How To speed UP the auth login in few seconds (Disable Packets Encryption)

[martysama0134 6948]

M2 Download Center

This is the hidden content, please

• Sign In
• or
• Sign Up

( Internal )

Well, such a thing is quite easy, and I know it since 2011~2012 (when the first 30k game cores were released to be more precise).
You can find some diff patch files of that time for 30k game cores on the web that do this, but I will explain to you how to do it via source code editing.

Before all, why the 40k game core files have a login more slower than usual? That's because ymir implemented an additional encryption security using cryptopp, and at login, they added some key agreement checks, which ended up the login to be more slower.

You can actually disable such a feature, so that you can have the login fast like the old game revisions had.
Disabling it will actually remove the "key agreement" issue, and will encrypt the connection with xtea instead of some cryptopp algorithms. (no big security issues, so it's safe to do)

The edit is quite simple:

Via server, you have to go and edit ^/Srcs/Server/common/service.h
commenting
#define _IMPROVED_PACKET_ENCRYPTION_
to
// #define _IMPROVED_PACKET_ENCRYPTION_

Via client, same story for ^\Srcs\Client\EterBase\ServiceDefs.h
commenting
#define _IMPROVED_PACKET_ENCRYPTION_
to
// #define _IMPROVED_PACKET_ENCRYPTION_

Additionally, in the client, you must also edit the archaic pong from ^\Srcs\Client\UserInterface\Locale.cpp like this:
find
#define LSS_SECURITY_KEY    "testtesttesttest"
change it to
#define LSS_SECURITY_KEY    "1234abcd5678efgh"

Video of a quick login: (using a second rate connection, and with 4810 programs opened simultaneously)

https://youtu.be/Rp2EeICMkFU

Here how the code should be at the end:

Enjoy your abione.
 

Spoiler

Edited September 2, 2022 by Metin2 Dev
Core X - External 2 Internal

[VegaS 1057]

Edited August 20, 2022 by Metin2 Dev
Core X - External 2 Internal

[morion 58]

Thanks marty, awesome release

[alondark 58]

awesome bro, but troll is coming xd 

[cBaraN 109]

In my case, I can analyze everything with pong if I know reverse engineering. You're really misunderstand what does security mean. Maybe you can remove pong in the memory after run the binary but that doesn't mean I can't find the pong. Pong mechanism was pretty good in the first times but now it's not. You're giving everything to a key and it's not make sense for me. A system could be slow but it's safe. If the binary file is not compile with cython files, that binary file can use by someone. (Which one isn't using cipher) If you start to talk about systems and packets, it's not a big deal for reverse engineers or sniffers. You just want system to be faster than the current one but you're missing security.

#Note I did what you exactly say in my server (8k+ online) but anybody can login after a while with this way. even If the player is login the game, he can't see anything and back to select server window.

Best regars;

Can BARAN...

[martysama0134 6948]

44 minutes ago, cBaraN said:

In my case, I can analyze everything with pong if I know reverse engineering. You're really misunderstand what does security mean. Maybe you can remove pong in the memory after run the binary but that doesn't mean I can't find the pong. Pong mechanism was pretty good in the first times but now it's not. You're giving everything to a key and it's not make sense for me. A system could be slow but it's safe. If the binary file is not compile with cython files, that binary file can use by someone. (Which one isn't using cipher) If you start to talk about systems and packets, it's not a big deal for reverse engineers or sniffers. You just want system to be faster than the current one but you're missing security.

#Note I did what you exactly say in my server (8k+ online) but anybody can login after a while with this way. even If the player is login the game, he can't see anything and back to select server window.

Best regars;

Can BARAN...

As man in the middle, even with _IMPROVED_PACKET_ENCRYPTION_ enabled, sniffing all the packets is quite possible. The major problem is becoming the man in the middle.
It's faster sending malicious stuff to some game admins. A lot of them would fall for that. (many people tried in the past to do such a thing with me unsuccessfully)

Anyway, the only major league problem in metin2, which afflicts every server, is that the login password is sent as clear text and readable if sniffed, but it can be hashed via client quite easily. (probably, this will be the next thing I will try to do)

Even if you use cython, there's a simple way to use the binary without considering "rootlib" inside.

About the note: many servers already did such a thing. Test made right now: https://metin2.download/picture/027DMJ79p2fShkhjM3401IfzCm1jsbYC/.png All entities are in there, and no disconnection.

Edited August 20, 2022 by Metin2 Dev
Core X - External 2 Internal

[cBaraN 109]

7 minutes ago, martysama0134 said:

As man in the middle, even with _IMPROVED_PACKET_ENCRYPTION_ enabled, sniffing all the packets is quite possible. The major problem is becoming the man in the middle.
It's faster sending malicious stuff to some game admins. A lot of them would fall for that. (many people tried in the past to do such a thing with me unsuccessfully)

Anyway, the only major league problem in metin2, which afflicts every server, is that the login password is sent as clear text and readable if sniffed, but it can be hashed via client quite easily. (probably, this will be the next thing I will try to do)

Even if you use cython, there's a simple way to use the binary without considering "rootlib" inside.

About the note: many servers already did such a thing. Test made right now: https://metin2.download/picture/027DMJ79p2fShkhjM3401IfzCm1jsbYC/.png All entities are in there, and no disconnection.

At first, I want to talk about your note. I made this test with 8k+ online, I just see you're testing this with 2 players. It's not answering of my question at the moment anyway. The client is sending everything clearly. A sniffer can read this easily but I can't give everything to a standard key. This key can see by someone else using HXD, Ollydbg, IDA Pro and so on. even If you hide everything with themida or enigma, you can see everything again. Also, cipher is not using only for login. It's using by Guild Mark Downloader, Select Phase, Handshake Phase and Game Phase. And you're giving everything to a standard key again. Do you think it makes sense for you?

 

Best regars;

Can BARAN...

Edited August 20, 2022 by Metin2 Dev
Core X - External 2 Internal

[Runah 19]

Faster and better. Good Job.

[MORTE 76]

Hello, is it safe or not?

[VegaS 1057]

38 minutes ago, MORTE said:

Hello, is it safe or not?

If we were to measure the square footage then divided the total to 2, would come out as yes.

[Koray 1940]

On Sunday, April 03, 2016 at 8:24 PM, cBaraN said:

In my case, I can analyze everything with pong if I know reverse engineering. You're really misunderstand what does security mean. Maybe you can remove pong in the memory after run the binary but that doesn't mean I can't find the pong. Pong mechanism was pretty good in the first times but now it's not. You're giving everything to a key and it's not make sense for me. A system could be slow but it's safe. If the binary file is not compile with cython files, that binary file can use by someone. (Which one isn't using cipher) If you start to talk about systems and packets, it's not a big deal for reverse engineers or sniffers. You just want system to be faster than the current one but you're missing security.

#Note I did what you exactly say in my server (8k+ online) but anybody can login after a while with this way. even If the player is login the game, he can't see anything and back to select server window.

Best regars;

Can BARAN...

"At the first" If you're know reverse engineering, You can get cipher and cipher stored functions from client so you can not need protect client with "pong" mechanism. Marty making disable this stuff because this pretty old and useless Anyone can get your pong anytime, you can get from server as dynamic or you can store in client with veriable. This no problem, if you send pong to client and this is in operable state peoples *reverse engineers* can be get your pong.

tl;dr
For protection.. "pong" is wrong way.

And.. If you get more security, you can start with re-activate sequence mechanism.

[ScreamMyName 96]

dude wtf is wrong with your npp get sublime.. or at least a better theme

[cBaraN 109]

15 hours ago, Koray said:

"At the first" If you're know reverse engineering, You can get cipher and cipher stored functions from client so you can not need protect client with "pong" mechanism. Marty making disable this stuff because this pretty old and useless Anyone can get your pong anytime, you can get from server as dynamic or you can store in client with veriable. This no problem, if you send pong to client and this is in operable state peoples *reverse engineers* can be get your pong.

tl;dr
For protection.. "pong" is wrong way.

And.. If you get more security, you can start with re-activate sequence mechanism.

At first, sweatheart even If you send the pong or whatever you said, I can get this again. even If you send this key as dynamic to client, there is a formula or something like that, right? (:. Anyway, let's say you're sending this key as dynamic to client and client is storing that in the memory. Also, let's make that hard, you're removing that in the memory when you don't use it. Do you know there is something called breakpoint? Okay, here we go.

- Connect to server and server will make sure about everything and send the dynamic key to the client.
- Client will receive the key, and when the client doesn't use it, the client will remove that in the memory. (There is a condition here, I can put a breakpoint when you do that.)
- even If I can't put a breakpoint, I can use hook and hook your client's function.

Let's make ultra-hard, you're packed that with enigma or themida or whatever you're using. If I know reverse engineering, I can unpack your client, right?

Okay, let's make ultra-ultra-hard, you could use modified UPX like GameGuard. Do you know what? If I know reverse engineering, I can unpack it again and it's back us to the first question. what's the matter with the standard key or the dynamic key?

There is a word in the unreal world. Don't try to fight reverse engineer.

 

Best regards;

Can BARAN...

[panher 30]

Removing the encryption system ymir, Webzen that, gameforge compatible
full pack max 50mb, 100mb transferred into ready to play.
AutoPatcher size up to 10MB
To download the provided 50,100mb
(tpye) 1, 2, 3, 4, --- 5.6 Lzo
We do not use the full installation
We are entering upload files installed on Gameforge.
1GB file .rar 40 minutes
10 + 100mb plug-new PvP 5 minutes

[tierrilopes 446]

You can also eliminate that 3s delay after chosing character and the loading of files.

Actually, i done only this above and i do get the same login speed as yourself, without touching improved_packet.

[martysama0134 6948]

19 hours ago, MORTE said:

Hello, is it safe or not?

Well, all the old game cores until r2089m never had "_IMPROVED_PACKET_ENCRYPTION_". If you disable it, it's like just the old times speaking of auth speed.

The old system used a static xtea encryption key, when the second uses a dynamic cryptopp algorithm for that. A "man in the middle" can break both quite easily, so it's up to you. All metin2 used the old version for many years.

[Koray 1940]

5 hours ago, cBaraN said:

At first, sweatheart even If you send the pong or whatever you said

yea sure, I'm said already " if you send pong to client and this is in operable state peoples *reverse engineers* can be get your pong. " Maybe you need try first learn reading.

Do you want fight? Well, 

5 hours ago, cBaraN said:

- Connect to server and server will make sure about everything and send the dynamic key to the client.

When you send pong to client use polymorphism or encryption as time dynamic and You receive respond as salt and convert again with polymorphism or encrypion as serverside. Try now bypass serverside compare operation..

 

 

5 hours ago, cBaraN said:

- Client will receive the key, and when the client doesn't use it, the client will remove that in the memory. (There is a condition here, I can put a breakpoint when you do that.)

If you can not send pong as salt or checking validate in client this enough protection for you. We can protect game binary from breakpoints   Only 1 API and ~5 line(ntdll.dll!NtSetInformationThread, ThreadHideFromDebugger flag) I think this tip is enough..

 

5 hours ago, cBaraN said:

- even If I can't put a breakpoint, I can use hook and hook your client's function.

We can check code validation in client if you try change any bytes this easy detectable

 

5 hours ago, cBaraN said:

Let's make ultra-hard, you're packed that with enigma or themida or whatever you're using. If I know reverse engineering, I can unpack your client, right? 

Yea you can unpack themida or enigma in seconds, My suggestion try with hardest like VMProtect or Shielden, dude year is 2016, who is using Themida? xD

 

5 hours ago, cBaraN said:

Okay, let's make ultra-ultra-hard, you could use modified UPX like GameGuard

Ahahahaha, That's enough for me, really. You can continue reverse to upx xD

 

 

Next time please write with yourself account, kişiliksiz.

 

[cBaraN 109]

11 hours ago, Koray said:

Do you want fight? Well, 

Yeah, I do as always

11 hours ago, Koray said:

When you send pong to client use polymorphism or encryption as time dynamic and You receive respond as salt and convert again with polymorphism or encrypion as serverside. Try now bypass serverside compare operation..

even If you encrypt it or send as salt or whatever you said, you have to send that key or what ever you named that to the client, right?

11 hours ago, Koray said:

If you can not send pong as salt or checking validate in client this enough protection for you. We can protect game binary from breakpoints   Only 1 API and ~5 line(ntdll.dll!NtSetInformationThread, ThreadHideFromDebugger flag) I think this tip is enough..

Isn't like what you did in your protection system?

 

blablablablabla;
HideMyFunctionFromTheard;

 

NtGlobalFlag, if you don't know anything about that. I just wanted to show you (:

// Do I have to catch you with je?
__asm
{
	mov eax, fs:[30h]
	mov al, eax[eax + 68h]
	and al, 70h
};

 

Let's say, you're trying very very hard. You're using INT3 aka breakpoint to stop debug informations or something like that. The first look you might think that's a good way but there is more way about to debug it.

Let's say, you're using those things;

• NtGlobalFlag
• Heap Flags
• Anti Step Over
• Hook checker with the address mechanism. (You probably do that like what you did for your game security. Ugh..)

I'm just saying what If I'm using hiding debugger? Whatever, that's a simple question.

11 hours ago, Koray said:

We can check code validation in client if you try change any bytes this easy detectable

And it's easy to bypass it. Let's continue

11 hours ago, Koray said:

Yea you can unpack themida or enigma in seconds, My suggestion try with hardest like VMProtect or Shielden, dude year is 2016, who is using Themida? xD

YMIR & Webzen YMIR Games (Winlicense). At first, you have to learn something about this. You and your sh*tty things are no big deal for me

11 hours ago, Koray said:

Ahahahaha, That's enough for me, really. You can continue reverse to upx xD

I think, you misunderstand me about that. Do you know there is something called fake signature? Please.. We're living in 2016! Who wanna use UPX or something like that. You might right there but you can't even understand what does fake signature mean

Whatever, let's continue. You're doing everything about to protect your game binary file but you can't even block that as 100%.

Best Regards

Can BARAN..

 

[Koray 1940]

 

1 hour ago, cBaraN said:

what ever you named that to the client, right?

Nah, you do not have to send right pong to client you can get client key and compare this in server, if this pong it's wrong you can easy and silent detect

 

1 hour ago, cBaraN said:

Isn't like what you did in your protection system? 

 

blablablablabla;
HideMyFunctionFromTheard;

 

NtGlobalFlag, if you don't know anything about that. I just wanted to show you (:

// Do I have to catch you with je?
__asm
{
	mov eax, fs:[30h]
	mov al, eax[eax + 68h]
	and al, 70h
};

 

I'm said about "ThreadHideFromDebugger" not "HideMyFunctionFromThreard" lol

I think you doesn't readed first part from my message "Maybe you need try first learn reading."

Here is basic document: http://nsylvain.blogspot.com.tr/2007/08/threadhidefromdebugger-but-why.html

 

1 hour ago, cBaraN said:

Let's say, you're trying very very hard. You're using INT3 aka breakpoint to stop debug informations or something like that. The first look you might think that's a good way but there is more way about to debug it.

Let's say, you're using those things;

• NtGlobalFlag
• Heap Flags
• Anti Step Over
• Hook checker with the address mechanism. (You probably do that like what you did for your game security. Ugh..)

I'm just saying what If I'm using hiding debugger? Whatever, that's a simple question

At the first,  You don't need use "hiding debugger" for this shits. This tricks already easy patchable as manual.

If you want good debug detect system you can easy detect with system informations APIs, like NtQueryInformationProcess or DbgUiRemoteBreakin. You can not catch from this APIs without modifcation with hook, and this easy detectable.

And "hiding debugger", I don't understand what do you mean. If you mean hide debugger process, if you haven't any kernel mode support you can not bypass with user mode. So.. Hidden processes can be detectable. If you mean with plugins, my said tricks already patching with hook, I said already hooks easy be detectable.

 

1 hour ago, cBaraN said:

And it's easy to bypass it. Let's continue

Easy? lol. I don't mean checks about memory blocks.. I mean check direct sections code integration

 

1 hour ago, cBaraN said:

YMIR & Webzen YMIR Games (Winlicense). At first, you have to learn something about this. You and your sh*tty things are no big deal for me 

"YMIR & Webzen YMIR Games (Winlicense)." wat? Maybe you need learn somethings about packers, I don't said my said protections %100 protect you but at least better protect from Themida or Enigma

 

1 hour ago, cBaraN said:

You might right there but you can't even understand what does fake signature mean

Who cares is fake signature? Unpacked gameguard modules and unpack methods already published xD

 

1 hour ago, cBaraN said:

You're doing everything about to protect your game binary file but you can't even block that as 100%.

Yes, anyone can not %100 protect from debug. But we can make better good defender mechanism for scripter kids, like you.

 

[ScreamMyName 96]

This topic is very confusing, is this a safe way or not? Just a simple straight answer will be good.

[Rainbow3D 51]

Awasome!! Nice man

[ds_aim 239]

Never do this , i tested this long long time ago since 2014.

-You will have unknow packet header errors. (Ingame kicks)

-You will get sequence erros( Ingame kicks )

-You will get buffer overflow problems. (ingame kicks )

 

This tutorial is really shit and also useless.

If you want to keep improved  disable you need to rewrite sequence table and made automati buffer adjust functions (Like me ) 

With this disabled this codes will be valid codes :

 

            if (buffer_has_space (m_lpOutputBuffer) < iSize + 8)
            {
                sys_err ("desc buffer mem_size overflow. memsize(%u) write_pos(%u) iSize(%d)", m_lpOutputBuffer->mem_size, m_lpOutputBuffer->write_point_pos, iSize);
                m_iPhase = PHASE_CLOSE;
            }

 

 

Just disable improved_packet_encryption and install offline shop. You will get buffer overflow prolems.

Never do this.  

[MichaelM 40]

On 09.04.2016 at 8:39 AM, ScreamMyName said:

This topic is very confusing, is this a safe way or not? Just a simple straight answer will be good.

No, it is not. This method its a hack.

[Zeke 781]

Remove the protection, it will be faster -.- logic

[Crystal™ 25]

I could never say that this shit is protection..xD