Jump to content

kennylovecode

Member
 View Profile  See their activity

  • Posts

    105

  • Joined

  • Last visited

 Content Type 

Everything posted by kennylovecode

  1. kennylovecode
    Currently, when developing a proxy server, I am using version 5065 to test a running private server. This game server has done some work to prevent cheating. I am currently facing a very interesting challenge. When I use its website download client to enter the game normally, everything else is also normal. I use CMD to view the game's IP and port, and can see ports 9168 and 5816. When selecting a server, it displays 3 servers to choose from. But its client server-side. dat actually only has one, and the exposed port is 9866. This made me very interested, so I upgraded my proxy to support the 5065 client. And installed an original 5065 client, modified the server. dat, entered its IP server name and port 9866 There are currently several situations: When I use port 9866, I can log in to zone server 1 normally. When I use port 9866 and log in to the other two service ports, it will prompt me that the server is not started When I log in using port 9168, all servers will crash. So I used my proxy debug to check the following issues When I log in using port 9168, the server immediately sends a packet of length 399. The client was unable to process this packet, so it crashed and automatically exited. I try to discard this packet after receiving it and not return it to the client, which will get stuck waiting for a progress bar. This is a very magical thing, and I am working hard to explore it. My guess is that the server developer injected a DLL into the client This DLL listens on port 9168, and whenever a request is initiated, it sends a handshake operation to the client, which is also completed by this DLL. Only after a successful handshake can the login operation continue. This is one of its anti cheating procedures. Anyway, this is my little guess and I find it very interesting, so I will continue to test and have an offensive and defensive battle with server developers, hahaha
  2. kennylovecode
    It is indeed time-consuming and laborious for a person to do these things, much less it is a public welfare work. Respect. We basically gather here based on our love for this game and hope to do something for the basics haha
  3. kennylovecode
    There used to be an existing library that could be used, but I actually referenced this library from CptSky's project, but I only used the COSAC class and learned it. At present, I have successfully set up my own proxy, but when I perform the automatic jumping operation, its packet is sent from the proxy and then to the server, and the server responds with a packet. This is not a problem, but the client will not perform the jump action, which will cause the client's coordinates to be inconsistent with the server's. Because the client may have performed a jumping screen action and then sent a packet, but if the proxy sends the packet directly, it cannot trigger this action. Should we find the jumping function from the client, write it to memory, and call this function to execute the action?
  4. kennylovecode
    Closed. Solved by my self... Just some logical issues
  5. kennylovecode
    Hello everyone, it's been a long time since I last looked at anything related to conquest. Recently, a friend asked me if there are any cheats for the 1.6 version, specifically the English version 5017, which doesn't have any added magic items. I searched online for about a night, but didn't find anything suitable. So I decided to make one myself. For CE, a proxy might be a good choice for me I found the basic source code for a proxy on elitepvpers, which is based on version 5180 After some modifications, I am now able to proxy version 5017, but only for packet forwarding. I am currently deeply entangled in a problem that I have been debugging for many days. It may be due to my lack of understanding in the field of encryption and decryption Problem description: When I receive a client packet with type=1052, I decrypt it and it can be decrypted normally. When I was about to re-encrypt this packet and send it to the server, I noticed that the encrypted ciphertext was different from the original ciphertext. Naturally, if I sent it to the server, I wouldn't receive a response. I made many attempts, but they all ended in failure, Then I tried adding some test code at the entry of the basic program and found that the encryption algorithm could decrypt normally, but no matter what content was encrypted, the decryption was incorrect and did not match the encrypted plaintext sent by the client. The following is my encryption class: using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading; using PojervProxy.OOP; namespace PojervProxy.Cryptography { public class GameCryptographer //Komt Off de code of de ander private server { ushort m_InCounter = 0; ushort m_OutCounter = 0; bool m_UseAlt = false; private byte[] m_Key1 = { 0x9D, 0x90, 0x83, 0x8A, 0xD1, 0x8C, 0xE7, 0xF6, 0x25, 0x28, 0xEB, 0x82, 0x99, 0x64, 0x8F, 0x2E, 0x2D, 0x40, 0xD3, 0xFA, 0xE1, 0xBC, 0xB7, 0xE6, 0xB5, 0xD8, 0x3B, 0xF2, 0xA9, 0x94, 0x5F, 0x1E, 0xBD, 0xF0, 0x23, 0x6A, 0xF1, 0xEC, 0x87, 0xD6, 0x45, 0x88, 0x8B, 0x62, 0xB9, 0xC4, 0x2F, 0x0E, 0x4D, 0xA0, 0x73, 0xDA, 0x01, 0x1C, 0x57, 0xC6, 0xD5, 0x38, 0xDB, 0xD2, 0xC9, 0xF4, 0xFF, 0xFE, 0xDD, 0x50, 0xC3, 0x4A, 0x11, 0x4C, 0x27, 0xB6, 0x65, 0xE8, 0x2B, 0x42, 0xD9, 0x24, 0xCF, 0xEE, 0x6D, 0x00, 0x13, 0xBA, 0x21, 0x7C, 0xF7, 0xA6, 0xF5, 0x98, 0x7B, 0xB2, 0xE9, 0x54, 0x9F, 0xDE, 0xFD, 0xB0, 0x63, 0x2A, 0x31, 0xAC, 0xC7, 0x96, 0x85, 0x48, 0xCB, 0x22, 0xF9, 0x84, 0x6F, 0xCE, 0x8D, 0x60, 0xB3, 0x9A, 0x41, 0xDC, 0x97, 0x86, 0x15, 0xF8, 0x1B, 0x92, 0x09, 0xB4, 0x3F, 0xBE, 0x1D, 0x10, 0x03, 0x0A, 0x51, 0x0C, 0x67, 0x76, 0xA5, 0xA8, 0x6B, 0x02, 0x19, 0xE4, 0x0F, 0xAE, 0xAD, 0xC0, 0x53, 0x7A, 0x61, 0x3C, 0x37, 0x66, 0x35, 0x58, 0xBB, 0x72, 0x29, 0x14, 0xDF, 0x9E, 0x3D, 0x70, 0xA3, 0xEA, 0x71, 0x6C, 0x07, 0x56, 0xC5, 0x08, 0x0B, 0xE2, 0x39, 0x44, 0xAF, 0x8E, 0xCD, 0x20, 0xF3, 0x5A, 0x81, 0x9C, 0xD7, 0x46, 0x55, 0xB8, 0x5B, 0x52, 0x49, 0x74, 0x7F, 0x7E, 0x5D, 0xD0, 0x43, 0xCA, 0x91, 0xCC, 0xA7, 0x36, 0xE5, 0x68, 0xAB, 0xC2, 0x59, 0xA4, 0x4F, 0x6E, 0xED, 0x80, 0x93, 0x3A, 0xA1, 0xFC, 0x77, 0x26, 0x75, 0x18, 0xFB, 0x32, 0x69, 0xD4, 0x1F, 0x5E, 0x7D, 0x30, 0xE3, 0xAA, 0xB1, 0x2C, 0x47, 0x16, 0x05, 0xC8, 0x4B, 0xA2, 0x79, 0x04, 0xEF, 0x4E, 0x0D, 0xE0, 0x33, 0x1A, 0xC1, 0x5C, 0x17, 0x06, 0x95, 0x78, 0x9B, 0x12, 0x89, 0x34, 0xBF, 0x3E}; private byte[] m_Key2 = { 0x62, 0x4F, 0xE8, 0x15, 0xDE, 0xEB, 0x04, 0x91, 0x1A, 0xC7, 0xE0, 0x4D, 0x16, 0xE3, 0x7C, 0x49, 0xD2, 0x3F, 0xD8, 0x85, 0x4E, 0xDB, 0xF4, 0x01, 0x8A, 0xB7, 0xD0, 0xBD, 0x86, 0xD3, 0x6C, 0xB9, 0x42, 0x2F, 0xC8, 0xF5, 0xBE, 0xCB, 0xE4, 0x71, 0xFA, 0xA7, 0xC0, 0x2D, 0xF6, 0xC3, 0x5C, 0x29, 0xB2, 0x1F, 0xB8, 0x65, 0x2E, 0xBB, 0xD4, 0xE1, 0x6A, 0x97, 0xB0, 0x9D, 0x66, 0xB3, 0x4C, 0x99, 0x22, 0x0F, 0xA8, 0xD5, 0x9E, 0xAB, 0xC4, 0x51, 0xDA, 0x87, 0xA0, 0x0D, 0xD6, 0xA3, 0x3C, 0x09, 0x92, 0xFF, 0x98, 0x45, 0x0E, 0x9B, 0xB4, 0xC1, 0x4A, 0x77, 0x90, 0x7D, 0x46, 0x93, 0x2C, 0x79, 0x02, 0xEF, 0x88, 0xB5, 0x7E, 0x8B, 0xA4, 0x31, 0xBA, 0x67, 0x80, 0xED, 0xB6, 0x83, 0x1C, 0xE9, 0x72, 0xDF, 0x78, 0x25, 0xEE, 0x7B, 0x94, 0xA1, 0x2A, 0x57, 0x70, 0x5D, 0x26, 0x73, 0x0C, 0x59, 0xE2, 0xCF, 0x68, 0x95, 0x5E, 0x6B, 0x84, 0x11, 0x9A, 0x47, 0x60, 0xCD, 0x96, 0x63, 0xFC, 0xC9, 0x52, 0xBF, 0x58, 0x05, 0xCE, 0x5B, 0x74, 0x81, 0x0A, 0x37, 0x50, 0x3D, 0x06, 0x53, 0xEC, 0x39, 0xC2, 0xAF, 0x48, 0x75, 0x3E, 0x4B, 0x64, 0xF1, 0x7A, 0x27, 0x40, 0xAD, 0x76, 0x43, 0xDC, 0xA9, 0x32, 0x9F, 0x38, 0xE5, 0xAE, 0x3B, 0x54, 0x61, 0xEA, 0x17, 0x30, 0x1D, 0xE6, 0x33, 0xCC, 0x19, 0xA2, 0x8F, 0x28, 0x55, 0x1E, 0x2B, 0x44, 0xD1, 0x5A, 0x07, 0x20, 0x8D, 0x56, 0x23, 0xBC, 0x89, 0x12, 0x7F, 0x18, 0xC5, 0x8E, 0x1B, 0x34, 0x41, 0xCA, 0xF7, 0x10, 0xFD, 0xC6, 0x13, 0xAC, 0xF9, 0x82, 0x6F, 0x08, 0x35, 0xFE, 0x0B, 0x24, 0xB1, 0x3A, 0xE7, 0x00, 0x6D, 0x36, 0x03, 0x9C, 0x69, 0xF2, 0x5F, 0xF8, 0xA5, 0x6E, 0xFB, 0x14, 0x21, 0xAA, 0xD7, 0xF0, 0xDD, 0xA6, 0xF3, 0x8C, 0xD9}; private byte[] m_Key3; private byte[] m_Key4; public GameCryptographer() { } public ushort InCounter { get { return m_InCounter; } } public ushort OutCounter { get { return m_OutCounter; } } public void SetKeys(byte[] InKey1, byte[] InKey2) { byte[] addKey1 = new byte[4]; byte[] addKey2 = new byte[4]; byte[] addResult = new byte[4]; //addKey1.i = 0; //addKey2.i = 0; byte[] tempKey = new byte[4]; long LMULer; // InKey1[0] = 0x20; // InKey1[1] = 0x5c; // InKey1[2] = 0x48; // InKey1[3] = 0xf4; // InKey2[0] = 0x00; // InKey2[1] = 0x44; // InKey2[2] = 0xa6; // InKey2[3] = 0x2e; //if (Key3) delete [] Key3; //if (Key4) delete [] Key4; Monitor.Enter(this); m_Key3 = new Byte[256]; m_Key4 = new Byte[256]; for (int x = 0; x < 4; x++) { addKey1[x] = InKey1[3 - x]; addKey2[x] = InKey2[3 - x]; } //cout << "Key1: " << addKey1.i << endl; //cout << "Key2: " << addKey2.i << endl; uint Adder1; uint Adder2; uint Adder3; Adder1 = (uint)((addKey1[3] << 24) | (addKey1[2] << 16) | (addKey1[1] << 8) | (addKey1[0])); Adder2 = (uint)((addKey2[3] << 24) | (addKey2[2] << 16) | (addKey2[1] << 8) | (addKey2[0])); Adder3 = Adder1 + Adder2; addResult[0] = (byte)(Adder3 & 0xff); addResult[1] = (byte)((Adder3 >> 8) & 0xff); addResult[2] = (byte)((Adder3 >> 16) & 0xff); addResult[3] = (byte)((Adder3 >> 24) & 0xff); for (int b = 3; b >= 0; b--) { // printf("%.2x ", addResult.c[b]); tempKey[3 - b] = addResult[b]; } tempKey[2] = (byte)(tempKey[2] ^ (byte)0x43); tempKey[3] = (byte)(tempKey[3] ^ (byte)0x21); for (int b = 0; b < 4; b++) { tempKey[b] = (byte)(tempKey[b] ^ InKey1[b]); } //Build the 3rd Key for (int b = 0; b < 256; b++) { m_Key3[b] = (byte)(tempKey[3 - (b % 4)] ^ m_Key1[b]); } for (int x = 0; x < 4; x++) { addResult[x] = tempKey[3 - x]; } Adder3 = (uint)((addResult[3] << 24) | (addResult[2] << 16) | (addResult[1] << 8) | (addResult[0])); LMULer = Adder3 * Adder3; LMULer = LMULer << 32; LMULer = LMULer >> 32; Adder3 = Convert.ToUInt32(LMULer & 0xffffffff); addResult[0] = (byte)(Adder3 & 0xff); addResult[1] = (byte)((Adder3 >> 8) & 0xff); addResult[2] = (byte)((Adder3 >> 16) & 0xff); addResult[3] = (byte)((Adder3 >> 24) & 0xff); for (int b = 3; b >= 0; b--) { tempKey[3 - b] = addResult[b]; } //Build the 4th Key for (int b = 0; b < 256; b++) { m_Key4[b] = Convert.ToByte(tempKey[3 - (b % 4)] ^ m_Key2[b]); } Monitor.Exit(this); //cout << "Int representation: " << charadd.i << endl; } public void Reset() { m_UseAlt = true; m_OutCounter = 0; } public void Encrypt(ref byte[] Data) { try { //Monitor.Enter(this); for (int b = 0; b < Data.Length; b++) { Data[b] = (byte)(Data[b] ^ 0xab); Data[b] = (byte)(Data[b] << 4 | Data[b] >> 4); if (m_UseAlt) { Data[b] = (byte)(m_Key4[m_OutCounter >> 8] ^ Data[b]); Data[b] = (byte)(m_Key3[m_OutCounter & 0x00ff] ^ Data[b]); } else { Data[b] = (byte)(m_Key2[m_OutCounter >> 8] ^ Data[b]); Data[b] = (byte)(m_Key1[m_OutCounter & 0x00ff] ^ Data[b]); } m_OutCounter++; } //Console.WriteLine("OutCounter = " + m_OutCounter); //Monitor.Exit(this); } catch (Exception e) { Console.WriteLine(e.ToString()); } } public void Decrypt(ref byte[] Data) { try { byte[] Key1; byte[] Key2; if (m_UseAlt) { Key1 = m_Key3; Key2 = m_Key4; } else { Key1 = m_Key1; Key2 = m_Key2; } //Monitor.Enter(this); for (int b = 0; b < Data.Length; b++) { Data[b] = (byte)(Data[b] ^ 0xab); Data[b] = (byte)(Data[b] << 4 | Data[b] >> 4); Data[b] = (byte)(Key2[m_InCounter >> 8] ^ Data[b]); Data[b] = (byte)(Key1[(m_InCounter & 0x00ff)] ^ Data[b]); m_InCounter++; } //Monitor.Exit(this); } catch (Exception e) { Console.WriteLine(e.ToString()); } } } } Here is my program entry debugging code: byte[] original = new byte[28] { 28, 0, 28, 4, 59, 114, 15, 0, 184, 34, 0, 0, 119, 0, 214, 208, 32, 123, 213, 26, 118, 52, 0, 0, 29, 39, 0, 0 }; byte[] encrypted = new byte[28] { 149, 132, 116, 101, 35, 98, 3, 226, 84, 45, 51, 165, 99, 203, 24, 98, 93, 62, 237, 131, 244, 5, 246, 227, 7, 114, 62, 162 }; /** 创建客户端加密实例 */ GameCryptographer clientCrypt = new GameCryptographer(); /** 创建服务端加密实例 */ GameCryptographer serverCrypt = new GameCryptographer(); serverCrypt.Decrypt(ref encrypted); byte[] test = new byte[] { 1, 2, 3}; /** 解密客户端发来的封包(这是关于一个链接唤起的封包) */ serverCrypt.Encrypt(ref test); serverCrypt.Decrypt(ref test); I divided this debugging into two steps. The first step is to test whether the encrypted packets sent by the client can be decrypted normally. This is normal. But I tested the encrypted packets 1, 2, and 3 and decrypted them, and the decrypted data did not match the original text. I don't even know where the mistake lies. Can anyone guide me
  6. kennylovecode
    i post a video how to bypass server.dat on youtube 4years ago ... the guide version 6989, not supported too old client you can check it on :
  7. kennylovecode
    bingo ... most or all ...
  8. kennylovecode
    you can try use easy loader firsth ... give you mine .... try it ConquerLoader&EXE.rar
  9. kennylovecode
    you must be use the conquer loader .... try again !!
  10. kennylovecode
    I think it also originated from EO Source EO source is almost CO source with a lot of commented code (and it must be the same for almost every TQ game) Absolutely correct,They are all clients developed based on C3 Engine, and they are games that have been ported and modified by the same group of people. The vast majority of the code can be referenced and utilized
  11. kennylovecode
    have already been solved,127.0.01 IPADDRESS GET ERROR
  12. kennylovecode
    I think it also originated from EO Source
  13. kennylovecode
    so they develop on "EudemonsOnline" client source? or they get official "Conquer Online" client source? i download and setup they client .... find most intersting thing .... customerzition edit fully
  14. kennylovecode
    What exception is being thrown? there not throw any exception ,.... just send the packet and client be killed !! So I tried to comment out some code and send SUCCESS directly, BUT STILL NOT WORK...。 企业微信截图_17101589416162.png 企业微信截图_17101589735654.png 企业微信截图_20240311200758.png I USE 6090 Client Version .... some guess may be is "DiffieHellman" Encrypt wrong packet , and client get the unkonw packet handler to kill process by self JUST gusess ... that's my account.config.json and game.config.json { "Network": { "IPAddress": "192.168.1.58", "Port": 9958, "MaxConn": 500 }, "RealmNetwork": { "IPAddress": "192.168.1.58", "Port": 9921 }, "Authentication": { "Identity": "https://sso.ftwmasters.com.br/realms/world-conquer", "Url": "https://dev.auth.api.worldconquer.online", "ClientId": "account-sso", "ClientSecret": "GP0AEm77vY9AtfMWg1c0xYF17SA1G8pP", "Scope": "offline_access" }, "Realm": { "Url": "https://dev.realm.api.worldconquer.online" }, "Account": { "Url": "https://dev.account.api.worldconquer.online" }, "Auth": { "SharedKey": "7oD2bihwK7uQLmM5Q6c6SodWmvNPdxgC", "SharedIV": "C238xs65pjy7HU9Q" }, "Database": { "Hostname": "localhost", "Username": "root", "Password": "kp2009accp", "Schema": "new_account_zf", "Port": 3306 } } { "Database": { "Hostname": "localhost", "Username": "root", "Password": "kp2009accp", "Schema": "cq", "Port": 3306 }, "Realm": { "ServerId": "94390aa0-c75d-11ed-9586-0050560401e2", "Name": "Storm", "IPAddress": "127.0.0.1", "Port": 5816, "MaxOnlinePlayers": 1500, "Username": "test", "Password": "test", "ReleaseDate": "2023-01-01T00:00:00", "Processors": 4 }, "Login": { "IPAddress": "192.168.1.58", "Port": 9921 }, "Ai": { "IPAddress": "192.168.1.58", "Port": 8650, "Username": "yD3Ni6tMW1NNU1QH", "Password": "jETqqIKi9LuFvOgu" }, "MaintenanceSchedule": [ { "DayOfWeek": 1, "Time": "00:00:00", "WarningMinutes": 5 }, { "DayOfWeek": 3, "Time": "00:00:00", "WarningMinutes": 5 }, { "DayOfWeek": 5, "Time": "00:00:00", "WarningMinutes": 5 } ], "Piglet": { "IPAddress": "192.168.1.58", "Port": 4351, "Username": "yD3Ni6tMW1NNU1QH", "Password": "jETqqIKi9LuFvOgu" }, "Auth": { "SharedKey": "7oD2bihwK7uQLmM5Q6c6SodWmvNPdxgC", "SharedIV": "C238xs65pjy7HU9Q" /// 6fv44hjpBnD4dg0G } }
  15. kennylovecode
    What exception is being thrown? there not throw any exception ,.... just send the packet and client be killed !! So I tried to comment out some code and send SUCCESS directly, BUT STILL NOT WORK...。 3 2 1
  16. kennylovecode
    ENTER METHOD ERROR PACKET When i login to game server .... debug in the packet type ....sende the "MsgAccServerLoginExchangeEx" packet....and the client process be auto killed ... how can i fixed them?
  17. kennylovecode
    THX 。。。 JUST TRY ASK SOME SOLUTION...
  18. kennylovecode
    Solved it, it's because of the issue with Conquere.exe. The downloaded client cannot log in directly. I downloaded the Conquere.exe file for COPSV6 from ELPVP,
  19. kennylovecode
    error error when i setup 5017 source, account server work fine ... but game server accept connection but can not receive data .... didn't execute this code protected override void Received(Client actor, ReadOnlySpan<byte> packet) { this.Processor.Queue(actor, packet.ToArray()); }
  20. kennylovecode
    @Sprited
  21. kennylovecode
    conqueronline.net I'm not sure if anyone has downloaded a client to play games on this server. I'm curious about this highly customized client. I'm not sure how they did it, but it may include the following items: 1. They used the leaked client source code from a lower version of Tianqing for secondary development. 2. They used a loader to inject hooks and make client modifications. 3. They completely independently developed a game client. These are several possibilities that I guessed. I really like the game graphics of this client, even exceeding my love for the official classic version, Is there a way to develop your own private server from this client?
  22. kennylovecode
    I'm working on a simplified version that I'm also trying to improve some stuff. It'll see sunlight soon and I'll replace the links in the main post. It's not that I don't want to create a guide on how to setup stuff, but I tried to record a video and it took me more than 1 hour of explanations... then my wife just entered the room screaming because of a bug and I deleted it. take care .... keep family emotion heath is more importants.... BRO
  23. kennylovecode
    HAHA ... That's really right “ There's no stopping scammers in any private server community” change " There's no stopping scammers in any where" scammer study scam very time ... because, it's they work ...
  24. kennylovecode
    Just define the preprocessor variable USE_MYSQL_DB https://gitlab.com/world-conquer-online/canyon/canyon/-/blob/main/src/Canyon.Login/Sockets/Login/Packets/MsgAccount.cs?ref_type=heads#L21 Just add a try/catch block to avoid logins getting stuck if DB is not online https://gitlab.com/world-conquer-online/canyon/canyon/-/blob/main/src/Canyon.Login/Repositories/AccountRepository.cs?ref_type=heads#L7 I had already defined it, and ended up in the Account Repository, now I'm going to create this part of the try. The hardest part they've already done, the emulator is ''ready'', regarding the documentation, any line of code you put in a chat bot will tell you what it's for and what it does, the person just has to run after it. and find out :D YEA. I know that'.... THKS
  25. kennylovecode
    that's cool . I agree most about your idea to stop easy setup scam server ... but ... i think scamer smart too .... just .... Maybe it's just setting obstacles for some beginners That's why I have such doubts, but I fully appreciate your ideas and contributions, because it's really not easy
×
×
  • Create New...