay way to apply yourself; some are just retarded and others are just rehashed features from previous ones: https://challenges.re/ http://rogerfm.net/challenge/sp/ https://join.eset.com/en/challenges https://0x00sec.org/c/reverse-engineering/challenges Here are some book and paper picks to get you started: Simplifying Assembly: https://repo.zenk-security.com/Reversing . cracking/Practical Reverse Engineering.pdf https://repo.zenk-security.com/Reversing . cracking/Unpacking Virtualization Obfuscators.pdf https://repo.zenk-security.com/Reversing . cracking/Control Flow Obfuscations in Malwares.pdf https://repo.zenk-security.com/Reversing . cracking/Deobfuscation of Virtualization-Obfuscated Software.pdf https://repo.zenk-security.com/Reversing . cracking/Multi-stage Binary Code Obfuscation using Improved Virtual Machine.pdf Windows Memory Security Bypassing: https://repo.zenk-security.com/Reversing . cracking/Bypassing SEHOP.pdf Hash and Crypt Analysis: https://repo.zenk-security.com/Cryptographie . Algorithmes . Steganographie/Basic Cryptanalysis Techniques.pdf https://repo.zenk-security.com/Reversing . cracking/Reversing CRC Theory and Practice.pdf It takes time to apply yourself to anything. Learn in moderation. If you do too much too fast and you burn yourself out. Try covering different topics every other month or week depending on your free time to spice things up. If you do want to socialize I suggest avoiding heavy politically biased forums / meetups / events / media / articles / books; you will learn nothing of what was intended. To answer your question in more detail I mean you are not going find a general guide of this is how everything works a to z but you can find key references and libraries. Like BlackCipher also liked Crypto++ (or still does haven't been on) so do a signature scan on the binary with a signature pattern of the library (tons of ida tools out there for this) then find points and understand where, how and when you should hook or grab from. Really if you know how to build it you know how to take it apart. Also, almost every game / anti hack now uses crypto++ or some crypto open source third party lib. Here are some handy 'guide' links to help you get a feel (snipped from the general sites I hinted at above and others I had laying about): https://progamercity.net/ghack-tut/137-tutorial-packet-hacking-reversing-mmo.html https://www.ownedcore.com/forums/mmo/elder-scrolls-online/elder-scrolls-online-general/456933-crypto-packet-decrypt-stuff.html https://gamedevcoder.wordpress.com/2011/08/28/packet-encryption-in-multiplayer-games-part-1/ https://www.rotlogix.com/blog/2018/7/21/reverse-engineering-the-xigncode-anti-cheat-library-xem-xel-file-analysis (android) ** an update: MapleStory does use Crypto++. Couldn't remember until I re-checked. I have some old Crypto++ signatures I made last year still on me. You might find them helpful in your quests: https://my.mixtape.moe/dkdcbm.zip Here are some signatures that can be found in MS v186.3: https://pastebin.com/raw/L5sUwTih You can then find back and see their usage of 3DES which was then applied to their packet encryption in which packet opcodes are mapped using this sort of pattern: {{ encrypted: original }, ... }
  2. 2 points
    Here you go, this should do what you're after. I only tested it once, but seems to work. [enable] alloc(hook, 128) Label(Return) Label(return_original) 025EF030: jmp hook Return: hook: pushad mov ecx,[034D0C34] //TSingleton<CUserPool> - 8B 0D ?? ?? ?? ?? 83 ?? ?? ?? 0F 85 lea ecx,[ecx+A8] //m_lUserRemote call 0085A4D0 //TSecType::GetData<long> - E8 ?? ?? ?? ?? 8B ?? ?? 3B ?? 74 ?? C7 [Follow call] cmp eax,#2 popad jle return_original push 0 push ffffffff call TerminateProcess xor eax,eax div eax return_original: push ebp mov ebp,esp push -01 jmp Return [disable] 025EF030: //CUserPool::OnUserEnterField 8D 4D D8 E8 ? ? ? ? 8D 4D D0 E8 ? ? ? ? 8B 4D F4 64 89 0D ? ? ? ? [Function Start] push ebp mov ebp,esp push -01 DeAlloc(hook) Just change the #2 to whatever amount of players you want. Note that it excludes yourself, so it'll be 0 if it's just you on the map.
  3. 2 points

    Version 1.3100.307.A


    Maplestory M This is a collection of idbs for the Maplestory M mobile game. Supporting only x86 android systems Getting Started Open a idb of choice: MM.XXXXXXXXX.x86.unity.idb - compiled unity engine & export methods to il2cpp MM.XXXXXXXXX.x86.ngsm.idb - nexon game service management MM.XXXXXXXXX.x86.idb - il2cpp engine & compiled internal game engine & metadata Prerequisites IDA 7.0 Versioning Currently using Maplestory M's current release versioning. Any idb updates will be followed with a alphabetical letter suffix in decending order. Example: 0.3.104.A, 0.3.105.A, 1.3100.307.A, 1.3100.307.B, 1.3100.307.C, .. Contributing Send a copy to me @Ezekiel or link in moopler. IDBs are too large and consume too much time to host via git forks. I will be pushing out a remote IDB server near the end of this year since my uploads to mega / pomf clones / misc are continuously being removed via false positive anti-virus scans, host admins, or compromised credentials: mega chrome extension mega dump mega leak Todos Next versions will mostly contain fixes for virtual tables: object names and abstract methods License lol none; copy everywhere. Acknowledgments moopler
  4. 1 point
    Hey guys, I just made a rough dark mode script for tampermonkey (chrome extension) for this website: Image: Here's the TamperMonkey Code (Well aware that I put '!important' everywhere in the css, don't judge me): Just something I wanted to use & share in case anyone wanted other options. Enjoy EDIT (10/17/18): Updated code for edge cases, there might still be some edge cases that I haven't discovered yet. Please let me know if you find one!
  5. 1 point
    bumping -> updated my post with some files and info I had laying around that may be of use to others.
  6. 1 point
    v183 Kerning City Superstars Patch - Outbound opcode encryption has been introduced. v186 Override (Beyond) Patch - Inbound packet encryption has been changed. (just subtract iv) v193 Evangelion Patch (a patch that introduced External Chat) - Disabling outbound opcode encryption by ignoring 0x28 packet no longer works. v196 Ark Patch - Outbound opcode encryption key has been changed (...or something idk, anyways existing method no longer works).
  7. 1 point
    I've adapted the one from firefly for a trainer I've been making. The CMobPool struct has changed pretty significantly and similarly to player count, the actual count is encrypted now. In the trainer I'm making I've got it all working, but the library he's referring to is extremely lightweight, just a module that gets imported into Terminal's python scripter.
  8. 1 point
    There's a whole lot of infrastructure I'd have to build into the library to add mob iteration and that sort of thing. Right now the library is very simple. Your best bet would be to ask the trainer creators to add the feature.
  9. 1 point
    Inside the CMobPool struct you can find the ZList<ZRef<CMob>> object at offset 0x34. Then inside each CMob you can find the ZtlSecurePack<unsigned int> dwMobID at offset 0x288 (unless this offset has changed in the last patch, I haven't had a need for it in a while). Then you call the ZtlSecureFuse<unsigned int> function on it to actually read the data.
  10. 1 point
    This is so easy.. MapleStory simply coded their own PtInRect. Found it in no time with my bypass that allows me to use CE VEH Debugger! There you go! It's for GMS v.199.2 and sorry i could of posted it yesterday after getting home from university but instead I went to get drunk & laid you can achieve a safe item vac if you play around with [esp] (Return Address) btw
  11. 1 point
    The other way to get the loot coordinates is from the CDropPool struct. The data is encrypted though, so you'll have to call the TSecType::GetData functions to actually read them.
  12. 1 point
    You need to replace the %arg1, %arg2, etc with actual values.
  13. 1 point
  14. 1 point

    Version 1.0.0


    Installation instructions Extract archive into the same folder as where your MapleStory.exe is. Usage Start Moopler Launcher Add account(s) Save profiles encrypted to the disk Select the account you want to launch Press launch Nexon Launcher needs to be running for this tool to work. You can however login with a different account than you logged in with on Nexon Launcher. If you want to edit a profile you need to remove it and then re-add it. Remove the profile by right-clicking on the profile in the list. Disclaimer Use this tool on your own risk. I am not responsible for any accounts getting banned. If you forget your encryption password there is no way you can restore the profiles.
  15. 1 point
    Looks very neat, JP. If others are also interested in a dark theme for Moopler, I might actually create something. Let me know
  16. 1 point
    Here's a dumped list (index: string): http://puu.sh/pSv7l/d137c05fe9.txt typedef ZXString<char> *(__fastcall* StringPool__GetString_t)(void *StringPool, void *edx, ZXString<char> *result, unsigned int nIdx); void **ms_pInstance_StringPool = (void **)0x01C1C200; auto StringPool__GetString = (StringPool__GetString_t)0x0049B330; //some loop { static unsigned int idx = 1; char lpsz[256]; ZXString<char>* result = new ZXString<char>(lpsz); Log(L"%i: %S \n", idx++, StringPool__GetString(*ms_pInstance_StringPool, NULL, result, idx)->_m_pStr); } Note that it crashed after 13171, you can try to see if there is any more valid strings after that.
This leaderboard is set to Amsterdam/GMT+02:00


  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up