Moin moin Ich Release hier ma mein nicht ganz fertigen WarRock Packer Sniffer.
ich habe den Sniffer Selber geschrieben mit SharpPcap. Es ist Aber auch so das Warrock irgend wie eine neue Crypto auch hat und mit dem sniffer nicht alles entschlüsselt wird von daher were es gut wenn jmd die neue crypto kennt mir die per pn zu schiken ich bevorzuge c# code.
Source:
benutze version der Dll
Im anhang Finded ihr die source als project datei.
Viruscan Anhang:
[Only registered and activated users can see links. Click Here To Register...]
Viel spass damit :)
Mfg Mathias1000
ich habe den Sniffer Selber geschrieben mit SharpPcap. Es ist Aber auch so das Warrock irgend wie eine neue Crypto auch hat und mit dem sniffer nicht alles entschlüsselt wird von daher were es gut wenn jmd die neue crypto kennt mir die per pn zu schiken ich bevorzuge c# code.
Source:
Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using SharpPcap.WinPcap;
using SharpPcap.LibPcap;
using PacketDotNet.LLDP;
using SharpPcap;
namespace WarrockPacketsniffer
{
class Program
{
public static string DeviceIP = string.Empty;
public static void Main(string[] args)
{
string ver = SharpPcap.Version.VersionString;
/* Print SharpPcap version */
Console.WriteLine("SharpPcap {0}", ver);
Console.WriteLine();
/* Retrieve the device list */
var devices = CaptureDeviceList.Instance;
/*If no device exists, print error */
if (devices.Count < 1)
{
Console.WriteLine("No device found on this machine");
return;
}
Console.WriteLine("The following devices are available on this machine:");
Console.WriteLine("----------------------------------------------------");
Console.WriteLine();
int i = 0;
/* Scan the list printing every entry */
foreach (var dev in devices)
{
/* Description */
Console.WriteLine("{0}) {1} {2}", i, dev.Name, dev.Description);
i++;
}
Console.WriteLine();
Console.Write("-- Please choose a device to capture: ");
i = int.Parse(Console.ReadLine());
var device = devices[i];
//Register our handler function to the 'packet arrival' event
device.OnPacketArrival +=
new PacketArrivalEventHandler(device_OnPacketArrival);
// Open the device for capturing
int readTimeoutMilliseconds = 1000;
device.Open(DeviceMode.Promiscuous, readTimeoutMilliseconds);
//tcpdump filter to capture only TCP/IP packets
string filter = "tcp port 5330 || tcp port 5340||udp port 5330 || udp port 5340";
device.Filter = filter;
//WinPcapDeviceList devices2 = WinPcapDeviceList.Instance;
foreach (WinPcapDevice dev in devices)
{
Console.Out.WriteLine("{0}", dev.Description);
foreach (PcapAddress addr in dev.Addresses)
{
if (addr.Addr != null && addr.Addr.ipAddress != null)
{
DeviceIP = addr.Addr.ipAddress.ToString();
}
}
}
Console.WriteLine();
Console.WriteLine
("-- The following tcpdump filter will be applied: \"{0}\"",
filter);
Console.WriteLine
("-- Listening on {0}, hit 'Ctrl-C' to exit...",
device.Description);
// Start capture 'INFINTE' number of packets
device.Capture();
// Close the pcap device
// (Note: this line will never be called since
// we're capturing infinite number of packets
device.Close();
}
/// <summary>
/// Prints the time, length, src ip, src port, dst ip and dst port
/// for each TCP/IP packet received on the network
/// </summary>
private static void device_OnPacketArrival(object sender, CaptureEventArgs e)
{
var packet = PacketDotNet.Packet.ParsePacket(e.Packet);
var tcpPacket = PacketDotNet.TcpPacket.GetEncapsulated(packet);
var UDPPacket = PacketDotNet.UdpPacket.GetEncapsulated(packet);
if (tcpPacket != null)
{
var ipPacket = (PacketDotNet.IpPacket)tcpPacket.ParentPacket;
System.Net.IPAddress srcIp = ipPacket.SourceAddress;
System.Net.IPAddress dstIp = ipPacket.DestinationAddress;
int srcPort = tcpPacket.SourcePort;
int dstPort = tcpPacket.DestinationPort;
if (ipPacket.SourceAddress.ToString() == DeviceIP)
{
string Packet = string.Empty;
string tpacket = ClientdeCrypt(packet.Bytes);
try
{
string[] sBlocks = tpacket.Split(new char[] { ' ' });
int counter = 0;
string tmpString = string.Empty;
int Time = sBlocks[0].Length;
foreach (var s in sBlocks[0])
{
if (counter >= Time - 10)
{
tmpString += s;
}
counter++;
}
sBlocks[0] = tmpString;
foreach (var s2 in sBlocks)
{
Packet += " " + s2;
}
}
catch (Exception ex) { Console.WriteLine(ex.ToString()); }
FileStream Log = new FileStream(@"log.txt", FileMode.OpenOrCreate, FileAccess.Write);
StreamWriter Writer = new StreamWriter(Log, System.Text.Encoding.GetEncoding(28605));
Writer.BaseStream.Seek(0, SeekOrigin.End);
Writer.WriteLine("[ClientPacket] Port: {0} IP:{1} Protokoll:tcp", srcPort, srcIp);
Writer.WriteLine(Packet);
Writer.WriteLine();
Writer.Close();
Log.Close();
Console.WriteLine("Log Packet From Client");
}
else
{
string Packet = string.Empty;
string tpacket = ServerdeCrypt(packet.Bytes);
try
{
string[] sBlocks = tpacket.Split(new char[] { ' ' });
int counter = 0;
string tmpString = string.Empty;
int Time = sBlocks[0].Length;
foreach (var s in sBlocks[0])
{
if (counter >= Time - 10)
{
tmpString += s;
}
counter++;
}
sBlocks[0] = tmpString;
foreach (var s2 in sBlocks)
{
Packet += " " + s2;
}
}
catch (Exception ex) { Console.WriteLine(ex.ToString()); }
FileStream Log = new FileStream(@"log.txt", FileMode.OpenOrCreate, FileAccess.Write);
StreamWriter Writer = new StreamWriter(Log, System.Text.Encoding.GetEncoding(28605));
Writer.BaseStream.Seek(0, SeekOrigin.End);
Writer.WriteLine("[ServerPacket] Port: {0} IP:{1} Protokoll:tcp", srcPort, srcIp);
Writer.WriteLine(Packet);
Writer.WriteLine();
Writer.Close();
Log.Close();
Console.WriteLine("Log Packet From Server");
}
}
if (UDPPacket != null)
{
//todo udp Handling
var ipPacket = (PacketDotNet.IpPacket)UDPPacket.ParentPacket;
if (ipPacket.SourceAddress.ToString() == DeviceIP)
{
}
else
{
}
}
}
private static string ClientdeCrypt(byte[] tBytes)
{
for (int i = 0; i < tBytes.Length; i++)
{
tBytes[i] = Convert.ToByte(tBytes[i] ^ 0xC3);
}
return Encoding.Default.GetString(tBytes);
}
private static string ServerdeCrypt(byte[] tBytes)
{
for (int i = 0; i < tBytes.Length; i++)
{
tBytes[i] = Convert.ToByte(tBytes[i] ^ 0x96);
}
return Encoding.Default.GetString(tBytes);
}
}
}
Code:
PacketDotNet.dll = version 0.8.0.0 SharpPcap.dll = version 3.5.0.0
Viruscan Anhang:
[Only registered and activated users can see links. Click Here To Register...]
Viel spass damit :)
Mfg Mathias1000