BoneShay. Did you manage to make any progress?
Thanks dude, you're awesome, wish I could've been of more help on this. Gave up smashing my head on this problem as I clearly cannot do it with my nonexistent skills, but I am doing some CE tutorials right now and using the outdated .dll for the time being.
EDIT:
You said the .dll file is encrypted, well the confirmation packet that the server sent over had a 4 part encryption key inside. That might be what you need to decrypt the .dll file.
Join me here for easier communtication di scord.gg/5zfKzx
Last edited by mihai2mn; 11-15-2017 at 01:30 PM.
BoneShay. Did you manage to make any progress?
It's actually quite easy to get the overlay.dll itself (you're able to download the dll by simply requesting it in your browser (simply add /overlay.dll to their domain)),
but you can't just inject it and use it.
By the looks if it, they even managed to somehow detect the trial time bypass,
since it's loading and injecting just fine, but "magically" unloading itself after a few minutes (along with showing "timeout" in the top-left corner).
The access itself seems to be done via a set of different php files on their server, along with a certain set of "flags" (or whatever the additions to the URL are called).
Even the Days and hours left are managed via the request / response from the php files.
So, well, there might be a way to get it working, at least if you know what you're doing
I knew all that except how to get the .dll just by watching the packets which is why I focused on spoofing the packets but just couldn't get it to work with any softwere I tried using and don't know how to use python scapy which should actually do the job. Did you check to see if the encryption keys in the packets actually do anything?
This is what the confirmation packet for the trial has in it.
trialtime;&keyp1=0199C518&keyp2=019F0C40&keyp3=019 E6CD9&keyp4=019DB0D4&daysleft=0&hoursleft=0&da&key p10=06833afbef1f2314c536403cc8337cc3&keyp11=06833a fbef1f2314c536403cc8337cc3
Do you think you can do anything with this. Especially if you match it with the email and password this was generated for.
Im sure you can, because in that link with the Waroverlay files there were two packet injections that intercepted the Trial Time when placed in the same folder as the DLL, so if we can replace the DLL in that one with a new DLL (using what Audi said) and PRESTO! We got it! But thats for you to try because the Download link was taken down and I deleted the folder believeing it was useless :P
I still have the files and can upload them again. I tried injecting them myself but none of the softwere I knew how to use would work, everybody recomends using python scapy, but I can't even get it to start on my PC for whatever reason.
- - - Updated - - -
Last edited by Wyo; 11-18-2017 at 01:37 PM. Reason: Outside links not allowed
PenguinGuy1 (11-20-2017)
Ive been having the same problem, I just use Radare2 but I dont think itll work like Scapy. Thing is that it opens the Windows Command Prompt and crashes immediately. Maybe I can do the same thing in Radare2? I'll see what I can do.
EDIT: By the way, I tried the DLL replacement and it doesnt work. It just opens a window saying "Time out" and closes the injection so I think we need to do what youre trying if we really want to crack this hack. Manually inject the Packets.
Last edited by Boneshay; 11-18-2017 at 08:58 AM.
AfterGlow#1738 or join the server I made for this at d iscord.gg/8CeMr. Or give us your d scord username boneshay so we get in touch like that. We have a few people on here already.
Last edited by mihai2mn; 11-18-2017 at 10:46 AM.
News Force Head Editor from 09/14/2018 - 03/02/2020
Publicist from 11/23/2017 - 06/07/2019
Global Moderator since 09/24/2017
Minion+ from 04/16/2017 - 09/24/2017
Market Place Minion from 04/16/2017 - 09/24/2017
Minecraft Minion from 02/23/2017 - 09/24/2017
Realm of the Mad God Minion from 11/06/2016 - 09/24/2017
Middleman from 09/14/2016 - 09/24/2017
News Force Editor from 08/23/2016 - 09/14/2018
News Force (Section of the Week) from 03/21/2016 - 07/17/2017
News Force (User News) from 10/18/2015 - 09/14/2018
Donator since 03/16/2015
Realm of the Mad God Editor from 05/20/2014 - 07/08/2014
Member since 12/23/2012
Rep Power: 82
I'm working on a crack for WarOverlay right now. It would be alot easier for me if I got this to work: /showthread.php?t=1311106
It's about getting more free trails by changing IP address and HWID + mail address. I can't get that to work though. Anyone got any suggestions there or is it patched already?
mihai2mn:
I'm very interested in checking that thread out on tophope.ru but I don't speak Russian... Could you find the thread for me so I can run it through google translate at least?
Boneshay: I'm very interested in your approach too, freezing the timer. If you could give me any hints as to how to find the function. What microsoft functions does WarOverlay use for the timer?
I work mostly in Immunity Debugger or Olly Debugger. And after that C++ to program the crack, but in this case I will just patch/edit the Loader.exe file.
Maybe us three could get together on some chat somewhere and beat this? Lets do it. Or if you guys use skype etc for faster correspondence.
I'm interested in working with you mihai2mn and/or Boneshay. I've made some progress in trying to get the DLL injected without a valid subscription but I'm not there yet..
EDIT UPDATE:
First of all, turns out I didn't read the whole thread before posting hehe. Sorry about that. Anyways. I got the DLL file decrypted now, so I'm going to try to find the functions where that messagebox "time out" gets thrown from and work my way backwards from there.. Can we guys talk privately somewhere? Tell me if you have any suggestions.
Last edited by ernos; 11-25-2017 at 01:29 AM.
Hit me up on D scord at AfterGlow#1738. Myself and another guy did get something working, but i'm pretty sure it's too obvious to not get banned for. Would've replied yesterday but the forum didn't work.
Welcome to the struggle.
Last edited by mihai2mn; 11-26-2017 at 06:44 PM.