Forum in READ ONLY mode! All questions and discussions on Discord official server, invite link: https://discord.gg/VxsGzJ7

it is not possible to use Stealth on some Shards

Only for requests.
newuser
Neophyte
Neophyte
Posts: 12
Joined: 13.07.2013 11:27

it is not possible to use Stealth on some Shards

Post by newuser »

Hi Guys,

i am really new to stealth, i checked it from web site and decided to download to enjoy this opportunity , unfortunatelly i realised that the shard i play is connector protected. if i use different client then they supply, the server disconnects me as soon as after login. After getting this i did some research for you guys to help you shortening time about whats going on and i found fallowing issues;

the shard uses connector program which injects some dlls while orginal client opening and after loggining dll send speacial some thing to sphere server to verify if the client is their offical client or not, if not server disconnects.

i simulate the sphere server on my lan network and connect with this shard's client then i found some strings that client sends to server for confirmation which is ;

ERROR:7:Event_ExtCmd unk 251, '9832c9c3a017f940069cb2ea43cdbd806b3add60,287f7980b291dd799150bbbedb39bd0a15f442ae,000672660000000000000000'


then i write on some sphere forums some guys told me that, i'm just pasting with quotes "That means that your client sent a 0x12 packet with 0xFB as subcommand (there is no 0xFB sub command) and sphere rejected it"

So is it possible to add stealt in configration section new features to immitate this kind of messages to connect these shard after learning that confirmation codes?

waiting for your developpings to be able to using of stealth feature. ( i can supply you some accounts / original client / server ip and port if you need)

regards
Crome696
Novice
Novice
Posts: 67
Joined: 04.03.2012 18:57
Location: Germany
Contact:

Re: it is not possible to use Stealth on some Shards

Post by Crome696 »

Hello NewUser,
Vizitor is currently off for work and its not guaranteed , that he will have time to look into it, but i will report it to CFA, that he takes a look as soon as possible he can do.
In past, a few Shards blocked Krrios Packets or other Clients and we were been able to avoid the block. So i think he will be able to solve this issue.
But I can´t promise, that this will be added or added soon, due the fact, that the current public Stealth Version is heavy outdated and the new Version not public provided yet.
So even if this would be added, it would take time until next public version will be released.
I will forward your Messages and hope we can respond soon.

Kind Regards

Crome
Last edited by Crome696 on 14.07.2013 15:13, edited 1 time in total.
Stealth Development Team & Support
User avatar
Vizit0r
Developer
Developer
Posts: 3958
Joined: 24.03.2005 17:05
Contact:

Re: it is not possible to use Stealth on some Shards

Post by Vizit0r »

newuser wrote:Hi Guys,

ERROR:7:Event_ExtCmd unk 251, '9832c9c3a017f940069cb2ea43cdbd806b3add60,287f7980b291dd799150bbbedb39bd0a15f442ae,000672660000000000000000'


then i write on some sphere forums some guys told me that, i'm just pasting with quotes "That means that your client sent a 0x12 packet with 0xFB as subcommand (there is no 0xFB sub command) and sphere rejected it"
packet and subcmd - it's nothing. Content of packet changing in different connections?

P.S. And use normal packetlogger. For example, conect this patched client to stealth.

I think, in nearest 2 month i will do nothin, because here traffic, and i can't loose it to uo
"Пишите код так, как будто сопровождать его будет склонный к насилию психопат, который знает, где вы живете". (с) Макконнелл, "Совершенный код".
newuser
Neophyte
Neophyte
Posts: 12
Joined: 13.07.2013 11:27

Re: it is not possible to use Stealth on some Shards

Post by newuser »

content of packet is always same, i'will try to use normal packetlogger to get something.i will reply here later on thankss
Crome696
Novice
Novice
Posts: 67
Joined: 04.03.2012 18:57
Location: Germany
Contact:

Re: it is not possible to use Stealth on some Shards

Post by Crome696 »

newuser wrote:content of packet is always same, i'will try to use normal packetlogger to get something.i will reply here later on thankss
btw 0x12 would be nonsense as Login packet :
http://docs.polserver.com/packets/index.php?Packet=0x12
Stealth Development Team & Support
User avatar
Vizit0r
Developer
Developer
Posts: 3958
Joined: 24.03.2005 17:05
Contact:

Re: it is not possible to use Stealth on some Shards

Post by Vizit0r »

who knows, what need author when insert this packet...
"Пишите код так, как будто сопровождать его будет склонный к насилию психопат, который знает, где вы живете". (с) Макконнелл, "Совершенный код".
newuser
Neophyte
Neophyte
Posts: 12
Joined: 13.07.2013 11:27

Re: it is not possible to use Stealth on some Shards

Post by newuser »

i did some packet sniffing but i couldnt understand anything cuz it is encryptet i think,

it is not a login packet because you can login with orginal 2.0.3 client to server but after a short time it disconnects you with message "client is not veryfied" this shard connector program works like this, they complied a dll file, and this connector program injects that dll to standart client 6.0.1, after logging in to server this client sends a verification code to server and server check this code if its correct lets you play on this shard and it is sphere script based protection but i couldnt manage to find how this client sends it i just coppied warning/status message from sphere server and i saw that this client sends always same content, and i wrote sphere forums they just replied as above and i did some research i found the sphere server script if it helps it is here

"
[FUNCTION mdialog]
dialogclose <strarg <args>>
dialog <args>

[FUNCTION F_Packet191]
if (<local.4> != 0b)
return 0
endif
ref1 <local.char>
ref1.consume 31 i_memory_connector

[DIALOG d_connector]
0,0

nomove
noclose
resizepic 0 0 3200 2048 1800
dtextentrylimited 1 1 1 1 0481 1 1

PAGE 1
dhtmlgump 100 100 400 20 0 0 <def.h4><def.bfont_yellow>VERIFYING PLEASE WAIT.

PAGE 2
dhtmlgump 100 100 400 20 0 0 <def.h4><def.bfont_yellow>NOT OFFICIAL CLIENT FOR THIS SHARD.
dhtmlgump 100 120 550 20 0 0 <def.h4><def.bfont_yellow>PLEASE DOWNLOAD A CONNECTOR FROM WEBSITE.

[ITEMDEF i_memory_connector]
id i_memory
name connector memory
type t_eq_script

ON=@Timer
if (<cont.isplayer>)
cont.sysmessage @0481,0 Wrong Enterance!
trysrc <cont> mdialog d_connector,2
try cont.disconnect
endif
remove
return 1

ON=@UnEquip
cont.trigger @Connector,2,1

[EVENTS e_connector]
ON=@Connector
src.sysmessage @,,1 <serv.name> Welcome To our Shard.

ON=@LogIn
src.mdialog d_connector,1
serv.newitem i_memory_connector
src.equip <new>
new.timer 10

ON=@UserExtCmd
if (<eval(<argn1>)> == 251)
if (strmatch("<argv[0]>","'9832c9c3a017f940069cb2ea43cdbd806b3add60")) && strmatch("<argv[1]>","287f7980b291dd799150bbbedb39bd0a15f442ae")
src.dialogclose d_connector
src.consume 31 i_memory_connector
return 1
else
serv.log UserExtCmd Argn1: (251), Argv[0]: (<argv[0]>), Argv[1]: (<argv[1]>)
endif
elseif (<eval(<argn1>)> == 255)
src.go Star
src.stone 1
serv.log UserExtCmd Argn1: (<eval(<argn1>)>), Argv[0]: (<argv[0]>), Argv[1]: (<argv[1]>)
endif

[EOF]
""

That is the sphere server script for this protection system but i couldnt find "000672660000000000000000" this part of string in the script hope this will help you
User avatar
Vizit0r
Developer
Developer
Posts: 3958
Joined: 24.03.2005 17:05
Contact:

Re: it is not possible to use Stealth on some Shards

Post by Vizit0r »

ERROR:7:Event_ExtCmd unk 251, '9832c9c3a017f940069cb2ea43cdbd806b3add60,287f7980b291dd799150bbbedb39bd0a15f442ae,000672660000000000000000'
if (<eval(<argn1>)> == 251)
if (strmatch("<argv[0]>","'9832c9c3a017f940069cb2ea43cdbd806b3add60")) && strmatch("<argv[1]>","287f7980b291dd799150bbbedb39bd0a15f442ae")
all is correct, values same

P.S. But the packet contents from normal packet logger i need anyway
"Пишите код так, как будто сопровождать его будет склонный к насилию психопат, который знает, где вы живете". (с) Макконнелл, "Совершенный код".
newuser
Neophyte
Neophyte
Posts: 12
Joined: 13.07.2013 11:27

Re: it is not possible to use Stealth on some Shards

Post by newuser »

can you recommend a packet logger that you use most of time? and do you need an orginal client sniffes as well to compare if yes which version?

and if you want i can supply you test accounts and this client of shard with ip adres etc

thanks
User avatar
Vizit0r
Developer
Developer
Posts: 3958
Joined: 24.03.2005 17:05
Contact:

Re: it is not possible to use Stealth on some Shards

Post by Vizit0r »

i don't know version of your client)

1) Folko's UOLogBin- http://stealth.od.ua/RU/Site/Downloads

2) just connect to some shard from stealth, than select this client in stealth's shard settings, start it and try to connect - packet log will be created (if packet logging enabled - by default).
"Пишите код так, как будто сопровождать его будет склонный к насилию психопат, который знает, где вы живете". (с) Макконнелл, "Совершенный код".
newuser
Neophyte
Neophyte
Posts: 12
Joined: 13.07.2013 11:27

Re: it is not possible to use Stealth on some Shards

Post by newuser »

shard uses version 6.0.6.1 but they have their own .dll file to hook this client so i couldnt manage to run stealth with this client and folko login aswell because folko doesnt find the client i think because of client.cfg , there is nothing for 6.0.6.1.

so i downloaded this program ; http://www.nirsoft.net/utils/socket_sniffer.html

and did 2 sniffs

1- with original client 6.0.6.1 ( server dissconects me after selecting character and logging in )

2- with this shards connector

regards
Attachments
Shard Connector.txt
shards connector hooks the client with their .dll
(16.74 KiB) Downloaded 496 times
Original Client (6.0.6.1).txt
original 6.0.6.1
(19.32 KiB) Downloaded 491 times
User avatar
Vizit0r
Developer
Developer
Posts: 3958
Joined: 24.03.2005 17:05
Contact:

Re: it is not possible to use Stealth on some Shards

Post by Vizit0r »

put client + dll to archive, and upload anywhere - will see.
"Пишите код так, как будто сопровождать его будет склонный к насилию психопат, который знает, где вы живете". (с) Макконнелл, "Совершенный код".
newuser
Neophyte
Neophyte
Posts: 12
Joined: 13.07.2013 11:27

Re: it is not possible to use Stealth on some Shards

Post by newuser »

this is turkish shard and it can ask you to Locate UO.exe in ultima online directory for fist time, when you run launcher

in WACNM.dll you can find firs part of code "9832c9c3a017f940069cb2ea43cdbd806b3add60" in text , and second part of code "287f7980b291dd799150bbbedb39bd0a15f442ae" is inside WACNM.dat you have to open with hex editor, when you check the hex codes of content this file its the second part of code.

if you want i can send you an account on this shard.

here is the link for archive its about to 26.7 mb


http://www.megafileupload.com/en/file/4 ... r-rar.html


regards
User avatar
Vizit0r
Developer
Developer
Posts: 3958
Joined: 24.03.2005 17:05
Contact:

Re: it is not possible to use Stealth on some Shards

Post by Vizit0r »

newuser wrote:folko login aswell because folko doesnt find the client i think because of client.cfg , there is nothing for 6.0.6.1.
http://www.runuo.com/community/threads/ ... ker.15411/

don't use network sniffer - because uo traffic packed, and to unpack your sniffs to normal packets - i must write special tool, what sense?
"Пишите код так, как будто сопровождать его будет склонный к насилию психопат, который знает, где вы живете". (с) Макконнелл, "Совершенный код".
newuser
Neophyte
Neophyte
Posts: 12
Joined: 13.07.2013 11:27

Re: it is not possible to use Stealth on some Shards

Post by newuser »

Vizit0r i managed to got something from folko, i did some research and find the keys for 6.0.6.1 and now folko works, i'm sending you this packet with pm

regards
Post Reply