Yommy Posted November 30, 2012 Posted November 30, 2012 since many will know, gravity started to protect the ragnarok client with Themida since 2012-07-24aRagexeRE if anyone is able to unpack the clients back to normal, it would help alot Thank you Yom 4 Quote
0 Rynbef Posted January 6, 2024 Posted January 6, 2024 Does anyone have the unpacked files? It will help me to reinforcement engineering. Rynbet~ Quote
k3dT Posted March 7, 2013 Posted March 7, 2013 (edited) Hi Yommy, Here is unpacked 2012-10-17bRagexeRE client (all credits goes to my friend giv). http://k3dt.eu/2012-10-17bRagexeRE-unpacked.exe if you need unpack some other versions, contact me at irc://irc.reborn.cz/reborn Edited March 7, 2013 by k3dt 5 Quote
Judas Posted March 7, 2013 Posted March 7, 2013 this is great =) can you do march 2013? Rytech would probably appreciate this alot Quote
Lemongrass Posted March 7, 2013 Posted March 7, 2013 The problem is that you cant use a diffpatcher on those yet... Quote
k3dT Posted March 7, 2013 Posted March 7, 2013 (edited) Judas: No problem... only problem is that the process is very time consuming... so please be patient. Edited March 7, 2013 by k3dt 2 Quote
Judas Posted March 11, 2013 Posted March 11, 2013 client seems to work well =) Just have to tinker with some stuff Quote
Rytech Posted March 13, 2013 Posted March 13, 2013 Woa this is interesting. Someone was finally able to crack it and get a actual usable client from it (Im guessing its usable in its state). Text like job names and message strings are visible within the client and it even shows its client date of October 27, 2012. Its a sure sign of progress on things. Their's a number of other resources that will need to be worked on before these newer clients are fully usable. Lemongrass pointed out one of them being diffs. The client has changed around due to the packing/unpacking stuff. Another is packets and packet lengths, 3rd is a updated msgstringtable.txt, and the 4th and final one is lua files which we currently have some severely outdated decompiled lua files, along with the wondering of what lub's the client officially uses and no longer uses. Their's a lot of work to be done to catchup to things. Honestly I wouldn't bother with anything until the day gravity adds all those new skills to the main kRO server. Whatever date that is is the client data we should focus on. That way we wont be expecting any feature or animation updates for a while. Thats my suggestion. Awesome work by the way. Quote
Relzz Posted March 13, 2013 Posted March 13, 2013 (edited) Then the only thing left is re-translate all the lua files and make another Artificial Inteligence Manager.. im waiting that day .. This is the script that you're using? It's really confusing to me.. xD i need to learn more about this :I http://k3dt.eu/Themida%20-%20Winlicense%201.x%20-%202.x%20Multi%20PRO%20Edition%201.2.txt Edited March 13, 2013 by M45T3R Quote
Judas Posted March 14, 2013 Posted March 14, 2013 @k3dt, any update on the latest unpacked ragexeRE client? It seems like the level 160 aura is controlled by the effect files now, if people dont' know about it. So this will be a lot easier than the old way than hexing to add the level 160 aura in for the older clients: This is as far as I can go because the packet tools we have available now all fail, probably because what rytech said above that the client has been unpacked and maybe it's hard to get them now. Quote
k3dT Posted March 17, 2013 Posted March 17, 2013 Then the only thing left is re-translate all the lua files and make another Artificial Inteligence Manager.. im waiting that day .. This is the script that you're using? It's really confusing to me.. xD i need to learn more about this :I http://k3dt.eu/Themida%20-%20Winlicense%201.x%20-%202.x%20Multi%20PRO%20Edition%201.2.txt Yes.. this is script for Ollydump plugin for OllyDbg, but it is only part of demangling/dumping/fixing/rebuilding process... @k3dt, any update on the latest unpacked ragexeRE client? Sorry.. As I wrote at IRC, I need dedicated windows machine now :/ It's hard to catch Giv anymore, but he told me all what to to. Quote
k3dT Posted March 17, 2013 Posted March 17, 2013 (edited) I figured out how to unpack Themida inside VMware.. Here is unpacked latest exe (2013-03-13c): http://k3dt.eu/2013_03_13c_RagexeRE_unpacked.exe (my first try.. but size should be OK) EDIT: AV scan looks great.. http://virusscan.jotti.org/en/scanresult/347e5f1cae73e4863274ec96949358c9af15642f Edited March 17, 2013 by k3dt Quote
Judas Posted March 17, 2013 Posted March 17, 2013 thanks! I'll try it out, it seems it doesn't produce any packets though as 10-17 did EDIT: Is there anyway you can try again? Unless these newer clients something else was added onto it? I kinda doubt that though. I tried to do the packet obfuscation and it won't work. But the 10-17 unpacked I was able to do it Quote
k3dT Posted March 18, 2013 Posted March 18, 2013 (edited) Everything seems fine. They must changed something. here is unpacked first themida-protected exe I found.. - http://k3dt.eu/2012-08-08dRagexeRE_dumped.exe (i'm able to extract encryption keys from this, can you try extract packetdb - which tool you use?) Edited March 18, 2013 by k3dt Quote
Judas Posted March 18, 2013 Posted March 18, 2013 yeah that works, so I guess they did change something up in the newest 2013 clients 1 Quote
k3dT Posted March 18, 2013 Posted March 18, 2013 I will unpack more EXEs today... we will see. 1 Quote
k3dT Posted March 19, 2013 Posted March 19, 2013 (edited) My mirror of (protected yet) RagexeRE: http://k3dt.eu/RagexeRE/ Gravity changed compiler from Visual Studio 9.0 to 10.0 first in 2013-01-15aRagexeRE.exe Unpacked clients available soon (here http://k3dt.eu/RagexeRE/unpacked/ ) edit: all done Edited March 19, 2013 by k3dt 2 Quote
Judas Posted March 19, 2013 Posted March 19, 2013 awesome Thanks for telling what's been changed. So I guess we can only go up to 2013-01-09aRagexeRE. Quote
Lemongrass Posted March 19, 2013 Posted March 19, 2013 Thank you k3dt. Mind telling me how you were able to run this with VmWare? And would it be possible that you also unpack and upload the main server client files? Quote
k3dT Posted March 19, 2013 Posted March 19, 2013 (edited) Thank you k3dt. Mind telling me how you were able to run this with VmWare? And would it be possible that you also unpack and upload the main server client files? you need paste this to your .vmx file: monitor_control.restrict_backdoor = "TRUE" isolation. tools.getPtrLocation.disable = "TRUE" isolation. tools.setPtrLocation.disable = "TRUE" isolation. tools.setVersion.disable = "TRUE" isolation. tools.getVersion.disable = "TRUE" monitor_control.disable_directexec = "TRUE" and change display adapter name to empty string (in registry). HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class/{4D36E968-E325-11CE- BFC1-08002BE10318}/0000 Double Click on "DriverDesc" and erase the value. Then uninstall VMware tools and shutdown windows (!) an start again. Tested only on VMware Fusion (OSX 10.8.3) and Windows XP SP3 as host. Unpacking newer RagRE/RagEXE's should not be problem.. now it's quick and easy. EDIT: http://k3dt.eu/Ragexe/ http://k3dt.eu/Ragexe/unpacked/ Now Yommy can unpack EXE's too... Edited March 20, 2013 by k3dT 2 Quote
Yommy Posted March 19, 2013 Author Posted March 19, 2013 k3dt, do athena a favour, and dont make the RE clients, these are for the sakray server. instead you should force athena to use the main server client, ragexe.exe <3 3 Quote
Question
Yommy
since many will know, gravity started to protect the ragnarok client with Themida since 2012-07-24aRagexeRE
if anyone is able to unpack the clients back to normal, it would help alot
Thank you
Yom
41 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.