Results 1 to 2 of 2
  1. #1
    Fєηix's Avatar
    Join Date
    Apr 2013
    Gender
    male
    Location
    Brαzil
    Posts
    1,124
    Reputation
    114
    Thanks
    6,645
    My Mood
    Sleepy

    XingCode and NGS "Bypass"

    Code:
    0047DD03  |. 68 80C66F00    PUSH CA.006FC680                         ;  ASCII "================================================="
    0047DD08  |. E8 834A2100    CALL CA.00692790
    0047DD0D  |. 50             PUSH EAX
    0047DD0E  |. E8 2D4C2100    CALL CA.00692940
    0047DD13  |. 68 30C66F00    PUSH CA.006FC630                         ;  UNICODE "Initialize Hack Shield library."
    0047DD18  |. 56             PUSH ESI
    0047DD19  |. FFD5           CALL EBP
    0047DD1B  |. 8B4C24 28      MOV ECX,DWORD PTR SS:[ESP+28]
    0047DD1F  |. 51             PUSH ECX
    0047DD20  |. E8 5B150C00    CALL CA.0053F280
    0047DD25  |. 83C4 14        ADD ESP,14
    0047DD28  |. 84C0           TEST AL,AL
    0047DD2A  |. 75 29          JNZ SHORT CA.0047DD55
    0047DD2C  |. 68 F0C56F00    PUSH CA.006FC5F0                         ;  UNICODE "Hackshield initialize failed."
    0047DD31  |. 6A 0C          PUSH 0C
    0047DD33  |> FF15 38866F00  CALL DWORD PTR DS:[6F8638]
    0047DD39  |. 83C4 08        ADD ESP,8
    0047DD3C  |. 837C24 14 00   CMP DWORD PTR SS:[ESP+14],0
    0047DD41  |.^0F84 7AFEFFFF  JE CA.0047DBC1
    0047DD47  |. FF15 E4846F00  CALL DWORD PTR DS:[6F84E4]
    0047DD4D  |. 83C8 FF        OR EAX,FFFFFFFF
    0047DD50  |. E9 81010000    JMP CA.0047DED6
    0047DD55  |> E8 76380C00    CALL CA.005415D0
    0047DD5A  |. 8BF0           MOV ESI,EAX
    0047DD5C  |. 85F6           TEST ESI,ESI
    0047DD5E  |. 74 36          JE SHORT CA.0047DD96  >> move to jmp
    0047DD60  |. 6A 10          PUSH 10
    0047DD62  |. 68 6CB26F00    PUSH CA.006FB26C                         ;  ASCII "Error"
    0047DD67  |. 68 D4C56F00    PUSH CA.006FC5D4                         ;  ASCII "Xigncode Initialize failed"
    0047DD6C  |. 6A 00          PUSH 0
    0047DD6E  |. FF15 E8836F00  CALL DWORD PTR DS:[6F83E8]
    0047DD74  |. 56             PUSH ESI
    0047DD75  |. 68 9CC56F00    PUSH CA.006FC59C                         ;  UNICODE "Initialize step0 == 0x%08X"
    0047DD7A  |. 68 E4A46F00    PUSH CA.006FA4E4                         ;  UNICODE "a+"
    0047DD7F  |. 68 74C56F00    PUSH CA.006FC574                         ;  UNICODE "GoToEndMainLoop.txt"
    0047DD84  |. 68 6CC56F00    PUSH CA.006FC56C                         ;  UNICODE "Log"
    0047DD89  |. E8 6278FFFF    CALL CA.004755F0
    0047DD8E  |. 83C4 14        ADD ESP,14
    0047DD91  |. E9 31010000    JMP CA.0047DEC7
    0047DD96  |> 8B35 0C806F00  MOV ESI,DWORD PTR DS:[6F800C]
    0047DD9C  |. 8D5424 13      LEA EDX,DWORD PTR SS:[ESP+13]
    0047DDA0  |. 52             PUSH EDX
    0047DDA1  |. 68 48C56F00    PUSH CA.006FC548                         ;  UNICODE "HackShieldLoaded"
    0047DDA6  |. C64424 1B 01   MOV BYTE PTR SS:[ESP+1B],1
    0047DDAB  |. FFD6           CALL ESI
    0047DDAD  |. 68 08C56F00    PUSH CA.006FC508                         ;  UNICODE "Initialize Nexon Guard library."
    0047DDB2  |. 6A 09          PUSH 9
    0047DDB4  |. FFD5           CALL EBP
    0047DDB6  |. 83C4 08        ADD ESP,8
    0047DDB9  |. E8 121D0C00    CALL CA.0053FAD0
    0047DDBE  |. 8BC8           MOV ECX,EAX
    0047DDC0  |. E8 6B270C00    CALL CA.00540530 >>>>> call the NGS, nop it
    0047DDC5  |. 84C0           TEST AL,AL
    0047DDC7  |. 75 0C          JNZ SHORT CA.0047DDD5 >>> Check
    0047DDC9  |. 68 C4C46F00    PUSH CA.006FC4C4                         ;  UNICODE "Nexon Guard initialize failed."
    0047DDCE  |. 6A 0D          PUSH 0D
    0047DDD0  |.^E9 5EFFFFFF    JMP CA.0047DD33
    0047DDD5  |> 8D4424 13      LEA EAX,DWORD PTR SS:[ESP+13]
    0047DDD9  |. 50             PUSH EAX
    0047DDDA  |. 68 A0C46F00    PUSH CA.006FC4A0                         ;  UNICODE "NexonGuardLoaded"
    0047DDDF  |. C64424 1B 01   MOV BYTE PTR SS:[ESP+1B],1
    0047DDE4  |. FFD6           CALL ESI
    0047DDE6  |. 64:A1 18000000 MOV EAX,DWORD PTR FS:[18]
    0047DDEC  |. 8B40 24        MOV EAX,DWORD PTR DS:[EAX+24]
    0047DDEF  |. A3 E4427800    MOV DWORD PTR DS:[7842E4],EAX
    0047DDF4  |. 68 64C46F00    PUSH CA.006FC464                         ;  UNICODE "Check already running client."
    0047DDF9  |. 6A 0A          PUSH 0A
    0047DDFB  |. FFD5           CALL EBP
    0047DDFD  |. 83C4 08        ADD ESP,8
    0047DE00  |. 68 5CC46F00    PUSH CA.006FC45C                         ;  ASCII "CA_GAME"
    0047DE05  |. B9 C8137800    MOV ECX,CA.007813C8
    0047DE0A  |. E8 C14FFFFF    CALL CA.00472DD0
    0047DE0F  |. 84C0           TEST AL,AL
    0047DE11  |. 75 20          JNZ SHORT CA.0047DE33 >>> move to jmp || with this you can open more than one game
    0047DE13  |. 6A 10          PUSH 10
    0047DE15  |. 68 6CB26F00    PUSH CA.006FB26C                         ;  ASCII "Error"
    0047DE1A  |. 68 20C46F00    PUSH CA.006FC420                         ;  ASCII "CombatArms is already running, so shutting down the client."
    0047DE1F  |. 6A 00          PUSH 0
    0047DE21  |. FF15 E8836F00  CALL DWORD PTR DS:[6F83E8]
    0047DE27  |. 68 A8C36F00    PUSH CA.006FC3A8                         ;  UNICODE "CombatArms is already running, so shutting down the client."
    0047DE2C  |. 6A 13          PUSH 13

    Code:
    00540C41  |. BE E88E7000    MOV ESI,CA.00708EE8                      ;  UNICODE "\x3.xem"
    00540C46  |. 85C0           TEST EAX,EAX
    00540C48  |. 75 76          JNZ SHORT CA.00540CC0
    00540C4A  |. 51             PUSH ECX
    00540C4B  |. 68 08020000    PUSH 208
    00540C50  |. 8D8424 1C02000>LEA EAX,DWORD PTR SS:[ESP+21C]
    00540C57  |. 50             PUSH EAX
    00540C58  |. E8 03FFFFFF    CALL CA.00540B60
    00540C5D  |. F6C3 08        TEST BL,8
    00540C60  |. 74 05          JE SHORT CA.00540C67
    00540C62  |. BE CC8E7000    MOV ESI,CA.00708ECC                      ;  UNICODE "\xcorona.xem"
    00540C67  |> 8D8C24 1402000>LEA ECX,DWORD PTR SS:[ESP+214]
    00540C6E  |. 51             PUSH ECX
    00540C6F  |. 8D5424 10      LEA EDX,DWORD PTR SS:[ESP+10]
    00540C73  |. 52             PUSH EDX
    00540C74  |. FF15 3C836F00  CALL DWORD PTR DS:[6F833C]
    00540C7A  |. 56             PUSH ESI
    00540C7B  |. 8D4424 10      LEA EAX,DWORD PTR SS:[ESP+10]
    00540C7F  |. 50             PUSH EAX
    00540C80  |. FF15 38836F00  CALL DWORD PTR DS:[6F8338]
    00540C86  |. 8D4C24 0C      LEA ECX,DWORD PTR SS:[ESP+C]
    00540C8A  |. 51             PUSH ECX
    00540C8B  |. FF15 40836F00  CALL DWORD PTR DS:[6F8340]
    00540C91  |. 85C0           TEST EAX,EAX
    00540C93  |. 74 24          JE SHORT CA.00540CB9
    00540C95  |. 6A 01          PUSH 1
    00540C97  |. 68 FCB27800    PUSH CA.0078B2FC
    00540C9C  |. E8 FFF9FFFF    CALL CA.005406A0
    00540CA1  |. 85C0           TEST EAX,EAX
    00540CA3  |. 74 14          JE SHORT CA.00540CB9 >>> move to jmp
    This works for a few minutes, obviously has checks

  2. The Following User Says Thank You to Fєηix For This Useful Post:

    gusdnide4 (10-03-2016)

  3. #2
    M4L1F1C's Avatar
    Join Date
    Dec 2015
    Gender
    male
    Posts
    14
    Reputation
    10
    Thanks
    4
    My Mood
    Bitchy
    There is an easier way, but well done.

Similar Threads

  1. Replies: 1
    Last Post: 10-15-2012, 10:31 PM
  2. Replies: 5
    Last Post: 07-13-2007, 10:31 PM
  3. Selling A RS Account and A Working Bypass
    By condor01 in forum Trade Accounts/Keys/Items
    Replies: 3
    Last Post: 06-08-2007, 06:19 AM
  4. Replies: 8
    Last Post: 06-03-2007, 09:54 AM
  5. The one and only waorking bypass!
    By wwechampabdel in forum WarRock - International Hacks
    Replies: 12
    Last Post: 05-30-2007, 07:40 PM