Jump to content
Moopler

Ezekiel

Member
  • Content Count

    16
  • Joined

  • Last visited

  • Days Won

    8

Ezekiel last won the day on October 16

Ezekiel had the most liked content!

Community Reputation

26 Excellent

1 Follower

About Ezekiel

  • Rank
    Newbie

Recent Profile Visitors

246 profile views
  1. bumping -> updated my post with some files and info I had laying around that may be of use to others.
  2. Limit Nox.exe and NoxVMHandle.exe to ports: 53, 443, 80, 7500, 7200, 7201, 7202, 7203, 7204, 7205, 7206. Nox literally sells everything you do to advertisers and will walk your open ports and ignores host file rules in order to connect. Port blocking and network firewall blocking ips are more ideal. You can also edit the config files in your appdata folder to remove weeb games being splashed on boot and remove refresh timeouts. In addition you can use adguard's family dns: 176.103.130.132 & 176.103.130.134 to block additional adverts. Android Internal Host Blocklist (you can probably find more online in regards to nox). Nexon M collects a lot device information. Add internal port blocking and a internal firewall for better results. Nox host 'launcher' is sub-user-system level (rooted). Emulating login information (look at the toy sdk I posted). It goes through almost the same exact as purchasing and heavily relies on stamp server. Uses principle of token auth. The following servers are used (lots are amazon servers): mm-staticweb.s3.amazonaws.com sample: 178.162.216.177 stamp.mp.nexon.com m-api.nexon.com / toy server / 54.92.112.141 sdk-push.mp.nexon.com That is it for now. Will post more later on and clean this up some time in the future. Feel free to post anything else
  3. Ezekiel

    Release Nexon TOY SDK

    Version X.X.X

    7 downloads

    About As some of you know 2017 was a great year for those in the community who took the chances and risks to learn more. Here is a small sample from what was found. Overview The toy sdk known also as toybox sdk is Nexon's new sdk library for managing purchases, login, and user information. There has been some noise over the possibility of using it in PC games but currently is limited to their mobile development groups and partners. The main image I have posted is a uml sample diagram of how purchases work. The following are source code or snippets of usages of the sdk in action or extra document snippets that have yet to be included. Updated Service Documentation https://m-developer.nexon.com/server.html Unofficial Chinese Documentation http://docs.itop.qq.com/reference2/Channel/Toy/ What this includes: project folder source code What this doesn't include: developer git history, developer documentation papers, super exposing information
  4. Ezekiel

    Release Nexon TOY SDK

    View File Nexon TOY SDK About As some of you know 2017 was a great year for those in the community who took the chances and risks to learn more. Here is a small sample from what was found. Overview The toy sdk known also as toybox sdk is Nexon's new sdk library for managing purchases, login, and user information. There has been some noise over the possibility of using it in PC games but currently is limited to their mobile development groups and partners. The main image I have posted is a uml sample diagram of how purchases work. The following are source code or snippets of usages of the sdk in action or extra document snippets that have yet to be included. What this includes: project folder source code What this doesn't include: git history, document papers, super exposing information Submitter Ezekiel Submitted 20/09/18 Category MapleStory M MapleStory Version X.X.X Virusscan https://www.virustotal.com/#/file/6c3a8dea94e311edfa47b055bdd57719344bbbcfbd9fc3166684629505007a92/detection Credits  
  5. Ezekiel

    Release Maplestory M BETA

    View File Maplestory M BETA Maplestory M BETA This is a collection of the Maplestory M BETA mobile games. Supporting only x86 android systems. Nothing new here. Figured this helpful for correlating between MONO C# and IL2CPP binaries. It has more clarity on functions, variables, and structures and is easier to modify and rip from. Quite helpful for understanding protection and networking features. Anti-cheat / Xigncode3 is more or less a joke on mobile due to restrictions but is still interesting to look at. Getting Started Open a version directory of choice then select a directory: file - raw apk file java - extracted java api libraries net - .net maple m and unity engine x86 - xigncode mobile, unity, mono, movie render, and native launcher Prerequisites DNSPY IDA 7.0 Visual Studio License lol none; copy everywhere. Acknowledgments moopler Submitter Ezekiel Submitted 18/09/18 Category MapleStory M MapleStory Version 0.3.10X Virusscan https://www.virustotal.com/#/file/aff13cb838c46779cdcc172b1c0fd26cfdf1464887f516c191e070ef1e3bf13f/detection Credits  
  6. Ezekiel

    Release Maplestory M BETA

    Version 0.3.10X

    7 downloads

    Maplestory M BETA This is a collection of the Maplestory M BETA mobile games. Supporting only x86 android systems. Nothing new here. Figured this is helpful for correlating between MONO C# and IL2CPP binaries. It has more clarity on functions, variables, and structures and is easier to modify and rip from. Quite helpful for understanding protection and networking features. Anti-cheat / Xigncode3 is more or less a joke on mobile due to restrictions but is still interesting to look at. Getting Started Open a version directory of choice then select a directory: file - raw apk file java - extracted java api libraries net - .net maple m and unity engine x86 - xigncode mobile, unity, mono, movie render, and native launcher Prerequisites DNSPY IDA 7.0 Visual Studio License lol none; copy everywhere. Acknowledgments moopler
  7. Ezekiel

    Release Maplestory M IDBs

    View File Maplestory M IDBs Maplestory M This is a collection of idbs for the Maplestory M mobile game. Supporting only x86 android systems Getting Started Open a idb of choice: MM.XXXXXXXXX.x86.unity.idb - compiled unity engine & export methods to il2cpp MM.XXXXXXXXX.x86.ngsm.idb - nexon game service management MM.XXXXXXXXX.x86.idb - il2cpp engine & compiled internal game engine & metadata Prerequisites IDA 7.0 Versioning Currently using Maplestory M's current release versioning. Any idb updates will be followed with a alphabetical letter suffix in decending order. Example: 0.3.104.A, 0.3.105.A, 1.3100.307.A, 1.3100.307.B, 1.3100.307.C, .. Contributing Send a copy to me @Ezekiel or link in moopler. IDBs are too large and consume too much time to host via git forks. I will be pushing out a remote IDB server near the end of this year since my uploads to mega / pomf clones / misc are continuously being removed via false positive anti-virus scans, host admins, or compromised credentials: mega chrome extension mega dump mega leak Todos Next versions will mostly contain fixes for virtual tables: object names and abstract methods License lol none; copy everywhere. Acknowledgments moopler Submitter Ezekiel Submitted 18/09/18 Category MapleStory M MapleStory Version 1.3100.307 Virusscan https://www.virustotal.com/#/file/288f71450032948a11f2f4ddea507f171998bbd59fd7904c9809eab6716aa76b/detection Credits  
  8. Ezekiel

    Release Maplestory M IDBs

    Version 1.3100.307.A

    11 downloads

    Maplestory M This is a collection of idbs for the Maplestory M mobile game. Supporting only x86 android systems Getting Started Open a idb of choice: MM.XXXXXXXXX.x86.unity.idb - compiled unity engine & export methods to il2cpp MM.XXXXXXXXX.x86.ngsm.idb - nexon game service management MM.XXXXXXXXX.x86.idb - il2cpp engine & compiled internal game engine & metadata Prerequisites IDA 7.0 Versioning Currently using Maplestory M's current release versioning. Any idb updates will be followed with a alphabetical letter suffix in decending order. Example: 0.3.104.A, 0.3.105.A, 1.3100.307.A, 1.3100.307.B, 1.3100.307.C, .. Contributing Send a copy to me @Ezekiel or link in moopler. IDBs are too large and consume too much time to host via git forks. I will be pushing out a remote IDB server near the end of this year since my uploads to mega / pomf clones / misc are continuously being removed via false positive anti-virus scans, host admins, or compromised credentials: mega chrome extension mega dump mega leak Todos Next versions will mostly contain fixes for virtual tables: object names and abstract methods License lol none; copy everywhere. Acknowledgments moopler
  9. This. You could probably find people with similar interests but don't fully rely on socializing as a way of 'learning'. There were a lot of forums that had good resources in the past but many of them got shutdown or are no longer fully active since. https://www.ownedcore.com/ <- Lot of three letter agencies members were hired off here. Good dated tutorials but mostly dead. https://www.unknowncheats.me/forum/index.php <- Is still a historically good place to research past releases and some what dated source code. https://progamercity.net/index.php <- Has some good old and dated information by dwar n friends. http://www.antigameprotect.com/ <- We had a huge collection of resources. Lots of great developments. A lot have been leaked and passed around since. https://bbs.pediy.com/ <- Good threads but dated and are mostly in chinese. A lot of low level assembly questions and guides can be found here. http://83.133.184.251/virensimulation.org/ <- Very dated but has always had good assembly references and ideas before being shutdown. http://www.woaidaima.com/forum.php <- Currently the new best hub for anti-hack bypasses and drivers. Lots of AGP members and old friends are on here. Anyways, read a book, or paper and spend time personally developing yourself rather than looking for a social environment for support. Find a ongoing CTF if you are interested in that kind of thing; be careful many of those are dumbed down / pretty lame / no hype / no skill. Crackmes are an okay way to apply yourself; some are just retarded and others are just rehashed features from previous ones: https://challenges.re/ http://rogerfm.net/challenge/sp/ https://join.eset.com/en/challenges https://0x00sec.org/c/reverse-engineering/challenges Here are some book and paper picks to get you started: Simplifying Assembly: https://repo.zenk-security.com/Reversing . cracking/Practical Reverse Engineering.pdf https://repo.zenk-security.com/Reversing . cracking/Unpacking Virtualization Obfuscators.pdf https://repo.zenk-security.com/Reversing . cracking/Control Flow Obfuscations in Malwares.pdf https://repo.zenk-security.com/Reversing . cracking/Deobfuscation of Virtualization-Obfuscated Software.pdf https://repo.zenk-security.com/Reversing . cracking/Multi-stage Binary Code Obfuscation using Improved Virtual Machine.pdf Windows Memory Security Bypassing: https://repo.zenk-security.com/Reversing . cracking/Bypassing SEHOP.pdf Hash and Crypt Analysis: https://repo.zenk-security.com/Cryptographie . Algorithmes . Steganographie/Basic Cryptanalysis Techniques.pdf https://repo.zenk-security.com/Reversing . cracking/Reversing CRC Theory and Practice.pdf It takes time to apply yourself to anything. Learn in moderation. If you do too much too fast and you burn yourself out. Try covering different topics every other month or week depending on your free time to spice things up. If you do want to socialize I suggest avoiding heavy politically biased forums / meetups / events / media / articles / books; you will learn nothing of what was intended. To answer your question in more detail I mean you are not going find a general guide of this is how everything works a to z but you can find key references and libraries. Like BlackCipher also liked Crypto++ (or still does haven't been on) so do a signature scan on the binary with a signature pattern of the library (tons of ida tools out there for this) then find points and understand where, how and when you should hook or grab from. Really if you know how to build it you know how to take it apart. Also, almost every game / anti hack now uses crypto++ or some crypto open source third party lib. Here are some handy 'guide' links to help you get a feel (snipped from the general sites I hinted at above and others I had laying about): https://progamercity.net/ghack-tut/137-tutorial-packet-hacking-reversing-mmo.html https://www.ownedcore.com/forums/mmo/elder-scrolls-online/elder-scrolls-online-general/456933-crypto-packet-decrypt-stuff.html https://gamedevcoder.wordpress.com/2011/08/28/packet-encryption-in-multiplayer-games-part-1/ https://www.rotlogix.com/blog/2018/7/21/reverse-engineering-the-xigncode-anti-cheat-library-xem-xel-file-analysis (android) ** an update: MapleStory does use Crypto++. Couldn't remember until I re-checked. I have some old Crypto++ signatures I made last year still on me. You might find them helpful in your quests: https://my.mixtape.moe/dkdcbm.zip Here are some signatures that can be found in MS v186.3: https://pastebin.com/raw/L5sUwTih You can then find back and see their usage of 3DES which was then applied to their packet encryption in which packet opcodes are mapped using this sort of pattern: {{ encrypted: original }, ... }
  10. Ezekiel

    Snippet Ever-Expanding Expression Generator

    The hell are you talking about? I got no beef with you or this Giora person / alias from your haunted past. What ever you keep coming up with is not even remotely close to the truth and the actuality of things. Leave me alone and stop trying to contact me via different forms of medias. No, I don't want to respond to your PMs. I'm not your fucking buddy and I have no clue who you are. Also, if that is the best come back you have then I'm sorry for you. Your autism is severely hindering your attempts at expressing your own feelings. Autism seemed to have also affected your abilities to communicate with others to further learn the truth since I first came into the community in early 2017. A brain dead bird wow never heard that phrase. Now ask yourself this, do they even keep brain dead birds on life support? You might've done more damage if you actually said the phrase right as small bird-brain but who am I to crush your own creativity. You act like you're 1337. You seem to have prejudice against me just because I'm educated, like to share my thoughts, apply myself, and have different view points? Wow. Someone is jealous. I never thought I was acting 1337 at all ever since I joined this community. I just enjoy learning, sharing, and talking with others. Deep down you are retarded, that may be true deep down we are probably all retarded. If you consider cognitive thinking as the outer layer which gives us our human persona and abilities to think and react. You just gave a blow to yourself and everyone else reading that. Who even comes up with that as a insult? Like hell you would be a monkey in a zoo if you couldn't think and just stating that towards someone that is like saying the dirt is brown if you rip the grass away. It is hardly a insult to begin with and rather more of a self-revelation about humans in general. People been hitting you with a frying pan son. gtfo. Now this one was my favorite. It is like you believe you have already won the argument and nothing can beat the cards you have already played so you throw in a son. gtfo. Lots of creative vibes here and I'm really feeling it. I like the ghetto broken English of "People been hitting you" and the "son. gtfo" part. That really starts to show your own writing abilities when it comes to expressing your vocabulary. You would've got more punch if you said it is like people have been hitting, but even then it makes hardly zero sense. What people? Where? Who are the people? Now, with a frying pan son, is this how people attack others in your country? Like why a frying pan? The worse it would either be brain hemorrhages or death depending on the amount of people, which you say is more than one. Now that is also assuming you automatically meant the head. However, you didn't state where I would be getting hit at so that is really up to who ever is reading the negative past tense statement. Now that I think about it where did you hear that getting hit frying pans will automatically decrease your IQ? Where did you even coin the term for that? How did that even make sense to you as you typed it out? Is that really the best triumph insult you can really throw out there to top off the previous insults? If you said something like: You disappeared for a long time. How many cocks did you end up sucking to get out of jail? or even something like I fucked your mum everyday while you were gone I would've at least given you more respect. Now see you gotta put into more detail into the insults. You can't just combine sperg statement like farts are like reverse burps and your code is good as a crippled chimpanzee with diarrhoea. My first reply was to provide context clues, if you can even do reading comprehension; I was warning you that I'm not going take your remarks seriously if you don't have anything serious to say about this thread topic. You apparently didn't get that so I am making a second reply to further explain it to you. This, second and LAST reply, is to finalize my statement that you are misinformed. Who even are you and what are you even talking about? 7 cats? What? --- Now to continue my message: If you both have nothing to say about the current thread topic or anything related to the development of this project then stop and go gossip elsewhere; I'm sure you both have lots to catch up on.
  11. Ezekiel

    Snippet Ever-Expanding Expression Generator

    I have no clue who you are talking about. There is nothing wrong with the majority of the code. I focused on a modular design to transfer and edit easily with other projects. If you see an issue internally tell me. Your verbal insults are dry and dated.
  12. This is more of a pseudo tool which explains how most pretty advance commercial obfuscators / packers / protectors / virtualizers expand expressions out. More generations past 50 will give more variations where you start to see less duplicates like (19/19) for example. Around 1000 or so cycles it will take around 10 minutes or so to complete tasks. This is because I did not make this multi-threaded and ConstantExpansion's split operation is the most time consuming sub task since it just tries to randomly brute-force algorithms for 30 seconds. Please note that division and mods are currently not implemented and require additional type-casting in python for the expression to work. Also note that pows are currently commented out as well since it is not a universal operator in other languages such as C and C++. * I may throw in some final result cleaning regexes in the future to output with type-casts and pow function wrappers to get around this. There may be some mistakes in the results due to some minor mistakes I made during some late nights working on this. If you find an issue please send me the entire expression JSON file or send the final resulting expression and I can trace it back to where the expansion failed; much thanks to another project I made along side this one. As a side note galaxy is quite handy for more non-native based languages (.NET, Python, JavaScript, LUA, ETC) to confuse simple iterations and add beef on common logic. This is still under active development so be patient 😊 Source: https://github.com/0xee1/galaxy Demo:
  13. Ezekiel

    Question How to create/update vtables

    Static analysis in IDA basically allows you to find everything if you understand it and know a starting point which leads to a chain of other methods in other classes. Not going to go in depth on that. My days are pretty much officially over. If you are lazy / going into unknown turf and unsure the what data structures are for whatever application you are checking then try using: https://github.com/dude719/ReClassEx. It can save you a lot of time and is pretty skid friendly (no offense). Once you figure out where data you want is located either break and trace back to the functions and xref around to find helpers or misc. Remember to take notes while doing so.
  14. Ezekiel

    Help CLB Channel Server

    https://github.com/Razzstep/libmsclb2/blob/master/libmsclb2/Authentication/Web/WebApi.cs#L48 Assuming he is still using the same .net lib source for this project I say yes. Razz check if they updated their User Agent. I noticed in the past they started to ban some accounts over the user agents I mixed with a range of windows version headers. Most auto bans were when using Windows XP SP3 -> SP1. If worse comes to worse double check by logging packets with https interception on their launcher client. Might have changed something small? They update that launcher almost every week it seems.
×