Server Help

Misc User Apps - Edited Continuum 0.40 client
hellzlaker - Tue Jul 29, 2008 11:18 pm
Post subject: Edited Continuum 0.40 client
Continuum 0.40 hellzlaker version
---------------------------------

*This is just a quick thing I did I will see if I can edit more useful stuff.
*CONNECTS ONLY TO SSC ZONES.
*When you have to create a new account on SSC only e-mail is there (rest I taken out).
*Add/Remove Zones design changed.
*Splash screen changed.
*Spectator sign changed to a male genitalia.

Most of this is useless but i just did it for fun I'm trying make something usefull for it but so far i just did some changes, also connects only to SSC zones because i messed up something lol.

HOW TO INSTAL:
put menu040.dll, and menures.dll in you continuum directory
Hakaku - Wed Jul 30, 2008 1:11 am
Post subject:
I believe Doc Flabby had done this before; although he didn't want to share how he did it fearing that it's a potential way to exploit flaws.

Can you post a screenshot though? Let us know what else you can change.
Doc Flabby - Wed Jul 30, 2008 5:24 am
Post subject:
I still distribute a patched version of continuum with the correct directory servers as default. This version has a patched version of menu040.dll.

Comparing the files, this version only has a modified menures.dll. This file contains all the resources for the menus and dialogs, but contains no code logic.

Also you can also change the splash screen by creating splash.bm2 and putting it in the graphics folder icon_smile.gif
k0zy - Wed Jul 30, 2008 10:46 am
Post subject:
http://www.angusj.com/resourcehacker/
Enjoy.

Reminds me of the days I hacked all the dll files of windows to contain diffrent icons, so that it would look cool.

True Story:
We used a math program to solve equations in high school. It actually stored its registration data in a resource file. So you could just look the product key up with resourcehacker.
hellzlaker - Wed Jul 30, 2008 11:42 am
Post subject:
Doc Flabby wrote:


Also you can also change the splash screen by creating splash.bm2 and putting it in the graphics folder icon_smile.gif
lol I never knew that.

Quote:
I still distribute a patched version of continuum with the correct directory servers as default. This version has a patched version of menu040.dll.

Comparing the files, this version only has a modified menures.dll. This file contains all the resources for the menus and dialogs, but contains no code logic.
I did modify menu040.dll also, in menures.dll there is only splash screen, and spectator sign, but in menu040.dll all other windows are there.

I'm going to try to debug it and dump it to see if I can actually change some code.




Snrrrub - Fri Aug 01, 2008 3:57 pm
Post subject:
While you're free to change the resources, you won't be able to modify the DLL's code. There's a check against a checksum in Continuum.exe. If you want to disable that check, you're going to have to modify Continuum.exe in addition to menu40.dll. Even if you manage to do all of that, you won't be able to log in to any zones because the executable checksum is sent to the server and the server rejects you if there's a mismatch.

-Snrrrub
Doc Flabby - Fri Aug 01, 2008 4:06 pm
Post subject:
Snrrrub wrote:
While you're free to change the resources, you won't be able to modify the DLL's code. There's a check against a checksum in Continuum.exe. If you want to disable that check, you're going to have to modify Continuum.exe in addition to menu40.dll. Even if you manage to do all of that, you won't be able to log in to any zones because the executable checksum is sent to the server and the server rejects you if there's a mismatch.

-Snrrrub

I'm not going to go into details on here (i can talk to you privately about it snrrrub however) but i have got around the protection on the menu040.dll code and altered it. I even made a patch to remove the size limit on wav files for macros for someone, however it didnt work as continuum has restrictions on length inbuilt.

My installer with patched menu040.dll
http://subspace2.net/Continuum040Setup-DocFlabby.exe
Snrrrub - Fri Aug 01, 2008 6:10 pm
Post subject:
Ah, my mistake. I see how it works and I can confirm that, at the very least, it's possible to edit the .data and .rsrc sections of the DLL. I haven't tried modifying the .text section - it may be possible that the main executable is checking that but now that I think about it, there are a lot of indicators that suggest that it's *not* being checked.

Doc: to be honest, I'm surprised that PriitK didn't choose a better hash function. My assumption was that he would have done The Right Thing that would have made this kind of attack infeasible. Nice catch! I'll be sure to check before assuming strong security. icon_smile.gif

-Snrrrub
hellzlaker - Sat Aug 02, 2008 1:36 am
Post subject:
continuum also has checksum to make sure u don't edit it with resource hacker, try it, you will get an error, I found a way of getting by it also, and it will work if I change the code...(at least I think)
tcsoccerman - Sat Aug 02, 2008 12:56 pm
Post subject:
so how do you edit .dll's?
Samapico - Sat Aug 02, 2008 3:00 pm
Post subject:
ressource hackers and/or hex-editing programs, I suppose
Anonymous - Sat Aug 02, 2008 3:57 pm
Post subject:
Samapico wrote:
resource hackers and/or hex-editing programs, I suppose
Yea but if you try to run your edited version continuum will show up checksum errors saying the dll was modified if i get something useful out of it I'll post it
Samapico - Sat Aug 02, 2008 8:21 pm
Post subject:
Nevermind what I said... I missed a few replies that had much wiser answers than mine tongue.gif
hellzlaker - Mon Nov 17, 2008 8:22 pm
Post subject:
I pretty much learned allot more and found out that its very easy to edit continuum, or any dll's if you know assembly ... But so far i just got very useless/basic stuff like freezing the client, to speed hacks...

All you have to do is put menu040.dll and cont40hack.dll into your continuum folder and run continuum. A message box will pop up anyway explaining everything.

I attached the edited dll hacks below for who ever is too lazy to compile the code, but for who ever is interested in the code here...

EDIT: Also I attached unpacked continuum 0.40 client, it helps also who ever can't unpack it.

Code: Show/Hide
#include <windows.h>
#define AboutBox() MessageBox(NULL,"Made by hellzlaker@hotmail.com\n\nF1 - About box...\nF2 - Speed hack with messages (sucks)\nF3 - Speed hack without messages (good)\nF4 - Freeze\nF5 - Turn off Speed Hack/Freeze","About conthack40.dll",0);
#define gKey(a) if(GetAsyncKeyState(a))

DWORD OldProt;

DWORD SpeedAddr = 0x0042D1FA;
BYTE SpeedWithMSG[] = {0x89, 0x9E, 0x40, 0x5A, 0x00, 0x00};
BYTE SpeedWithoutMSG[] = {0x0f, 0x84, 0x66, 0xe9, 0xe9, 0x78};
BYTE Freeze[] = {0x89, 0xb6, 0x40, 0x5a, 0x00, 0x00};
BYTE NoSpeed[] = {0x89, 0xbe, 0x40, 0x5a, 0x00, 0x00};

void t()
{         
   while(1)
    {
      gKey(VK_F1)
        {
            AboutBox();
         Sleep(1000);
        }

      gKey(VK_F2)
      {
         VirtualProtect((void*)SpeedAddr, sizeof(SpeedWithMSG), PAGE_EXECUTE_READWRITE, &OldProt);
         memcpy((void*)SpeedAddr, (void*)&SpeedWithMSG, sizeof(SpeedWithMSG));
         VirtualProtect((void*)SpeedAddr, sizeof(SpeedWithMSG), OldProt, &OldProt);
      }

      gKey(VK_F3)
      {
         VirtualProtect((void*)SpeedAddr, sizeof(SpeedWithoutMSG), PAGE_EXECUTE_READWRITE, &OldProt);
         memcpy((void*)SpeedAddr, (void*)&SpeedWithoutMSG, sizeof(SpeedWithoutMSG));
         VirtualProtect((void*)SpeedAddr, sizeof(SpeedWithoutMSG), OldProt, &OldProt);
      }

      gKey(VK_F4)
      {
         VirtualProtect((void*)SpeedAddr, sizeof(Freeze), PAGE_EXECUTE_READWRITE, &OldProt);
         memcpy((void*)SpeedAddr, (void*)&Freeze, sizeof(Freeze));
         VirtualProtect((void*)SpeedAddr, sizeof(Freeze), OldProt, &OldProt);
      }

      gKey(VK_F5)
      {
         VirtualProtect((void*)SpeedAddr, sizeof(NoSpeed), PAGE_EXECUTE_READWRITE, &OldProt);
         memcpy((void*)SpeedAddr, (void*)&NoSpeed, sizeof(NoSpeed));
         VirtualProtect((void*)SpeedAddr, sizeof(NoSpeed), OldProt, &OldProt);
      }

    }   
}

extern "C"
{
    __declspec(dllexport) BOOL __stdcall DllMain(HINSTANCE hInst,DWORD reason,LPVOID lpv)
    {
        DisableThreadLibraryCalls(hInst);

        if(reason == DLL_PROCESS_ATTACH)
        {
         AboutBox();
            CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)&t,0 ,NULL,NULL);
            return TRUE;
        }

        if(reason == DLL_PROCESS_DETACH)
        {
            ExitThread(0);
        }

        return true;
    }
}
Bak - Mon Nov 17, 2008 8:36 pm
Post subject:
why are you releasing speed hacks again?
hellzlaker - Mon Nov 17, 2008 8:51 pm
Post subject:
i removed the compiled dll and left just source but just showed how you can edit lots of things, all you have to do is look at unpacked continuum and because you can't really edit allot because of crc check's so I just made another dll and once continuum is started the dll would edit memory
Cheese - Tue Nov 18, 2008 2:50 pm
Post subject:
because he doesnt want to return to SSC, ever
All times are -5 GMT
View topic
Powered by phpBB 2.0 .0.11 © 2001 phpBB Group