The NexonGuard file inside of Black Cipher

[BustaRap]

Well I did a little searching around and found a program that could possibly decode (might be wrong word but I'm a newb so cut meh some slack) it.

I've found that a [dot]log file is used to record everything sent to a [Nexon's] server (downloads, images, uploads, connections, etc.) Now since I'm a little behind the other coders and whatnot on MPGH, I'll post my findings here with the hopes that someone else can use that information to get a good bypass going for mods.

I won't link to the site where I downloaded from, but if you google "Absolute Log Analyzer Pro Demo" it should be the FOURTH link.
----
Simple Tutorial:
1. Download and install the program (I have the demo).
[IMG]https://i111.photobucke*****m/albums/n150/BustaRap2006/1-2.png[/IMG]

2. Click past this crap.
[IMG]https://i111.photobucke*****m/albums/n150/BustaRap2006/2-2.png[/IMG]

3. What it should look like when opened.
[IMG]https://i111.photobucke*****m/albums/n150/BustaRap2006/3-2.png[/IMG]

4. Workspace>Retrieve new log files (or press F3).
[IMG]https://i111.photobucke*****m/albums/n150/BustaRap2006/4-2.png[/IMG]

5. Click "Browse" and find your NexonGuard[dot]log file (Should be something like "C:\Nexon\Combat Arms\Black Cipher"). The file should show up, check the box, and hit "Import".
[IMG]https://i111.photobucke*****m/albums/n150/BustaRap2006/5-1.png[/IMG]

6. This will pop-up for a second...
[IMG]https://i111.photobucke*****m/albums/n150/BustaRap2006/6.png[/IMG]

7. Follow the instructions on pic.
[IMG]https://i111.photobucke*****m/albums/n150/BustaRap2006/7.png[/IMG]

8. Random information.
[IMG]https://i111.photobucke*****m/albums/n150/BustaRap2006/8.png[/IMG]

9. More random info.
[IMG]https://i111.photobucke*****m/albums/n150/BustaRap2006/9.png[/IMG]
Note: My IP addy is not in the last pic so don't even try lol.


Basically the point of me doing all this is to try and crack that [dot]log file, read what's in it, maybe decompile some stuff , etc. This is just me trying to figure out how to bypass Nexon's new little protective crap.

Update: I don't believe that the mod patcher searches for file size either because I checked the original RS against my modded RS and they were both 1kb and mine still got detected.

Update 2: I found a NexonGuard[dot]aes file, looked it up and learned that it is used to encrypt the [dot]log file. Also, removing this [dot]aes from the Nexon folder doesn't allow the game to start at all. Fail.

[NegroTwinkie]

Our people arn't that smart
Maybe @Drigien

[BustaRap]

lololololol.

Just putting it out there for any body who might see it, get a brain spark (note: not to be confused with brain fart), and GET ME SUHM BAI PASSES!!111!!!

[noob555]

awe hell no
so if someone watches porn
nexon watches it too LOL>?

[BustaRap]

awe hell no
so if someone watches porn
nexon watches it too LOL>?

No rofl... Unless you put the pronz into your Combat Arms folder, open the video and try to start the game. Actually... I think they may actually get the video or some form (however screwed it is) if you did that. Be right back!

[supercarz1991]

Lol I made a hack for ca that instead of the map.loading and the game starting.it crashes u and opens minesweeper

Ontopic: I noticed the files too. Im gonna mod like he'll and see if I get banned
Also, ur correct, its not file size...nor is it checksum or md5...could be crc check or a line in each rez file hex that tells the game its legit

[Gaz]

That file needs to "Uploader.exe" to work, so delete uploader.exe then your fine .

[BustaRap]

Lol I made a hack for ca that instead of the map.loading and the game starting.it crashes u and opens minesweeper

Ontopic: I noticed the files too. Im gonna mod like he'll and see if I get banned
Also, ur correct, its not file size...nor is it checksum or md5...could be crc check or a line in each rez file hex that tells the game its legit

I'd bet money it's a hex line.

[supercarz1991]

I'd bet money it's a hex line.

It is a hex line. But the line off hex changes due to some cryption method that they probably custom made. Its the last line of the hex of the rez file

[BustaRap]

It is a hex line. But the line off hex changes due to some cryption method that they probably custom made. Its the last line of the hex of the rez file

You wouldn't happen to know what event (start game, something in the loading process, hackshield, etc.) that makes it change would you?

Maybe the NexonGuard[dot]aes?

[Wax.]

Update 2: I found a NexonGuard[dot]aes file, looked it up and learned that it is used to encrypt the [dot]log file. Also, removing this [dot]aes from the Nexon folder doesn't allow the game to start at all. Fail.

Bypasses aren't made threw what ever that is, and maybe they could be but that would take more time then what is needed.
Secondly you need NXGuard.aes file for it is what keeps the logs of what CA accounts have been accessed on that IP/Mac IP/ And connection. Without this file you are correct the game wont start, however I would also not suggest giving that file to anyone as it is kinda important to security to your accounts.

[NOOB]

Bypasses aren't made threw what ever that is, and maybe they could be but that would take more time then what is needed.
Secondly you need NXGuard.aes file for it is what keeps the logs of what CA accounts have been accessed on that IP/Mac IP/ And connection. Without this file you are correct the game wont start, however I would also not suggest giving that file to anyone as it is kinda important to security to your accounts.

oops i posted mine on mpgh publicly.

[supercarz1991]

You wouldn't happen to know what event (start game, something in the loading process, hackshield, etc.) that makes it change would you?

Maybe the NexonGuard[dot]aes?

Nexon probably has there own private file scanner that gives them that line of hex, they add it to the hex and then thegame knows if its corrupt or not

[HellSpider]

The NexonGuard.aes extension is only to fool noobs.

The file is a DLL file. The file is not packed but some parts of the executable code is virtualized by Oreans CodeVirtualizer, those can be really tough to resolve.

[supercarz1991]

The NexonGuard.aes extension is only to fool noobs.

The file is a DLL file. The file is not packed but some parts of the executable code is virtualized by Oreans CodeVirtualizer, those can be really tough to resolve.

As I figured, although not having a computer, I couldn't test that theory lol