[EXCLUSIVE SHARE] IG WALKER FOR KASHA PROTECTION (L2Elixir,L2Dex etc.) UPDATED!!

Lineage II English & Greek Section => Lineage II Bots [English] => Topic started by: TILEMACHOS on October 03, 2010, 12:29:26 PM



TILEMACHOS on October 03, 2010, 12:29:26 PM
[Hidden post: You need 750 posts or become a VIP or Donator member to see it]

-=UPDATE=-
Date : 06/10/2010
Delete Previous files you have downloaded....
All files are Updated due to Bug Fixes!!
Added Interlude Modification with Moded L2aSrv
2.09 Version now can read all Items database from 2.17version
Also a link to thread to show you how to run walker in Win 7
Plz Download Again


____________________________________________

Alright guys...that was it...
It is time to share my Walker Files For Connecting in Servers With Kasha Security Modules
You Can Also Use This Walker to bypass and many other securitys :D

In a few steps i will show you how to connect with my files....
It's simple but if you are NOOB plz leave this thread ASAP and don't ask questions
Don't Ask who is Navicat...it is the nickname i use in Lineage,forums and my modifications

First of all i ll share the files :

_________________________________________________________________________________________


1) My interlude Modification with Moded L2aSrv invisible by Kasha www31.zippyshare.com/v/54566306/file.html

===============================================================================

2) Walker Modification 2.09 with 2.17 Item database www13.zippyshare.com/v/50255982/file.html  <---- Link Updated Again

P.s : If you have problems with corrupted L2.exe while pressing run on Navicat Loader...
Or Running under Win 7...
Use the Import Dll Method : http://www.maxcheaters.com/forum/index.php?topic=123400.msg1306764#msg1306764

_________________________________________________________________________________________

Here is a guide :

Before i start i have to tell you that there are somethings that you must find by yourself
Because Kasha Module is different from Server to Server...

MasterWalker has shown to you a guide on how to kill modules that tracking down hacks running on system etc.

http://www.maxcheaters.com/forum/index.php?topic=162556.0

You must learn this technique before you start...
But instead of KILLING modules you must SUSPEND them...

Let's Begin....

I will show you my files working on a famous Server... L2 Elixir
Who is using Kasha Security Module :D

Important:
Parts 3,4 Must done as fast as you can!!!

1) Run Naviexp.exe



2) Run Navicat.exe Select the L2.exe from your system and press Run



3) Wait until L2.exe loads up to login Screen and Go fast to Navicat Explorer and track down L2.exe and double click on it...



4) Go to tab Threads and search for threads from : Msxml4b.dll , ALaudio.dll , Fire.dll and Suspend them...(P.S. : This is not the same for every server...this is for L2Elixir,You have to track down by your self witch are the treads that checking for hacks etc. )




5) Close Navicat Explorer Login and have a Happy Bot Day :D :D :D


emir0n on October 03, 2010, 12:37:20 PM
even trough its hidden,nice job bypassing the kasha sh!t once again,keep it up


TILEMACHOS on October 03, 2010, 12:56:47 PM
even trough its hidden,nice job bypassing the kasha sh!t once again,keep it up

Emir0n check your pms my friend....
Even if Kasha add my files to his blacklist i can make new that can bypass :D


emir0n on October 03, 2010, 01:01:49 PM
cool man <3 the work

and thx ofc :)


MasterWalker on October 03, 2010, 03:56:42 PM
Kasha's problem is the variation of the operation of server to server. In the case of L2Elixir msxml4b.dll you must stay, in my case here in Brazil, the servers that have kasha, usually close a process L2.dll.

I tried using your guide on THIS l2.revolutionserver.com server, but when I click on RUN L2Walker IG, L2.exe already has an error and closes.

Remember also that: L2Walker IG 2.9 is recommended only to the Gracia Part II, already Gracia Final / Epilogue only the IG 2.17, because using an older version you may have trouble viewing items, Skills and NPC's, which may interfere with the time to let the char in the area of UP.

It would be ideal to make the compatibility of the L2Info.DAT L2Walker IG L2Walker IG 2.17 to 2.09.



TILEMACHOS on October 03, 2010, 04:16:07 PM
[Hidden post: You need 1000 posts or become a VIP or Donator member to see it]

Kasha's problem is the variation of the operation of server to server. In the case of L2Elixir msxml4b.dll you must stay, in my case here in Brazil, the servers that have kasha, usually close a process L2.dll.

I tried using your guide on THIS l2.revolutionserver.com server, but when I click on RUN L2Walker IG, L2.exe already has an error and closes.

Remember also that: L2Walker IG 2.9 is recommended only to the Gracia Part II, already Gracia Final / Epilogue only the IG 2.17, because using an older version you may have trouble viewing items, Skills and NPC's, which may interfere with the time to let the char in the area of UP.

It would be ideal to make the compatibility of the L2Info.DAT L2Walker IG L2Walker IG 2.17 to 2.09.


It's not only msxml4b.dll ...it is also fire.dll and ALaudio.dll

Corrupted while running..hmmmm
Try this...
It is 2.17 Mod by me...

L2 Walker 2.17 Navicat Mod Greece   ::)  8)


MasterWalker on October 03, 2010, 04:34:45 PM
Tilemachos Sorry, but I was doing it wrong. I actually made a guide on how utilziar L2Walker IG 9.2 in Windows 7 because of incompatibility, and was doing everything wrong here, trying to start the direct L2Walker IG. Link to the lnavicat.dll ogg.dll, then yes it worked.

Even I did not need to suspend / terminate any process.

Now he is working.



Great job, now I will test the IG L2Walker 2.17;).

PS: Just do not understand why the map does not enable real L2Walker


TILEMACHOS on October 03, 2010, 04:44:21 PM
Maybe there some  maps that missing from my share :/
I was in Aden and map was working...so get maps from other walker and paste them inside my folder
With 2.17 i can connect but i can't verify :/
I suspend Processes because in elixir i get non funcional l2.exe after some time...and suspending those threads is the solution


MasterWalker on October 03, 2010, 04:56:52 PM
If you allow me: does the editing of THIS www.mediafire.com/?oljymy2toej version of the IG L2Walker 2.17, it's compatible with Windows 7, otherwise it is necessary to link the dll file to the L2Walker ogg.dll.

If you can do that will be of great help, and then I can see a new authentication method ^ ^.



TILEMACHOS on October 03, 2010, 05:06:59 PM
If you allow me: does the editing of THIS www.mediafire.com/?oljymy2toej version of the IG L2Walker 2.17, it's compatible with Windows 7, otherwise it is necessary to link the dll file to the L2Walker ogg.dll.

If you can do that will be of great help, and then I can see a new authentication method ^ ^.



What excacly you want me to do with that??


MasterWalker on October 03, 2010, 05:11:58 PM
What excacly you want me to do with that??

You did not say it changed the L2Walker to work on servers that have Kasha?

Well then, this IG L2Walker 2.17 posted there that is compatible with both Windows XP and Windows 7, since what you posted does not work on Windows 7 and also is not allowing to link the Lnavicat.dll ogg.dll through PEditor.


TILEMACHOS on October 03, 2010, 05:19:15 PM
You did not say it changed the L2Walker to work on servers that have Kasha?

Well then, this IG L2Walker 2.17 posted there that is compatible with both Windows XP and Windows 7, since what you posted does not work on Windows 7 and also is not allowing to link the Lnavicat.dll ogg.dll through PEditor.

Of Course you can't link it because it is packed with Vmprotect and all important data is unreadable...
So i think the  only think that make it compitable with win 7 is the manifest file...
So try add this in 2.17 folder that i provided...and run Lnavicat.exe
http://www12.zippyshare.com/v/17965971/file.html


GiN-ToNiC on October 03, 2010, 08:04:41 PM
woot TILEMACHOS u did it realy omg :D
Congratulation to your bypass and keep it up mate :D


TILEMACHOS on October 04, 2010, 12:32:17 AM
woot TILEMACHOS u did it realy omg :D
Congratulation to your bypass and keep it up mate :D

Thank you very much :D

Is there somone who knows how to unpack VMprotect??


MasterWalker on October 04, 2010, 03:10:34 AM
Well worth the Tilemachos intention, but the PEditor was unable to bind to the Lnavicat.dll IG L2Walker 2.17 to ogg.dll. The funny thing is that the IG L2Walker 2:09 that you shared, the lnavicat.dll linked smoothly.  :(


TILEMACHOS on October 04, 2010, 03:31:30 AM
Well worth the Tilemachos intention, but the PEditor was unable to bind to the Lnavicat.dll IG L2Walker 2.17 to ogg.dll. The funny thing is that the IG L2Walker 2:09 that you shared, the lnavicat.dll linked smoothly.  :(

Let me tell you something...

L2walker creator made his program and he does not want anybody cheat on him...
So what he can do to prevent people like me edit his program???

He is using a protector....

In 2.17 l2walker.dll is protected with VMprotect
It is very hard to release a file from this protection...If someone do that then we can crack this version and verify like older versions..

You can't link this file (add imports) because it is protected....

Lnavicat.dll on 2.09 is free from protectors...i have unpack this think..so you can add imports and exports on it or do anything else you wanna do...


MasterWalker on October 04, 2010, 03:37:33 AM
Let me tell you something...

L2walker creator made his program and he does not want anybody cheat on him...
So what he can do to prevent people like me edit his program???

He is using a protector....

In 2.17 l2walker.dll is protected with VMprotect
It is very hard to release a file from this protection...If someone do that then we can crack this version and verify like older versions..

You can't link this file (add imports) because it is protected....

Lnavicat.dll on 2.09 is free from protectors...i have unpack this think..so you can add imports and exports on it or do anything elsde you can do...

And just one question: You have modified the L2Walker IG 2.09 to work on servers with Antibot Kasha?

I use Windows 7, and this version of L2Walker IG 2.17 not working on it. Only the version of L2Walker IG 2.17 compatible with Windows 7, which is THIS www.mediafire.com/?oljymy2toej.


TILEMACHOS on October 04, 2010, 03:40:34 AM
Yes i Did as you can see in my share :D

Try add this file in Navicat 2.17 Tilemachos and telll me if it works with Win 7..

http://www12.zippyshare.com/v/17965971/file.html


MasterWalker on October 04, 2010, 03:56:55 AM
Yes i Did as you can see in my share :D

Try add this file in Navicat 2.17 Tilemachos and telll me if it works with Win 7..

http://www12.zippyshare.com/v/17965971/file.html

lol ... Yesterday you sent this same file, but did not work :( ...

Only this version of my previous post that work on Windows 7, it opens normally.


TILEMACHOS on October 04, 2010, 03:58:31 AM
lol ... Yesterday you sent this same file, but did not work :( ...

Only this version of my previous post that work on Windows 7, it opens normally.

I sended again because you don't gave an answer...
Ok i m moving to netcafe where there are some pcs with WIN 7 and i 'm gonna make it work..
Just wait :D


MasterWalker on October 04, 2010, 04:11:23 AM
I sended again because you don't gave an answer...
Ok i m moving to netcafe where there are some pcs with WIN 7 and i 'm gonna make it work..
Just wait :D

Hehe ... OK ... I'm going to work, later I return to the topic.

Thanks in advance.


Oddi on October 04, 2010, 04:12:14 AM
Just a little heads up:
L2Net v386 combined with ipjack will work on all kasha protected servers :)



TILEMACHOS on October 04, 2010, 04:38:54 AM
Just a little heads up:
L2Net v386 combined with ipjack will work on all kasha protected servers :)



Hey Oddi :D :D

I just made it work with L2walker IG because this program is easy to use :)

Yeah of Course will work..
You have done great job on L2.NET :)
Let me give you an advice...
Try make L2.NET look and have the same and more functions than L2walker!
Keep up the good work with L2.NET i ll support you and i ll try to help on anything L2.NET team needs


TILEMACHOS on October 04, 2010, 04:55:37 AM
Well MasterWalker....
There is one way to fix all of your problems with compatibility of WIN7 ;)

FORMAT As Soon As Posible....
WIN7 is another one crappy Windows Release...
Windows XP is the best release that microsoft ever made...


GiN-ToNiC on October 04, 2010, 09:20:14 AM
Thx for this TILEMACHOS ;)
u are the best :D


MasterWalker on October 04, 2010, 09:57:46 AM
Well MasterWalker....
There is one way to fix all of your problems with compatibility of WIN7 ;)

FORMAT As Soon As Posible....
WIN7 is another one crappy Windows Release...
Windows XP is the best release that microsoft ever made...

Hehe ... Format does not scroll. Still prefer to use my method of breaking the Kasha;)

And I repeat: this version of L2Walker IG 2.17 that you have shared is the old version, the new version is THIS www.mediafire.com/?oljymy2toej, and it runs smoothly on Windows 7 ^ ^.



TILEMACHOS on October 04, 2010, 10:08:43 AM
Hehe ... Format does not scroll. Still prefer to use my method of breaking the Kasha;)

And I repeat: this version of L2Walker IG 2.17 that you have shared is the old version, the new version is THIS www.mediafire.com/?oljymy2toej, and it runs smoothly on Windows 7 ^ ^.

Ok i m going to edit this version and share it to tell me if it is working :)
Just wait i m gonna make it right now


TILEMACHOS on October 04, 2010, 10:36:20 AM
-=UPDATE=-

Delete Previous files you have downloaded....
All files are Updated due to Bug Fixes!!
Plz Download Again

Here www.maxcheaters.com/forum/index.php?topic=179246.msg1408839#msg1408839


Realm on October 05, 2010, 01:15:30 PM
OMG I Wish i could read this Thread!!!
I just registered in this forum after a friend tell me about this post
Amazing if it's real that you can bypass this protection
You are a Hero :D


TILEMACHOS on October 05, 2010, 01:22:14 PM
OMG I Wish i could read this Thread!!!
I just registered in this forum after a friend tell me about this post
Amazing if it's real that you can bypass this protection
You are a Hero :D

Thank you very much...of course it's true that i made it to bypass it :)
Check you pm's my friend...
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

SORRY GUYS A LAST UPDATE....
DELETE OLD FILES DOWNLOAD AGAIN
THANK YOU VERY MUCH

-=UPDATE=-
Date : 06/10/2010
Delete Previous files you have downloaded....
All files are Updated due to Bug Fixes!!
Added Interlude Modification with Moded L2aSrv
2.09 Version now can read all Items database from 2.17version
Also a link to thread to show you how to run walker in Win 7
Plz Download Again



Realm on October 05, 2010, 01:51:35 PM
OMFG You are the Best!!!!
I Am using L2Walker in L2Elixir after many years :D
IT IS REALLY WORKING LOOOOOOOOOOOOOOOOOOOOOOOOL!
Now i can sleep and your walker do the job for me
God Bless you
Thank you!!!!


DuK3Gr on October 05, 2010, 02:02:20 PM
heh pwn :D . kasha QQ


TILEMACHOS on October 05, 2010, 02:21:11 PM
heh pwn :D . kasha QQ

Duk3Gr...you was moderator on L2Fury of Dex server??


mpj123 on October 05, 2010, 05:29:14 PM
DukeGR was the owner and dev of the independent server before it merged with l2dex... if that is the real one.


TILEMACHOS on October 05, 2010, 11:23:11 PM
DukeGR was the owner and dev of the independent server before it merged with l2dex... if that is the real one.

What a server!!!!
I was pvping a lot with my Treasure Hunter there :D


emir0n on October 06, 2010, 05:42:04 AM
What a server!!!!
I was pvping a lot with my Treasure Hunter there :D

yep me2 and have to say the server was in my top 3 favorite l2 servers list :)


TILEMACHOS on October 06, 2010, 11:19:37 AM
Mistake In link : 2) Walker Modification 2.09 with 2.17 Item database

New link Here : Walker Modification 2.09 with 2.17 Item database UPDATED www13.zippyshare.com/v/50255982/file.html

I am sure that Kashas Legs are tremble from this post

HAHAHAHA


xa0 on October 07, 2010, 10:19:18 AM
what if i have windows 7 and play in a interlude server where you cant run l2walker and l2.exe at the same time?


Versus on October 07, 2010, 10:47:10 AM
Congratulations! Really nice :)

+1 karma, although post count has been decreased to 750, 1000 were way too much.


TILEMACHOS on October 07, 2010, 01:22:48 PM
what if i have windows 7 and play in a interlude server where you cant run l2walker and l2.exe at the same time?

follow this link...might help... :)

Congratulations! Really nice :)

+1 karma, although post count has been decreased to 750, 1000 were way too much.

Thnx Versus...
750 it's ok yeah :)


Leki on October 08, 2010, 04:23:22 AM
Awesome Share And Good Work ;)


xa0 on October 08, 2010, 04:51:33 AM
follow this link...might help... :)


i cant see a link....


TILEMACHOS on October 08, 2010, 06:27:12 AM
Xa0 check your pms my friend
 :D


mpj123 on October 08, 2010, 06:30:05 AM
What a server!!!!
I was pvping a lot with my Treasure Hunter there :D

heh, in that case we may have PVPed eachother... I was there at the start of the server. Had +14 homu sword... forget which name I went by back then, maybe gawdsed or hooters. Mostly pvped in FG... Had a full bot group there the whole time I played though XD, I stopped playing because I raped that server too hard. (seriously)

Even after he implemented his bot protection, but I wont get into details about that.


TILEMACHOS on October 08, 2010, 06:37:35 AM
heh, in that case we may have PVPed eachother... I was there at the start of the server. Had +14 homu sword... forget which name I went by back then, maybe gawdsed or hooters. Mostly pvped in FG... Had a full bot group there the whole time I played though XD, I stopped playing because I raped that server too hard. (seriously)

Even after he implemented his bot protection, but I wont get into details about that.

Hmmm Mpj i don't Remember...

My Name there was Navicat...
Me and 3 friends played there (Dsquared2,Snif and Purkur) Rulled basicly at Ketra TP where pvp was unstopable...

Treasure Hunter and Jesus Christ assistant
As a Greek proverb says hahahahaha


Klaas on October 26, 2010, 09:47:37 AM
haha im a treasure hunter by heart too. U finally did it, i still remember words of the GM saying his protection can NEVER BE BEAT  ;D
GOOD JOB!!!


Morate on November 09, 2010, 03:17:14 AM
But dont have walker protection ??? L2exlir have protection.


TILEMACHOS on November 09, 2010, 05:33:14 AM
haha im a treasure hunter by heart too. U finally did it, i still remember words of the GM saying his protection can NEVER BE BEAT  ;D
GOOD JOB!!!

:D :D :D


Dexeryl on November 09, 2010, 06:10:52 AM
Me and 3 friends played there (Dsquared2,Snif and Purkur) Rulled basicly at Ketra TP where pvp was unstopable...
Ofc ur friends was alway with full buff dance/song + cov.
Don't remember u but I remember ur friends well xD


TILEMACHOS on December 26, 2010, 02:55:21 PM
Well i show in the kasha site that he updated his protection some months after i breaked in...
I am going to kick him :D
So it's show time again :D
Send Me a good one Server you playing with a lot of people to try crack :D



MasterWalker on December 27, 2010, 06:25:07 AM
Well i show in the kasha site that he updated his protection some months after i breaked in...
I am going to kick him :D
So it's show time again :D
Send Me a good one Server you playing with a lot of people to try crack :D

Some time ago I sent a PM to you saying that Kasha was already blocking your Navicat, but you did not respond to MP. This server: http://www.lineageii.com.br/ it has the latest version of Kasha, if you want to test.

PS: Server brazilian L2 Freya with 2k++ for Players


TILEMACHOS on December 27, 2010, 09:12:24 AM
Some time ago I sent a PM to you saying that Kasha was already blocking your Navicat, but you did not respond to MP. This server: http://www.lineageii.com.br/ it has the latest version of Kasha, if you want to test.

PS: Server brazilian L2 Freya with 2k++ for Players
Thnx MasterWalker...Sorry for i don't respond to your pm :|
I ll try on this Server now...
I'll not try on L2Dex Because he use two protection...one is Kasha and the other one is on the Login Server..If i use L2walker or anything else it gives an Auth Failed message and i cannot login for many hours after this so i can't Test..
If someone has some information on how exacly L2Dex Finds the hacks even if you bypass Kasha plz send me PM and Explain...
I think it finds them with Opcodes tests..

Anyway I'll try one the server you say :)

Thank you Very much


DBSK on December 27, 2010, 09:38:58 AM
L2net working on dex but i didnt found a share about breaking their protection on l2net fourm


P.s found it http://www.megaupload.com/?d=W14J8MJV


TILEMACHOS on December 27, 2010, 11:38:04 AM
With client Swap
L2net working on dex but i didnt found a share about breaking their protection on l2net fourm


P.s found it http://www.megaupload.com/?d=W14J8MJV

yeah i know with Client Swap Method(L2fork etc.)
That is working everywhere
But the point for me is to make it work like it works without the protection :D
Just a Simple run with L2Walker IG


DBSK on December 27, 2010, 11:57:17 AM
With client Swap
yeah i know with Client Swap Method(L2fork etc.)
That is working everywhere
But the point for me is to make it work like it works without the protection :D
Just a Simple run with L2Walker IG

Yeah i know i was just showing you how to bypass using  l2net ( didnt know that you already know ) anyway would be cool if you could get Ig walker working on l2dex since they going open  2 new servers in 2011 ( PVP server 30 jan 2011,New 7x Server febr 2011) and no im not asking for Public share,you could sell for $$  or whatever you want of coruse.


emir0n on December 27, 2010, 07:21:02 PM
did u try the cross connection with a secondary client with l2w ? this method was used for backice servers before,should work now on the kasha sh!t


TILEMACHOS on December 27, 2010, 11:43:23 PM
did u try the cross connection with a secondary client with l2w ? this method was used for backice servers before,should work now on the kasha sh!t

That's what i call client swap my friend Emiron :D
Yeah i think this works


emir0n on December 28, 2010, 12:29:12 AM
ah yea didnt notice ... and yea should work on most servers,but also here, there is a relatively easy way to block even this way of bypass ... hope that it will last as long as possible :]


TILEMACHOS on December 28, 2010, 12:52:09 AM
ah yea didnt notice ... and yea should work on most servers,but also here, there is a relatively easy way to block even this was of bypass ... hope that it will last as long as possible :]

I have to tell something for all to know about the protections of that Kind...
It isn't Kasha it isn't RPG-Club Moderator or anyone that is making so good Protection...
They Configure an antibot and then they Just add a Good "Packer" (Protector) on their Files that can make them unreadable from debuggers etc.

Kasha uses The Enigma Protector... a good Packer with VM
RPG-Club uses an even stronger Protection on their files the VMProtect

It need a lot of skills to unpack this Files...I am still not so good to completely unpack those things..there are few people in the world that can do this..

After Unpacking it's nothing to Bypass the functions that searching for hacks...
The only thing we can do is Just wait for Better Scripts for OllyDBG or better some Automated Unpackers for those Protectors


emir0n on December 28, 2010, 01:07:23 AM
I have to tell something for all to know about the protections of that Kind...
It isn't Kasha it isn't RPG-Club Moderator or anyone that is making so good Protection...
They Configure an antibot and then they Just add a Good "Packer" (Protector) on their Files that can make them unreadable from debuggers etc.

Kasha uses The Enigma Protector... a good Packer with VM
RPG-Club uses an even stronger Protection on their files the VMProtect

It need a lot of skills to unpack this Files...I am still not so good to completely unpack those things..there are few people in the world that can do this..

After Unpacking it's nothing to Bypass the functions that searching for hacks...
The only thing we can do is Just wait for Better Scripts for OllyDBG or better some Automated Unpackers for those Protectors

yup i fully agree ... but still there is 1 thing i guess that till now it wasnt "beaten" (if im not mistaking),but wont give the protection developers any hints so its more interesting :]


MasterWalker on December 28, 2010, 02:11:29 AM
On this server www.lineageii.com.br/ that told you test, the run up to L2Walker IG, as well as on any other server that has Kasha, and it looks to use a method of very stupid. But you must use two clients as emir0n suggested.

PS: Note that AntiBot is stopped, which makes the detection of L2fork, Proxifier and L2Walker.

See the picture:








TILEMACHOS on December 28, 2010, 03:22:49 AM
As i Understand you can continue login in Gameserver even if Process Explorer is detected and Closed??
I think Patch with a loader is a good idea to bypass some Threads that running...
I have to learn if that can be done...i ll start a search about loaders on Enigma Protector and VmProtect...
You gave me a good idea now and if cam be done there will be no any obstacle for any protection bypass :D
I ll need some time to do this because i have used loaders ony for simple apps and not L2

__________

UPDATE :

Not a good idea...Both Packer are strong Protected against Loaders.. :/


emir0n on December 28, 2010, 05:03:28 AM
looks good

anyway bit OT : hidetoolz for win7/x64 still not out ? didnt find any updated version till now


emir0n on December 28, 2010, 05:04:35 AM
looks good
anyway its also possible to make the crossconnection with original client/clean client+l2net
anyway bit OT : hidetoolz for win7/x64 still not out ? didnt find any updated version till now


MasterWalker on December 28, 2010, 06:29:31 AM
As i Understand you can continue login in Gameserver even if Process Explorer is detected and Closed??
I think Patch with a loader is a good idea to bypass some Threads that running...
I have to learn if that can be done...i ll start a search about loaders on Enigma Protector and VmProtect...
You gave me a good idea now and if cam be done there will be no any obstacle for any protection bypass :D
I ll need some time to do this because i have used loaders ony for simple apps and not L2

__________

UPDATE :

Not a good idea...Both Packer are strong Protected against Loaders.. :/

Tilemachos, even with the detected ProcessExplorer I can still log in, because when I see that Kasha has detected the process, then I shall adjourn the l2.exe action, and then active again, so that the notification window does not close the antibot consequently the login screen of the client also does not close. So just use the method suggested by emir0n (L2Fork, Proxifier and L2Walker IG / OOG).

But we do not know how long this method will work, because the antibot can be corrected.


Oddi on December 28, 2010, 09:43:32 AM
If lineageii.com.br worked with non-BR ip's, I'd show you how to make a clean system folder. Kasha protection is really easy to disable.


MasterWalker on December 28, 2010, 10:20:46 AM
If lineageii.com.br worked with non-BR ip's, I'd show you how to make a clean system folder. Kasha protection is really easy to disable.

You could then do a clean system of Lineage II as an example?

I believe that IP is not BR.


TILEMACHOS on December 28, 2010, 02:19:40 PM
looks good

anyway bit OT : hidetoolz for win7/x64 still not out ? didnt find any updated version till now

HideToolz is Just a Program that works Like Phant0m Plugin for OllyDbg...It is Using a "Non Plug n Play Device" Driver that is Loaded when you are Starting the program...
You can find the Devices in : Control Panel -> Device Manager : View -> Show Hidden Devices and now look Down in the Devices for "Non Plug n Play Drivers"  There you can Find the Drivers are Created From proccess like HideToolz and Proccess Explorer

The Same uses the Enigma Protector (Loads up his own Divice witch is a "Proccess Explorer" by it Self) to trace for Hidden and Illigal Proccess by the Name of the Driver...Here is a really Good Program Very Similar for Searching what i m talking About and can see anything running on Computer :  RootKit UnHooker (WinXP Only) www.woodmann.com/collaborative/tools/images/Bin_Rootkit_Unhooker_2009-2-3_18.12_RkU3.8.342.554.rar


I don't Remember what is the Name is Used by HideToolz but i can Change it in a Debbuger :D
That means Even if it is not working and HideToolz can be Detected i can make them Stealth again...!
So inform me if HideToolz are Detected and i ll Share a Version that is Stealth :D

I did the Same with Proccess Explorer wich i renamed it in Navicat Explorer ("NaviExp" for Driver Name) :D

L2.Net has an Internal Proccess Name tottaly Different from that we can see...Oddi Knows offcourse what i am talking About and i have to say that doing this is Clever...

Ps: Oddi The Source Obscufator that your team is using on L2.NET Believe me is doing Great Job and it worths the Moneys that you guys Spend ;)

Tilemachos, even with the detected ProcessExplorer I can still log in, because when I see that Kasha has detected the process, then I shall adjourn the l2.exe action, and then active again, so that the notification window does not close the antibot consequently the login screen of the client also does not close. So just use the method suggested by emir0n (L2Fork, Proxifier and L2Walker IG / OOG).

But we do not know how long this method will work, because the antibot can be corrected.

Nice Exploit found by MasterWalker :D :D

If lineageii.com.br worked with non-BR ip's, I'd show you how to make a clean system folder. Kasha protection is really easy to disable.

Oddi you mean that you can make a new clean system that can directly connect to the server with out any Problem and hacks Attached on? Some but i think all Server Systems are including a file...the L2.dll wich is essensial to make the connection and the purpose of this file is packet Crypt/Decrypt...
Just tell that you can do what i understand!!!  :o  :D


emir0n on December 28, 2010, 10:18:04 PM
@TILEMACHOS thx 4 the info man,usefull
@MasterWalker heh nice exploit and good thinking   ;D


TILEMACHOS on December 29, 2010, 08:42:34 AM
Normally after Detecting a Tools it should Countdown until Kill the Client...
This will fixed fast guys...But there is Something i hope Kasha reads :

YOU 'LL NEVER STOP US WITH A STUPID ENIGMA PROTECTOR :D :D

1) WE CAN CHANGE NAMES TO DRIVERS
2) WE CAN CHANGE NAMES TO APPS
3) WE CAN BRUTE CRC (soon i ll share that and works for every packer)
4) SOON WE'LL CAN UNPACK AND CRACK

KISSES HAPPY NEW YEAR

-=WITH LOVE NAVICAT=-


Oddi on December 29, 2010, 09:41:25 AM
Oddi you mean that you can make a new clean system that can directly connect to the server with out any Problem and hacks Attached on? Some but i think all Server Systems are including a file...the L2.dll wich is essensial to make the connection and the purpose of this file is packet Crypt/Decrypt...
Just tell that you can do what i understand!!!  :o  :D

Take a look at this:
http://insane-gamers.com/showthread.php/9462-SOLVED-www.beyond.lt

That server uses kasha protection, with my system folder both walker and l2net works with no tools.


TILEMACHOS on December 29, 2010, 10:12:06 AM
Take a look at this:
http://insane-gamers.com/showthread.php/9462-SOLVED-www.beyond.lt

That server uses kasha protection, with my system folder both walker and l2net works with no tools.

I think that this Server is Protected by Kasha but the only changed thing is the Blowfish...
If they payed for this they are really Jerks
This Server has not the L2.dll (AES) if there was you ll get ConnectionTimeout (Disconnect)
Like L2DEX does...hope you understand me :)

This Server has a packed Engine.dll with Enigma so you can't just debbug Dump etc. and find the Moded Blowfish in there...
So i think you find the blowfish while sniffing the TCP connection and you patched a clean system with Bfishy.dll and set in L2.ini IP to Localhost for redirecting the Connection on L2.NET... Am i Right??

Offcourse this is a low Protection for servers...and if there are Server patched like this one by Kasha there are LOL easy to break hehe


emir0n on December 29, 2010, 10:32:50 AM
when i remember right the early versions of kasha were just changing the blowfish and they were monitoring the process names for unwanted applications and nothing more ...
anyway ... does kasha protection come with free updates,or do u have to buy them to stay "uptodate" ?  :o


TILEMACHOS on December 29, 2010, 10:38:50 AM
when i remember right the early versions of kasha were just changing the blowfish and they were monitoring the process names for unwanted applications and nothing more ...
anyway ... does kasha protection come with free updates,or do u have to buy them to stay "uptodate" ?  :o

Well as i know...
You Send your System to Kasha from account that you creating after paying
He gives you a file save Folder on his site where you can login with username and Pass to a link he gives you...
You Send the unprotected original system that you made and anything Server side that need to be changed and after he adds the protection you get the files from your Web folder...
I once found the L2DEx link Space i'll look and i ll post it as a proof :P

Anyway really noobie change only blowfish but i understand that some servers has not enough money to spend...



____________________________________________________________________
UPDATE : Link that Admins from L2DEX are Connected with Kasha (Web Folder)
I am sure that in this Folder there is all essential files that Lineage.ro won't Leaked somewhere..Unprotected System,Server Side Auth etc. :D :D

Lineage.ro Web Folder www.kasha-malaga.es/clientes/lineage.ro/
Think Someone can Bruteforce or what else and Login??
_____________________________________________________________________



Oddi on December 29, 2010, 11:28:57 AM
l2dex use kasha combined with a custom protection made by the l2walker creator.


TILEMACHOS on December 29, 2010, 11:34:17 AM
l2dex use kasha combined with a custom protection made by the l2walker creator.

No its just an idea came from Fyyre...
The named 3Kb code antibot that can patch Opcodes and blocks you on Login...
A really powerfull and simple hook Blocker/"detector" that if added and strong Packed the only way to bypass is to unpack and JMP those functions (crack) or make a new system but you can't do this on L2DEX now cause of RINJAEL packet Crypting
_________________________________________________________________________________
L2Dex has :

1) Opcode Patcher ( what i was explained before ) Some simple tests on start up that gives you results on login Server..i mean the Auth Failed

2) Enigma Protector loaded on client

3) AES Packet crypting and to be more accurate RINJAEL (Server Side Authd made Patched by Kasha and Client Side too! Making you unable to connect to Login Server with out the System they Share)
_________________________________________________________________________________
Those 3 Things make his client really Powerfull

All those are confirmed after many many days and night searching on how things working on that Server and to a Similar Greek Server that closed  :( the L2Elixir

_________________________________________________________________________________

Here you can read the Share of Fyyre while talking for his clever 1st version idea of the antibot in an old Lineage Forum that now is closed:
That was firstly the antiphx.dll that some Servers are using still today...
But for Lineage.ro he did wonderfull Job or they tweaked the Code by themselves


Quote
[howto] kill hlapex/l2phx/l2walker with 3k of code
Hi,

On this thread smeli mentions about antihlapex. I don't know if anything like this is currently available (or for free) - but it is now.

This little project is an ultra simple way of keeping l2phx, hlapex, along with l2walker away from the game client.

First I'll say that both l2phx/hlapex depend on one import from ws2_32.dll (connect) in order to function correctly. Since both applications hook ws2_32.connect by way of a jmp at the start of the function - the solution is obvious, we need to replace their hook. The good news is that the first 12 or so bytes for ws2_32.connect is the same across all versions of Windows (yes, this works on X64 too - I tested it), so instead of patching their jmp with another jmp, we'll simply restore the original bytes of ws2_32.connect, and problem solved.

L2Walker is completely different - from briefly looking it in OllyDbg... walker seems to operate by calling functions inside of L2's engine itself... It installs its window hook (the home key) by directly calling a function inside of window.dll - L2Walker is really impressive actually... but also makes me wonder if the author might have 'inside information' about how Lineage II works internally, if you get my meaning.

Anyways, to the point... the actual bot is LineageII.dll - not the loader application L2Walker.exe - because LineageII.dll is protected with Asprotect... users of the bot can't just rename it to whatever, or Asprotect will get mad D= ... so the simple solution is to query for it with GetModuleHandleA then if we return an address... terminate the game process. I haven't been able to force unload walker's LineageII.dll without causing a GPF in the L2 game client - oh well, who cares...

nophx.dll works by adding it to the IAT of engine.dll and importing DllEntryPoint - since our DllEntryPoint is called quite often(no its not called only once...) its always running through the two 'anti bot' sub-routines. Now how to prevent players from just replacing our engine.dll with an older version? Nevyn gets the credit for this idea in his post here - we change the Auth key, so using an older engine.dll means you don't login.

Well, that's all, kill three bots with 3kb of code, and we didn't even hook outside of our own process address space (unlike some stupid kernel mode anti-cheat programs) -- I'd like to know what others think of this (if anything), or any holes you might find...

The .dll and its source code is attached to this thread...

-Fyyre

Fyyre here didn't thought that someone can change the name of Lineageii.dll ( L2Walker module ) because of Asprotect (back to those days Asprotect was a strong Packer)
So antiphx.dll that some servers using today are Just Searching for Lineageii.dll to block walker...
They have an alpha Version only of the Module
Fyyre is a really clever guy and he found how to unhook this dll not by name...but by patching!

Fyyre Helped a Lot of Private Servers and People with his Free to share Modules ( Gameguard Killer,Blowfish Patcher,Port Changer etc. ).

Also he Unpacked from Themida the Original L2.exe and the Engine.dll so he opened big roads for protections to be made on Private Servers

Hope all this Informations i am giving help you Guys


DBSK on December 29, 2010, 12:29:37 PM
Kill that guy fyyre


TILEMACHOS on December 29, 2010, 12:33:58 PM
Kill that guy fyyre

LOL believe me he helps a lot on break those things hehe


gargamel2 on December 29, 2010, 12:54:59 PM
I know i am offtopic in this thread, but you seem like a nice, SMART guy so i would like to ask u this: could u pls take a look at rpg club protection also? :(


TILEMACHOS on December 29, 2010, 12:58:37 PM
I know i am offtopic in this thread, but you seem like a nice, SMART guy so i would like to ask u this: could u pls take a look at rpg club protection also? :(
I did...There Protections is Similar to L2Dex on detecting by patching...
You can Login with L2Walker but it is Unfunctionable
The only we can do is Unpack the Files are Protected with VMProtect and give a crack to bypass...
I can crack them for sure but i can't Release them from this Packer...
For me now is the Strongest Packer and i can not take a good working Dump file to Crack on


gargamel2 on December 30, 2010, 01:17:23 AM
So ... until u find a way to unpack their files, there is no way to get a working bot there? :(
Do u expect this to happen any time soon?

P.S. Happy New Years everybody!


TILEMACHOS on December 30, 2010, 01:20:20 AM
So ... until u find a way to unpack their files, there is no way to get a working bot there? :(
Do u expect this to happen any time soon?

P.S. Happy New Years everybody!

It's not ubeatable but it's hard to unpack...
I know a guy named LCF-AT that knows how to unpack those shits and shares some Scripts for OllyDbg but no luck with the existing scripts...
Manual Unpacking is hard but soon we can do this for sure


Paul_Greatest on December 30, 2010, 01:49:20 AM
Cool coined! Reapairing original walker....really cool!


TILEMACHOS on December 30, 2010, 01:56:06 AM
Cool coined! Reapairing original walker....really cool!

This is the less i done...
The point is that has a changed Proccess name and is undetectable from many Antibots :D


lwcdr on January 12, 2011, 11:28:46 AM
http://www.rpgplay.net/

Server on 12/01/11. Is there any bot for this server?


TILEMACHOS on January 12, 2011, 11:33:34 AM
http://www.rpgplay.net/

Server on 12/01/11. Is there any bot for this server?

This is not a Valid URL you gave Wrong Page


lwcdr on January 12, 2011, 09:23:22 PM
Please try again.   http://www.rpgplay.net/       Cliente Freya 1,5k+++ player


cmassao on January 14, 2011, 04:05:43 AM
After www.Lineageii.com.br get bug of windpotion they moved to www.RPGPlay.net, same staff and etc.. we can try to log in using the same method used by MestreWalker


endemonch on January 14, 2011, 06:49:07 AM
even i can't see coz is hidden, great job man ^^


Sighed on January 14, 2011, 07:27:32 AM
I think that this Server is Protected by Kasha but the only changed thing is the Blowfish...
If they payed for this they are really Jerks
This Server has not the L2.dll (AES) if there was you ll get ConnectionTimeout (Disconnect)
Like L2DEX does...hope you understand me :)

This Server has a packed Engine.dll with Enigma so you can't just debbug Dump etc. and find the Moded Blowfish in there...
So i think you find the blowfish while sniffing the TCP connection and you patched a clean system with Bfishy.dll and set in L2.ini IP to Localhost for redirecting the Connection on L2.NET... Am i Right??

Offcourse this is a low Protection for servers...and if there are Server patched like this one by Kasha there are LOL easy to break hehe

The point guys isn't the engine.dll packed with enigma, but l2.exe packed with Armadillo


Traitor™ on January 14, 2011, 08:53:36 AM
The point guys isn't the engine.dll packed with enigma, but l2.exe packed with Armadillo

The point is the packet crypting for OOG walker in Login Server...
The L2.exe is Packed with Enigma with Fake Sing...In Ollydbg i can see clearly what packer is used..
Every file that includes the protection has CRC check and is packed with Enigma because Kasha is using only this packer on his files...
There is not Armadillo in the files..


Erol on January 14, 2011, 09:35:02 AM
TILEMACHOS next time you use a VIP account which isn't yours the ban will be even on you.
for now just warned. (it's last warn)


Sighed on January 14, 2011, 09:57:16 AM
The point is the packet crypting for OOG walker in Login Server...
The L2.exe is Packed with Enigma with Fake Sing...In Ollydbg i can see clearly what packer is used..
Every file that includes the protection has CRC check and is packed with Enigma because Kasha is using only this packer on his files...
There is not Armadillo in the files..



After making some checks i saw you are right, its a shame not using arma its a good packer, btw guys what information you have about LARP64 ?


TILEMACHOS on January 14, 2011, 10:52:12 AM
TILEMACHOS next time you use a VIP account which isn't yours the ban will be even on you.
for now just warned. (it's last warn)

Guys i was working at the net...and traitor was writing what i said to him...
I couldn't log with my account so i tell him give an anser to that guy...
This is not fair for a VIP Member
Plz Give back the account to that guy
Better Ban me instead of him...I said him write what i say to you
:( :( :( :(


lwcdr on January 18, 2011, 04:50:48 AM
Its run bot on this server or is impossible?


Zastawka on February 26, 2011, 07:19:32 AM
Walker NAVICAT INTERLUDE MODED - does not work
Navicat Verify - works perfectly well done
I'm looking for a guide how to modify the Walker Interlude
or Walker INTERLUDE MODED





AndreEsteves on March 14, 2011, 03:46:03 AM
gracisas amicoi


Shakal on March 27, 2011, 04:55:46 AM
can u do it on c4 server ?


Retal on March 27, 2011, 07:00:29 AM
A brilliant work!  But hidden :/


trol3k on March 29, 2011, 10:36:25 PM
its work at l2 giants?


Αντώνης on May 04, 2011, 01:40:37 AM
 7 Months Post ... To Old and still require 700 posts...

and, 700 posts for what? lol kasha is most nobish way, can be bypassed from 15-16 years old guys ... and it bypsed years ago..



morthanu on May 04, 2011, 05:14:39 AM
well nice i just need 800 posts lol