Best approach/method for newer client ?

Started by dfox, 29. Sep 2008, 17:54

previous topic - next topic
Go Down

dfox

Everything is running as it should (ftp/http), however what would be the best approach to modifing the newer client and running from the box ?

1. Injecting back -> nk.bin or can the client be executed from the client dir.
2. Hexing or Relfector as Relfector has been said to alter the final exe.

Also is it possible to start/run & use exectuables from the webgui as I dont see any indication of it running i.e shell.exe from the webgui.

Thanks :)

is0-mick

The latest client is not much different to the previous one, apart from they have encrypted nagravision dll's.

The problem with the newer version, is not the exe itself, but something to do with the kernel / filesystem as we cant seem to execute files outside of the windows folder again...

The best way we found to mod the code was to use ILDASM, and ILASM.
If modify a copy of the exe, and change all the private methods to public, you can then create a new project in visual studio and set a reference to your modified exe.

If you want to modify a class or method you can then use reflector, and paste the class into the project and use all the types and methods from the original exe in C#

Compile your project... ILDASM it, and then paste the IL code from your modified methods back into the original ILDASM, and recompile.

Mick

dfox

#2
04. Oct 2008, 14:39 Last Edit: 04. Oct 2008, 14:45 by dfox
Thanks Mick very informative info

Changes such as bool for example, when editing the il then compiling produces exe's that always require more compression (even commented out & bytes 00). Changes made directly to the exe seem to be more reliable when injecting back. Is the reason for this with binmod ? or must the file be as close to the original in size. The code would still not fit unless some of the original code was deleted to replace bigger modded code (in class/methods). Is it possible to just make variable changes to create standalone client as the GUID req is an object interested to know how Mick got as far as he did without the necessary data. Old client injects and runs however this doesnt seem to be of any benefit.

Is disabling the wintrust model the only hope to run a modded client. Wintrust changes made in the new kernel is their a major difference in code or a lazy adjustment somewhere like the old version.

Anyone have access to the old PKG version.  :-X

is0-mick


Thanks Mick very informative info

no problem :)


Changes such as bool for example, when editing the il then compiling produces exe's that always require more compression (even commented out & bytes 00). Changes made directly to the exe seem to be more reliable when injecting back. Is the reason for this with binmod ?

I think so, i think the compression level may be different, although im not 100%


Is it possible to just make variable changes to create standalone client as the GUID req is an object interested to know how Mick got as far as he did without the necessary data.

I just modded some switches, and bypassed a few bits that gave null references, but record didnt work and it broke other stuff.


Is disabling the wintrust model the only hope to run a modded client.

no, you could still inject it into the NK.BIN if its smaller.... But I had problems even doing that on the latest build? Theres something strange about the latest NK.BIN


Wintrust changes made in the new kernel is their a major difference in code or a lazy adjustment somewhere like the old version.

No idea, but the error reported now seems slightly different. It seems to indicate a "file not found" when trying to execute, but the file can be read fine.


Anyone have access to the old PKG version.  :-X

See PM.


Mick

mce2222

interestingly the new t-home firmware still runs code outside of /windows when the nk.exe patch is applied.

Go Up