simple look at what it does when connecting...

Try 1:
NProtect Update Routine

ip : update.nprotect.net
port : 80

>>
>> init connection ([C]syn -> [S]syn/ack -> [C]ack)
>>

Request:

GET /GameGuard/webzen/RealServer/update.cfg?id=1306178 HTTP/1.1
Accept: */*
User-Agent: npgmup
Host: update.nprotect.net
Connection: Keep-Alive
Cache-Control: no-cache


Reply:

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 05 Jan 2004 03:03:11 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 05 Jan 2004 00:36:32 GMT
ETag: "0a821f723d3c31:9fa"
Content-Length: 1783

<data snipped>
...
</data snipped>

>>
>> end connection
>>

didn't need updating it seems, just rang home to make sure it was ok to keep going.


Try 2:
NProtect Update Routine

ip : update.nprotect.net
port : 80

>>
>> init connection ([C]syn -> [S]syn/ack -> [C]ack)
>>

Request:

GET /GameGuard/webzen/RealServer/update.cfg?id=2713750 HTTP/1.1
Accept: */*
User-Agent: npgmup
Host: update.nprotect.net
Connection: Keep-Alive
Cache-Control: no-cache


Reply:

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 05 Jan 2004 03:26:35 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 05 Jan 2004 02:36:34 GMT
ETag: "0a5dbbb34d3c31:9e3"
Content-Length: 1783

<data snipped>
...
</data snipped>


>>
>> something tells nprotect to get new update (etag maybe? last mod date? or downloaded file? need to check for diffs on it)
>>

request:

GET /GameGuard/webzen/RealServer/GameMon.npz?GameMon.des=1645623412 HTTP/1.1
Accept: */*
User-Agent: npgmup
Host: update.nprotect.net
Connection: Keep-Alive
Cache-Control: no-cache


reply:

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 05 Jan 2004 03:26:36 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 05 Jan 2004 02:36:34 GMT
ETag: "0a5dbbb34d3c31:9e3"
Content-Length: 76495

<data snipped>
...
</data snipped>



>>
>> end connection
>>

AH!
The boss sed something. get new "GameMon.des" from server.

So maybe a simple little proxy app to make nProtect think it doesn't need to update would disable it finding new hacks/etc...

looking some more...

mOo..

Try 3:
NProtect Update Routine

ip : update.nprotect.net
port : 80

>>
>> init connection ([C]syn -> [S]syn/ack -> [C]ack)
>>

Request:

GET /GameGuard/webzen/RealServer/update.cfg?id=4028536 HTTP/1.1
Accept: */*
User-Agent: npgmup
Host: update.nprotect.net
Connection: Keep-Alive
Cache-Control: no-cache


Reply:

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Mon, 05 Jan 2004 03:45:11 GMT
Content-Type: application/octet-stream
Accept-Ranges: bytes
Last-Modified: Mon, 05 Jan 2004 02:36:34 GMT
ETag: "7e41cbc34d3c31:a11"
Content-Length: 1783

<data snipped>
... update.cfg ...
</data snipped>

>>
>> end connection
>>

once more its happy...

update.cfg is always 1783 bytes long

can't be a prob to send it back...

here is the current update.cfg file nProtect receives everytime it connects.

The id field at the end of the URL doesn't seem to be required. (got that file without one)

Also the User-Agent field isn't a requirement (can be anything afaik)

URL to D/L this file:

update.cfg (http://update.nprotect.net/GameGuard/webzen/RealServer/update.cfg)

...

need to try the proxy idea... haven't programmed in so long... hard to get back into it...

after checking HTTP specs (ftp://ftp.isi.edu/in-notes/rfc2616.txt) found out that ETag is mainly used as a "better" alternative to Last-Modified.

Apache servers put the hash of the requested file in there, I guess MicroSpaz ISs'z put random numbers since they seem to always change...

so ETag seems to be completely irrelevant. woohoo.

mOo.

livin' n learnin'

Nice :)

I don't think nProtect is that good of a cheat detector since
it seems it only detects programs that it's familiar with, like
one version of a program is detected but not the latest.

IMO

HanDes.dll seems to decrypt all .des files, i would love to be able to decrypt them, but i lack the skills o_O.

btw

I've looked at the binaries of the realesed (gg spelling) cheats for PT and they all seem to use WriteProcessMemory/Read..

So it's rather easy to cheat, atleast i thought :P

I've been looking for a program that will let me search the Game.exe over network since minimizing Priston Tale ingame is a pain. TSearch doesnt find Game.exe as a process, atleast not on my machine, does it on yours? If it would be able to find it, it would OWN! since it allows you to create a lot of hotkeys.

I'm thinking of installing Windows 98 just to see if TSearch's process finding code works better there.

If anyone has any PT cheat sourcecode i would be happy to have it :)

there's that little Mu Windows Program floating around, not at home so haven't got file handy. But i'll post it when i get back.

Enables you to "Window" Mu. Only prob is all keystrokes are still grabbed by Mu, so Q,W,E quaffs the relevant potions... annoying to say the least :)

I've been looking at packets using EtherDetect (shareware, keygen floating around) on another PC. injecting would be easy.

I recall there was a Diablo II app that did just that, monitored data sent from client, and when certain packets appeared it was able to block/change/send packets.

Can't remember what its called. will have to check D2World forums again...

Try GenTrain instead of TSearch... I've found it to be much better... :)

- GenTrain Site (http://www3.bc.sympatico.ca/jz/gentrain/)

g/l

mOo.

gen train looks much better then the older tsearch i was using, thanks... i have another idea on how to hack mu,going to test it now, but it wold only work for gold.....

hey,
can any one show me how to make a hack from gentrainer plz!!:alien:

hey man i finally found a working mu hack but all it does is min and max the mu window. It only works on 800x600 and lower resolution.

uhh, to make a hack requires alot of time, and if we had figured out a method , we would of posted a hack......

Disregard this... Moved to Official Thread...
I'm sloww... need to get up to speed
Haizz

the GenTrain site is down.. can you pm me?

I thought I posted something like this...