L2Tower Discord Let's keep the community alive with discord. Discussions about plugins and scripts L2Tower Discord

Thread Closed 
 
Thread Rating:
  • 13 Vote(s) - 2.92 Average
  • 1
  • 2
  • 3
  • 4
  • 5
let's crack lameguard !!!
Author Message
pxovela Offline
VIP Member
***

Posts: 167
Joined: Sep 2011
Reputation: 14
Version: 1.4.1.123
Post: #1
Tongue let's crack lameguard !!!

So, more and more servers are using new lameguard, and we are getting client crash + hdd ban.

What we have to do is to modify client and disable gameguard and then normally inject towerSmile)

As a test server I took http://l2dragoneye.com/.
It has typical antibot which we can't bypass.

1. What i noticed that if I change dsetupp.dll or gameguard.des files, l2.exe is not starting.

So our main task is to change existing L2.exe to the normal one.
the l2.exe from dragoneye is not taking information from .dll and .ini files of system, but from somewhere else...
[Image: knjwm.jpg]

So what i did next is replaced existing l2.exe from the decrypted one from fyyre. I also replaced dsetup.dll from fyyere and deleted gameguard.des. But now when i entered id and pass I couldn't connect...

Next step was editing l2.ini.
I added there server Ip: 178.33.233.111; port:7777 and protocol 268.
started l2.exe and woalala! i entered server until the game server...
But there i got: Your protocol version is different Sad

Now i'm stuckedBig Grin i need your help. any ideas how to go further?
If we enter server with such modified client, lameguard will be crackedBig Grin
07-02-2012 10:31 AM
Find all posts by this user
Fox Away
Fraka-kaka-kaka-kaka-kow!
******

Posts: 5,640
Joined: Oct 2011
Reputation: -6666548
Version: 1.4.2.142
Post: #2
RE: let's crack lameguard !!!

To see the original protocol version create a BAT file whit (L2.exe -L2ProtocolVersion}
and run it. Then replace it on your modified system... try Smile


G2A is a fantastic web-store where you can buy games cheap (40%+ Discounts!)
[Image: uaFndGu.gif]
07-02-2012 10:38 AM
Visit this user's website Find all posts by this user
amiroooo Offline
Beta Tester

Posts: 1,270
Joined: Sep 2011
Reputation: 412
Version: 1.4.2.142
Post: #3
RE: let's crack lameguard !!!

changing protocol to correct one will work yes but the main issue is, lameguard send info about ur client pc ip and number of clients logged in upon choosing server, those infos don't get send in normal client and thus server side will still notice you are logged in but you didn't send.
07-02-2012 10:40 AM
Find all posts by this user
pxovela Offline
VIP Member
***

Posts: 167
Joined: Sep 2011
Reputation: 14
Version: 1.4.1.123
Post: #4
RE: let's crack lameguard !!!

(07-02-2012 10:38 AM)Fox Wrote:  To see the original protocol version create a BAT file whit (L2.exe -L2ProtocolVersion}
and run it. Then replace it on your modified system... try Smile

I did that...
I changed protocol in l2.ini but no result...
it doesn't gives a shit what's written there, still gives protcol version errorBig Grin

(07-02-2012 10:40 AM)amiroooo Wrote:  changing protocol to correct one will work yes but the main issue is, lameguard send info about ur client pc ip and number of clients logged in upon choosing server, those infos don't get send in normal client and thus server side will still notice you are logged in but you didn't send.



So maybe we can send those packets using wp ppc? http://x33.ru/saur/

What i see is that client is sending protocol version packet at the moment of server selection...
The problem is that it is different at every entrance:
0b010ed800000036ea471b8c7c77b0d67dc32e2e6ec6827bbf ad785ff6c485a10bc4ecfaea7ec2899084394bb8efe80ea03c bcf86adf539fb6183319e2892308942f63e19bae381193a117 dffdb26c7a7634650cf13a1ed6626cec97a8327816e1afa15c 867359e18fa07b62b005792265e26c0e187d5a4f5fef9c4351 d0aa9bd0847147c2b3434d10ae945493c258c64216e0f84782 8177affab5fe4bb61966afa20b8280aa6555811f6d05a5c993 d8fbfee6e77c4ef6c5d1424caa986fde1e7eeface70d83d7a9 006287784c186b32617313d2c5cae7f3950f532e97c5603311 5253bc2ed4d87c005c8e60f58efff3d5da123c6bd9d263e0eb 96666f86d2880544d3dd24c5cb4e360b22


0b010ed8000000e834479c537db70bc7a7c3f02fc2504d6b83 737881f708e7117706cc5cfc7f52becc20462dca524850c3a9 3c80213e7fcbb6d332c6ce7d025d7c51c4e01d2f0f90cc3448 1ba33ea67aec357a8c4a089f89e3336dc82880a6163fae57dc ecad594b51a0a5626e0446a33a63327cc67cbc10966ac04232 51d1ba3ee506203d16addb9ab17e664af5dbc9ffced3ec28a0 da6c3cd3cc4fca6b494b4bacedcb509bfb722918340380690b ef84a8e210a63f03b45d814dc919ad444dfa1887a2cb56467c dea4f43b60309dc14a04ff2f6cefaedc91fddc338f853284c6 604acf772a9ca1515e0e3764fcdd7d9a35b53891be89f0b99a 91cd9518b9ed915a2b30f0f8284ee80bfc

Maybe we an attach script smthn like this ?
I'm very bad at programmingBig Grin


const
ProcolVersionPacket=Hstr('??????');

BEGIN
if (_gBuff[3]=#$0E) and (not(_gFromServ))
_gOutBuff:=ProcolVersionPacket;
END.

p.s. [Image: I+Have+No+Idea+What+I+m+Doing_8628c0_3398345.jpg]
(This post was last modified: 07-02-2012 11:08 AM by pxovela.)
07-02-2012 10:43 AM
Find all posts by this user
ClockMan Offline
All Mighty
*******

Posts: 2,886
Joined: Jan 2011
Reputation: 499
Version: 1.4.3.143
Post: #5
RE: let's crack lameguard !!!

Login packets are encrypted by lameguard, thats main problem...

Lameguard and other antibots modifity login packet or other specyfic packets (enterworld [usually only auth server packets]), usually by hooking some functions, you can use HookShark tool to detect some of them. If server dont get specyfic packet, it wont let you in. These packets are encrypted by anti-bots in 99% of cases. And thats makes every antibot specyfic...

There is more, antibots got own threads or they injected/hooked into other threads, thats are scan procedures, they scan all functions, memory, dll's, open processes and windows if they detect a hack they can send some message to server and terminate/(usually close socket/process) game.

To crack anti-bot you need to find that scan procedure, and it's not easy to find...

[Image: owner.gif]
07-02-2012 12:30 PM
Visit this user's website Find all posts by this user
slipx Offline
N00b
***

Posts: 251
Joined: May 2012
Reputation: 0
Version: 1.4.3.143
Post: #6
RE: let's crack lameguard !!!

so it's hopeless =/

Sorry for my BAD English Smile

If I helped +1 ME
07-02-2012 13:44 PM
Find all posts by this user
DTT Offline
Moderator
*****

Posts: 79
Joined: Oct 2011
Reputation: 4
Version: 1.4.3.143
Post: #7
RE: let's crack lameguard !!!

There's a guy who's selling lameguard bypass.
Try pming him.

Spofas loves men.
02-25-2013 23:58 PM
Find all posts by this user
Thread Closed 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  lameguard brindle64 7 4,489 02-09-2015 23:22 PM
Last Post: TheQQmaster
  Lookin for lameguard server side files Szakalaka 0 2,234 10-03-2014 15:00 PM
Last Post: Szakalaka
Star Lameguard nodrik 2 2,734 08-17-2014 22:25 PM
Last Post: nodrik
  L2 Tower - Lameguard pleko 0 2,310 08-16-2014 14:10 PM
Last Post: pleko
  L2tracker crack question dev0 0 2,583 09-23-2013 01:05 AM
Last Post: dev0
  LameGuard/hGuard dadolino 18 13,736 08-12-2013 14:44 PM
Last Post: monakian
  tower premium against lameguard laydown 1 3,564 08-12-2013 14:33 PM
Last Post: natherlog
  Lameguard saruc 1 2,667 01-29-2013 00:41 AM
Last Post: user16
Bug Is Lameguard the end of Botting??? rahviel 4 6,720 01-23-2013 10:13 AM
Last Post: Motan
  Character or bot is on crack naterdude 12 9,618 06-17-2012 18:21 PM
Last Post: Fox



User(s) browsing this thread: 1 Guest(s)