Client: Using decrypted server.dat

[Mugaru]

I am learning from this, thanks.

TQAnp and TQPlat Zip is broken, can reupload?

Broken? Like the link? I can download it just fine.

Try to extract it, it is damaged

Try it with 7Zip or WinZip or something.

Also make sure the download is not targeted by your AntiVirus.

[darkfox]

Broken? Like the link? I can download it just fine.

Try to extract it, it is damaged

Try it with 7Zip or WinZip or something.

Also make sure the download is not targeted by your AntiVirus.

Damaged and my antivirus is not detecting that file

[luiscruz08]

Hi Adrian, very good tutorial, I am trying to crack the Server.dat of the v6609 client, but I have failed several times, I cannot get the list of servers to display in the quickpay.dat file,I tried to download your outenserver.xml but it is corrupted when I try to extract the file.

I have used an outenserver.xml

I did it but still can't get it done..

I follow all the steps perfectly but I still can't get the servers to show up.

Thanks for your help.

this is the one i use:

[WHITELIONX]

Same problem as darkfox, I have tried winzip, 7zip and winrar but it seems it's a header issue

[adrian]

hi, guys. I've been offline for long time. I'm sorry to hear that you have been into problems to download the files.

in fact, the files were damaged (maybe a problem with forum server that might corrupted the files).

but, good news! I've re-uploaded the files, so you may now unzip without problems.

let me know if the files are okay now.

[Spirited]

Hm, without going into a lot of detail about how I currently host this website... a lot of things would be broken here if there was file corruption. I'll keep an eye on this though.

[adrian]

Hm, without going into a lot of detail about how I currently host this website... a lot of things would be broken here if there was file corruption. I'll keep an eye on this though.

I got into same thought, as I didnt see other file corruption in other threads... but, I have these files backed up, so no problem.

and btw, did you take a look to see if it is possible to use this tutorial to get in a way to apply your own encryption to server.dat?

[Spirited]

I haven't, no. I've been unfortunately very busy. The most progress I've made on client mods / hacks is my Dragon project. I've been pretty swamped at work since then. I hope to return to project work again at some point.

[kujiku]

@adrian Is there a way for the 5103 client version? since this method does not work in this version.

[Shehabdasten]

Tried on 6609 version but the servers dissapeared on login screen

[kennylovecode]

i post a video how to bypass server.dat on youtube 4years ago ...

the guide version 6989, not supported too old client

you can check it on :

[JaceSkell]

This might be old and stuff.. but after following the video guide im getting this weird error : Error in Compress_Encrypt file

Maybe someone could point out why that might occur ?

[Zedaf]

On 1/6/2021 at 1:37 PM, Mugaru said:

Here are my findings for the 5517 client.

 

00764CE7 = tmpnam 
00764D9A = DeleteFileA (Call)
007B714F = Push EDX
007B7150 = FOPEN 
007B7149 = Should be changed from JGE to JMP. 
After that 
007B7158 = MOV EDX [FILE THAT WILL BECOME THE SERVER.DAT] (i used:  MOV EDX, 00940450 // ini/ItemtypeSub.dat ) 
007B715E = JMP 007B714F
00765716 = JE Conquer-.007657A0 > This JE should be changed to JNZ

 

 

I've been private messaging with Adrian about removing the blacknull check from the client, since you can't find it with string reference.

Adrian found out that you can find it in the HEX window in OllyDBG, so from that point he was able to play around with the jumps around that opcode. (Thanks for the help with that).

After that i've been following the guide in the first post of this topic, from which i posted my opcodes up here.

The issue with this is that i am not able to change the row amount or names in the outerserver.xml, so for example you have server names like Lucky7, you can change it to Lucky8 or Tests1 but if you use a name which is longer or shorter it won't load the servers anymore.

Its the same with the rows in the XML file, if you remove rows, to keep only 1 server group and 1 server, the 'custom' server.dat won't load, you will see an empty server list.

If anybody else know the answer to this problem, feel free to post it :-), for now this is the start of my try.

My guess here is that the client loads the original server.dat and saves the row count and the names somewhere in the memory, to check those later.

I'm still debugging the client, but for now i've got no new info, when i have, i'll post it here.

#Update

I added the last OPCode in the code tags of this post which should be changed to make it work.

After i changed that last one, i was able to load my own serverlist.

Hey, I followed this guide and think I must be very close to having it correct but there was one discrepancy that I found, which is that my `007B715E` ended up being on `007B715D`, does this mean that I should've ticked NOP when I entered one of the instructions or something? Everything else is the same (see screenshots) - the only other possibility I can think of for why it's not working is possibly the configuration of my outenserver file.

[JaceSkell]

It seems either i'm doing something wrong or the OllyDBG is being a jerk but when ever i open Conquer.exe and run it i get

 

[kennylovecode]

23 hours ago, JaceSkell said:

看起来要么是我操作错误，要么是 OllyDBG 出了问题，但每当我打开 Conquer.exe 并运行它时，我都会得到

 

Because you may be using a client that has been modified by someone else and has added memory read-write protection, this is my guess.