[PACKETBOT] Why it is still possible!

Page 2 of 3 1 2 3
08/31/2013 13:40 Havelock_Vetinari#16
Quote:
Originally Posted by Nonge_II View Post
also heist das es doch möglich ist mit packet bots zu arbeiten ?
Möglich ist/war es immer.... Kommt halt nur darauf an wieviel Arbeit man dort reinstecken muss
08/31/2013 13:44 Nonge_II#17
Quote:
Originally Posted by Alex_II View Post
Möglich ist/war es immer.... Kommt halt nur darauf an wieviel Arbeit man dort reinstecken muss
aber so wie ich es jetzt verstanden habe , ist es nich viel - oder habe ich es doch bischen falsch verstanden ?
08/31/2013 13:47 iṄk#18
Of course it's possible to do it. But after every BP update, you have to synchronize your protocol with the SeafightMain changes and that is just too much work.
08/31/2013 13:48 Havelock_Vetinari#19
Quote:
Originally Posted by Nonge_II View Post
aber so wie ich es jetzt verstanden habe , ist es nich viel - oder habe ich es doch bischen falsch verstanden ?
Es ist sehr viel Arbeit... Das was hier gezeigt wurde sind nur ein paar Sachen. Damit kannst du noch lange keinen Bot machen
08/31/2013 13:55 Maurice#20
Quote:
Originally Posted by iṄk View Post
Of course it's possible to do it. But after every BP update, you have to synchronize your protocol with the SeafightMain changes and that is just too much work.
Isn't needed, they do not update the send function only the features.. because there's not yet been any packetbot again, they will remain stucking on the same send function. and this function just grabs the packet ID based on this it decrypt/encrypt's the packet, still it is the same mechanism as before, but no strings anymore, but bytearray's..

I'm allready started, but my laptop die'd and I have an new PC so I've been downloading C# & started again, but still it's just too easy if u understand the code/lang..
08/31/2013 14:03 iṄk#21
The packet ID is the problem.
It always changes. There is no algorithm to know which packet ID means what.
You could update the packet ID with protocol analyzing after every BP update, but as I said.. too much work in my opinion.
08/31/2013 14:06 Maurice#22
Quote:
Originally Posted by iṄk View Post
The packet ID is the problem.
It always changes. There is no algorithm to know which packet ID means what.
You could update the packet ID with protocol analyzing after every BP update, but as I said.. too much work in my opinion.
O I bet there's in the swf a sort of array which contains the so called new "PacketID's" so a grabber is not hard to make for that..
08/31/2013 14:11 iṄk#23
So you've got an array like
1937, 3874, 443, 3455, 5354, 3245, 232, ...

And now?
The problem is, that you do not know, which ID represents which type of message.
You can try to suggest but in the end, you need to analyze.
08/31/2013 14:22 Maurice#24
Quote:
Originally Posted by iṄk View Post
So you've got an array like
1937, 3874, 443, 3455, 5354, 3245, 232, ...

And now?
The problem is, that you do not know, which ID represents which type of message.
You can try to suggest but in the end, you need to analyze.
Well you do.. u can sniff them, and create a packet decrypter with the encrypt/decrypt function of the swf, then look what is what and get the ID etc. then if there's an update u can compare the old one on the same place of the new one, and you know the ID's to..
08/31/2013 14:38 iṄk#25
They are not on the same positions..
But I don't want to be the party pooper, so try it on your own. Maybe you've got enough time to handle a project like this. :)
08/31/2013 14:56 Maurice#26
My re-programmed IncomingBotResponse.cs class since I've my new PC..

Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;

namespace wBot___SeafightEdit.Utilities
{
    public class IncomingBotResponse
    {
        public byte[] arr;
        public IncomingBotResponse(byte[] iArray)
        {
            try
            {
                if (BitConverter.IsLittleEndian)
                    Array.Reverse(iArray);
                arr = iArray;
            }
            catch { }
        }

        #region "readInt32"
        public Int32 readInt32()
        {
            return BitConverter.ToInt32(arr, 0);
        }

        public Int32 readInt32(int ofs)
        {
            return BitConverter.ToInt32(arr, ofs);
        }
        #endregion

        #region "readShort"
        public short readShort()
        {
            return BitConverter.ToInt16(arr, 0);
        }

        public short readShort(int ofs)
        {
            return BitConverter.ToInt16(arr, ofs);
        }
        #endregion

        #region "readString"
        public String readString()
        {
            return BitConverter.ToString(arr, 0);
        }

        public String readString(int ofs)
        {
            return BitConverter.ToString(arr, ofs, arr.Length);
        }
        #endregion

        #region "readBool"
        public Boolean readBool()
        {
            return BitConverter.ToBoolean(arr, 0);
        }

        public Boolean readBool(int ofs)
        {
            return BitConverter.ToBoolean(arr, ofs);
        }
        #endregion

        #region "readDouble"
        public Double readDouble()
        {
            return BitConverter.ToDouble(arr, 0);
        }

        public Double readDouble(int ofs)
        {
            return BitConverter.ToDouble(arr, ofs);
        }
        #endregion

    }
}
08/31/2013 17:37 _Creator_#27
Quote:
Originally Posted by iṄk View Post
The packet ID is the problem.
It always changes. There is no algorithm to know which packet ID means what.
You could update the packet ID with protocol analyzing after every BP update, but as I said.. too much work in my opinion.
Let the packet IDs change - the code that generates each single packet will stay the same, even obfuscated.

Since you can be sure that they have a script that randomizes (?) the packet IDs, you can do the same thing in reverse automatically too. A small script that knows the code that generates each packet and extracts its ID then. It doesn't even have to understand the AS3 code for that, just some Regex.
That doesn't exactly require black magic or alot of work :rolleyes:
08/31/2013 20:51 SeaManCDF#28
Quote:
Originally Posted by _Creator_ View Post
Let the packet IDs change - the code that generates each single packet will stay the same, even obfuscated.

Since you can be sure that they have a script that randomizes (?) the packet IDs, you can do the same thing in reverse automatically too. A small script that knows the code that generates each packet and extracts its ID then. It doesn't even have to understand the AS3 code for that, just some Regex.
That doesn't exactly require black magic or alot of work :rolleyes:
Agree
08/31/2013 21:15 iṄk#29
Quote:
Originally Posted by _Creator_ View Post
Let the packet IDs change - the code that generates each single packet will stay the same, even obfuscated.

Since you can be sure that they have a script that randomizes (?) the packet IDs, you can do the same thing in reverse automatically too. A small script that knows the code that generates each packet and extracts its ID then. It doesn't even have to understand the AS3 code for that, just some Regex.
That doesn't exactly require black magic or alot of work :rolleyes:
...

go ahead and try it!
you will see that this needs a lot more than "just some Regex".
And I know that, because I did it too.
08/31/2013 21:17 Golden|Power#30
Why you 3 don't make a packet bot together ? You are all smart for this :D Come on, make a team and help all the people who don't want to pay for sf anymore :D

-GP
Page 2 of 3 1 2 3