외국 해커들 중 실력이 너무 뛰어난 애들이 많아서 부럽습니다. 영어 원문 그대로 싣습니다. 번역하면 원뜻이 많이 훼손되므로..
This is the one on CEF:
Many of you have being saying CRC its patched, ITS NOT. The CRC script still works. But GameGuard has enabled its own CRC check aswell. The CRC script we use, bypasses Maplestory CRC, but not Gameguard's. When Maplestory detects a change in the process memory it just disconnects you to login screen (We can bypass that with our script and .cem file), after that GameGuard CRC will come up, if will detect the parameters changed, and you will get the error: Hacking Attempt Detected.
GameGuard has two main components that MapleStory loads; GameGuard.des & GameMon.des. Before MapleStory loads either of those files it first starts reading from MapleStory.INI, MapleStory.INI contains all the parameters for GameGuard's loading.
This its a decrypted MapleStory.ini:
On the line ''GAMECRC'' we notice a 2 right? A while ago it was 0 (Disabled) , but recently it changed to 2, enabling the GameGuard CRC. Now lets try to fix that ok? What its disconecting us, its that when we change the MapleStoryCRC ,GameGuard compares and notices the parameters of both CRC had been changed. So lets check it out:
First of all you will need an Unpacked .39 client. (Attachment)
Open up MapleStory with OllyDBG and set a breakpoint on CreateProcessA so GameMon traces backwards until you land on the GameGuard.des execution call, step over it and continue scrolling down manually until you see the MapleStory.INI file getting loaded then pay close attention until you see the GAMECRC being addressed, in that you should see a "PUSH 2"
52 PUSH EDX
6A 00 PUSH 2
68 64E07C00 PUSH MapleSto.007CE064 ;ASCII "GAMECRC"
E8 05660000 CALL MapleSto.00714A00
By changing the ''PUSH 2'' it to "PUSH 0" it turns the CRC off completely, succesfully bypassing the Gameguard CRC.
maplestory.ini 읽어질때까지 보면서 올리디버그 step over 하다가 PUSH 2 다음에 PUSH MapleStory.@@@@@@@@@@@; ASCII "GameCRC" 나오는 부분에서 PUSH 0으로 바꾸랍니다.
잡담 : 오늘 찰리채플린의 "살인광시대"를 봤는데 나름 재미있던데요 ㅎㅎ