[C#] Packet Decrypt Algo.

~~high6~~ · 03/23/2008, 19:59

Not sure if this is used for ever packet yet or just login. I believe it is for every packet because I didn't see a switch, anyways I will be doing a rewrite in C++ later along with C#/C++ of the encrypt algo. (Very tired, been up for 38 hours...). Also it looks very very messy because I just didn't feel like using "unsafe" code.

External link because the key is 65536 bytes and too much for a post :P.

You didn't hear it from me... Expect a clientless bot soon :P.

shen27 · 03/25/2008, 12:55

well done. keep it up.

auggie · 03/25/2008, 14:02

sorry for the noob question but wat does this do

Dirin · 03/25/2008, 14:29

Oh Baby. A foreseen downfall of cabal within months =]

~~high6~~ · 03/25/2008, 19:17

Encryption is done now I am writing out the different packets. I will release all of it later.

shiryo1 · 03/25/2008, 19:21

Quote:

Originally Posted by auggie

sorry for the noob question but wat does this do

He decrypted a complex algorithm packet.

~~high6~~ · 03/25/2008, 20:45

I think I might start an open source bot. Make an svn for it too.

Locketej · 03/25/2008, 22:49

i stil dont know what this does >_> <-------noobsauce

Krille · 03/26/2008, 06:05

Quote:

Originally Posted by Locketej

i stil dont know what this does >_> <-------noobsauce

I don't know if I'm exactly right about this but here it goes: The client(or the server) send packets(information) to the server(client?) wich get encrypted somewhere along the way. This encryption prevents the client from sending any packet he wants to to the server. But high6 now says he can decrypt and encrypt the packets and that means you can sen anything you want to the server and with that you can make a bot and stuff

I do not know if this is right. It just cam straight from my head and i basically know nothing about TCP/IP stuff or anythung so can someone please explain this a little more accurately :P

liquid` · 03/26/2008, 07:47

lol nice

mation · 03/26/2008, 17:37

Keep up the good job high6! I'm looking for your next release or svn and of course, I'll be helping you. In most cases, finding the algorithm is the hardest part of a packet bot.

Thanks! =)

~~high6~~ · 03/26/2008, 20:48

Encrypt function :P.

Keyss is the 65536 byte key from the decryption in the OP.

Code:

        void Encrypt(ref byte[] packet,PacketInfo PI)
        {
            uint size = (uint)packet.Length;
            Array.Resize(ref packet, packet.Length + 4);
            if (size < 0x0A)
                return;
            BitConverter.GetBytes(BitConverter.ToInt32(packet, 0) ^ PI.Key).CopyTo(packet, 0);
            uint Key = (BitConverter.ToUInt32(packet, 0) & 0x3FFF) * (uint)PI.Mul;
            Key = BitConverter.ToUInt32(Keyss, (int)(Key * 4));
            uint t = (size - 8) >> 2; //Shift right 2 = divide by 4
            uint t1;
            uint i = 8;
            while (t > 0)
            {
                t1 = BitConverter.ToUInt32(packet, (int)i);
                t1 = t1 ^ Key;
                BitConverter.GetBytes(t1).CopyTo(packet, i);
                t1 = (t1 & 0x3FFF) * (uint)PI.Mul;
                Key = BitConverter.ToUInt32(Keyss, (int)(t1 * 4));
                i += 4;
                t--;
            }
            t1 = Keys2[((size - 8) & 3)];
            t1 = ~t1;
            uint t2 = t1;
            BitConverter.GetBytes((t1 & Key) ^ BitConverter.ToUInt32(packet, (int)i)).CopyTo(packet, i);
            Array.Resize(ref packet, packet.Length - 4);
            /*
             * unused code.
            Key = (Key & 0x3FFF) * (uint)PI.Mul;
            t1 = (t1 & t2) ^ BitConverter.ToUInt32(Keyss, (int)(Key * 4));
            uint t3 = t1;
             */
            PI.Step = ((PI.Step + 1) & 0x3FFF);
            PI.Key = BitConverter.ToUInt32(Keyss, (int)((PI.Step * PI.Mul) * 4));
        }

Izeliae · 03/27/2008, 17:37

edit
this was to lock/krille
/edit

packets are the interface from client -> server -> client
if you lets say talk
you send a packet which is an array of bytes (ie: 1a 2b 3c 4d 5e 6f 07 08 09)
now to prevent hacking and good stuff of the sort, its encrypted
so what is actually sent to the server is more along the lines of (going by the above packet: 9c 7a 7e 8f 3c 32 01 00 00 8c 47 83 0c 0a f7 e2 a7 02 c4 00 00 c2 00)
that is the encryption. the server receives it then decrypts it back into the original packet (1a 2b 3c 4d 5e 6f 07 08 09) and says "ok he said this..." then sends a packet to everyone who saw the message which equally is encrypted by the server then decrypted by the client (magical i swear)

understand that?

anyways something it uses the same encryption/decryption so all you have to do is literally run the decryption routine for receiving packets on the encrypted, sometimes it uses different ones. afaik cabal uses diff ones, which you have to find the point where the packet stats the encryption and then reverse it using that routine, then change then encrypt and send. hacking received packets is kinda silly but it does have some advantages.

shen27 · 03/28/2008, 17:35

WoW, Encrypt function, nice.
Currently i playing Cabalsea, not sure the key will work for Cabalsea or not -.~

i trying to make pixel bot using VB, but the xtrap really drive me mad =.=
hook all the API i want to use. The API i want to get the pixel color has been hook, so i try using ReadProcessMemory to get the HP value, but this API also has been hook by xtrap, !@$%!@%% =.=

~~high6~~ · 03/29/2008, 02:48

Quote:

Originally Posted by shen27

WoW, Encrypt function, nice.
Currently i playing Cabalsea, not sure the key will work for Cabalsea or not -.~

i trying to make pixel bot using VB, but the xtrap really drive me mad =.=
hook all the API i want to use. The API i want to get the pixel color has been hook, so i try using ReadProcessMemory to get the HP value, but this API also has been hook by xtrap, !@$%!@%% =.=

The key is calculated in the exe at runtime so if you want to send me the sea exe I can check if its different.