[NA] Original Vindictus CBT Client (No Hackshield)

[SinXZ]

Hey guys, I'm back after a long time. Anyways, I happen to find the original Vindictus CBT (Closed Beta Testing) setup, after I installed it, I took the Vindictus.exe file and replaced it into the latest update, which surprisingly ran. The original CBT version of Vindictus doesn't initialize HackShield (a Nexon mistake), completely bypassing it. It runs perfectly in the original setup files (with the CurrentInfo.txt replaced with the latest patch), and works when the HShield folder is deleted.

However, when placed into the latest patch, it runs without HackShield, and loads half-way, before spitting a message box saying:



While it was still in the loading page. After clicking OK, it closes, but hangs there if it isn't pressed. Since the Vindictus client is mostly based upon the .dll files in the bin folder (2010 client can still run a 2012 patch), I messed around with MHS, and OllyDBG, and found that it calls ntdll.dll to write the message, which is unhelpful cause I couldn't just remove ntdll.dll. You guys can mess around with this, the possibilities are limitless, and may fully bypasses HackShield.

This is just the original client, no modifications; it seems like Nexon packed it with UPX, which gives a virus warning.

Virus-scans:
https://www.virustotal.com/file/dd91...is/1350091533/
VindictusCBTClient.zip - Jotti's malware scan

[mateof123]

I can enter any hack?

[SinXZ]

I can enter any hack?

If you can bypass the warning screen, you'll prevent Hackshield from loading.

[LolDev]

The Hackshield sents an AhnPacket to the vindictus server and gets an AhnResponsePacket back. If the server does not get a AhnPacket it simply will close your Connection. That's why you can't remove the Hackshield from the client. You probably would need to emulate all outgoing hackshield packets based on incoming hackshield packets. Except if, NEXON/devcat forgot to implement the "close the connection if player does not send the proper hackshield packets" stuff which is highly unlikely.

It's possible to code a hackshield emulator, but it's not easy to accomplish. You would need to write your own hackshield updater because the hackshield updater is also connected to the client (you have to give the client the right code from the updater so the game starts properly) when this is done you would need to do a lot of packet sniffing or at least find the "OK packet" and its structure. I actually have an old hackshield emulator but it was made for metin2 and they had hackshield not hackshield pro wich means they had no hackshield updater and less packets and its crypted with Enigma.

[Nico]

Approved. I've also played around with old files and wasn't successful. I guess it's just like LolDev says, you'd have to emulate the packets.

[ggiorgio96]

yeah nico is right i tryed the samething with my hacker experience

[juctcavali]

long time no see nico update the new hack T_T

[Nico]

long time no see nico update the new hack T_T

Buy me a new harddrive?

[kabodle]

Buy me a new harddrive?

what happened to yours?

[Nico]

what happened to yours?

It died yesterday.

[kabodle]

that sucks. if i had money i prob would donate to you. but im broke

[chidiebele15]

i have not hacked in a wile so i was just wondering if the old hacks are gana come back. like god mode and ohk dll with the consul.

[Fovea]

Packet sniffing will get you nowhere in regards to HS emulation. All you will get is a bunch of garbage because the requests and responses are encrypted with AES-128 ECB. Even if they weren't encrypted you would simply get garbage as well, as there are some flags in the response message that use a custom hash.

[Nico]

Packet sniffing will get you nowhere in regards to HS emulation. All you will get is a bunch of garbage because the requests and responses are encrypted with AES-128 ECB. Even if they weren't encrypted you would simply get garbage as well, as there are some flags in the response message that use a custom hash.

tl;dr can't emulate HS packets.

[Fovea]

It's quite possible, but packet sniffing is not the correct way to determine the request/response structures. I've already completely reversed the response routines.