View Full Version : New crackd.dll code - Made with Dev-C++
I made some changes and I compiled a new crackd.dll with Dev-C++ 4.9.9.2
I hope the new dll run faster than before.
- Used since Blackd Proxy 26.4
The new dll comes with a new function to force memory write in protected memory, required to change RSA key in Tibia clients. Impossible task with Visual Basic 6 code other way.
For now I only change it in ot servers 7.72 but in the future, Blackd Proxy will change that key in all ot servers.
dll.h
#ifndef _DLL_H_
#define _DLL_H_
#if BUILDING_DLL
# define DLLIMPORT __declspec (dllexport)
#else /* Not BUILDING_DLL */
# define DLLIMPORT __declspec (dllimport)
#endif /* Not BUILDING_DLL */
#include <windows.h>
#include "olectl.h"
#include "string.h"
class DLLIMPORT DllClass
{
public:
DllClass();
virtual ~DllClass(void);
int __stdcall EncipherTibia(unsigned char* packet, unsigned char* keyarray);
int __stdcall DecipherTibia(unsigned char* packet, unsigned char* keyarray);
int __stdcall EncipherTibiaProtected(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey);
int __stdcall DecipherTibiaProtected(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey);
int __stdcall EncipherTibiaProtectedSP(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey);
int __stdcall DecipherTibiaProtectedSP(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey);
int __stdcall BlackdForceWrite(int address, unsigned char *mybuffer, int mybuffersize, HWND__* hwndClientWindow);
unsigned int __stdcall GetTibiaCRC(unsigned char *data, unsigned int len);
private:
};
#endif /* _DLL_H_ */
dllmain.cpp (1/2)
#define BYTES_TO_ULONG(b3, b2, b1, b0) ((b3 << 24) | (b2 << 16) | (b1 << 8) | b0);
#define MOD_ADLER 65521
#include "dll.h"
#include <windows.h>
#include "olectl.h"
#include "string.h"
extern "C" __declspec(dllexport) int __stdcall EncipherTibia(unsigned char* packet, unsigned char* keyarray);
extern "C" __declspec(dllexport) int __stdcall DecipherTibia(unsigned char* packet, unsigned char* keyarray);
extern "C" __declspec(dllexport) int __stdcall EncipherTibiaProtected(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey);
extern "C" __declspec(dllexport) int __stdcall DecipherTibiaProtected(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey);
extern "C" __declspec(dllexport) int __stdcall EncipherTibiaProtectedSP(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey);
extern "C" __declspec(dllexport) int __stdcall DecipherTibiaProtectedSP(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey);
extern "C" __declspec(dllexport) int __stdcall BlackdForceWrite( int address, unsigned char *mybuffer, int mybuffersize, HWND__* hwndClientWindow);
extern "C" __declspec(dllexport) unsigned int __stdcall GetTibiaCRC(unsigned char *data, unsigned int len);
DllClass::DllClass()
{
}
DllClass::~DllClass ()
{
}
BOOL APIENTRY DllMain (HINSTANCE hInst /* Library instance handle. */ ,
DWORD reason /* Reason this function is being called. */ ,
LPVOID reserved /* Not used. */ )
{
switch (reason)
{
case DLL_PROCESS_ATTACH:
break;
case DLL_PROCESS_DETACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
}
/* Returns TRUE on success, FALSE on failure */
return TRUE;
}
DLLIMPORT int __stdcall EncipherTibia(unsigned char* packet, unsigned char* keyarray) {
unsigned long amount=BYTES_TO_ULONG(0,0,packet[1],packet[0]);
unsigned long k[4];
unsigned long nblocks;
unsigned long iblock;
unsigned long v0, v1, i, pos1,pos2,pos3,pos4,pos5,pos6,pos7,pos8;
unsigned long sum;
unsigned long delta=0x9E3779B9;
k[0]=BYTES_TO_ULONG(keyarray[3],keyarray[2],keyarray[1],keyarray[0]);
k[1]=BYTES_TO_ULONG(keyarray[7],keyarray[6],keyarray[5],keyarray[4]);
k[2]=BYTES_TO_ULONG(keyarray[11],keyarray[10],keyarray[9],keyarray[8]);
k[3]=BYTES_TO_ULONG(keyarray[15],keyarray[14],keyarray[13],keyarray[12]);
if (0 == (amount%8))
{
nblocks=amount/8;
// printf("amount = %d ; number of blocks = %d\n",amount,nblocks);
for (iblock = 0 ; iblock < nblocks ; iblock++)
{
// printf("Processing block %d ...\n",iblock);
sum=0;
pos1=2+8*iblock;
pos2=pos1+1;
pos3=pos2+1;
pos4=pos3+1;
pos5=pos4+1;
pos6=pos5+1;
pos7=pos6+1;
pos8=pos7+1;
v0=BYTES_TO_ULONG(packet[pos4],packet[pos3],packet[pos2],packet[pos1]);
v1=BYTES_TO_ULONG(packet[pos8],packet[pos7],packet[pos6],packet[pos5]);
for(i=0; i<32; i++) {
v0 += ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
sum += delta;
v1 += ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]);
}
packet[pos1]=(unsigned char) (v0);
packet[pos2]=(unsigned char) (v0>>8);
packet[pos3]=(unsigned char) (v0>>16);
packet[pos4]=(unsigned char) (v0>>24);
packet[pos5]=(unsigned char) (v1);
packet[pos6]=(unsigned char) (v1>>8);
packet[pos7]=(unsigned char) (v1>>16);
packet[pos8]=(unsigned char) (v1>>24);
}
return 0;
}
else
{
// printf("ERROR: packet header is not multiplier of 8\n");
return -1;
}
}
DLLIMPORT int __stdcall DecipherTibia(unsigned char* packet, unsigned char* keyarray) {
unsigned long amount=BYTES_TO_ULONG(0,0,packet[1],packet[0]);
unsigned long k[4];
unsigned long nblocks;
unsigned long iblock;
unsigned long v0, v1, i, pos1,pos2,pos3,pos4,pos5,pos6,pos7,pos8;
unsigned long sum;
unsigned long delta=0x9E3779B9;
k[0]=BYTES_TO_ULONG(keyarray[3],keyarray[2],keyarray[1],keyarray[0]);
k[1]=BYTES_TO_ULONG(keyarray[7],keyarray[6],keyarray[5],keyarray[4]);
k[2]=BYTES_TO_ULONG(keyarray[11],keyarray[10],keyarray[9],keyarray[8]);
k[3]=BYTES_TO_ULONG(keyarray[15],keyarray[14],keyarray[13],keyarray[12]);
if (0 == (amount%8))
{
nblocks=amount/8;
// printf("amount = %d ; number of blocks = %d\n",amount,nblocks);
for (iblock = 0 ; iblock < nblocks ; iblock++)
{
// printf("Processing block %d ...\n",iblock);
sum=0xC6EF3720;
pos1=2+8*iblock;
pos2=pos1+1;
pos3=pos2+1;
pos4=pos3+1;
pos5=pos4+1;
pos6=pos5+1;
pos7=pos6+1;
pos8=pos7+1;
v0=BYTES_TO_ULONG(packet[pos4],packet[pos3],packet[pos2],packet[pos1]);
v1=BYTES_TO_ULONG(packet[pos8],packet[pos7],packet[pos6],packet[pos5]);
for(i=0; i<32; i++) {
v1 -= ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]);
sum -= delta;
v0 -= ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
}
packet[pos1]=(unsigned char) (v0);
packet[pos2]=(unsigned char) (v0>>8);
packet[pos3]=(unsigned char) (v0>>16);
packet[pos4]=(unsigned char) (v0>>24);
packet[pos5]=(unsigned char) (v1);
packet[pos6]=(unsigned char) (v1>>8);
packet[pos7]=(unsigned char) (v1>>16);
packet[pos8]=(unsigned char) (v1>>24);
}
return 0;
}
else
{
// printf("ERROR: packet header is not multiplier of 8\n");
return -1;
}
}
DLLIMPORT int __stdcall EncipherTibiaProtected(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey) {
unsigned long amount;
unsigned long k[4];
unsigned long nblocks;
unsigned long iblock;
unsigned long v0, v1, i, pos1,pos2,pos3,pos4,pos5,pos6,pos7,pos8;
unsigned long sum;
unsigned long delta=0x9E3779B9;
int compAmmount;
if (uboundpacket<1)
{
return -4; // this is not a packet
}
amount=BYTES_TO_ULONG(0,0,packet[1],packet[0]);
if (uboundkey!=15)
{
return -2; // wrong size of key
}
compAmmount=(int) amount;
if (compAmmount!=(uboundpacket-1))
{
return -3; // header of packet doesn't match with real size of the packet
}
k[0]=BYTES_TO_ULONG(keyarray[3],keyarray[2],keyarray[1],keyarray[0]);
k[1]=BYTES_TO_ULONG(keyarray[7],keyarray[6],keyarray[5],keyarray[4]);
k[2]=BYTES_TO_ULONG(keyarray[11],keyarray[10],keyarray[9],keyarray[8]);
k[3]=BYTES_TO_ULONG(keyarray[15],keyarray[14],keyarray[13],keyarray[12]);
if (0 == (amount%8))
{
nblocks=amount/8;
// printf("amount = %d ; number of blocks = %d\n",amount,nblocks);
for (iblock = 0 ; iblock < nblocks ; iblock++)
{
// printf("Processing block %d ...\n",iblock);
sum=0;
pos1=2+8*iblock;
pos2=pos1+1;
pos3=pos2+1;
pos4=pos3+1;
pos5=pos4+1;
pos6=pos5+1;
pos7=pos6+1;
pos8=pos7+1;
v0=BYTES_TO_ULONG(packet[pos4],packet[pos3],packet[pos2],packet[pos1]);
v1=BYTES_TO_ULONG(packet[pos8],packet[pos7],packet[pos6],packet[pos5]);
for(i=0; i<32; i++) {
v0 += ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
sum += delta;
v1 += ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]);
}
packet[pos1]=(unsigned char) (v0);
packet[pos2]=(unsigned char) (v0>>8);
packet[pos3]=(unsigned char) (v0>>16);
packet[pos4]=(unsigned char) (v0>>24);
packet[pos5]=(unsigned char) (v1);
packet[pos6]=(unsigned char) (v1>>8);
packet[pos7]=(unsigned char) (v1>>16);
packet[pos8]=(unsigned char) (v1>>24);
}
return 0;
}
else
{
// printf("ERROR: packet header is not multiplier of 8\n");
return -1;
}
}
DLLIMPORT int __stdcall DecipherTibiaProtected(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey) {
unsigned long amount;
unsigned long k[4];
unsigned long nblocks;
unsigned long iblock;
unsigned long v0, v1, i, pos1,pos2,pos3,pos4,pos5,pos6,pos7,pos8;
unsigned long sum;
unsigned long delta=0x9E3779B9;
int compAmmount;
if (uboundpacket<3) // at least 4 bytes for a trivial packet in this case
{
return -4; // this is not a packet
}
amount=BYTES_TO_ULONG(0,0,packet[1],packet[0]);
if (uboundkey!=15)
{
return -2; // wrong size of key
}
compAmmount=(int) amount;
if (compAmmount!=(uboundpacket-1))
{
return -3; // header of packet doesn't match with real size of the packet
}
k[0]=BYTES_TO_ULONG(keyarray[3],keyarray[2],keyarray[1],keyarray[0]);
k[1]=BYTES_TO_ULONG(keyarray[7],keyarray[6],keyarray[5],keyarray[4]);
k[2]=BYTES_TO_ULONG(keyarray[11],keyarray[10],keyarray[9],keyarray[8]);
k[3]=BYTES_TO_ULONG(keyarray[15],keyarray[14],keyarray[13],keyarray[12]);
if (0 == (amount%8))
{
nblocks=amount/8;
// printf("amount = %d ; number of blocks = %d\n",amount,nblocks);
for (iblock = 0 ; iblock < nblocks ; iblock++)
{
// printf("Processing block %d ...\n",iblock);
sum=0xC6EF3720;
pos1=2+8*iblock;
pos2=pos1+1;
pos3=pos2+1;
pos4=pos3+1;
pos5=pos4+1;
pos6=pos5+1;
pos7=pos6+1;
pos8=pos7+1;
v0=BYTES_TO_ULONG(packet[pos4],packet[pos3],packet[pos2],packet[pos1]);
v1=BYTES_TO_ULONG(packet[pos8],packet[pos7],packet[pos6],packet[pos5]);
for(i=0; i<32; i++) {
v1 -= ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]);
sum -= delta;
v0 -= ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
}
packet[pos1]=(unsigned char) (v0);
packet[pos2]=(unsigned char) (v0>>8);
packet[pos3]=(unsigned char) (v0>>16);
packet[pos4]=(unsigned char) (v0>>24);
packet[pos5]=(unsigned char) (v1);
packet[pos6]=(unsigned char) (v1>>8);
packet[pos7]=(unsigned char) (v1>>16);
packet[pos8]=(unsigned char) (v1>>24);
}
return 0;
}
else
{
// printf("ERROR: packet header is not multiplier of 8\n");
return -1;
}
}
dllmain.cpp (2/2)
DLLIMPORT int __stdcall EncipherTibiaProtectedSP(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey) {
unsigned long amount;
unsigned long k[4];
unsigned long nblocks;
unsigned long iblock;
unsigned long v0, v1, i, pos1,pos2,pos3,pos4,pos5,pos6,pos7,pos8;
unsigned long sum;
unsigned long delta=0x9E3779B9;
int compAmmount;
if (uboundpacket<1)
{
return -4; // this is not a packet
}
amount=BYTES_TO_ULONG(0,0,packet[1],packet[0]);
if (uboundkey!=15)
{
return -2; // wrong size of key
}
compAmmount=(int) amount;
if (compAmmount!=(uboundpacket-1))
{
return -3; // header of packet doesn't match with real size of the packet
}
k[0]=BYTES_TO_ULONG(keyarray[3],keyarray[2],keyarray[1],keyarray[0]);
k[1]=BYTES_TO_ULONG(keyarray[7],keyarray[6],keyarray[5],keyarray[4]);
k[2]=BYTES_TO_ULONG(keyarray[11],keyarray[10],keyarray[9],keyarray[8]);
k[3]=BYTES_TO_ULONG(keyarray[15],keyarray[14],keyarray[13],keyarray[12]);
if (0 == ((amount-4)%8))
{
nblocks=(amount-4)/8;
// printf("amount = %d ; number of blocks = %d\n",amount,nblocks);
for (iblock = 0 ; iblock < nblocks ; iblock++)
{
// printf("Processing block %d ...\n",iblock);
sum=0;
pos1=4+2+8*iblock;
pos2=pos1+1;
pos3=pos2+1;
pos4=pos3+1;
pos5=pos4+1;
pos6=pos5+1;
pos7=pos6+1;
pos8=pos7+1;
v0=BYTES_TO_ULONG(packet[pos4],packet[pos3],packet[pos2],packet[pos1]);
v1=BYTES_TO_ULONG(packet[pos8],packet[pos7],packet[pos6],packet[pos5]);
for(i=0; i<32; i++) {
v0 += ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
sum += delta;
v1 += ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]);
}
packet[pos1]=(unsigned char) (v0);
packet[pos2]=(unsigned char) (v0>>8);
packet[pos3]=(unsigned char) (v0>>16);
packet[pos4]=(unsigned char) (v0>>24);
packet[pos5]=(unsigned char) (v1);
packet[pos6]=(unsigned char) (v1>>8);
packet[pos7]=(unsigned char) (v1>>16);
packet[pos8]=(unsigned char) (v1>>24);
}
return 0;
}
else
{
// printf("ERROR: packet header is not multiplier of 8\n");
return -1;
}
}
DLLIMPORT int __stdcall DecipherTibiaProtectedSP(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey) {
unsigned long amount;
unsigned long k[4];
unsigned long nblocks;
unsigned long iblock;
unsigned long v0, v1, i, pos1,pos2,pos3,pos4,pos5,pos6,pos7,pos8;
unsigned long sum;
unsigned long delta=0x9E3779B9;
int compAmmount;
if (uboundpacket<3) // at least 4 bytes for a trivial packet in this case
{
return -4; // this is not a packet
}
amount=BYTES_TO_ULONG(0,0,packet[1],packet[0]);
if (uboundkey!=15)
{
return -2; // wrong size of key
}
compAmmount=(int) amount;
if (compAmmount!=(uboundpacket-1))
{
return -3; // header of packet doesn't match with real size of the packet
}
k[0]=BYTES_TO_ULONG(keyarray[3],keyarray[2],keyarray[1],keyarray[0]);
k[1]=BYTES_TO_ULONG(keyarray[7],keyarray[6],keyarray[5],keyarray[4]);
k[2]=BYTES_TO_ULONG(keyarray[11],keyarray[10],keyarray[9],keyarray[8]);
k[3]=BYTES_TO_ULONG(keyarray[15],keyarray[14],keyarray[13],keyarray[12]);
if (0 == ((amount - 4)%8))
{
nblocks=(amount - 4)/8;
// printf("amount = %d ; number of blocks = %d\n",amount,nblocks);
for (iblock = 0 ; iblock < nblocks ; iblock++)
{
// printf("Processing block %d ...\n",iblock);
sum=0xC6EF3720;
pos1=4+2+8*iblock;
pos2=pos1+1;
pos3=pos2+1;
pos4=pos3+1;
pos5=pos4+1;
pos6=pos5+1;
pos7=pos6+1;
pos8=pos7+1;
v0=BYTES_TO_ULONG(packet[pos4],packet[pos3],packet[pos2],packet[pos1]);
v1=BYTES_TO_ULONG(packet[pos8],packet[pos7],packet[pos6],packet[pos5]);
for(i=0; i<32; i++) {
v1 -= ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]);
sum -= delta;
v0 -= ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
}
packet[pos1]=(unsigned char) (v0);
packet[pos2]=(unsigned char) (v0>>8);
packet[pos3]=(unsigned char) (v0>>16);
packet[pos4]=(unsigned char) (v0>>24);
packet[pos5]=(unsigned char) (v1);
packet[pos6]=(unsigned char) (v1>>8);
packet[pos7]=(unsigned char) (v1>>16);
packet[pos8]=(unsigned char) (v1>>24);
}
return 0;
}
else
{
// printf("ERROR: packet header is not multiplier of 8\n");
return -1;
}
}
DLLIMPORT unsigned int __stdcall GetTibiaCRC(unsigned char *data, unsigned int len) /* data: Pointer to the data to be summed; len is in bytes */
{
unsigned int a = 1, b = 0;
while (len > 0)
{
size_t tlen = len > 5552 ? 5552 : len;
len -= tlen;
do
{
a += *data++;
b += a;
} while (--tlen);
a %= MOD_ADLER;
b %= MOD_ADLER;
}
return (b << 16) | a;
}
DLLIMPORT int __stdcall BlackdForceWrite(int address, unsigned char *mybuffer, int mybuffersize, HWND__* hwndClientWindow)
{
// get process id
DWORD dwProcessId;
GetWindowThreadProcessId(hwndClientWindow, &dwProcessId);
// get process handle
HANDLE hProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
// set memory to read write
DWORD dwOldProtection;
VirtualProtectEx(hProcessHandle, (LPVOID)address, mybuffersize, PAGE_READWRITE, &dwOldProtection);
// write
WriteProcessMemory(hProcessHandle, (LPVOID)address, mybuffer, mybuffersize, NULL);
// restore memory protection
DWORD dwNewProtection;
VirtualProtectEx(hProcessHandle, (LPVOID)address, mybuffersize, dwOldProtection, &dwNewProtection);
// close process handle
CloseHandle(hProcessHandle);
return 0;
}
I'm trying to compile in Dev C++ and is getting this msg error:
1 - In function 'int BlackdForceWrite(int, unsigned char*, int, HWND__*)':
2 - [Warning] cast to pointer from integer of different size [-Wint-to-pointer-cast]
Could u help me? Thx
dllmain.cpp (2/2)
DLLIMPORT int __stdcall EncipherTibiaProtectedSP(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey) {
unsigned long amount;
unsigned long k[4];
unsigned long nblocks;
unsigned long iblock;
unsigned long v0, v1, i, pos1,pos2,pos3,pos4,pos5,pos6,pos7,pos8;
unsigned long sum;
unsigned long delta=0x9E3779B9;
int compAmmount;
if (uboundpacket<1)
{
return -4; // this is not a packet
}
amount=BYTES_TO_ULONG(0,0,packet[1],packet[0]);
if (uboundkey!=15)
{
return -2; // wrong size of key
}
compAmmount=(int) amount;
if (compAmmount!=(uboundpacket-1))
{
return -3; // header of packet doesn't match with real size of the packet
}
k[0]=BYTES_TO_ULONG(keyarray[3],keyarray[2],keyarray[1],keyarray[0]);
k[1]=BYTES_TO_ULONG(keyarray[7],keyarray[6],keyarray[5],keyarray[4]);
k[2]=BYTES_TO_ULONG(keyarray[11],keyarray[10],keyarray[9],keyarray[8]);
k[3]=BYTES_TO_ULONG(keyarray[15],keyarray[14],keyarray[13],keyarray[12]);
if (0 == ((amount-4)%8))
{
nblocks=(amount-4)/8;
// printf("amount = %d ; number of blocks = %d\n",amount,nblocks);
for (iblock = 0 ; iblock < nblocks ; iblock++)
{
// printf("Processing block %d ...\n",iblock);
sum=0;
pos1=4+2+8*iblock;
pos2=pos1+1;
pos3=pos2+1;
pos4=pos3+1;
pos5=pos4+1;
pos6=pos5+1;
pos7=pos6+1;
pos8=pos7+1;
v0=BYTES_TO_ULONG(packet[pos4],packet[pos3],packet[pos2],packet[pos1]);
v1=BYTES_TO_ULONG(packet[pos8],packet[pos7],packet[pos6],packet[pos5]);
for(i=0; i<32; i++) {
v0 += ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
sum += delta;
v1 += ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]);
}
packet[pos1]=(unsigned char) (v0);
packet[pos2]=(unsigned char) (v0>>8);
packet[pos3]=(unsigned char) (v0>>16);
packet[pos4]=(unsigned char) (v0>>24);
packet[pos5]=(unsigned char) (v1);
packet[pos6]=(unsigned char) (v1>>8);
packet[pos7]=(unsigned char) (v1>>16);
packet[pos8]=(unsigned char) (v1>>24);
}
return 0;
}
else
{
// printf("ERROR: packet header is not multiplier of 8\n");
return -1;
}
}
DLLIMPORT int __stdcall DecipherTibiaProtectedSP(unsigned char* packet, unsigned char* keyarray, int uboundpacket, int uboundkey) {
unsigned long amount;
unsigned long k[4];
unsigned long nblocks;
unsigned long iblock;
unsigned long v0, v1, i, pos1,pos2,pos3,pos4,pos5,pos6,pos7,pos8;
unsigned long sum;
unsigned long delta=0x9E3779B9;
int compAmmount;
if (uboundpacket<3) // at least 4 bytes for a trivial packet in this case
{
return -4; // this is not a packet
}
amount=BYTES_TO_ULONG(0,0,packet[1],packet[0]);
if (uboundkey!=15)
{
return -2; // wrong size of key
}
compAmmount=(int) amount;
if (compAmmount!=(uboundpacket-1))
{
return -3; // header of packet doesn't match with real size of the packet
}
k[0]=BYTES_TO_ULONG(keyarray[3],keyarray[2],keyarray[1],keyarray[0]);
k[1]=BYTES_TO_ULONG(keyarray[7],keyarray[6],keyarray[5],keyarray[4]);
k[2]=BYTES_TO_ULONG(keyarray[11],keyarray[10],keyarray[9],keyarray[8]);
k[3]=BYTES_TO_ULONG(keyarray[15],keyarray[14],keyarray[13],keyarray[12]);
if (0 == ((amount - 4)%8))
{
nblocks=(amount - 4)/8;
// printf("amount = %d ; number of blocks = %d\n",amount,nblocks);
for (iblock = 0 ; iblock < nblocks ; iblock++)
{
// printf("Processing block %d ...\n",iblock);
sum=0xC6EF3720;
pos1=4+2+8*iblock;
pos2=pos1+1;
pos3=pos2+1;
pos4=pos3+1;
pos5=pos4+1;
pos6=pos5+1;
pos7=pos6+1;
pos8=pos7+1;
v0=BYTES_TO_ULONG(packet[pos4],packet[pos3],packet[pos2],packet[pos1]);
v1=BYTES_TO_ULONG(packet[pos8],packet[pos7],packet[pos6],packet[pos5]);
for(i=0; i<32; i++) {
v1 -= ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]);
sum -= delta;
v0 -= ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]);
}
packet[pos1]=(unsigned char) (v0);
packet[pos2]=(unsigned char) (v0>>8);
packet[pos3]=(unsigned char) (v0>>16);
packet[pos4]=(unsigned char) (v0>>24);
packet[pos5]=(unsigned char) (v1);
packet[pos6]=(unsigned char) (v1>>8);
packet[pos7]=(unsigned char) (v1>>16);
packet[pos8]=(unsigned char) (v1>>24);
}
return 0;
}
else
{
// printf("ERROR: packet header is not multiplier of 8\n");
return -1;
}
}
DLLIMPORT unsigned int __stdcall GetTibiaCRC(unsigned char *data, unsigned int len) /* data: Pointer to the data to be summed; len is in bytes */
{
unsigned int a = 1, b = 0;
while (len > 0)
{
size_t tlen = len > 5552 ? 5552 : len;
len -= tlen;
do
{
a += *data++;
b += a;
} while (--tlen);
a %= MOD_ADLER;
b %= MOD_ADLER;
}
return (b << 16) | a;
}
DLLIMPORT int __stdcall BlackdForceWrite(int address, unsigned char *mybuffer, int mybuffersize, HWND__* hwndClientWindow)
{
// get process id
DWORD dwProcessId;
GetWindowThreadProcessId(hwndClientWindow, &dwProcessId);
// get process handle
HANDLE hProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
// set memory to read write
DWORD dwOldProtection;
VirtualProtectEx(hProcessHandle, (LPVOID)address, mybuffersize, PAGE_READWRITE, &dwOldProtection);
// write
WriteProcessMemory(hProcessHandle, (LPVOID)address, mybuffer, mybuffersize, NULL);
// restore memory protection
DWORD dwNewProtection;
VirtualProtectEx(hProcessHandle, (LPVOID)address, mybuffersize, dwOldProtection, &dwNewProtection);
// close process handle
CloseHandle(hProcessHandle);
return 0;
}
Powered by vBulletin® Version 4.2.5 Copyright © 2021 vBulletin Solutions Inc. All rights reserved.