It is currently a work in progress, but Tbot 1228 is underway.
* Initial Program Startup Testing Done
* Login - ARRRGGGGHHHH
[Only registered and activated users can see links. Click Here To Register...]
** UPDATE **
{MANUAL LOGIN VIA MY CLIENT}
[Only registered and activated users can see links. Click Here To Register...]
--------------------------------------------------------------
** UPDATE **
- The current packet sniffer that i am using is WireShark, if anybody knows of a better one please let me know.
Login -
1. Client is supposed to send a login command
2. Server responds with a packet containing how many days you have left.
2. Client Ack
3. -- Sometimes Client sends another PSH, ACK, URG, same flags as 1., but with different data
*1
- I set the server to recv until further notice
- I try to login to see if the server is recieving the packet ... nope the client just locks up. Which leads me to believe that there is some missing packets that I am not picking up with WireShark.
*2
- If i set the server to send before recieving the client does not crash and gives me a server busy message.
** Update **
While going over the packet data for a billionth time i noticed that it uses a differnt sending port each time Tbot starts up.
With this said ... it is either storing the used or next port number in either the program, registry, an external data file or on the server itself.
The port numbers go up in increments of 2, each time sending a different login header data.... which also means that the server sends a different packet for each port used. If I can capture enough packets until the port number recycles i might be able to login ... might ... but that just seems to redundant and tedious for now, so I will look in the registry and attempt to control the port number manually. BUT - using different port numbers each time is probably one of many ways Tbot is hard to detect, thus counteracting the initial idea of changing ports.
Maby i can narrow the ports it uses down to a select few and go from there.
-- ANY HELP WOULD BE MUCH APPRECIATED, or you could sit on your arses and wait for somebody to do all the work.
-- Anybody that might be able to determine the source of the port incrementation would be appreciated!!
* Initial Program Startup Testing Done
* Login - ARRRGGGGHHHH
[Only registered and activated users can see links. Click Here To Register...]
** UPDATE **
{MANUAL LOGIN VIA MY CLIENT}
[Only registered and activated users can see links. Click Here To Register...]
--------------------------------------------------------------
** UPDATE **
- The current packet sniffer that i am using is WireShark, if anybody knows of a better one please let me know.
Login -
1. Client is supposed to send a login command
2. Server responds with a packet containing how many days you have left.
2. Client Ack
3. -- Sometimes Client sends another PSH, ACK, URG, same flags as 1., but with different data
*1
- I set the server to recv until further notice
- I try to login to see if the server is recieving the packet ... nope the client just locks up. Which leads me to believe that there is some missing packets that I am not picking up with WireShark.
*2
- If i set the server to send before recieving the client does not crash and gives me a server busy message.
** Update **
While going over the packet data for a billionth time i noticed that it uses a differnt sending port each time Tbot starts up.
With this said ... it is either storing the used or next port number in either the program, registry, an external data file or on the server itself.
The port numbers go up in increments of 2, each time sending a different login header data.... which also means that the server sends a different packet for each port used. If I can capture enough packets until the port number recycles i might be able to login ... might ... but that just seems to redundant and tedious for now, so I will look in the registry and attempt to control the port number manually. BUT - using different port numbers each time is probably one of many ways Tbot is hard to detect, thus counteracting the initial idea of changing ports.
Maby i can narrow the ports it uses down to a select few and go from there.
-- ANY HELP WOULD BE MUCH APPRECIATED, or you could sit on your arses and wait for somebody to do all the work.
-- Anybody that might be able to determine the source of the port incrementation would be appreciated!!
