[Script] Launch aoc without requiring the patcher to run first menu

These ads disappear when you log in.

Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    raindog's Avatar Sergeant
    Reputation
    68
    Join Date
    Dec 2007
    Posts
    51
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)

    [Script] Launch aoc without requiring the patcher to run first

    It's actually really quite simple.
    Code:
        if ( !IsDebuggerPresent() )     {       v51 = 15;       v52 = 0;       LOBYTE(v53) = 0;       sub_421910((int)&v54, "HttpPatchFolder", 15u);       v21 = sub_5427E0();       v56 = *(_DWORD *)(sub_543D80(&v55, &v54, v21) + 20) != 0;       if ( v57 >= 16 )         sub_42A1F0();       v57 = 15;       v58 = 0;       LOBYTE(v59) = 0;       if ( v51 >= 16 )         sub_42A1F0();       if ( v56 )       {         v56 = sub_5B1670();         v11 = sub_5B1A90();         v60 = v11;         if ( (!v56 || !v11) && (sub_F1AEA0("bValidClientHash && bValidPatcherKey", ".\Main.cpp", 238, 1), !v60) || !v56 )         {           ShellExecuteA(0, "open", "ConanPatcher.exe", &Parameters, 0, 1);           ExitProcess(0);         }       }     }
    Which basically says "Skip hash check if we are being debugged." The more complete approach however is this: 1. Get current 64-bit system time: __time64_t cur_time = _time64(0); 2. use TEA (hxxp://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm) to encrypt with your key = {0x5BCE568E, 0x0FB2E8CBC, 0x0A324E6D8, 0x0F22BF865} and delta = 0x61C886470 3. Convert value from step 2 to a hex string. 4. Use process explorer to get the value of -clienthash 5. Start the process: exec AgeOfConan.exe -clienthash -key For anyone who found this as annoying as I did, you're welcome.
    Last edited by Glitchy; 06-13-2008 at 12:18 PM. Reason: Tag post please

    These ads disappear when you log in.

  2. #2
    Yemmiz's Avatar Knight
    Reputation
    28
    Join Date
    Jun 2008
    Posts
    191
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    It's actually really quite simple.
    Riiight...

    Nice stuff, but I'm not a much into hex and stuff so I won't even try it :P would be neat to have that future build into that other program from that other thread on the forum

  3. #3
    alhaz's Avatar Corporal
    Reputation
    5
    Join Date
    Dec 2007
    Posts
    26
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Looks interesting but i dont understand.

    Is it possible to do a simple js or vbs to use this?

  4. #4
    Sychotix's Avatar Moderator CoreCoins User Authenticator enabled
    Reputation
    1054
    Join Date
    Apr 2006
    Posts
    3,185
    Thanks G/R
    165/245
    Trade Feedback
    1 (100%)
    yeah i looked into trying to do this by jumping a few checks... It didnt turn out to well. I was able to make it start to launch... but then it would go WTF!!!!!! and take up 100% of my CPU. Jumping a few checks would be alot easier than doing all that math and stuff =D.

    Wish they would have just done a check for username/password like Wolfteam did... I used to be able to do "yada/yada/yada/Wolfteam/Wolfteam.exe" username password and login just like that. /cough password was not needed so you could do "softnyx" or "gm" /cough. Too bad they fixed it though and you needed to convert your password to hex.

  5. #5
    Padwen's Avatar Member
    Reputation
    1
    Join Date
    Jul 2007
    Posts
    47
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    wait, does this bypass the game from updating?

    If so, we could go back to like, the opening live version (while others are on current version) and use the exploits they patched.

  6. #6
    Sychotix's Avatar Moderator CoreCoins User Authenticator enabled
    Reputation
    1054
    Join Date
    Apr 2006
    Posts
    3,185
    Thanks G/R
    165/245
    Trade Feedback
    1 (100%)
    highly doubt it. THe server would probably cut the connection cuz it would be like "WTF WRONG GAME DUDE!"

  7. #7
    foojoo's Avatar Sergeant CoreCoins User
    Reputation
    11
    Join Date
    May 2007
    Posts
    42
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    by the time you figure this out, the game would be done patching, and you can play :P

  8. #8
    raindog's Avatar Sergeant
    Reputation
    68
    Join Date
    Dec 2007
    Posts
    51
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    I might release a simple exe that will do this for you, I'm really surprised that people find this so tough...

  9. #9
    Yemmiz's Avatar Knight
    Reputation
    28
    Join Date
    Jun 2008
    Posts
    191
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    I might release a simple exe that will do this for you, I'm really surprised that people find this so tough...
    That would be great !

  10. #10
    hydraulix's Avatar Private
    Reputation
    1
    Join Date
    Apr 2008
    Posts
    2
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    yeah, that would be slick. any help would be appreciated greatly!

  11. #11
    Gele's Avatar Master Sergeant
    Reputation
    10
    Join Date
    Aug 2007
    Posts
    92
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Originally Posted by raindog View Post
    I might release a simple exe that will do this for you, I'm really surprised that people find this so tough...
    Yeah, that will be awesome.

  12. #12
    solariz's Avatar Private
    Reputation
    1
    Join Date
    Jul 2008
    Posts
    1
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Hi raindog,

    I read your note about the Age of conan launch which is protected by the client hash (md5) and a key. I'm currently trying to figure out how to generate this key. I`m not a C++ programmer I`m used to use C# which is kindly different. I successfully get a TEA encryption running in my code but I can't figure out some important things:

    1) the windows64 Time what exactly should this string look like ? In c# you only have other ways to generate this or use ext. libs

    2) you specified 3 keys for TEA + the delta. The original TEA implementation use only a string as key phrase do you have any tip for me how to get this working ?

    My Current function returns a string and accept a string as key:
    public string TEAEncrypt(string Data, string Key)

    Code:
            public void code(uint[] v, uint[] k)
            {
                uint y = v[0];
                uint z = v[1];
                uint sum = 0;
                uint delta = 0x9e3779b9;
                uint n = 32;
    
                while (n-- > 0)
                {
                    sum += delta;
                    y += (z << 4) + k[0] ^ z + sum ^ (z >> 5) + k[1];
                    z += (y << 4) + k[2] ^ y + sum ^ (y >> 5) + k[3];
                }
    
                v[0] = y;
                v[1] = z;
            }
    thanks alot.

  13. #13
    ct_bored's Avatar Private
    Reputation
    1
    Join Date
    Jun 2008
    Posts
    3
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    You can bypass the patcher by just changing one JL command in AoC to a JMP, or whatever else you want, really. Bit simpler than recreating encryption. You'll need some clienthash value, though I don't know how valid it has to be. I'm sure missing major patches would cause problems, but I can use the exact same clienthash and dummy (invalid) key values for days in a row with no problems.

    Basically I just patch on patch days and grab the clienthash from the patcher, and then startup without it until the next official patch day. All the little in-between updates don't seem to matter.

  14. #14
    ppilatee's Avatar Master Sergeant CoreCoins User
    Reputation
    25
    Join Date
    Feb 2008
    Posts
    115
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Originally Posted by ct_bored View Post
    You can bypass the patcher by just changing one JL command in AoC to a JMP, or whatever else you want, really. Bit simpler than recreating encryption. You'll need some clienthash value, though I don't know how valid it has to be. I'm sure missing major patches would cause problems, but I can use the exact same clienthash and dummy (invalid) key values for days in a row with no problems.

    Basically I just patch on patch days and grab the clienthash from the patcher, and then startup without it until the next official patch day. All the little in-between updates don't seem to matter.
    If anyone wants to manually patch around the loader, get out your favorite hex editor and follow these simple steps:

    1) BACKUP YOUR ORIGINAL AGEOFCONAN.EXE, you'll regret it patch days if you don't.

    2) Open AgeofConan.exe in your favorite hex editor

    3) Skip to the location: 0x02A05B

    4) Change the bytes: 746D
    to: EB6D

    5) Save, Close your editor, Run!

    This basically just jumps around the hash check all together.
    Last edited by ppilatee; 07-08-2008 at 01:03 PM.

  15. #15
    aoczek's Avatar Private
    Reputation
    1
    Join Date
    Jul 2008
    Posts
    2
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    simplest way:

    If you right click on your Age of Conan Shortcut and click properties you should see something like this

    "C:Program FilesFuncomAge of ConanAgeOfConan.exe"

    by adding -novideo to this, the game will open without the intro movies. Granted, Enter also skips the movies after they load, which takes about 1 second on a decent system. However, it takes a little while for videos to load on the minimum system, and thus several seconds are added to boot time.

    other commands:

    AgeOfConan.exe -novideo -noconsole -username %1 -password %2

Page 1 of 2 12 LastLast

Similar Threads

  1. Run Cata Heroics without wearing the required gear level
    By shadeslayor in forum World of Warcraft Exploits
    Replies: 10
    Last Post: 12-11-2010, 05:16 PM
  2. Replies: 2
    Last Post: 04-27-2008, 08:10 PM
  3. Replies: 4
    Last Post: 02-14-2008, 09:23 PM
  4. AV-botting without breaking the TOS?
    By Yorii in forum WoW PvP & Battlegrounds
    Replies: 5
    Last Post: 02-04-2008, 06:49 AM
  5. Replies: 7
    Last Post: 10-22-2006, 01:45 AM
All times are GMT -5. The time now is 11:29 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved. Digital Point modules: Sphinx-based search