나쁜남자의 블로그

https://pixabay.com/

이미지를 이용한 사업을 하시는분이나. 상업적 용도로 사용할 이미지를 잠깐 필요로 하실때.. 이거 이미지사용료 또는 가격이

장난이 아니죠..! 이런분들의 위한 싸이트 하나를 추춴해드립니다..!

여기에 있는 각종 이미지들은.. 상업적인 용도로 사용해도 전혀 법적인 제한이 없는 작품들이기에..

이지지 사용에 따른..사고에서 예방이 가능 합니다..^^*

1. Edit Xdata.txt with a hex editor (010 Editor)
2. Use replace and replace capital letters AA with a one numerical number from 1 to 9
3. Use replace and replace capital letters BB with a one numerical number from 1 to 9

Example:
AA8BB64c8529d2bd04b978bf5983fccd39
38BB64c8529d2bd04b978bf5983fccd39
(the excessive A gets auto removed when replacing, it is necessary to use two AA so it doesn't replace the Arms string)

4. Save the edited xdata.txt and drag and drop it to cozip so you get xdata.enc

Now your new MagicKey is XX3957823
Change your XOR keys and pack enc's and CabalMain.

Download: Multiupload.nl - upload your files to multiple file hosting sites!

NOTE: Editing is case sensitive, replace ASCII string.

To edit the clients cabalmain.exe version use resource hacker, its very easy.

Credits: PunkS7yle, SheenBR, Pierr
For: Unpacked main, EP2 magickey, pierrs cabalmain pack

Hello,

I want to share one query for all of you. Was looking on ragezone and couldnt find the query to disable gm buff in Nation War. Original query was shared by W3rnis. I added another line to disable the buff in nation war.

GM buff used in this tutorial is for Blessing Lv.3

Code:

BEGIN IF ((@CH_LEV < 201) AND (@CH_WORLDIDX != 15 | 16)) BEGIN SET @GMBuff = 0xCE01000001000000FD4E3200BDD02C00 END IF ((@CH_LEV < 201) AND (@CH_WORLDIDX = 15 | 16)) BEGIN SET @GMBuff = 0x END END

Find this

Code:

UPDATE cabal_last_login_character SET worldAuthKey = @WorldAuthKey WHERE UserNum = @userNUM IF @@ROWCOUNT = 0 BEGIN INSERT INTO cabal_last_login_character (UserNum, LastLoginChar, CharSlotOrder, WorldAuthKey) VALUES @userNUM, 0, 0, @WorldAuthKey) END

inside dbo.cabal_get_character

and add the query above below it. Run query to save the stored procedure

Even the player received GM buff in Channel 1,2,3, once he joined war lobby or TG, the buff will be automatically removed.

Hope it helps
-M

XDATA：
00437F22 NOP
00437F26 NOP

bike ：
007BE2F2

CORE+ 20：
0047271B - 83 78 40 0F - cmp dword ptr [eax+40],0F
00472A08 -83 7B 40 0F - cmp dword ptr [ebx+40],0F
00473D23 - 74 58 - je 00473D7D JMP
00473DB5 - 83 78 40 0F - CMP DWORD PTR [EAX + 40]，0F
0045EFC7 - 83 FE 14 - CMP ESI，0F
0070D6F6 6A 0F push 0xF
005E5014 0XF

RUNE：
0058A0C9 |. 6A 03 push 0x3
006334AA |. 6A 03 push 0x3
00588D88 |. 83F9 0C cmp ecx,25
005894C6 |. 83F8 0C cmp eax,25
0058722E - C7 05 E825E500 0F000000 - mov [00E525E8],0000000F


AP：
004D1754
0056EBE9

reputation：
0057CF98

XOR：
0043E462 XOR EAX，57
0043E474 XOR EAX，67
0043E486 XOR EAX，65
0043E497 XOR EAX，92

Language：
0053A28A JNZ 0053A36F> JMP 0053A36F
0040AA03 MOV DWORD PTR DS：[EAX + 0x75]，0X2


EFX：
00795D07 => 1h_staff_％ s_15。 efx
00795d6E => 1h_staff_％s_15.efx15.efx1

Remote warehouse：
007C3CC3

Staff address：
00795D1D |. 83FE 0C |cmp esi,0xC
00795D84 |. 83FE 0C |cmp esi,0xC

ECH：
00537FEF | CMP EAX，0C
00538112 | CMP EAX，0C

GPS：
0053A3EC CMP EAX，0B

Any number：
00414643 |. /0F84 D9000000 je 00414722

Auction house card slot：
0062B181 90 nop
0062AD33 90 nop

DEL MAXLEV：
0065FAD2

MoBS Hp：
0066F190 -NOP

Channel color：
006037FA |. C74424 1C 12D>|mov dword ptr ss:[esp+0x1C],0xFCDF6962

auction：
00A5DE48

------------------------------ -------------------------------------------------- ---------------
Keyboard move：
00705B4B - 6A 24 - push 23
00705B6E - 6A 23 - push 23
00705BF3 - 6A 24 - push 23
00705C16 - 6A 23 - push 23

Mouse movement：
007057A4 55 push ebp
007057A5 8BEC mov ebp,esp
007057A7 81EC 04040000 sub esp,0x404
007057AD 57 push edi
007057AE 68 FF030000 push 0x3FF
007057B3 8D85 FDFBFFFF lea eax,dword ptr ss:[ebp-0x403]
007057B9 6A 00 push 0x0
007057BB 50 push eax
007057BC E8 2F9E1F00 call 008FF5F0
007057C1 83C4 0C add esp,0xC
007057C4 6A 18 push 0x18
007057C6 B8 E2B70000 mov eax,0xB7E2
007057CB 66:8985 FCFBF>mov word ptr ss:[ebp-0x404],ax
007057D2 58 pop eax
007057D3 66:8985 FEFBF>mov word ptr ss:[ebp-0x402],ax
007057DA B8 BE000000 mov eax,0xBE
007057DF 66:8985 04FCF>mov word ptr ss:[ebp-0x3FC],ax
007057E6 A1 38DDA500 mov eax,dword ptr ds:[0xA5DD38]
007057EB 66:8B80 3C750>mov ax,word ptr ds:[eax+0x753C]
007057F2 66:8985 12FCF>mov word ptr ss:[ebp-0x3EE],ax
007057F9 66:A1 F8E1E40>mov ax,word ptr ds:[0xE4E1F8]
007057FF 66:8985 06FCF>mov word ptr ss:[ebp-0x3FA],ax
00705806 66:A1 FCE1E40>mov ax,word ptr ds:[0xE4E1FC]
0070580C 66:8985 08FCF>mov word ptr ss:[ebp-0x3F8],ax
00705813 66:A1 00E2E40>mov ax,word ptr ds:[0xE4E200]
00705819 66:8985 0AFCF>mov word ptr ss:[ebp-0x3F6],ax
00705820 66:A1 04E2E40>mov ax,word ptr ds:[0xE4E204]
00705826 66:8985 0CFCF>mov word ptr ss:[ebp-0x3F4],ax
0070582D 66:A1 08E2E40>mov ax,word ptr ds:[0xE4E208]
00705833 66:8985 0EFCF>mov word ptr ss:[ebp-0x3F2],ax
0070583A 66:A1 0CE2E40>mov ax,word ptr ds:[0xE4E20C]
00705840 66:8985 10FCF>mov word ptr ss:[ebp-0x3F0],ax
00705847 6A 18 push 0x18
00705849 8D85 FCFBFFFF lea eax,dword ptr ss:[ebp-0x404]
0070584F 50 push eax
00705850 A1 1C8CE700 mov eax,dword ptr ds:[0xE78C1C]
00705855 E8 567ED3FF call 0043D6B0
0070585A 8B0D 1C8CE700 mov ecx,dword ptr ds:[0xE78C1C]
00705860 E8 7E7ED3FF call 0043D6E3
00705865 C9 leave
00705866 C3 retn

the second part：
007058E3 /. 55 push ebp
007058E4 |. 8BEC mov ebp,esp
007058E6 81EC 04040000 sub esp,0x404
007058EC 68 FF030000 push 0x3FF
007058F1 8D85 FDFBFFFF lea eax,dword ptr ss:[ebp-0x403]
007058F7 6A 00 push 0x0
007058F9 50 push eax
007058FA E8 F19C1F00 call 008FF5F0
007058FF 83C4 0C add esp,0xC
00705902 6A 18 push 0x18
00705904 B8 E2B70000 mov eax,0xB7E2
00705909 66:8985 FCFBF>mov word ptr ss:[ebp-0x404],ax
00705910 58 pop eax
00705911 66:8985 FEFBF>mov word ptr ss:[ebp-0x402],ax
00705918 B8 C0000000 mov eax,0xC0
0070591D 66:8985 04FCF>mov word ptr ss:[ebp-0x3FC],ax
00705924 66:A1 F8E1E40>mov ax,word ptr ds:[0xE4E1F8]
0070592A 66:8985 06FCF>mov word ptr ss:[ebp-0x3FA],ax
00705931 66:A1 FCE1E40>mov ax,word ptr ds:[0xE4E1FC]
00705937 66:8985 08FCF>mov word ptr ss:[ebp-0x3F8],ax
0070593E 66:A1 00E2E40>mov ax,word ptr ds:[0xE4E200]
00705944 66:8985 0AFCF>mov word ptr ss:[ebp-0x3F6],ax
0070594B 66:A1 04E2E40>mov ax,word ptr ds:[0xE4E204]
00705951 66:8985 0CFCF>mov word ptr ss:[ebp-0x3F4],ax
00705958 66:A1 08E2E40>mov ax,word ptr ds:[0xE4E208]
0070595E 66:8985 0EFCF>mov word ptr ss:[ebp-0x3F2],ax
00705965 66:A1 0CE2E40>mov ax,word ptr ds:[0xE4E20C]
0070596B 66:8985 10FCF>mov word ptr ss:[ebp-0x3F0],ax
00705972 6A 18 push 0x18
00705974 8D85 FCFBFFFF lea eax,dword ptr ss:[ebp-0x404]
0070597A 50 push eax
0070597B A1 1C8CE700 mov eax,dword ptr ds:[0xE78C1C]
00705980 E8 2B7DD3FF call 0043D6B0
00705985 8B0D 1C8CE700 mov ecx,dword ptr ds:[0xE78C1C]
0070598B E8 537DD3FF call 0043D6E3
00705990 C9 leave
00705991 C3 retn


These addresses will completely repair your CabalMain

배치파일을 만들었는데 관리자 권한으로 실행시켜야할 때가 있습니다. 이럴 땐 아래 방법을 사용합니다. 


* 배치파일에 포함된 관리자 권한 실행 코드

@echo off
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if '%errorlevel%' NEQ '0' (
    echo 관리 권한을 요청 ...
    goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
    echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
    set params = %*:"=""
    echo UAC.ShellExecute "cmd.exe", "/c %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs"


    "%temp%\getadmin.vbs"
    rem del "%temp%\getadmin.vbs"
    exit /B


:gotAdmin
pushd "%CD%"
    CD /D "%~dp0"

Hello,

it's next of my short tutorial which showing how to edit basic things in Cabalmain.exe

​

What you will need to edit cabalmain.exe property?:

--- Ollydbg http://saintcabal.com/upload/ollydbg.rar (i hope rz staff won't kill me for that ^^) best version.

--- 010 Sweetscape editor (or other hex editor but i recommend to use 010)

​

Some knowledge at begining

​

What is XOR Key?: It's a key which help to make our files safe agaist steal or edits.

Xor key is needed to unpack the .enc files.

XOR Key's address in Cabalmain 374:

Code:

What is "load ech's" in cabalmain?: It's a amount of load visual files into our Cabalmain.

for ex. if u want load ech's 14 (man14.ech & woman14.ech) you need to change the load in cabalmain to "CMP EAX,0E"

​

Code:

List of all possible loads in cabalmain:

​

Code:

What is "load staff"?: It's an amount of load the wizard "staff" into Cabalmain - Not tested u do at ur own

​

Code:

What is "Remove file check ENC"?: FIle check is related to xData if u dont know how to setup it and u have problem with start game cause appear error "File corrupted or missing" just remove it from cabalmain. Below u have address and what to do:

​

Code:

Copyright @PunkS7yle

​

What is "Auction 4 slot load"?: It's allow to add 4 sloted items into Auction House

Code:

Someone release it but i can't find the thread, i had it in notepad. If u read it PM ME so i can add copyrights.

​

What is husky?: "husky" is a startup command in Cabalmain, it allow to open the game and connect to server using language.enc. To avoid stealing ur work or smth u can change the husky command to other 5 character word.

​

What is breaklee?: as up its startup command in cabalmain, it allow to open the game and connect to server using internal.txt. Breaklee allow to use SPECIAL commands for all users. To avoid connecting with breaklee command better is remove it from cabalmain.

​

Ok enought knowledge, now let's start editing the Cabalmain, firstly we start with edit the "husky" command

Open Cabalmain.exe in 010 Sweetscape editor (Remember that cabalmain must be unpacked) now press ctrl+f and serach for word "husky" u should find just one result.

Now in ASCII (right side) edit the command by REPLACING EACH LETTER (DO NOT USE BACKSPACE).

You can use just 5 bytes for the new command, it can be everything.

Save & Exit - now u start ur game with new startup command.

​

Let's now REMOVE the "breaklee" startup command, as up open Cabalmain in 010 editor.

Press ctrl+f and serach for word "breaklee" u should find just one result.

Now in left window side (hex) REPLACE each bytes of the breaklee world with "00"

Before:

http://saintcabal.com/upload/cabalmain_hex.png

After:

http://saintcabal.com/upload/cabalmain_hex_a.png

Save & Exit - now the breaklee command is disabled.

​

​

Ok, let's now start with Ollydbg, open cabalmain using ollydbg (remember cabalmain must be in folder where u have placed cabal files) also remember to run ollydbg as Admin!.

If u have already loaded cabalmain in ollydbg now Press "Ctrl+G" and put address where u want to jump.

Let's change the xor keys so. Ctrl + G and put adress "004A832F" and press enter.

http://saintcabal.com/upload/olly_xor.png

Here u have to edit 4 xor keys, just press on each xor SPACE and change the XOR EAX,85to your new key, after change press enter and close the window, do the same with all other keys. When u change them all Right Click mouse somewhere -> Copy -> Select ALL

if u have selected everything now again Right Click -> Copy to executable -> Selection

New window appear, on this window Right Click -> Save File - now replace or save it with new name and done :) u have changed xor keys.

By this way u do every modyfications in Cabalmain.

​

If something is not clear just ask below :)

I hope it helps, have fun.

Below are some WorldSvr offsets which I thought sharing might be useful for someone wanting to increase some server side limit such as maximum item or map support and etc.

​

Thanks to pierr32 for the World-ID limit offset.

Code:

In case of mistakes please don't hesitate to correct me, just be gentle this is my first post and first release as well - we're humans afterall :)