[C#] Packet Decrypt Algo.

Page 1 of 2 1 2
03/23/2008 19:59 high6#1
Not sure if this is used for ever packet yet or just login. I believe it is for every packet because I didn't see a switch, anyways I will be doing a rewrite in C++ later along with C#/C++ of the encrypt algo. (Very tired, been up for 38 hours...). Also it looks very very messy because I just didn't feel like using "unsafe" code.

External link because the key is 65536 bytes and too much for a post :P.

[Only registered and activated users can see links. Click Here To Register...]




You didn't hear it from me... Expect a clientless bot soon :P.
03/25/2008 12:55 shen27#2
well done. keep it up.
03/25/2008 14:02 auggie#3
sorry for the noob question but wat does this do
03/25/2008 14:29 Dirin#4
Oh Baby. A foreseen downfall of cabal within months =]
03/25/2008 19:17 high6#5
Encryption is done now I am writing out the different packets. I will release all of it later.
03/25/2008 19:21 shiryo1#6
Quote:
Originally Posted by auggie View Post
sorry for the noob question but wat does this do
He decrypted a complex algorithm packet.
03/25/2008 20:45 high6#7
I think I might start an open source bot. Make an svn for it too.
03/25/2008 22:49 Locketej#8
i stil dont know what this does >_> <-------noobsauce
03/26/2008 06:05 Krille#9
Quote:
Originally Posted by Locketej View Post
i stil dont know what this does >_> <-------noobsauce
I don't know if I'm exactly right about this but here it goes: The client(or the server) send packets(information) to the server(client?) wich get encrypted somewhere along the way. This encryption prevents the client from sending any packet he wants to to the server. But high6 now says he can decrypt and encrypt the packets and that means you can sen anything you want to the server and with that you can make a bot and stuff

I do not know if this is right. It just cam straight from my head and i basically know nothing about TCP/IP stuff or anythung so can someone please explain this a little more accurately :P
03/26/2008 07:47 liquid`#10
lol nice
03/26/2008 17:37 mation#11
Keep up the good job high6! I'm looking for your next release or svn and of course, I'll be helping you. In most cases, finding the algorithm is the hardest part of a packet bot.

Thanks! =)
03/26/2008 20:48 high6#12
Encrypt function :P.

Keyss is the 65536 byte key from the decryption in the OP.
Code:
        void Encrypt(ref byte[] packet,PacketInfo PI)
        {
            uint size = (uint)packet.Length;
            Array.Resize(ref packet, packet.Length + 4);
            if (size < 0x0A)
                return;
            BitConverter.GetBytes(BitConverter.ToInt32(packet, 0) ^ PI.Key).CopyTo(packet, 0);
            uint Key = (BitConverter.ToUInt32(packet, 0) & 0x3FFF) * (uint)PI.Mul;
            Key = BitConverter.ToUInt32(Keyss, (int)(Key * 4));
            uint t = (size - 8) >> 2; //Shift right 2 = divide by 4
            uint t1;
            uint i = 8;
            while (t > 0)
            {
                t1 = BitConverter.ToUInt32(packet, (int)i);
                t1 = t1 ^ Key;
                BitConverter.GetBytes(t1).CopyTo(packet, i);
                t1 = (t1 & 0x3FFF) * (uint)PI.Mul;
                Key = BitConverter.ToUInt32(Keyss, (int)(t1 * 4));
                i += 4;
                t--;
            }
            t1 = Keys2[((size - 8) & 3)];
            t1 = ~t1;
            uint t2 = t1;
            BitConverter.GetBytes((t1 & Key) ^ BitConverter.ToUInt32(packet, (int)i)).CopyTo(packet, i);
            Array.Resize(ref packet, packet.Length - 4);
            /*
             * unused code.
            Key = (Key & 0x3FFF) * (uint)PI.Mul;
            t1 = (t1 & t2) ^ BitConverter.ToUInt32(Keyss, (int)(Key * 4));
            uint t3 = t1;
             */
            PI.Step = ((PI.Step + 1) & 0x3FFF);
            PI.Key = BitConverter.ToUInt32(Keyss, (int)((PI.Step * PI.Mul) * 4));
        }
03/27/2008 17:37 Izeliae#13
edit
this was to lock/krille
/edit

packets are the interface from client -> server -> client
if you lets say talk
you send a packet which is an array of bytes (ie: 1a 2b 3c 4d 5e 6f 07 08 09)
now to prevent hacking and good stuff of the sort, its encrypted
so what is actually sent to the server is more along the lines of (going by the above packet: 9c 7a 7e 8f 3c 32 01 00 00 8c 47 83 0c 0a f7 e2 a7 02 c4 00 00 c2 00)
that is the encryption. the server receives it then decrypts it back into the original packet (1a 2b 3c 4d 5e 6f 07 08 09) and says "ok he said this..." then sends a packet to everyone who saw the message which equally is encrypted by the server then decrypted by the client (magical i swear)

understand that?

anyways something it uses the same encryption/decryption so all you have to do is literally run the decryption routine for receiving packets on the encrypted, sometimes it uses different ones. afaik cabal uses diff ones, which you have to find the point where the packet stats the encryption and then reverse it using that routine, then change then encrypt and send. hacking received packets is kinda silly but it does have some advantages.
03/28/2008 17:35 shen27#14
WoW, Encrypt function, nice.
Currently i playing Cabalsea, not sure the key will work for Cabalsea or not -.~

i trying to make pixel bot using VB, but the xtrap really drive me mad =.=
hook all the API i want to use. The API i want to get the pixel color has been hook, so i try using ReadProcessMemory to get the HP value, but this API also has been hook by xtrap, !@$%!@%% =.=
03/29/2008 02:48 high6#15
Quote:
Originally Posted by shen27 View Post
WoW, Encrypt function, nice.
Currently i playing Cabalsea, not sure the key will work for Cabalsea or not -.~

i trying to make pixel bot using VB, but the xtrap really drive me mad =.=
hook all the API i want to use. The API i want to get the pixel color has been hook, so i try using ReadProcessMemory to get the HP value, but this API also has been hook by xtrap, !@$%!@%% =.=
The key is calculated in the exe at runtime so if you want to send me the sea exe I can check if its different.
Page 1 of 2 1 2