Post new topic Reply to topic  [ 245 posts ]  Go to page Previous  1 ... 4, 5, 6, 7, 8, 9, 10 ... 17  Next
  Print view Previous topic | Next topic 
Author Message
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Sat Oct 03, 2020 1:20 pm 
Vagabond

Joined: Sat Oct 03, 2020 12:01 pm
Posts: 1
So l2 reborn:

Server is well populated on all lvl range and it gave you that old school feeling,people have shops even in talking island ,there is players around in starting zones so yes the server is alive and you will be pleasantly surprised .

But in the same time problems appear ,very bad quality of the server i need to confirme what other people post here:

-geodata bugs once i was jumping from clif in wasteland and after a black screen i found myslef in gludio :)))
- a small delay all the time before the character attack ,pick up ,etc
- mobs respawn is in sane( verry fast and always in the same place )
the overall look of the server is cheap and dusty



Their antibot captcha system is verry intrusive and aggresive you can be sent in jail for a wrong click(who can happend to anyone when you are tired). and even banned if you are unlucky .

Bans are again verry weird ,i read about bans that was argued that you used adrenaline a few weeks ago ,basically when the people defend them self that they are not using bots moderator answer that a few weeks ago their antibot system detected adrenaline on pc .

So you can receive a ban with the argument that even you are not using now 1 month ago your char used adrenaline.
I dont know about you but for me that system is verry weird.

Absolutely no freedom on forum ,all your posts need to be aproved from moderator to be posted.

the feeling is that you are under the dictatorship and you are all the time cheked like a criminal not to bot or dual box.
the server succes is based on 2 things:
- they managed to make all the comunity to vote ,because they give 50% more xp and adena as vote reward so everybody is voting every day.
-server is promoted as no dual box and people are attracted by this concept.

Now about no dual box concept ,well in my opinion is fake concept because one of the favorite ways of farming is using clan hall bufs .so people are going in CH take bufs and go on the spot to xp after 20 min come back and so on.
basically you are dualboxing with you clan hall :)) so what is the point of no dual box rule?

So if you going there and you want to play some support and you are expecting to be wanted by many people you will have a verry unpleasant surprise .because every body have clan hall bufs and potions.
In many spots mobs should be killed only with party that have high lvl bufs +dance and songs but people can solo-ed them only with clan hall bufs.
So yes this is the ,,interlude'' official like server

The only good thing there is that the server have good population and yes you can have fun there if you are not bothered about the things that i presented in my post.

For me personally the staff behavior is just to weird and quality is to bad .


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Sun Oct 04, 2020 11:48 am 
Forum Troll
User avatar

Joined: Sun Mar 02, 2008 4:40 pm
Posts: 12869
im amazed how long this trash server survived :D


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Sun Oct 04, 2020 3:55 pm 
Marquis
User avatar

Joined: Mon Mar 14, 2011 11:17 pm
Posts: 1146
Location: Cape Town,South Africa
GoDs3nD wrote:
im amazed how long this trash server survived :D


how its even possible ppl to join l2java x1 .... and its even worse then the ordinary java we are used to...


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Mon Oct 05, 2020 10:37 am 
Forum Troll
User avatar

Joined: Sun Mar 02, 2008 4:40 pm
Posts: 12869
bemyfrag wrote:
GoDs3nD wrote:
im amazed how long this trash server survived :D


how its even possible ppl to join l2java x1 .... and its even worse then the ordinary java we are used to...


i totally agree AHHAHA!
and theres more and more low rate javas opening....

i guess the trick was in the no dualbox marketing
it proved to be very effective in the wake of fakeovid19 pandemic

tbh l2 community deserves shit like this
the game is old and ppl shouldve already learned to recognize proper l2off files and good server setups

u see we have this proverb: "the guy who yells "jump" is not crazy, crazy is the guy who jumps " :D

crazy world we are living in :D


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Thu Oct 29, 2020 2:48 pm 
Vassal

Joined: Thu Oct 03, 2019 11:26 am
Posts: 20
Thanks for the feedback guys, it help us improve and makes us stronger!

Join us on the 31st of October for the first year anniversary for a chance to earn special prizes!

Best regards!


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Sun Nov 01, 2020 6:07 pm 
Marquis

Joined: Mon Jan 18, 2010 12:57 pm
Posts: 1022
I've always stayed quiet about Reborn, honestly only ever heard negative things but having never tried it myself, I am in no place to comment. Seeing how the admin team operate now however, can honestly say damn proper scum and clearly there is a whole lot of truth in the previous posts..

Its amazing seeing what they try to do to other servers as well as their threats...

Image

This server where they posted this hasn't even launched yet, they have the nerve to try these things and even comment about file quality. Bit late for April fools Reborn, at least I got first had views of how you try destabilize others.

_________________
L2Etina - the ultimate Interlude Chronicle server.

https://l2etina.com/
https://discord.gg/NjXZcnwWhT


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Sun Nov 01, 2020 6:08 pm 
Marquis

Joined: Mon Jan 18, 2010 12:57 pm
Posts: 1022
I've always stayed quiet about Reborn, honestly only ever heard negative things but having never tried it myself, I am in no place to comment. Seeing how the admin team operate now however, can honestly say damn proper scum and clearly there is a whole lot of truth in the previous posts..

Its amazing seeing what they try to do to other servers as well as their threats...

Image

This server where they posted this hasn't even launched yet, they have the nerve to try these things and even comment about file quality. Bit late for April fools Reborn, at least I got first had views of how you try destabilize others. Its funny as I am pretty sure reborn was inspired by PlusOneL2, which was of course inspired by retail, but whatever helps you sleep at night I guess.

_________________
L2Etina - the ultimate Interlude Chronicle server.

https://l2etina.com/
https://discord.gg/NjXZcnwWhT


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Mon Nov 02, 2020 11:15 am 
Forum Troll
User avatar

Joined: Sun Mar 02, 2008 4:40 pm
Posts: 12869
hadaaamn thats so low :D

i could judge so far only for the files because from the moment u log in u notice that everything is not as it should be - stuff like monster movement, casting and stuff even the way drops are picked up, the way mobs move in a train and even the respawn. However could never comment the allegedly corrupted and trash administration because i saw its garbage files and left after 2-3 hrs of playing.

however i can give them a taste of their own medicine lol :D
reborn will die as soon as rpg x1 launches in about 2 weeks, IL fanboys will have very good x1/x2 servers to choose from too based on quality vanganth pack:)


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Mon Nov 02, 2020 11:52 am 
Vassal
User avatar

Joined: Thu Mar 12, 2020 9:08 pm
Posts: 27
No Thanks
The Russian developer's makes L2 Servers for their own community/country only, all is edited with their own language.
They don't care about english community at all.
I tried to play once on the mega IL 10x.
And played 2,3 min there all things were in Russian language no ty.
Never tried to play on L2 Russian servers again.

_________________
[img]Test[/img]


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Tue Nov 10, 2020 10:43 pm 
Vassal
User avatar

Joined: Thu Jan 12, 2017 4:30 pm
Posts: 21
New players keep coming. The server is experiencing a new youth. It is still worth to start playing here. One of the few, unique server without bots, without a dualbox. You can feel like in the good old days. New players come, new clans arise.


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Tue Dec 15, 2020 12:17 am 
Vagabond

Joined: Fri Jul 10, 2020 8:45 pm
Posts: 3
All is good, but gm banned people for free..


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Wed Jan 13, 2021 1:20 pm 
Vagabond

Joined: Wed Jan 13, 2021 1:07 pm
Posts: 1
Oh thanks a lot I was worried too since I upgraded my signal using mywifiext but problem still persisted I thought there is some internal error


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Sat Jan 16, 2021 11:11 am 
Vagabond

Joined: Sat Feb 29, 2020 10:23 am
Posts: 9
up up up and well deserved

Still the best Interlude private server around even after all this time. New people are joining every day to check out the server and that is a sign of good health.
-Level 20-40 bosses are being hunted as soon as they spawn
-Lower level areas like Gludio/Dion are full of new players running around
-Shout/Trade active both for party searching and trading
-People are actually using the LFP feature which is very good and it's easy to join a random party

I think this project managed to deliver the experience of playing L2 "classic" as it was in the original Interlude Chronicle. It's not exactly perfect but nothing really is even the original Interlude was a kind of a mess. Ncsoft game lmao you know what kind of quality you can expect at the end of the day.

I used to play this before the global pandemic hit and just came back this last week. Made a new character (Cleric) pretty good experience so far as a solo player.


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Sun Jan 17, 2021 1:13 pm 
Forum Troll
User avatar

Joined: Sun Mar 02, 2008 4:40 pm
Posts: 12869
emprisedll wrote:
up up up and well deserved

Still the best Interlude private server around even after all this time. New people are joining every day to check out the server and that is a sign of good health.
-Level 20-40 bosses are being hunted as soon as they spawn
-Lower level areas like Gludio/Dion are full of new players running around
-Shout/Trade active both for party searching and trading
-People are actually using the LFP feature which is very good and it's easy to join a random party

I think this project managed to deliver the experience of playing L2 "classic" as it was in the original Interlude Chronicle. It's not exactly perfect but nothing really is even the original Interlude was a kind of a mess. Ncsoft game lmao you know what kind of quality you can expect at the end of the day.

I used to play this before the global pandemic hit and just came back this last week. Made a new character (Cleric) pretty good experience so far as a solo player.


noone believes u


Reply with quote
Top
 OfflineProfile  
 Post subject: Re: L2Reborn Interlude Retail x1
PostPosted: Sat Feb 13, 2021 1:26 am 
Vagabond

Joined: Sat Feb 13, 2021 12:37 am
Posts: 4
l2reborninterlude wrote:
<... boring ...>

Nobody forces you to play here, if you don't want to play here just don't do it, but as you may imagine we won't allow people posting false accusations of whether we are spreading trojans, because that's simply a lie, we have better things to do than that.


Now back to topic, you probably do not understand that we are not a company/business, and we don't make a living nor intend to do it by making this server.
<... boring ..>


Proof is what you want? You sure? Because X gon' give it to ya.

First of all, yes, you are a company/business called LUMBRALES SOFTWARE (JCH), which used to be a Limited Liability company in the UK before you moved back from London to Milton Keynes to Barcelona and re-incorporated there (or is your Privacy Policy pointing at a legal entity dissolved in 2017? uh-oh). I guess "optimising" Magento for 14 years was not generating enough income, so you decided to start this money cow? Whatever, just pointing out another lie.

Let's kick off by diffing the L2Reborn system directory against NCSoft ones. There are two: vanilla Interlude and the "December 2007" patched client, the last official Interlude client update before Kamael. Javi, I'll even use your favourite hashing algorithm, MD5, which is rubbish btw.

Code:
import sys
import hashlib
from pathlib import Path

VANILLA_PATH = Path("G:/diff/l2-it-vanilla")
DEC2007_PATH = Path("G:/diff/l2-it-final")

BAD_FILES = {}


def main():
    if len(sys.argv) != 2:
        print("[!] Give me a directory to compare to!")
        sys.exit(1)

    supplied_path = Path(sys.argv[1])
    if not is_good_game_path(supplied_path) \
            or not is_good_game_path(VANILLA_PATH) \
            or not is_good_game_path(DEC2007_PATH):
        print("[!] Invalid directory supplied")
        sys.exit(1)

    for entry in supplied_path.joinpath("system").iterdir():
        if not entry.is_dir():
            good_hashes = {}
            have_in_vanilla = VANILLA_PATH.joinpath("system", entry.name).exists()
            if have_in_vanilla:
                good_hashes["vanilla/" + entry.name] = md5file(entry)
            have_in_dec2007 = DEC2007_PATH.joinpath("system", entry.name).exists()
            if have_in_dec2007:
                good_hashes["final/" + entry.name] = md5file(entry)
            supplied_hash = md5file(entry)
            matched = False
            for key, value in good_hashes.items():
                if value == supplied_hash:
                    print("[+] Matched %s to %s (%s)" % (entry.name, key, supplied_hash))
                    matched = True
            if not matched:
                BAD_FILES[entry.name] = supplied_hash
                print("[-] Not matched %s (%s) " % (entry.name, supplied_hash))


def md5file(filepath) -> str:
    hash_md5 = hashlib.md5()
    with open(filepath, "rb") as f:
        for chunk in iter(lambda: f.read(4096), b""):
            hash_md5.update(chunk)
        return hash_md5.hexdigest()


def is_good_game_path(subject: Path) -> bool:
    return subject.exists() and subject.is_dir() \
           and subject.joinpath("system").exists() \
           and subject.joinpath("system").is_dir()


if __name__ == '__main__':
    main()


Still with me? These are the files in system folder that don't match up the NCSoft ones:

Code:
$ python dirdiff.py "G:/diff/l2-it-reborn" | grep "\[-\]"
[-] Not matched entry.dll (46560e7a8bdb427093f38d1d7a5e947b)
[-] Not matched eternal_head.u (1ca06c86cdc39de5aa26d2dd97677064)
[-] Not matched l2reborn.bin (637c3373d666e46d30eb820449cb2090)
[-] Not matched nosleep.dll (e70afa303842dba60ff0e8cefea3e513)
[-] Not matched npcname-e (a536ad535ca1b0bb350990df32a7bbf6)
[-] Not matched Properties of Interface (56a48250f3c42e68bf5afe2504b0da05)
[-] Not matched smallfont-pt.gly (30db8543d2954ae96ce45a0f12ded100)


Of these, we don't really care about Unreal Engine compressed data archives with textures, we don't care about renamed NPCs, fonts and the interface configuraiton file. We are left with:

  • entry.dll - something we'll examine in-depth in a moment,
  • nosleep.dll - a common background window performance patch,
  • l2reborn.bin - the antibot system, which raises some serious ethical questions.

I'm not sure that vague

Quote:
7.4 LUMBRALES SOFTWARE reserves the right to gather any additional required data to identify bot software used at any time and without notice.


will keep Data Protection and GDPR people happy, especially given you lie about not collecting personal and sensitive data (not credit cards, you know what I'm talking about) in the very next paragraph,

Quote:
7.5 LUMBRALES SOFTWARE does not collect any personal/sensitive data like credit cards, passwords, etc., and only store the minimum information required to identify forbidden software used to play in on his private server.


You left the juiciest bits out of your privacy policy, cheeky bastards. I won't publish the specifics of l2reborn.bin shenanigans in this post, but if someone decides to actually hand you to the regulators over it at some point, I won't turn down being their forensic expert.

Now, back to the thing I did come to post here. The proof that there's a backdoor in your client patch. Enter entry.dll. Let's have a look in IDA, the free one, shall we?

Please open the screenshots in a separate tab, pmfun forum theme crops them on the right hand side.

Image

Calling VirtualProtect and ShellExecuteW? This better not be a hook with a command execution backdoor. Let's see what's the code making these calls. Follow the cross-references:

Image

And arrive here:

Image


Based on this disassembly, our parameters when calling `ShellExecuteW` are:

Code:
ShellExecuteW(NULL, NULL, [edi+1], NULL, NULL, SW_SHOW)


Let's check the docs for this Windows API:

https://docs.microsoft.com/en-us/window ... llexecutew

Passing NULL as lpOperation defaults to "open".

https://docs.microsoft.com/en-us/window ... ell/launch

"open" means it

Quote:
Launches an application. If this file is not an executable file, its associated application is launched.


But what is [edi+1]? That means "take a value from CPU register EDI, add 1, and use that as a pointer to LPCWSTR". In other words, EDI+1 will have a pointer to some string - the filename or command to be executed. Where does it come from? Well, from arguments to this function, it's actually an offset of 1 into our first argument:

Image

So what's calling this function? It's never called directly from this library, its address is actually getting written somewhere:

Image

I'll rename it to ShellExecuteW_wrapper for now to make it easy to spot in the location we're about to jump to.

Image

What have we got here? A bunch of calls to VirtualProtect with our wrapper's address being written somewhere. This is actually starting to look like a hook now.

For those uninitiated, the tl;dr is that it's commonly used to make regions of process memory writeable, so that we can modify a process when it is already running on the system.

Here are full docs for VirtualProtect just for reference: https://docs.microsoft.com/en-us/window ... ualprotect

But is that the case here? What's the value of the flNewProtect argument? It's 0x40, corresponding to PAGE_EXECUTE_READWRITE, which you can read more about here: https://docs.microsoft.com/en-us/window ... -constants

So yes, this code here just makes certain regions of memory writeable. Which regions? Ones pointed to by lpAddress. I've looked at all of them, but this is the one we want to focus here to keep this longpost shorter: the one right before a reference to our sketchy-looking command execution function. It's stored in the EDI register. So this is what we have:

* Address of ShellExecuteW_wrapper in EAX
* Address of a writeable memory region of the process in EDI

I've annotated it using IDA comments:

Image

Now this code does something described in the x86 hooking bible under "Basic API Hooking": http://jbremer.org/x86-api-hooking-demystified/

It calculates the difference in addresses between the function being hooked and the hook, because it needs to be a relative address, and it's relative to the address of the instruction following the hook, which takes 5 bytes, hence the -5 in the calculation. Anyway, boring! The important takeaway is that EDI has the address of the function being hooked, so let's see what it is, because that's how we figure out what is being passed to ShellExecuteW as the filename to execute!

We have to travel to the top of this basic block to find that out. It's some value, stored at 0x10003408, and 0x102070 is added to it before it becomes our value in EDI. Typically, when you want to hook a function in a DLL, you know the OFFSET of that function from the start of the DLL, and the address of the DLL in memory. So, the value at 0x10003408 tells us which DLL is being hooked (it's likely the address of it), and 0x102070 is the offset in that DLL containing our function that is being hooked. Let's examine 0x10003408 to determine the DLL.

Image

Here we have another function in this binary writing a value to 0x10003408. Let's see what it is and finally solve our puzzle?

Image

Voila, it's engine.dll, the heavyweight component of the game that handles, among other things, network packets - the data exchanged between the game client and the game server. Let's open it up and see what is at file offset 0x102070?

If you're following along on your machine, note that this library was obfuscated by NCSoft, and it's a MASSIVE 30 megabyte library containing most of the game engine to begin with, so it will take a few minutes for IDA's disassembly to complete. Be patient.

Now let's select Jump->Jump to file offset and enter 0x102070. We arrive at Virtual Address 0x10402C70:

Image

So this is inside a function that makes a call to recv(), the standard function for receiving network packets from a socket. Just to be sure, let's check if recv() is called from lots of other places in engine.dll:

Image

No, it's not. You could probably go read some old posts about packet hacking in Lineage 2 if you would rather trust those than a throwaway account, but having done that I'm telling you now this is the function that receives network packets from the server and decides how to handle them.

There is a little bit more of boring disassembly and calling convention stuff involved here to explain step-by-step how a hooking trampoline works, how your hook accesses the arguments and the return values of the function being hooked, and all that will put you to sleep. Just read the link I've posted before if you're that interested: http://jbremer.org/x86-api-hooking-demystified/.

The gist of what's going on is this:

  1. The library writes its own hook into the function handling server packets
  2. The server sends a special packet that starts with byte 112 (0x70)
  3. The packet handling function in the client gets called
  4. The hook gets executed, hits the trampoline
  5. The trampoline calls the original function first, to actually read the packet from the network stack into the memory of the game process
  6. The hook examines if the received packet starts with byte 112 (0x70)
  7. If it does, the hook passes the remainder of the packet as the lpFile argument to ShellExecuteW
  8. That command gets executed on your machine

This simple operation allows server admins to implement a GM command that will execute any program on your computer by sending a special data packet to your game client. In other words, entry.dll is a backdoor, or a trojan horse - I don't think arguing about the exact term to call it is important at this point. You can chain multiple commands to write data to disk, then execute that data. In other words, L2Reborn admins can use this as a "dropper" in malware terms, something that uploads the final malicious payload to your machine and executes it.

I have just proven that yes, L2Reborn patch does in fact contain a classic backdoor. Bite me.

1/2 to be continued


Reply with quote
Top
 OfflineProfile  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 245 posts ]  Go to page Previous  1 ... 4, 5, 6, 7, 8, 9, 10 ... 17  Next

All times are UTC + 2 hours


Who is online

Users browsing this forum: No registered users and 32 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  


Contact | Cookies policy