Programing Proxy problem.

inSertCoiN · 11/19/2007, 04:11

Hi,
I'm Building my own proxy from scratch in VB. Till now Its decrypting/encrypting packets and makes a log of them.
Now I'm ready to build a send packet function, but I got to a dead end which I can't figure out.

My function builds a sit packet and sends it. Heres an example how it looks like before its encrypted and send.

Quote:

1800F20334FCE71E269C1100FA0000000000000000005100

How I build the packet:

Quote:

PreparePacket = "1800F203" & TimeXOR(timeGetTime, MyID) & MyID & "FA00000000000000" & "00005100"

But after I send it nothing happens an Conquer gets disconnect error after about 10 sec. Heres my log of the packets starting after I send the packet till I get the disconnect error. I sat down few times till then for comparison.

*this packets followed after I have send the packet above*

Quote:

[ME <<< GameServer]

Hex:
1800F103269C1100000000001B0000001E5EF61E00000000

String:
..ñ.&œ...........^ö.....

[ME <<< GameServer]

Hex:
1800F20334FCE71E269C1100FA0000000000000000000100

String:
..ò.4üç.&œ..ú...........

[ME <<< GameServer]

Hex:
2000F403269C11000000000014CF386560E6F0442220CBC23F 6C5F7B00000000

String:
.ô.&œ.......Ï8e`æðD" ËÂ?l_{....

[ME >>> GameServer]

Hex:
2000F403269C110086E8E71E6D1C4A46455CBF4A30112F06DE 7A612960EA0000

String:
.ô.&œ...èç.m.JFE¿J0./.Þza)`ê..

[ME >>> GameServer]

Hex:
1800F103269C1110666AA7001B0000A0070CDF1E00000000

String:
..ñ.&œ..fj§.... ..ß.....

[ME <<< GameServer]

Hex:
1800F103269C1110666AA7001B0000A0070CDF1E00000000

String:
..ñ.&œ..fj§.... ..ß.....

[ME <<< GameServer]

Hex:
2000F403269C1100000000000E1D1021B813317E965DDC3D32 3CFCC100000000

String:
.ô.&œ.........!¸.1~–]Ü=2<üÁ....

[ME >>> GameServer]

Hex:
2000F403269C11008407E71E4E2F8033444D9A6817028A6989 62BF4B60EA0000

String:
.ô.&œ....ç.N/.3DMšh...i.b¿K`ê..

[ME >>> GameServer]

Hex:
1800F103269C1100000000001B00000071ACF61E00000000

String:
..ñ.&œ..........q¬ö.....

[ME <<< GameServer]

Hex:
1800F103269C1100000000001B00000071ACF61E00000000

String:
..ñ.&œ..........q¬ö.....

[ME <<< GameServer]

Hex:
2000F403269C1100000000007CA8291440F3BCF6849772F3A9 D8D24D00000000

String:
.ô.&œ......|¨).@ó¼ö.—ró©ØÒM....

[ME >>> GameServer]

Hex:
2000F403269C1100355FE71E7E6EC31D8B391A19CD405653BD 28510360EA0005

String:
.ô.&œ..5_ç.~nÃ..9..Í@VS½(Q.`ê..

[ME <<< GameServer]

Hex:
5900EC030000FF00D5070000F7010000000000000000000004 0653595354454D0D437265657059636F696E4D614E00264261 6420436F6E6E656374696F6E2E204C6F67206F666620617574 6F6D61746963616C6C792E000000

String:
Y.ì...ÿ.Õ...÷.............SYSTEM.XXXCENSOREDXX.&Ba d Connection. Log off automatically....

nataro · 11/19/2007, 05:11

Sounds like an awesome project! You should check some other Proxies coding out, See how they done it. Use java decompiler, DJ Java Decompiler may do the job I think.

Websites:

Download:

inSertCoiN · 11/19/2007, 05:24

Quote:

Originally Posted by nataro

Sounds like an awesome project! You should check some other Proxies coding out, See how they done it. Use java decompiler, DJ Java Decompiler may do the job I think.

Websites:
Download:

Well the main project is stand-alone client-emulator bot (next BJX

) but I needed 1st a program to log the packets so that I can study them + proxy is a good way to start with.

Not only that I don't program Java (but i can read good written code), but the codes of the proxys programed in Java are chaotic. It will take me 2-3 weeks to figure them out with my Java "skill".
Variables are named i,a,c... functions are named aaa,bsf...
People should respect programing standards. Not for the other people who get their hands on their source, but for themselves. In the past, when I was programing like that, if I returned to a project that I made 3-4 months ago, it would take me 1 day to figure out what I was doing.

PS. I think I know what my problem is, I'll post when I test it. Meanwhile please post solutions because maybe I'm wrong.

nataro · 11/19/2007, 05:27

Quote:

Originally Posted by inSertCoiN

Not only that I don't program Java (but i can read good written code), but the codes of the proxys programed in Java are chaotic. It will take me 2-3 weeks to figure them out with my Java "skill".
Variables are named i,a,c... functions are named aaa,bsf...
People should respect programing standards. Not for the other people who get their hands on their source, but for themselves. In the past, when I was programing like that, if I returned to a project that I made 3-4 months ago, it would take me 1 day to figure out what I was doing.

PS. I think I know what my problem is, I'll post when I test it. Meanwhile please post solutions because maybe I'm wrong.

a1blaster Posted a pretty handy post yesturday, Check it out if you haven't.

inSertCoiN · 11/19/2007, 05:43

I got the packet structure wrong... I'm missing X and Y.

Quote:

1800F20334FCE71E269C1100FA000000xxXXyyYY00005100

In case someone needs it:
Before you convert to coordinates you switch the bytes xxXX - > XXxx.
Same for Y.

nataro · 11/19/2007, 06:08

Quote:

Originally Posted by inSertCoiN

I got the packet structure wrong... I'm missing X and Y.

In case someone needs it:
Before you convert to coordinates you switch the bytes xxXX - > XXxx.
Same for Y.

I still don't understand a lot of that stuff yet, Though I do do a lot of Research and Reading on it, People tend 2 post Pretty handy info sometimes.

inSertCoiN · 11/19/2007, 07:27

I have tested it and still no luck.

My code:

Quote:

PreparePacket = "1800F203" & TimeXOR(timeGetTime, MyID) & MyID & "FA000000" & MakeXbt(xcord) & MakeYbt(ycord) & "00005100"

Sit packet just before I send my own (generated by Conquer):

Quote:

1800F203 9A7A9522 269C1100 FA000000D501F200 04005100
[ lng+id ][xorTime ][ Acc ID ][ empty ][ X,Y ][?+action]

Packet that I've send just after and didn't work:

Quote:

1800F203 07E28422 269C1100 FA000000 D501F200 00005100
[ lng+id ][xorTime ][ Acc ID ][ empty ][ X,Y ][?+action]

Looks like the only thing I'm doing wrong are the last 4 bt(actualy the 2 before the last 2)

Here are some sit packets:

Quote:

[ lng+id ][xorTime ][ Acc ID ][ empty ][ X,Y ] [ ??? ] [action]
1800F203 54119E22 269C1100 FA000000 D501F200 [0300] 5100
1800F203 00189E22 269C1100 FA000000 D401F200 [0200] 5100
1800F203 361D9E22 269C1100 FA000000 D401F200 [0200] 5100
1800F203 DF0FB701 269C1100 FA000000 D401F200 [0200] 5100
1800F203 B4269E22 269C1100 FA000000 D401F200 [0200] 5100
1800F203 D62D9E22 269C1100 FA000000 D501F200 [0600] 5100
1800F203 CD329E22 269C1100 FA000000 100D0A07 [0600] 5100

So can anyone please tell me what are those 2 bt or if its not that what am I doing wrong?

Real~Death · 11/19/2007, 08:52

i dont need coords for the sit packet
(MakeHex2("18 00 F2 03" & txa(timeGetTime, accid)) & accid & MakeHex2("FA 00 00 00 00 00 00 00") & MakeHex2("00 00 51 00"))
makes my sacob sit
(i knows yuors is different but dont know why you would need them but not me)
F2 03 packets have a bot check of some sort(i dont know for sure and if im wrong someone please tell me)try sending a non F2 03 packet
try sending somthing like this to walk left
(MakeHex2("0C 00 ED 03") & accid & MakeHex2("01 01 00 00"))
and see if you move and if you still get DCed

inSertCoiN · 11/19/2007, 11:57

Quote:

Originally Posted by Real~Death

try sending a non F2 03 packet
try sending somthing like this to walk left
(MakeHex2("0C 00 ED 03") & accid & MakeHex2("01 01 00 00"))
and see if you move and if you still get DCed

Nop, nothing is done and I got a disconnect error again.
I don't get it... Here are the packages. The 1st packet that is returned from the server is just the way it should be. That means that the server got the packet I intended to send. But why it doesn't work and why does it cause error ?

Quote:

[ME <<< GameServer]

Hex:
0C00ED03269C110001010000

String:
..í.&œ......

[ME >>> GameServer]

Hex:
1800F103269C1100000000001B0000003D1D982300000000

String:
..ñ.&œ..........=.˜#....

[ME <<< GameServer]

Hex:
1800F103269C1100000000001B0000003D1D9823C0770BE9

String:
..ñ.&œ..........=.˜#Àw.é

[ME <<< GameServer]

Hex:
3000F903269C110002000000FFFFFFFF000000000000000009 0000004200000000000000000000500000000000000000

String:
0.ù.&œ......ÿÿÿÿ............B..........P........

[ME <<< GameServer]

Hex:
3000F903269C110002000000FFFFFFFF000000000000000009 0000004500000000000000000000000000000000000000

String:
0.ù.&œ......ÿÿÿÿ............E...................

[ME <<< GameServer]

Hex:
3000F903269C110002000000FFFFFFFF000000000000000009 0000004800000000000000000000000000000000000000

String:
0.ù.&œ......ÿÿÿÿ............H...................

[ME <<< GameServer]

Hex:
2000F403269C1100000000009347B5C1F7725B98B7904848C4 317AFB00000000

String:
.ô.&œ......“GµÁ÷r[˜·.HHÄ1zû....

[ME >>> GameServer]

Hex:
2000F403269C110019DC82CADE0A14283043122B4F6157590E 3C4E7860EA0000

String:
.ô.&œ...Ü.ÊÞ..(0C.+OaWY.<Nx`ê..

[ME <<< GameServer]

Hex:
3000F903269C110002000000FFFFFFFF000000000000000009 0000004B00000000000000000000000000000000000000

String:
0.ù.&œ......ÿÿÿÿ............K...................

[ME <<< GameServer]

Hex:
5900EC030000FF00D5070000EE000000000000000000000004 0653595354454D0D437265657059636F696E4D614E00264261 6420436F6E6E656374696F6E2E204C6F67206F666670617574 6F6D61746963616C6C792E000000

String:
Y.ì...ÿ.Õ...î.............SYSTEM.XXCENSOREDXXX.&Ba d Connection. Log offpautomatically....

Queen-Of-Evil · 11/19/2007, 17:38

Quote:

Originally Posted by Real~Death

i dont need coords for the sit packet
(MakeHex2("18 00 F2 03" & txa(timeGetTime, accid)) & accid & MakeHex2("FA 00 00 00 00 00 00 00") & MakeHex2("00 00 51 00"))
makes my sacob sit
(i knows yuors is different but dont know why you would need them but not me)
F2 03 packets have a bot check of some sort(i dont know for sure and if im wrong someone please tell me)try sending a non F2 03 packet
try sending somthing like this to walk left
(MakeHex2("0C 00 ED 03") & accid & MakeHex2("01 01 00 00"))
and see if you move and if you still get DCed

F2 03 is a "DingDong" Packet, CO constantly sends and recieves them, going from one to the other, when the Reply packet from either end is failed it D/c's the client, Sort of a Bot check but Doesnt work properly as Most Proxys have a D/cing issue anyway

Insert your best bet would be to Ask iliveoncaffiene or Extreme-CO (* Possibly Tw3ak and Bone-You aswell

*)

inSertCoiN · 11/19/2007, 18:43

Quote:

Originally Posted by Queen-Of-Evil

F2 03 is a "DingDong" Packet, CO constantly sends and recieves them, going from one to the other, when the Reply packet from either end is failed it D/c's the client, Sort of a Bot check but Doesnt work properly as Most Proxys have a D/cing issue anyway

That indeed may be my problem.
The packet I send is not created or send by the client but the client gets response from the server that he have send the packet.
The first 2 solutions that came up my mind are:
1. Give the packet to the client so that he sends it himself. (but I don't know how to do that.)
2. Block the response packet from the server. (But the client won't know what I have done. Theoretically, if I block the sit response packet I wont get a disc, I wont see him seating but others will. Practically I don't think it will work because I already watched my test character with another client and he does nothing, just stands there and gets disconnected in about 10 sec.)

Anyway I'm stuck. i would really appreciate it if you keep the suggestions coming up. I know that someone who programed a proxy can end my mysteries in 1 minute

.

toreddo · 11/19/2007, 19:32

Dont think you can make a standalone client if you know all the packets.
There comes alot more hacking with it. Make it and your in botjail in couple of minutes.

Just preparing you.

Goodluck.
Toreddo

bone-you · 11/19/2007, 19:40

In my proxy I have a nifty function to handle all of this for me. DoAction. All I do is pass the action I want to do (250 for sit) and it sends it all.

Code:

void DoAction(int id)
{
	return;
	char cBuffer[30];
	memset(cBuffer, 0, 30);

	*(WORD*)(cBuffer) = 24;
	*(WORD*)(cBuffer+2) = 0x03F2;
	Timestamp();
	*(int*)(cBuffer+4) = G_iPing;
	*(int*)(cBuffer+8) = G_pGameClient->m_iCharID;
	*(int*)(cBuffer+12) = id;
	*(WORD*)(cBuffer+16) = (WORD)G_pGameClient->m_sX;//x
	*(WORD*)(cBuffer+18) = (WORD)G_pGameClient->m_sY;//y
	*(WORD*)(cBuffer+20) = 4;
	*(char*)(cBuffer+22) = 81;

	SendMessageToServer(cBuffer, 24);
}

That's the packet in its entirety.

I'm not sure if that helps, but it does work (as of 4356

) I haven't checked with the latest patches though..

Queen-Of-Evil · 11/19/2007, 20:54

Quote:
Originally Posted by bone-you
In my proxy I have a nifty function to handle all of this for me. DoAction. All I do is pass the action I want to do (250 for sit) and it sends it all.
Code:
void DoAction(int id)
{
	return;
	char cBuffer[30];
	memset(cBuffer, 0, 30);

	*(WORD*)(cBuffer) = 24;
	*(WORD*)(cBuffer+2) = 0x03F2;
	Timestamp();
	*(int*)(cBuffer+4) = G_iPing;
	*(int*)(cBuffer+8) = G_pGameClient->m_iCharID;
	*(int*)(cBuffer+12) = id;
	*(WORD*)(cBuffer+16) = (WORD)G_pGameClient->m_sX;//x
	*(WORD*)(cBuffer+18) = (WORD)G_pGameClient->m_sY;//y
	*(WORD*)(cBuffer+20) = 4;
	*(char*)(cBuffer+22) = 81;

	SendMessageToServer(cBuffer, 24);
}
That's the packet in its entirety.

I'm not sure if that helps, but it does work (as of 4356 ) I haven't checked with the latest patches though..

Works ^^

XtremeX-CO · 11/19/2007, 21:30

You forgot character ID.
3f4 is the check. 3f2 is just basically a general packet, used for lots of things, including jumping,sitting, exp etc..

assuming u start with the first byte being 0
byte 8-11 are char id.
byte 12-15 are the action.
byte 16,17 are your location (x)
byte 18,19 are your location (y)
byte 20,21 are your direction
byte 22 is the identifier 0x51