Koray

-  Searching Glass, Allows the arrow mark appearing on the private shop where the item you select in the search results and guides for players to call the selling items easier access. You must be the same on the map with the seller. Default time limit; 1 Week

-  Trading Glass, Without going to the private shop on the same map that allows you can buy directly. Default time limit; 1 Week

-  Trading Glass+, Without going to the private shop you can buy directly works on any map. Default time limit; 2 Week

- Common features, You can be viewed right from cheap to expensive price of items in the private shops, you can see the features of items When you move your mouse over the item you are looking for. Level, item name and bonuses you can search on the basis of price.

HowTo tutorial exists in archive,

Warning: It doesn't works with published shoulder sash system. You need upgrade attr type, value amounts.

Download: 

It doesn't looks like %100 official but it's works, My last shared and my last working in metin2.

1 hour ago, cBaraN said:

what ever you named that to the client, right?

Nah, you do not have to send right pong to client you can get client key and compare this in server, if this pong it's wrong you can easy and silent detect

1 hour ago, cBaraN said:

Isn't like what you did in your protection system? 

 

blablablablabla;
HideMyFunctionFromTheard;

 

NtGlobalFlag, if you don't know anything about that. I just wanted to show you (:

// Do I have to catch you with je?
__asm
{
	mov eax, fs:[30h]
	mov al, eax[eax + 68h]
	and al, 70h
};

 

I'm said about "ThreadHideFromDebugger" not "HideMyFunctionFromThreard" lol

I think you doesn't readed first part from my message "Maybe you need try first learn reading."

Here is basic document: http://nsylvain.blogspot.com.tr/2007/08/threadhidefromdebugger-but-why.html

1 hour ago, cBaraN said:

Let's say, you're trying very very hard. You're using INT3 aka breakpoint to stop debug informations or something like that. The first look you might think that's a good way but there is more way about to debug it.

Let's say, you're using those things;

• NtGlobalFlag
• Heap Flags
• Anti Step Over
• Hook checker with the address mechanism. (You probably do that like what you did for your game security. Ugh..)

I'm just saying what If I'm using hiding debugger? Whatever, that's a simple question

At the first,  You don't need use "hiding debugger" for this shits. This tricks already easy patchable as manual.

If you want good debug detect system you can easy detect with system informations APIs, like NtQueryInformationProcess or DbgUiRemoteBreakin. You can not catch from this APIs without modifcation with hook, and this easy detectable.

And "hiding debugger", I don't understand what do you mean. If you mean hide debugger process, if you haven't any kernel mode support you can not bypass with user mode. So.. Hidden processes can be detectable. If you mean with plugins, my said tricks already patching with hook, I said already hooks easy be detectable.

1 hour ago, cBaraN said:

And it's easy to bypass it. Let's continue

Easy? lol. I don't mean checks about memory blocks.. I mean check direct sections code integration

1 hour ago, cBaraN said:

YMIR & Webzen YMIR Games (Winlicense). At first, you have to learn something about this. You and your sh*tty things are no big deal for me 

"YMIR & Webzen YMIR Games (Winlicense)." wat? Maybe you need learn somethings about packers, I don't said my said protections %100 protect you but at least better protect from Themida or Enigma

1 hour ago, cBaraN said:

You might right there but you can't even understand what does fake signature mean

Who cares is fake signature? Unpacked gameguard modules and unpack methods already published xD

1 hour ago, cBaraN said:

You're doing everything about to protect your game binary file but you can't even block that as 100%.

Yes, anyone can not %100 protect from debug. But we can make better good defender mechanism for scripter kids, like you.

5 hours ago, cBaraN said:

At first, sweatheart even If you send the pong or whatever you said

yea sure, I'm said already " if you send pong to client and this is in operable state peoples *reverse engineers* can be get your pong. " Maybe you need try first learn reading.

Do you want fight? Well, 

5 hours ago, cBaraN said:

- Connect to server and server will make sure about everything and send the dynamic key to the client.

When you send pong to client use polymorphism or encryption as time dynamic and You receive respond as salt and convert again with polymorphism or encrypion as serverside. Try now bypass serverside compare operation..

5 hours ago, cBaraN said:

- Client will receive the key, and when the client doesn't use it, the client will remove that in the memory. (There is a condition here, I can put a breakpoint when you do that.)

If you can not send pong as salt or checking validate in client this enough protection for you. We can protect game binary from breakpoints   Only 1 API and ~5 line(ntdll.dll!NtSetInformationThread, ThreadHideFromDebugger flag) I think this tip is enough..

5 hours ago, cBaraN said:

- even If I can't put a breakpoint, I can use hook and hook your client's function.

We can check code validation in client if you try change any bytes this easy detectable

5 hours ago, cBaraN said:

Let's make ultra-hard, you're packed that with enigma or themida or whatever you're using. If I know reverse engineering, I can unpack your client, right? 

Yea you can unpack themida or enigma in seconds, My suggestion try with hardest like VMProtect or Shielden, dude year is 2016, who is using Themida? xD

5 hours ago, cBaraN said:

Okay, let's make ultra-ultra-hard, you could use modified UPX like GameGuard

Ahahahaha, That's enough for me, really. You can continue reverse to upx xD

Next time please write with yourself account, kişiliksiz.

On Sunday, April 03, 2016 at 8:24 PM, cBaraN said:

In my case, I can analyze everything with pong if I know reverse engineering. You're really misunderstand what does security mean. Maybe you can remove pong in the memory after run the binary but that doesn't mean I can't find the pong. Pong mechanism was pretty good in the first times but now it's not. You're giving everything to a key and it's not make sense for me. A system could be slow but it's safe. If the binary file is not compile with cython files, that binary file can use by someone. (Which one isn't using cipher) If you start to talk about systems and packets, it's not a big deal for reverse engineers or sniffers. You just want system to be faster than the current one but you're missing security.

#Note I did what you exactly say in my server (8k+ online) but anybody can login after a while with this way. even If the player is login the game, he can't see anything and back to select server window.

Best regars;

Can BARAN...

"At the first" If you're know reverse engineering, You can get cipher and cipher stored functions from client so you can not need protect client with "pong" mechanism. Marty making disable this stuff because this pretty old and useless Anyone can get your pong anytime, you can get from server as dynamic or you can store in client with veriable. This no problem, if you send pong to client and this is in operable state peoples *reverse engineers* can be get your pong.

tl;dr
For protection.. "pong" is wrong way.

And.. If you get more security, you can start with re-activate sequence mechanism.

Create wrapper from damage recv packet

You can make little obfuscation trick for your connection, create fake connections with similar ip-ports when your client try connect to gameserver. This isn't solution but good and simple way for scripter kids.

This thread or this problem isn't about  "GetPCForce"  usage, He is getting error from GetQuestFlag function mistake and my post for this fix. If you are trust ymir "code style" don't change from GetQuestFlag.

True point but your method is for only published exploit, I'm sure have a like similar wrong usages for this flags. So if you want for all general fix you can use my said method.

Game is trying get quest flag result from NULL character pointer, Search in google; "[FIX] quest::PC::GetFlag Crash" and apply it

Python 2.2 a very old version(14 years) almost isn't have supported lib

what is difference in WoM?

here is have tutorial for VS13  https://metin2dev.org/board/index.php?/topic/8834-windows-clean-server-svn-and-windows-serverfiles/

when button or info begin

it can be easily manipulated use as "with pc.is_gm()"

You can use mobber hack without item. Mobber hack work mechanism;

1) Collect vid list in your area

2) Check type from vid (Pc, Mob, Pet ...)

3) Check vid living status

4) Separate ones according to the above and create new vid list

5) Send attack packet in new list members

So, you need check mob-player distance and attack state

On Tue Dec 15 2015 11:28:38 GMT+0200 (Türkiye Standart, .plechito' said:

YEah this and for me he used this skype:

a few days ago he tried send virus to me

I have a similar design, I ripped from too old german p-server. If you want I can send free

https://metin2.download/picture/r3F9504x09DVmF8K988YXgTtGTP6KMUj/.gif

Unfortunately this code copied from inactive file and test function

I don't destroy working function

What is this?

 if ((FILE * fp = fopen("version.txt", "w")))

Perfect..

SVN_VERSION = $(shell svnversion -n .)

Change with svn version

like SVN_VERSION = 40250

This function for only for him no one else. if you want notice for all players you can use and modify sendhack function

In input_main.cpp

void CInputMain::Hack(LPCHARACTER ch, const char * c_pData)

You can use notice all like this

	char nbuf[200];
	sprintf(nbuf, "%s in %s named player", buf, ch->GetName());
	SendNotice(nbuf);

Change classname

sprintf(szClassName, "ThisMethodWorksGoodButExampleFixed - %d", random_range(1, 99999));

Serverside solutions always better but have some problems detect for wallhack in serverside

For the present, This solution better

*UserInterface/InstanceBase.h

Search:

	protected:
		UINT					__LessRenderOrder_GetLODLevel();

Add it upper:

	public:
		bool __CanSkipCollision();

*UserInterface/InstanceBase.cpp

Search:

void CInstanceBase::__DisableSkipCollision()
{
	m_GraphicThingInstance.DisableSkipCollision();
}

Add it under:

bool CInstanceBase::__CanSkipCollision()
{
	return m_GraphicThingInstance.CanSkipCollision();
}

*UserInterface/PythonNetworkStreamPhaseGame.cpp

Search:

	if (fDstRot < 0.0f)
		fDstRot = 360 + fDstRot;
	else if (fDstRot > 360.0f)
		fDstRot = fmodf(fDstRot, 360.0f);

Add it upper any of:

Only warning:

	CPythonCharacterManager& rkChrMgr = CPythonCharacterManager::Instance();
	CInstanceBase* pkInstMain = rkChrMgr.GetMainInstancePtr();
	if (pkInstMain){
		if (!pkInstMain->IsGoing() && pkInstMain->__CanSkipCollision()){
			CPythonChat::Instance().AppendChat(CHAT_TYPE_NOTICE, "Wall hack !");
			return false;
		}
	}

Close game client:

    CPythonCharacterManager& rkChrMgr =CPythonCharacterManager::Instance();
    CInstanceBase* pkInstMain = rkChrMgr.GetMainInstancePtr();
    if(pkInstMain){
        if(!pkInstMain->IsGoing()&& pkInstMain->__CanSkipCollision()){
             PostQuitMessage(0);
        }
    }

Send log and close connection:

	CPythonCharacterManager& rkChrMgr =CPythonCharacterManager::Instance();
    CInstanceBase* pkInstMain = rkChrMgr.GetMainInstancePtr();
    if(pkInstMain){
        if(!pkInstMain->IsGoing()&& pkInstMain->__CanSkipCollision()){
             __SendHack("WallHack detected");  
        }
    }

In Client Source

Open:

EterLib/MSWindows.cpp

Add this inculde

#include "../EterBase/Random.h"

Search:

sprintf(szClassName, "eter - s%x:b%x:p:%x", style, brush, (DWORD)pfnWndProc);

Change:

	sprintf(szClassName, "eter - s%x:b%x:p:%x:%d", style, brush, (DWORD)pfnWndProc, random_range(1, 99999));

Rebuild and enjoy, After this modification m2bob module isn't find game process

I already blocked possible manipulation methods