Raw packets

09/29/2008 06:21 *M*#1
Atm im trying to hook into the packet before its encrypted

Can anyone confirm that this is a full chat packet Post-decryption?
Code:
3A 00 EC 03 FF FF FF 00 D1 07 00 00 0C 06 00 00  :.ìÿÿÿ.Ñ.....
00 00 00 00 FB 2A 00 00 04 0B 50 61 63 6B 65 74  ....û*..Packet
42 75 73 74 61 0A 45 6E 63 72 79 70 74 69 6F 6E  Busta.Encryption
00 05 4B 4F 53 4D 4B 00 00 00 54 51 53 65 72 76  .KOSMK...TQServ
65 72                                            er
From Character: PacketBusta
Target Character: Encryption
Text: KOSMK
TQServer seems like some sort of padding at the end of each packet
09/29/2008 08:58 `xEnt#2
It would be great to find a way to be able to log raw packets, and send them encrypted, so many bots could be made. GL with this.
09/29/2008 09:24 IAmHawtness#3
Quote:
Originally Posted by `xEnt View Post
It would be great to find a way to be able to log raw packets, and send them encrypted, so many bots could be made. GL with this.
Aimbot in asm, wtflol
09/29/2008 10:48 *M*#4
Quote:
Originally Posted by `xEnt View Post
It would be great to find a way to be able to log raw packets, and send them encrypted, so many bots could be made. GL with this.
That is the plan, atm I think I have the hook for the decrypted packet which is where I got that chat packet from, and the hook for the unencrypted packet before its sent, but TQ_Client isnt added onto it, which can be done manually anyway. With this a proxy-proxy could be made, which could be used to bring any old proxy back to life where the client will do all the new encryption for me.

Any one that has any experience with actual proxy/network programming(and not just saying you've made a proxy), Id love your help in programming this once I've got the basics sorted, I will try and remake crack proxy with this method.
09/29/2008 20:40 unknownone#5
I think both CoToBo and ScriptVessel worked on a similar premise, by modifying the messages within the client like that. chocoman4k released the source at some point. I have somewhere, but it's well and truly out of date anyway.
I'm not sure it's worth the effort to maintain a memory based editor, although there are some advantages to doing so. Problem is finding a heuristic to make it work even after TQ patch the client binary, whereas making a stand alone proxy you can avoid any maintainance unless the protocol changes.
I added you on msn anyway. If you want help within, just ask.
09/30/2008 01:34 *M*#6
Quote:
Originally Posted by unknownone View Post
I think both CoToBo and ScriptVessel worked on a similar premise, by modifying the messages within the client like that. chocoman4k released the source at some point. I have somewhere, but it's well and truly out of date anyway.
I'm not sure it's worth the effort to maintain a memory based editor, although there are some advantages to doing so. Problem is finding a heuristic to make it work even after TQ patch the client binary, whereas making a stand alone proxy you can avoid any maintainance unless the protocol changes.
I added you on msn anyway. If you want help within, just ask.
Yeah its more of a learning thing anyway, at the moment im stuck on how to make something that will read eax at a certain address.

If you set a bp at 04C2415 and read what eax is, it is the packet about to be encrypted.

If you set a bp at 004C3ABD and read what eax is, it is the packet has just been decrypted.